popup

Report - 66df4cfda9a79_software.exe

Malicious Library Malicious Packer UPX Anti_VM PE File PE64 OS Processor Check
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.09.10 10:12 Machine s1_win7_x6403
Filename 66df4cfda9a79_software.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score Not founds Behavior Score
1.0
ZERO API file : mailcious
VT API (file) 8 detected (AIDetectMalware, FileRepMalware, Misc, Wacatac, Proxytool, GOST, func)
md5 2e4c46fcdaaaa624bd6f37075077b972
sha256 d1dd535854368f8445b62566c7e3c8c9299df68c5e5d7813d71f90d1a6cec5ee
ssdeep 196608:1ceo44mHl2/VpCKlDRoMKJkcKJJFZAhx+dpT:do44mF2/bCKlDR9KJkDnFZs
imphash 07361a3a7f515bf56ca93120b2aca73b
impfuzzy 24:ibVjh9wOcX13uTkkboVaXOr6kwmDgUPMztxdD1tr6tl:AwOcX13UjXOmokxp1Zol
  Network IP location

Signature (3cnts)

Level Description
notice File has been identified by 8 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (7cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
notice anti_vm_detect Possibly employs anti-virtualization techniques binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
 0xfeef00 WriteFile
 0xfeef08 WriteConsoleW
 0xfeef10 WerSetFlags
 0xfeef18 WerGetFlags
 0xfeef20 WaitForMultipleObjects
 0xfeef28 WaitForSingleObject
 0xfeef30 VirtualQuery
 0xfeef38 VirtualFree
 0xfeef40 VirtualAlloc
 0xfeef48 TlsAlloc
 0xfeef50 SwitchToThread
 0xfeef58 SuspendThread
 0xfeef60 SetWaitableTimer
 0xfeef68 SetThreadPriority
 0xfeef70 SetProcessPriorityBoost
 0xfeef78 SetEvent
 0xfeef80 SetErrorMode
 0xfeef88 SetConsoleCtrlHandler
 0xfeef90 RtlVirtualUnwind
 0xfeef98 RtlLookupFunctionEntry
 0xfeefa0 ResumeThread
 0xfeefa8 RaiseFailFastException
 0xfeefb0 PostQueuedCompletionStatus
 0xfeefb8 LoadLibraryW
 0xfeefc0 LoadLibraryExW
 0xfeefc8 SetThreadContext
 0xfeefd0 GetThreadContext
 0xfeefd8 GetSystemInfo
 0xfeefe0 GetSystemDirectoryA
 0xfeefe8 GetStdHandle
 0xfeeff0 GetQueuedCompletionStatusEx
 0xfeeff8 GetProcessAffinityMask
 0xfef000 GetProcAddress
 0xfef008 GetErrorMode
 0xfef010 GetEnvironmentStringsW
 0xfef018 GetCurrentThreadId
 0xfef020 GetConsoleMode
 0xfef028 FreeEnvironmentStringsW
 0xfef030 ExitProcess
 0xfef038 DuplicateHandle
 0xfef040 CreateWaitableTimerExW
 0xfef048 CreateWaitableTimerA
 0xfef050 CreateThread
 0xfef058 CreateIoCompletionPort
 0xfef060 CreateFileA
 0xfef068 CreateEventA
 0xfef070 CloseHandle
 0xfef078 AddVectoredExceptionHandler
 0xfef080 AddVectoredContinueHandler

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure