popup

Report - random.exe

EnigmaProtector PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.07.31 07:28 Machine s1_win7_x6403
Filename random.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
8
 Behavior Score
1.4
ZERO API file : clean
VT API (file)
md5 9cccb9b47686e3ab460cbee74196ba25
sha256 ebf19a3268b7a3f1411517f4aeb2b0253b4ca853df1c2360e1307febba25e0b4
ssdeep 49152://hjQWL7OJTkKnLJt0rAo4dnBRsmuKA59iSufNAtSdPPgAsCY3/Oh:XhjQ0OJ3D0rAnBa1iAYdTjYW
imphash 31228b35d765756d4d3dd4ed5d786b22
impfuzzy 6:nERGDvZ/OiBJAEcXQwDLzRgSdn8BbMqtYbd7Iw5B:EcDvZGqA9AwDXRgKQcf5B
  Network IP location

Signature (5cnts)

Level Description
notice Allocates read-write-execute memory (usually to unpack itself)
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (3cnts)

Level Name Description Collection
warning EnigmaProtector_IN EnigmaProtector binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x2fc2fe4 GetModuleHandleA
 0x2fc2fe8 GetProcAddress
 0x2fc2fec ExitProcess
 0x2fc2ff0 LoadLibraryA
user32.dll
 0x2fc2ff8 MessageBoxA
advapi32.dll
 0x2fc3000 RegCloseKey
oleaut32.dll
 0x2fc3008 SysFreeString
gdi32.dll
 0x2fc3010 CreateFontA
shell32.dll
 0x2fc3018 ShellExecuteA
version.dll
 0x2fc3020 GetFileVersionInfoA
MSIMG32.dll
 0x2fc3028 AlphaBlend

EAT(Export Address Table) Library


Similarity measure (PE file only) - Checking for service failure