popup

Report - Atte.exe

Malicious Library PE File PE64
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.07.08 17:08 Machine s1_win7_x6401
Filename Atte.exe
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
AI Score
5
 Behavior Score
7.4
ZERO API file : clean
VT API (file) 45 detected (Common, Androm, Malicious, score, GenericKD, Unsafe, Va1e, a variant of Generik, JCZBPJS, BotX, oqcqc, DownLoader47, R06BC0XG424, Detected, ai score=85, Wacapew, Chgt, susgen, confidence)
md5 b854f7f4b478960929e8c2ae1bd7f661
sha256 e53730ae2df93f79892cf600bd43dbc822a2ac600553d9010f4f2021b71f987e
ssdeep 384:M9gWXhxDpIMi5mufL27q0/IT6PuKuBUCqxkZQc/FHGfkSNQNfffffS:M9gWXhRuqW0hv2m8SN3
imphash
impfuzzy 3::
  Network IP location

Signature (19cnts)

Level Description
danger File has been identified by 45 AntiVirus engines on VirusTotal as malicious
watch Attempts to identify installed AV products by installation directory
watch Executes one or more WMI queries
watch Installs itself for autorun at Windows startup
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks adapter addresses which can be used to detect virtual network interfaces
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Uses Windows utilities for basic Windows functionality
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Collects information to fingerprint the system (MachineGuid
info Command line console output was observed
info One or more processes crashed
info Queries for the computername
info This executable has a PDB path
info Uses Windows APIs to generate a cryptographic key

Rules (3cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (3cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://voucher-01-static.com/kvro/1284.txt
whois
Unknown 91.92.243.32 clean
voucher-01-static.com
whois
Unknown 91.92.243.32 malware
91.92.243.32
whois
Unknown 91.92.243.32 malware

Suricata ids

ET DROP Spamhaus DROP Listed Traffic Inbound group 13

PE API

IAT(Import Address Table) is none

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure