ScreenShot
| Created | 2024.07.05 11:09 | Machine | s1_win7_x6403 |
| Filename | Balanza.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 6 detected (AIDetectMalware, Malicious, Generic@AI, RDMK, cmRtazrkIMzPYYrxfj6MgmhPBYlh, moderate, score) | ||
| md5 | 91256800ace9fbe4fe2158ec132fc01e | ||
| sha256 | 3172ab53e2d338d52b803e6edd210a74f30c231b1e0d8aaf5d2fc143267eae57 | ||
| ssdeep | 24576:iG5gI8aPNeyL28L7lbO9z10g8pBITiBD:38EjLxO9z10gaB6w | ||
| imphash | d313e0d37e9dd04ea7b0fc061835ab96 | ||
| impfuzzy | 6:dBJAEHGDzyRlbRmVOZ/EW8TJuVM4CCJcEcw5/KJi96QA2bBnaOAuliTXmJJcn:VA/DzqYOZy4XcEv5x4V+LAuliX+O | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | Checks amount of memory in system |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x606e60 LoadLibraryA
0x606e64 GetProcAddress
0x606e68 VirtualProtect
0x606e6c VirtualAlloc
0x606e70 VirtualFree
0x606e74 ExitProcess
ADVAPI32.DLL
0x606e7c FreeSid
COMCTL32.DLL
0x606e84 ImageList_Add
COMDLG32.DLL
0x606e8c FindTextA
GDI32.DLL
0x606e94 Arc
MSIMG32.DLL
0x606e9c AlphaBlend
OLE32.DLL
0x606ea4 OleDraw
OLEAUT32.DLL
0x606eac VarCyFromR8
OLEPRO32.DLL
0x606eb4 OleLoadPicture
SHELL32.DLL
0x606ebc DragFinish
USER32.DLL
0x606ec4 GetDC
WINMM.DLL
0x606ecc PlaySoundA
WINSPOOL.DRV
0x606ed4 ClosePrinter
EAT(Export Address Table) is none
KERNEL32.DLL
0x606e60 LoadLibraryA
0x606e64 GetProcAddress
0x606e68 VirtualProtect
0x606e6c VirtualAlloc
0x606e70 VirtualFree
0x606e74 ExitProcess
ADVAPI32.DLL
0x606e7c FreeSid
COMCTL32.DLL
0x606e84 ImageList_Add
COMDLG32.DLL
0x606e8c FindTextA
GDI32.DLL
0x606e94 Arc
MSIMG32.DLL
0x606e9c AlphaBlend
OLE32.DLL
0x606ea4 OleDraw
OLEAUT32.DLL
0x606eac VarCyFromR8
OLEPRO32.DLL
0x606eb4 OleLoadPicture
SHELL32.DLL
0x606ebc DragFinish
USER32.DLL
0x606ec4 GetDC
WINMM.DLL
0x606ecc PlaySoundA
WINSPOOL.DRV
0x606ed4 ClosePrinter
EAT(Export Address Table) is none