Report - sdsdhggf.exe

PE File .NET EXE PE32
ScreenShot
Created 2024.09.25 16:49 Machine s1_win7_x6403
Filename sdsdhggf.exe
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
AI Score
4
Behavior Score
2.6
ZERO API file : malware
VT API (file) 26 detected (AIDetectMalware, Unsafe, malicious, confidence, MSILZilla, Attribute, HighConfidence, high confidence, GenKryptik, HAXT, PWSX, MSIL@AI, MSIL2, 3KHcgJ, S4WRi0yi5Degw, Static AI, Suspicious PE, Detected, Wacatac, LummaStealer)
md5 4ecc9d9d93e5ff84765dacbb1e54a4c9
sha256 eba091f4887e9bc9e0308d4e7830b2ae7b50eddb7c53425bd78db0f959ed6524
ssdeep 6144:t8Dq7rJx+8v1/uqlAY1IyC2izMNaTPXECyd1uVhf11kNSEO:KDq6OlA2jjizMGXET4XfAkEO
imphash f34d5f2d4577ed6d9ceec516c1f5a744
impfuzzy 3:rGsLdAIEK:tf
  Network IP location

Signature (8cnts)

Level Description
warning File has been identified by 26 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Command line console output was observed
info Queries for the computername
info This executable has a PDB path

Rules (3cnts)

Level Name Description Collection
info Is_DotNET_EXE (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

mscoree.dll
 0x402000 _CorExeMain

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure