ScreenShot
| Created | 2024.07.26 18:46 | Machine | s1_win7_x6403 |
| Filename | cliente.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 19 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Attribute, HighConfidence, xbrzjr, Real Protect, high, Generic ML PUA, Static AI, Malicious PE, susgen, confidence) | ||
| md5 | 3ef97e69a4c36ab5dc588a8aca155241 | ||
| sha256 | db4b528c78666bcc8feeb6622207dbf856db259db055b8e92257d63da5118a87 | ||
| ssdeep | 393216:uUvWFI8ElR4WQXthDeUS+3jGSO3++xYRnr7qyS13Q2xTH:u2gI8Elw7r7SL+b97qyS1HxT | ||
| imphash | 50a859a927074f56e927a52a7dc64adf | ||
| impfuzzy | 12:oEe6w1q4dDfAMEDTQxjlNQQDbWWg0sgypcMLXiXuqXz8cTrTR04Cn:oWw1q6DIH4LSgsgMLX0Vz8cTH+n | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x2804000 SysFreeString
advapi32.dll
0x2804008 RegQueryValueExW
user32.dll
0x2804010 CharNextW
kernel32.dll
0x2804018 GetVersion
kernel32.dll
0x2804020 GetProcAddress
user32.dll
0x2804028 SetClassLongW
gdi32.dll
0x2804030 UnrealizeObject
version.dll
0x2804038 VerQueryValueW
kernel32.dll
0x2804040 GetVersionExW
0x2804044 GetVersion
advapi32.dll
0x280404c RegUnLoadKeyW
kernel32.dll
0x2804054 Sleep
netapi32.dll
0x280405c NetApiBufferFree
oleaut32.dll
0x2804064 SafeArrayPtrOfIndex
oleaut32.dll
0x280406c GetErrorInfo
ole32.dll
0x2804074 CreateStreamOnHGlobal
comctl32.dll
0x280407c InitializeFlatSB
user32.dll
0x2804084 EnumDisplayMonitors
msvcrt.dll
0x280408c memset
shell32.dll
0x2804094 Shell_NotifyIconW
shell32.dll
0x280409c SHGetFolderPathW
winspool.drv
0x28040a4 OpenPrinterW
winspool.drv
0x28040ac GetDefaultPrinterW
winhttp.dll
0x28040b4 WinHttpWriteData
winmm.dll
0x28040bc timeGetTime
EAT(Export Address Table) Library
0x468b3c TMethodImplementationIntercept
0x412568 __dbk_fcall_wrapper
0x811630 dbkFCallWrapperAddr
oleaut32.dll
0x2804000 SysFreeString
advapi32.dll
0x2804008 RegQueryValueExW
user32.dll
0x2804010 CharNextW
kernel32.dll
0x2804018 GetVersion
kernel32.dll
0x2804020 GetProcAddress
user32.dll
0x2804028 SetClassLongW
gdi32.dll
0x2804030 UnrealizeObject
version.dll
0x2804038 VerQueryValueW
kernel32.dll
0x2804040 GetVersionExW
0x2804044 GetVersion
advapi32.dll
0x280404c RegUnLoadKeyW
kernel32.dll
0x2804054 Sleep
netapi32.dll
0x280405c NetApiBufferFree
oleaut32.dll
0x2804064 SafeArrayPtrOfIndex
oleaut32.dll
0x280406c GetErrorInfo
ole32.dll
0x2804074 CreateStreamOnHGlobal
comctl32.dll
0x280407c InitializeFlatSB
user32.dll
0x2804084 EnumDisplayMonitors
msvcrt.dll
0x280408c memset
shell32.dll
0x2804094 Shell_NotifyIconW
shell32.dll
0x280409c SHGetFolderPathW
winspool.drv
0x28040a4 OpenPrinterW
winspool.drv
0x28040ac GetDefaultPrinterW
winhttp.dll
0x28040b4 WinHttpWriteData
winmm.dll
0x28040bc timeGetTime
EAT(Export Address Table) Library
0x468b3c TMethodImplementationIntercept
0x412568 __dbk_fcall_wrapper
0x811630 dbkFCallWrapperAddr