ScreenShot
| Created | 2024.08.19 14:30 | Machine | s1_win7_x6403 |
| Filename | dbzinifix.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 43 detected (AIDetectMalware, malicious, moderate confidence, score, TrojanAitInject, GenericKD, Unsafe, Vrjj, Crypt5, Artemis, Agentb, mfic, SelfDel, Real Protect, high, Detected, ai score=80, Dorifel, Bladabindi, R002H09ET24, GenAsa, NHzzuRkQa3Y, susgen, PossibleThreat, confidence) | ||
| md5 | 54fb16a53cf14d68db5111ed6530251d | ||
| sha256 | 3e1672b6c3439065525692f518d4ce4b593daed5fd5e3a4707f7f0bdeb8d83ed | ||
| ssdeep | 6144:KMJt6tTmWjp1P4xm0ovCs2Rh68815xYasf5eIltnaToecFHzpPoPWFnuEEi:p6tyWjX4LovCsYi5xYZheILnhXFTpqot | ||
| imphash | 11ea841ebb83b186805cc0d8a1a3d4a1 | ||
| impfuzzy | 12:VA/DzqYOZkKDHLB78r4B3ExjLAkcOaiTQQnd3mxCHDsR:V0DBaPHLB7PxExjLAkcOV2kjsR | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | Checks if process is being debugged by a debugger |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x4e3644 LoadLibraryA
0x4e3648 GetProcAddress
0x4e364c VirtualProtect
0x4e3650 VirtualAlloc
0x4e3654 VirtualFree
0x4e3658 ExitProcess
ADVAPI32.dll
0x4e3660 GetAce
COMCTL32.dll
0x4e3668 ImageList_Remove
COMDLG32.dll
0x4e3670 GetOpenFileNameW
GDI32.dll
0x4e3678 LineTo
IPHLPAPI.DLL
0x4e3680 IcmpSendEcho
MPR.dll
0x4e3688 WNetUseConnectionW
ole32.dll
0x4e3690 CoGetObject
OLEAUT32.dll
0x4e3698 VariantInit
PSAPI.DLL
0x4e36a0 GetProcessMemoryInfo
SHELL32.dll
0x4e36a8 DragFinish
USER32.dll
0x4e36b0 GetDC
USERENV.dll
0x4e36b8 LoadUserProfileW
UxTheme.dll
0x4e36c0 IsThemeActive
VERSION.dll
0x4e36c8 VerQueryValueW
WININET.dll
0x4e36d0 FtpOpenFileW
WINMM.dll
0x4e36d8 timeGetTime
WSOCK32.dll
0x4e36e0 setsockopt
EAT(Export Address Table) is none
KERNEL32.DLL
0x4e3644 LoadLibraryA
0x4e3648 GetProcAddress
0x4e364c VirtualProtect
0x4e3650 VirtualAlloc
0x4e3654 VirtualFree
0x4e3658 ExitProcess
ADVAPI32.dll
0x4e3660 GetAce
COMCTL32.dll
0x4e3668 ImageList_Remove
COMDLG32.dll
0x4e3670 GetOpenFileNameW
GDI32.dll
0x4e3678 LineTo
IPHLPAPI.DLL
0x4e3680 IcmpSendEcho
MPR.dll
0x4e3688 WNetUseConnectionW
ole32.dll
0x4e3690 CoGetObject
OLEAUT32.dll
0x4e3698 VariantInit
PSAPI.DLL
0x4e36a0 GetProcessMemoryInfo
SHELL32.dll
0x4e36a8 DragFinish
USER32.dll
0x4e36b0 GetDC
USERENV.dll
0x4e36b8 LoadUserProfileW
UxTheme.dll
0x4e36c0 IsThemeActive
VERSION.dll
0x4e36c8 VerQueryValueW
WININET.dll
0x4e36d0 FtpOpenFileW
WINMM.dll
0x4e36d8 timeGetTime
WSOCK32.dll
0x4e36e0 setsockopt
EAT(Export Address Table) is none