ScreenShot
Created | 2024.07.08 17:08 | Machine | s1_win7_x6401 |
Filename | Atte.exe | ||
Type | PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 45 detected (Common, Androm, Malicious, score, GenericKD, Unsafe, Va1e, a variant of Generik, JCZBPJS, BotX, oqcqc, DownLoader47, R06BC0XG424, Detected, ai score=85, Wacapew, Chgt, susgen, confidence) | ||
md5 | b854f7f4b478960929e8c2ae1bd7f661 | ||
sha256 | e53730ae2df93f79892cf600bd43dbc822a2ac600553d9010f4f2021b71f987e | ||
ssdeep | 384:M9gWXhxDpIMi5mufL27q0/IT6PuKuBUCqxkZQc/FHGfkSNQNfffffS:M9gWXhRuqW0hv2m8SN3 | ||
imphash | |||
impfuzzy | 3:: |
Network IP location
Signature (19cnts)
Level | Description |
---|---|
danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
watch | Attempts to identify installed AV products by installation directory |
watch | Executes one or more WMI queries |
watch | Installs itself for autorun at Windows startup |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Checks adapter addresses which can be used to detect virtual network interfaces |
notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
notice | One or more potentially interesting buffers were extracted |
notice | Performs some HTTP requests |
notice | Uses Windows utilities for basic Windows functionality |
info | Checks amount of memory in system |
info | Checks if process is being debugged by a debugger |
info | Collects information to fingerprint the system (MachineGuid |
info | Command line console output was observed |
info | One or more processes crashed |
info | Queries for the computername |
info | This executable has a PDB path |
info | Uses Windows APIs to generate a cryptographic key |
Rules (3cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
info | IsPE64 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) is none
EAT(Export Address Table) is none
EAT(Export Address Table) is none