ScreenShot
| Created | 2024.07.21 09:36 | Machine | s1_win7_x6403 |
| Filename | billi_e58d74e455634dc695ed8a7b8b320325.exe.upx.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (Jorik, lrUS, Malicious, score, Swrort, GenericRXAA, Marte, unsafe, Save, confidence, 100%, Eldorado, Meterpreter, moderate confidence, Rozena, ewfvwj, Crypto, qRUE1u5wYD, ZPACK, high, SwrortPk, hnqyj, ai score=81, A@4jwdqr, 10KKVZ1, Detected, Bifrose, R12476, ZexaF, cmKfa4rf30ji, GdSda, Kajl, GenAsa, tdGI4TGA, Static AI, Malicious PE, susgen) | ||
| md5 | 092c3991693cf8e0023895e4c1681fae | ||
| sha256 | 86e691956c37b1594ef05158264e82e28655233a446fb06d4e269769ed582f06 | ||
| ssdeep | 768:IjfpXZt7MgODsO2Qbv4AjZfGiZbtw0yrYQ2CFAuJWyWm5nbcuyD7USq3:IjfpwgnO2aVj15ZG0ycQ20fnouy8Sq3 | ||
| imphash | 25b3acc640473b6fce722f16eff93149 | ||
| impfuzzy | 3:oTEBlWAJOYAJWBJAEPw1MO/OywS9KTXzhAXwEQaxRGUpNx+AXAxxWAqXn:oI0YZBJAEoZ/OEGDzyRNx4xxKXn | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x41983c FreeSid
KERNEL32.DLL
0x419844 LoadLibraryA
0x419848 ExitProcess
0x41984c GetProcAddress
0x419850 VirtualProtect
MSVCRT.dll
0x419858 _iob
WS2_32.dll
0x419860 WSARecv
WSOCK32.dll
0x419868 WSAGetLastError
EAT(Export Address Table) is none
ADVAPI32.dll
0x41983c FreeSid
KERNEL32.DLL
0x419844 LoadLibraryA
0x419848 ExitProcess
0x41984c GetProcAddress
0x419850 VirtualProtect
MSVCRT.dll
0x419858 _iob
WS2_32.dll
0x419860 WSARecv
WSOCK32.dll
0x419868 WSAGetLastError
EAT(Export Address Table) is none