Report - SS.exe

PE File PE32
ScreenShot
Created 2024.08.05 11:12 Machine s1_win7_x6401
Filename SS.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
AI Score
9
Behavior Score
5.0
ZERO API file : malware
VT API (file) 50 detected (AIDetectMalware, BlackMoon, malicious, high confidence, score, Zusy, Unsafe, V90u, Attribute, HighConfidence, A suspicious, Artemis, MalwareX, Convagent, CLOUD, ATRAPS, YXEHDZ, Real Protect, high, FakeAV, Detected, Wacatac, OV@6e1pyh, ABTrojan, UYES, R658019, ZexaF, DqKfaiVvFLpb, MachineLearning, Anomalous, 100%, ai score=84, confidence)
md5 1f0754128f1fd32781886c3d9e7dc138
sha256 e5bcef72212f77a5390675d5fc24433af0e682db535969894f967a409eefb8aa
ssdeep 12288:EfqiJSvtZDd4YQp7T8BPZ0T9XG1rVBbtpIwaDoS8:GqiWfvQpX8T0h2r/b/IDK
imphash ff764c3d5517b7ba18154cf01d80c42b
impfuzzy 6:dBJAEHGDzyRlbRmVOZ/EwRgsfW1bBnaMBxAdYgW46PWTXmJJcn:VA/DzqYOZ9RgWCJ45NIeX+O
  Network IP location

Signature (12cnts)

Level Description
danger File has been identified by 50 AntiVirus engines on VirusTotal as malicious
watch Attempts to stop active services
notice A process created a hidden window
notice Allocates read-write-execute memory (usually to unpack itself)
notice Foreign language identified in PE resource
notice The binary likely contains encrypted or compressed data indicative of a packer
notice The executable is compressed using UPX
notice Uses Windows utilities for basic Windows functionality
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Command line console output was observed
info One or more processes crashed

Rules (2cnts)

Level Name Description Collection
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.DLL
 0x4c20c8 LoadLibraryA
 0x4c20cc GetProcAddress
 0x4c20d0 VirtualProtect
 0x4c20d4 VirtualAlloc
 0x4c20d8 VirtualFree
 0x4c20dc ExitProcess
ADVAPI32.dll
 0x4c20e4 RegCloseKey
COMCTL32.dll
 0x4c20ec None
GDI32.dll
 0x4c20f4 SaveDC
SHELL32.dll
 0x4c20fc DragFinish
SHLWAPI.dll
 0x4c2104 PathFileExistsA
USER32.dll
 0x4c210c GetDC
WININET.dll
 0x4c2114 InternetOpenA
WINSPOOL.DRV
 0x4c211c ClosePrinter

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure