ScreenShot
Created | 2024.07.21 09:36 | Machine | s1_win7_x6403 |
Filename | billi_e58d74e455634dc695ed8a7b8b320325.exe.upx.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 55 detected (Jorik, lrUS, Malicious, score, Swrort, GenericRXAA, Marte, unsafe, Save, confidence, 100%, Eldorado, Meterpreter, moderate confidence, Rozena, ewfvwj, Crypto, qRUE1u5wYD, ZPACK, high, SwrortPk, hnqyj, ai score=81, A@4jwdqr, 10KKVZ1, Detected, Bifrose, R12476, ZexaF, cmKfa4rf30ji, GdSda, Kajl, GenAsa, tdGI4TGA, Static AI, Malicious PE, susgen) | ||
md5 | 092c3991693cf8e0023895e4c1681fae | ||
sha256 | 86e691956c37b1594ef05158264e82e28655233a446fb06d4e269769ed582f06 | ||
ssdeep | 768:IjfpXZt7MgODsO2Qbv4AjZfGiZbtw0yrYQ2CFAuJWyWm5nbcuyD7USq3:IjfpwgnO2aVj15ZG0ycQ20fnouy8Sq3 | ||
imphash | 25b3acc640473b6fce722f16eff93149 | ||
impfuzzy | 3:oTEBlWAJOYAJWBJAEPw1MO/OywS9KTXzhAXwEQaxRGUpNx+AXAxxWAqXn:oI0YZBJAEoZ/OEGDzyRNx4xxKXn |
Network IP location
Signature (6cnts)
Level | Description |
---|---|
danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
watch | Communicates with host for which no DNS query was performed |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
notice | The executable is compressed using UPX |
Rules (2cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x41983c FreeSid
KERNEL32.DLL
0x419844 LoadLibraryA
0x419848 ExitProcess
0x41984c GetProcAddress
0x419850 VirtualProtect
MSVCRT.dll
0x419858 _iob
WS2_32.dll
0x419860 WSARecv
WSOCK32.dll
0x419868 WSAGetLastError
EAT(Export Address Table) is none
ADVAPI32.dll
0x41983c FreeSid
KERNEL32.DLL
0x419844 LoadLibraryA
0x419848 ExitProcess
0x41984c GetProcAddress
0x419850 VirtualProtect
MSVCRT.dll
0x419858 _iob
WS2_32.dll
0x419860 WSARecv
WSOCK32.dll
0x419868 WSAGetLastError
EAT(Export Address Table) is none