ScreenShot
| Created | 2024.08.07 10:04 | Machine | s1_win7_x6403 |
| Filename | 193.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 59 detected (AIDetectMalware, malicious, high confidence, score, Redosdru, FJYJ, Unsafe, Attribute, HighConfidence, Farfli, Zlob, envewf, baEM1NflA5J, XPACK, Packed2, ZEGOST, SM17, AutoG, Static AI, Malicious PE, aczi, Detected, ai score=87, SGeneric, A@5su6ps, R365250, ZexaF, fqX@aaQZsyej, BScope, Dynamer, Genetic, Gencirc, GenAsa, NAwRIH, jhGU, susgen, confidence, 100%) | ||
| md5 | 5a5ccdbe3cdd135a57f61138867932a8 | ||
| sha256 | 22f91304b04da17a6cb89365ddd5ad39b7bcb6fcf8d82a027381bb97e4ecb217 | ||
| ssdeep | 768:dclgS8UuNwcb1iMMfdM3aNXEHcarqfKjJeVIJkfAqWAM/UpbTAPdKKbNW7:7SS2QiMMfdM3aNXmc0eV+kfAL8dWwKRy | ||
| imphash | 66127c8a0e4f3b844b33ef0b6236f9dd | ||
| impfuzzy | 12:dqqDoAtTWdBQJqLUJT5yTpGIXFBy5LwCXGXHX4GQGX5vBxqKJdjuv:TDooTTqLCwTpdXOdG3bTX5vBxhU | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Foreign language identified in PE resource |
| info | The executable uses a known packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x403000 HeapAlloc
0x403004 GetProcessHeap
0x403008 VirtualAlloc
0x40300c Sleep
0x403010 VirtualProtect
0x403014 GetProcAddress
0x403018 LoadLibraryA
0x40301c IsBadReadPtr
0x403020 HeapFree
0x403024 WriteFile
0x403028 GetFileSize
0x40302c GetStartupInfoA
0x403030 GetModuleHandleA
MSVCRT.dll
0x403038 malloc
0x40303c strlen
0x403040 ??2@YAPAXI@Z
0x403044 memset
0x403048 __CxxFrameHandler
0x40304c _CxxThrowException
0x403050 ??3@YAXPAX@Z
0x403054 free
0x403058 memcpy
0x40305c ??1type_info@@UAE@XZ
0x403060 _exit
0x403064 _XcptFilter
0x403068 exit
0x40306c _acmdln
0x403070 __getmainargs
0x403074 _initterm
0x403078 __setusermatherr
0x40307c _adjust_fdiv
0x403080 __p__commode
0x403084 __p__fmode
0x403088 __set_app_type
0x40308c _except_handler3
0x403090 _controlfp
0x403094 __dllonexit
0x403098 _onexit
0x40309c realloc
0x4030a0 strcmp
0x4030a4 _stricmp
imagehlp.dll
0x4030b8 MakeSureDirectoryPathExists
WININET.dll
0x4030ac InternetOpenUrlA
0x4030b0 InternetReadFile
EAT(Export Address Table) is none
KERNEL32.dll
0x403000 HeapAlloc
0x403004 GetProcessHeap
0x403008 VirtualAlloc
0x40300c Sleep
0x403010 VirtualProtect
0x403014 GetProcAddress
0x403018 LoadLibraryA
0x40301c IsBadReadPtr
0x403020 HeapFree
0x403024 WriteFile
0x403028 GetFileSize
0x40302c GetStartupInfoA
0x403030 GetModuleHandleA
MSVCRT.dll
0x403038 malloc
0x40303c strlen
0x403040 ??2@YAPAXI@Z
0x403044 memset
0x403048 __CxxFrameHandler
0x40304c _CxxThrowException
0x403050 ??3@YAXPAX@Z
0x403054 free
0x403058 memcpy
0x40305c ??1type_info@@UAE@XZ
0x403060 _exit
0x403064 _XcptFilter
0x403068 exit
0x40306c _acmdln
0x403070 __getmainargs
0x403074 _initterm
0x403078 __setusermatherr
0x40307c _adjust_fdiv
0x403080 __p__commode
0x403084 __p__fmode
0x403088 __set_app_type
0x40308c _except_handler3
0x403090 _controlfp
0x403094 __dllonexit
0x403098 _onexit
0x40309c realloc
0x4030a0 strcmp
0x4030a4 _stricmp
imagehlp.dll
0x4030b8 MakeSureDirectoryPathExists
WININET.dll
0x4030ac InternetOpenUrlA
0x4030b0 InternetReadFile
EAT(Export Address Table) is none