ScreenShot
| Created | 2024.08.04 17:56 | Machine | s1_win7_x6402 |
| Filename | Submit task v3.0.0.4.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 47 detected (AIDetectMalware, Flyagent, malicious, high confidence, score, Unsafe, V4xj, TrojanX, dvixmz, R023C0PFH24, Real Protect, high, Agentb, Detected, Wacatac, FlyStudio, ~UJ@1sa9s6, Upatre, ABRisk, JTDM, ZexaF, Sq0@ayy0ycob, Fuerboos, ai score=80, susgen, CoinMiner, BELF, confidence) | ||
| md5 | 1fe2d68fc2915ff7aab045e181dbd25b | ||
| sha256 | 1e01d091dd6a69940c30481e0236b0e250f4f5395a769f5332355f25b03549f8 | ||
| ssdeep | 12288:ODBkkbyTDhQldPMaP79qL2txVa/CTozh+tuZnHP:ODBkkby/hgz9WaxVa/CTozh+tuZnHP | ||
| imphash | ae0a5112fe1176f4e5f6e1bc95e4c209 | ||
| impfuzzy | 6:SDpA+ml+Z/OiBJAEHGDGKz1VHYzRgO8zkn:SDKMZGqA/Dj1wRgFk | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| watch | Creates known FlyStudio files |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x402030 MessageBoxA
KERNEL32.dll
0x402010 FreeLibrary
0x402014 lstrcatA
0x402018 GetModuleFileNameA
0x40201c ExitProcess
0x402020 LoadLibraryA
0x402024 GetProcAddress
0x402028 lstrlenA
ADVAPI32.dll
0x402000 RegQueryValueExA
0x402004 RegCloseKey
0x402008 RegOpenKeyExA
EAT(Export Address Table) is none
USER32.dll
0x402030 MessageBoxA
KERNEL32.dll
0x402010 FreeLibrary
0x402014 lstrcatA
0x402018 GetModuleFileNameA
0x40201c ExitProcess
0x402020 LoadLibraryA
0x402024 GetProcAddress
0x402028 lstrlenA
ADVAPI32.dll
0x402000 RegQueryValueExA
0x402004 RegCloseKey
0x402008 RegOpenKeyExA
EAT(Export Address Table) is none