Report - C.jpg.exe

UPX PE File DLL PE32

ScreenShot

Info
Location map


Created	2024.07.02 15:45	Machine	s1_win7_x6401
Filename	C.jpg.exe
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
AI Score	9	Behavior Score	2.8
ZERO API	file : malware
VT API (file)	44 detected (AIDetectMalware, ShellcodeRunner, malicious, moderate confidence, score, Artemis, Midie, Unsafe, MalwareX, Redcap, koswrj, CLOUD, rseke, Detected, ShellcodeRun, Casdet, ZedlaF, bmQfa8SHlrm, Chgt, R002H09FO24, ai score=80, confidence)
md5	b3623c2ff1b7635712d8ff50d58560d2
sha256	7c4e83e6e93350cfb52527742e890c6653074cdcef86a759fe489e2f8738d071
ssdeep	768:ZrXIbh16iM92S+xfq4H2mV3rnbcuyD7UsdVMqn/u3p:ZrXIbhlMofo4Wm1rnouy8sX2
imphash	6859c1fbd5011b39e2b3c5ccd6eda491
impfuzzy	3:swBJAEPwS9KTXzhAXwEQaxRn:dBJAEHGDzyRn

Network IP location

Signature (6cnts)

Level	Description
danger	File has been identified by 44 AntiVirus engines on VirusTotal as malicious
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	The executable is compressed using UPX
info	Checks if process is being debugged by a debugger
info	One or more processes crashed

Rules (4cnts)

Level	Name	Description	Collection
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsDLL	(no description)	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.DLL
0x1000f028 LoadLibraryA
0x1000f02c GetProcAddress
0x1000f030 VirtualProtect

EAT(Export Address Table) Library

0x10001000 _RunMain@0

Similarity measure (PE file only) - Checking for service failure