ScreenShot
| Created | 2024.07.22 07:40 | Machine | s1_win7_x6401 |
| Filename | 5.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 387539254d02064c55935e94f0f56649 | ||
| sha256 | 0479d70c31696169a09d37e34d511b587b1a678563867e41b4881325e9f96101 | ||
| ssdeep | 49152:m0l/K0FDru/04QwSrjtujaLI7vrrgzS77VuaqqBO6Gjj7hVrETZmq+Orinkp+cIi:mmdFDrOSSaLIduDqMb3zCgq+O2ngIi | ||
| imphash | bdc8d6281be8ecd91489f2eeda264e24 | ||
| impfuzzy | 12:1XJB+VzE4S05KSfBroWpZoHoutXu8n9b2P2hLw:1j+VA4S+KS9LpOFlB9b0 | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | Resolves a suspicious Top Level Domain (TLD) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x96e371 UnhandledExceptionFilter
USER32.dll
0x96e37d LoadAcceleratorsA
ADVAPI32.dll
0x96e389 RegCreateKeyA
SHELL32.dll
0x96e395 DragFinish
ole32.dll
0x96e3a1 RegisterDragDrop
MSIMG32.dll
0x96e3ad AlphaBlend
SHLWAPI.dll
0x96e3b9 PathIsUNCA
UxTheme.dll
0x96e3c5 GetWindowTheme
gdiplus.dll
0x96e3d1 GdipDrawImageI
OLEACC.dll
0x96e3dd CreateStdAccessibleObject
IMM32.dll
0x96e3e9 ImmReleaseContext
WINMM.dll
0x96e3f5 PlaySoundA
GDI32.dll
0x96e401 CreateDCA
WINSPOOL.DRV
0x96e40d OpenPrinterA
OLEAUT32.dll
0x96e419 LoadTypeLib
MSVCRT.dll
0x96e425 strncpy
IPHLPAPI.DLL
0x96e431 GetInterfaceInfo
PSAPI.DLL
0x96e43d GetMappedFileNameW
EAT(Export Address Table) is none
KERNEL32.dll
0x96e371 UnhandledExceptionFilter
USER32.dll
0x96e37d LoadAcceleratorsA
ADVAPI32.dll
0x96e389 RegCreateKeyA
SHELL32.dll
0x96e395 DragFinish
ole32.dll
0x96e3a1 RegisterDragDrop
MSIMG32.dll
0x96e3ad AlphaBlend
SHLWAPI.dll
0x96e3b9 PathIsUNCA
UxTheme.dll
0x96e3c5 GetWindowTheme
gdiplus.dll
0x96e3d1 GdipDrawImageI
OLEACC.dll
0x96e3dd CreateStdAccessibleObject
IMM32.dll
0x96e3e9 ImmReleaseContext
WINMM.dll
0x96e3f5 PlaySoundA
GDI32.dll
0x96e401 CreateDCA
WINSPOOL.DRV
0x96e40d OpenPrinterA
OLEAUT32.dll
0x96e419 LoadTypeLib
MSVCRT.dll
0x96e425 strncpy
IPHLPAPI.DLL
0x96e431 GetInterfaceInfo
PSAPI.DLL
0x96e43d GetMappedFileNameW
EAT(Export Address Table) is none