ScreenShot
Created | 2024.08.12 09:40 | Machine | s1_win7_x6403 |
Filename | Mailer.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 60 detected (AIDetectMalware, Jorik, lrUS, malicious, moderate confidence, score, Swrort, Marte, Unsafe, Save, Rozena, GenericRXAA, CobaltStrike, ccnc, Crypto, CLOUD, ZPACK, SMAL01, Real Protect, high, Detected, ai score=83, A@4jwdqr, Meterpreter, 12DT0MV, Eldorado, Bifrose, R12476, ZexaF, cmKfa4g8Bcgi, Genetic, Metasploit, GenAsa, tdGI4TGA, confidence, 100%) | ||
md5 | 07924a75dd7d92d04c18063bea0d0b61 | ||
sha256 | c5bd778d6cb31d3e6970e4df3d5d058bd9f95db7faae9fa55c5854d53b78898b | ||
ssdeep | 768:Iwe8hnGkbDwaqsMyzzbrHWRAYzuxUbcaUM5lgVl0oAkDB4j8PkKIhSGLPUq3:Iwe8hGEq1y3HWRAOucWf0oF9P3GLsq3 | ||
imphash | 25b3acc640473b6fce722f16eff93149 | ||
impfuzzy | 3:oTEBlWAJOYAJWBJAEPw1MO/OywS9KTXzhAXwEQaxRGUpNx+AXAxxWAqXn:oI0YZBJAEoZ/OEGDzyRNx4xxKXn |
Network IP location
Signature (7cnts)
Level | Description |
---|---|
danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
watch | Communicates with host for which no DNS query was performed |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
notice | The executable is compressed using UPX |
info | The executable uses a known packer |
Rules (3cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x41883c FreeSid
KERNEL32.DLL
0x418844 LoadLibraryA
0x418848 ExitProcess
0x41884c GetProcAddress
0x418850 VirtualProtect
MSVCRT.dll
0x418858 _iob
WS2_32.dll
0x418860 WSARecv
WSOCK32.dll
0x418868 WSAGetLastError
EAT(Export Address Table) is none
ADVAPI32.dll
0x41883c FreeSid
KERNEL32.DLL
0x418844 LoadLibraryA
0x418848 ExitProcess
0x41884c GetProcAddress
0x418850 VirtualProtect
MSVCRT.dll
0x418858 _iob
WS2_32.dll
0x418860 WSARecv
WSOCK32.dll
0x418868 WSAGetLastError
EAT(Export Address Table) is none