Report - prompt.exe

Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check
ScreenShot
Created 2024.09.04 10:32 Machine s1_win7_x6401
Filename prompt.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
6
Behavior Score
1.6
ZERO API file : malware
VT API (file) 65 detected (AIDetectMalware, Metasploit, Windows, Malicious, score, HackTool, S9212471, Unsafe, Save, BZPS, Meterpreter, FPJE, Kryptik, CLASSIC, XPACK, Gen7, Shell, Rozena, Real Protect, high, Swrort, Static AI, Malicious PE, Detected, ai score=83, GrayWare, Eldorado, R421008, Probably Heur, ExeHeaderL, GenAsa, RZuPNlUDbQk, susgen, confidence, 100%)
md5 26ea34638c9aab0fb5411b9944f50404
sha256 01c4c4582cdfc256135e87ae42ebccb02f2c2cdea4a37c233948a3ac454e1593
ssdeep 3072:e0E+XfB1GKd/Pq6/Okg15ZLMvTcF1jjS1pE8V4f46ZgLyj6nGycH6My+:esdaGOBZgvT6XypES4TjFT6
imphash b4c6fff030479aa3b12625be67bf4914
impfuzzy 3:siBJJ671MOB:tUZB
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 65 AntiVirus engines on VirusTotal as malicious
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (7cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x140003000 VirtualAlloc
 0x140003008 ExitProcess

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure