Report - 3.dat

Generic Malware UPX PE File PE32
ScreenShot
Created 2024.08.07 10:13 Machine s1_win7_x6401
Filename 3.dat
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
6
Behavior Score
1.8
ZERO API file : malware
VT API (file) 52 detected (AIDetectMalware, malicious, high confidence, Redosdru, FJYJ, Unsafe, ABBG, Attribute, HighConfidence, score, Zlob, envewf, baEM1NflA5J, XPACK, Packed2, ZEGOST, SM17, AutoG, Static AI, Malicious PE, aczi, Detected, SGeneric, A@5su6ps, Eldorado, R365250, ZexaF, bqX@au7XQllj, BScope, Dynamer, Genetic, Gencirc, GenAsa, NAwRIH, jhGU, confidence, 100%)
md5 0c8848c11a91ab74f30abbef17792f8f
sha256 6cbbf236b6aaa52a1f424d3c18c24b51876d3998c9f67749d9da6dcfa263d9f7
ssdeep 192:T8ybznM9dvw+bknCYEIYugXCNFVnQs9w7qeP161oynoSmeNrvLdvhDKCLgygBNhQ:T7bzM+Gs/S61Frv3MCbGuZeMu0cK
imphash 66127c8a0e4f3b844b33ef0b6236f9dd
impfuzzy 12:dqqDoAtTWdBQJqLUJT5yTpGIXFBy5LwCXGXHX4GQGX5vBxqKJdjuv:TDooTTqLCwTpdXOdG3bTX5vBxhU
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 52 AntiVirus engines on VirusTotal as malicious
notice Foreign language identified in PE resource
info The executable uses a known packer

Rules (4cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x403000 HeapAlloc
 0x403004 GetProcessHeap
 0x403008 VirtualAlloc
 0x40300c Sleep
 0x403010 VirtualProtect
 0x403014 GetProcAddress
 0x403018 LoadLibraryA
 0x40301c IsBadReadPtr
 0x403020 HeapFree
 0x403024 WriteFile
 0x403028 GetFileSize
 0x40302c GetStartupInfoA
 0x403030 GetModuleHandleA
MSVCRT.dll
 0x403038 malloc
 0x40303c strlen
 0x403040 ??2@YAPAXI@Z
 0x403044 memset
 0x403048 __CxxFrameHandler
 0x40304c _CxxThrowException
 0x403050 ??3@YAXPAX@Z
 0x403054 free
 0x403058 memcpy
 0x40305c ??1type_info@@UAE@XZ
 0x403060 _exit
 0x403064 _XcptFilter
 0x403068 exit
 0x40306c _acmdln
 0x403070 __getmainargs
 0x403074 _initterm
 0x403078 __setusermatherr
 0x40307c _adjust_fdiv
 0x403080 __p__commode
 0x403084 __p__fmode
 0x403088 __set_app_type
 0x40308c _except_handler3
 0x403090 _controlfp
 0x403094 __dllonexit
 0x403098 _onexit
 0x40309c realloc
 0x4030a0 strcmp
 0x4030a4 _stricmp
imagehlp.dll
 0x4030b8 MakeSureDirectoryPathExists
WININET.dll
 0x4030ac InternetOpenUrlA
 0x4030b0 InternetReadFile

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure