popup

Report - 123123123

UPX PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.07.31 10:17 Machine s1_win7_x6403
Filename 123123123
Type PE32 executable (console) Intel 80386, for MS Windows
AI Score
3
 Behavior Score
1.6
ZERO API file : malware
VT API (file) 32 detected (Common, Lumma, malicious, moderate confidence, score, Artemis, V8r4, Attribute, HighConfidence, a variant of JS, CLOUD, kabsx, LUMMASTEALER, YXEG4Z, Detected, Wacatac, 9E4TKO, Chgt, Javascript)
md5 73afff7e03cd55b7bc02151da0782e7b
sha256 2c167bb116d27576beed8d229b2d364a79b57acca36e185bd11c9576ae4b7b98
ssdeep 768:csfY5DRtOhVkzDOWsfY5DRtOhVkzDOESItdsfY5DRtOhVkzDO7FsfY5DRtOhVkzC:cz+kOWz+kOkz+kOBz+kO
imphash ab106f86dfb187b013004b44c843d3e8
impfuzzy 24:SDvtju8v7evQ/PVlGrRq57qez1/mZ1NEEhvbRh:UVi8vFPbGrA9xp/21NE8vbRh
  Network IP location

Signature (4cnts)

Level Description
danger File has been identified by 32 AntiVirus engines on VirusTotal as malicious
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The file contains an unknown PE resource name possibly indicative of a packer
info This executable has a PDB path

Rules (3cnts)

Level Name Description Collection
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x40402c CloseHandle
 0x404030 SetEvent
 0x404034 ResolveDelayLoadedAPI
 0x404038 CompareStringOrdinal
 0x40403c TerminateProcess
 0x404040 GetCurrentProcess
 0x404044 UnhandledExceptionFilter
 0x404048 GetTickCount
 0x40404c GetSystemTimeAsFileTime
 0x404050 GetCurrentThreadId
 0x404054 GetCurrentProcessId
 0x404058 QueryPerformanceCounter
 0x40405c GetLastError
 0x404060 OpenEventW
 0x404064 DelayLoadFailureHook
 0x404068 Sleep
 0x40406c SetUnhandledExceptionFilter
 0x404070 GetModuleHandleW
msvcrt.dll
 0x404078 _controlfp
 0x40407c ?terminate@@YAXXZ
 0x404080 _except_handler4_common
 0x404084 _initterm
 0x404088 __setusermatherr
 0x40408c __p__fmode
 0x404090 memset
 0x404094 _exit
 0x404098 exit
 0x40409c __set_app_type
 0x4040a0 __wgetmainargs
 0x4040a4 _amsg_exit
 0x4040a8 __p__commode
 0x4040ac _XcptFilter
 0x4040b0 _vsnwprintf
 0x4040b4 _cexit
ADVAPI32.dll
 0x404000 RegQueryValueExW
 0x404004 RegCloseKey
DEVOBJ.dll
 0x40400c DevObjGetClassDevs
 0x404010 DevObjUninstallDevice
 0x404014 DevObjOpenDevRegKey
 0x404018 DevObjCreateDeviceInfoList
 0x40401c DevObjEnumDeviceInfo
 0x404020 DevObjGetDeviceInstanceId
 0x404024 DevObjDestroyDeviceInfoList

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure