ScreenShot
| Created | 2024.08.05 10:41 | Machine | s1_win7_x6401 |
| Filename | XFTZHD.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (AIDetectMalware, BlackMoon, malicious, high confidence, score, Jaik, Unsafe, V3z9, Babar, Attribute, HighConfidence, A suspicious, Artemis, MalwareX, YXEHDZ, high, Wacatac, ZexaF, iqKfaGhRP0mb, BScope, DiskWriter, ai score=84, Dinwod, frindll, PossibleThreat, confidence) | ||
| md5 | f9eb9ee28788c0079bbc91086cef30f2 | ||
| sha256 | 32b01fc0292be3d9e8a37934e793ba8868244485e7abe1bf843690dc8097a060 | ||
| ssdeep | 3072:DG9TQjMizEMK/rnhVj/CTVXOTm/kMq5PsDLGScJ5kloutd:DGejMizEVTnh9/cXstMq5E/AJiloSd | ||
| imphash | 0eddd99f14e631e64e1e48a9a7c26deb | ||
| impfuzzy | 6:dBJAEHGDzyRlbRmVOZ/EwElyqxAdYgW46PWTXqVqE:VA/DzqYOZ9VI45NIeXu/ | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x4640b4 LoadLibraryA
0x4640b8 GetProcAddress
0x4640bc VirtualProtect
0x4640c0 VirtualAlloc
0x4640c4 VirtualFree
0x4640c8 ExitProcess
ADVAPI32.dll
0x4640d0 RegOpenKeyA
COMCTL32.dll
0x4640d8 None
GDI32.dll
0x4640e0 Escape
SHLWAPI.dll
0x4640e8 PathFileExistsA
USER32.dll
0x4640f0 GetDC
WININET.dll
0x4640f8 InternetOpenA
WINSPOOL.DRV
0x464100 OpenPrinterA
EAT(Export Address Table) is none
KERNEL32.DLL
0x4640b4 LoadLibraryA
0x4640b8 GetProcAddress
0x4640bc VirtualProtect
0x4640c0 VirtualAlloc
0x4640c4 VirtualFree
0x4640c8 ExitProcess
ADVAPI32.dll
0x4640d0 RegOpenKeyA
COMCTL32.dll
0x4640d8 None
GDI32.dll
0x4640e0 Escape
SHLWAPI.dll
0x4640e8 PathFileExistsA
USER32.dll
0x4640f0 GetDC
WININET.dll
0x4640f8 InternetOpenA
WINSPOOL.DRV
0x464100 OpenPrinterA
EAT(Export Address Table) is none