ScreenShot
| Created | 2024.09.17 14:09 | Machine | s1_win7_x6401 |
| Filename | test.exe | ||
| Type | PE32+ executable (native) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (AIDetectMalware, V892, malicious, confidence, GenericKD, high confidence, MalCert, CLASSIC, moderate, score, creprote, Compromised Shenzhen Yundian CodeSigningCert, Detected, GrayWare, ABTrojan, LGEW, Artemis, ChinAd, Vmprotect) | ||
| md5 | 625b58da00616f4d48b7730f6bce9261 | ||
| sha256 | 81c350c983acd9479c3de948a1886463e546e5ad61ec925caf84c3a0f8bdbfad | ||
| ssdeep | 196608:tJWE0idHo97H8DzLEXvLk0iZLNbvikG+xnEvM5gNfTwr1w8wMcwDYpS8AkE4BlW5:tJIiOtcDU7oZvxLxL5gNftwTpaY | ||
| imphash | a411b408e4663faf3e2fdb72e14c620f | ||
| impfuzzy | 12:QNTXVDQL+N3ErEhoNRRmN3EpRmNBCF+NrG6QNUhNReCNEzNvNUDUNXNDeNjGAEhR:wzyq2EWi5BuqGULQ2ER1UD89mlEH | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ntoskrnl.exe
0x149dad000 KeBugCheckEx
WDFLDR.SYS
0x149dad010 WdfVersionUnbind
ntoskrnl.exe
0x149dad020 NtQuerySystemInformation
HAL.dll
0x149dad030 KeQueryPerformanceCounter
ntoskrnl.exe
0x149dad040 ExAllocatePool
0x149dad048 NtQuerySystemInformation
0x149dad050 ExFreePoolWithTag
0x149dad058 IoAllocateMdl
0x149dad060 MmProbeAndLockPages
0x149dad068 MmMapLockedPagesSpecifyCache
0x149dad070 MmUnlockPages
0x149dad078 IoFreeMdl
0x149dad080 KeQueryActiveProcessors
0x149dad088 KeSetSystemAffinityThread
0x149dad090 KeRevertToUserAffinityThread
0x149dad098 DbgPrint
HAL.dll
0x149dad0a8 KeQueryPerformanceCounter
EAT(Export Address Table) is none
ntoskrnl.exe
0x149dad000 KeBugCheckEx
WDFLDR.SYS
0x149dad010 WdfVersionUnbind
ntoskrnl.exe
0x149dad020 NtQuerySystemInformation
HAL.dll
0x149dad030 KeQueryPerformanceCounter
ntoskrnl.exe
0x149dad040 ExAllocatePool
0x149dad048 NtQuerySystemInformation
0x149dad050 ExFreePoolWithTag
0x149dad058 IoAllocateMdl
0x149dad060 MmProbeAndLockPages
0x149dad068 MmMapLockedPagesSpecifyCache
0x149dad070 MmUnlockPages
0x149dad078 IoFreeMdl
0x149dad080 KeQueryActiveProcessors
0x149dad088 KeSetSystemAffinityThread
0x149dad090 KeRevertToUserAffinityThread
0x149dad098 DbgPrint
HAL.dll
0x149dad0a8 KeQueryPerformanceCounter
EAT(Export Address Table) is none