popup

Report - ScanPort.exe

PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.09.30 09:32 Machine s1_win7_x6403
Filename ScanPort.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
8
 Behavior Score
2.6
ZERO API file : malware
VT API (file) 51 detected (AIDetectMalware, PortScan, malicious, high confidence, score, Mauvaise, Misc, HackTool, Unsafe, NetTool, NAD potentially unsafe, MiscX, ULPM, cwxutv, Tool, ET#85%, YzY0OtXPyrjUuyo6, PrivacyRisk, Genome, HKTL, moderate, Generic ML PUA, Detected, Presenoker, ZSAG, GenericRXAA, CVE-2020-0601, BScope, PortScanner, GenAsa, Qdr4RuYleEs, susgen, grayware, confidence, 100%, PasfnxyR)
md5 36c6f6fee875b519a81284fafb3e41b1
sha256 6f83e3f9c38108dbea18ae72954c4157520eb105ead4182f4c863574cce824e1
ssdeep 768:7rgEBSg0ylb/G1qm5S6LeWnENCz5/Gio2+ebavyUnA:7rOg5lbGkm5VL1ENwZVo2+dy+A
imphash 594cf0585165b65f885e5709237c1481
impfuzzy 3:swBJAEPwS9KTXzhAXw1MO/GlX1GtLRatdJDAAGRbQ6EGvR:dBJAEHGDvZ/GlcidJAAGbQ6EGvR
  Network IP location

Signature (6cnts)

Level Description
danger File has been identified by 51 AntiVirus engines on VirusTotal as malicious
notice Foreign language identified in PE resource
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks if process is being debugged by a debugger
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The executable uses a known packer

Rules (2cnts)

Level Name Description Collection
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.DLL
 0x41b1e4 LoadLibraryA
 0x41b1e8 GetProcAddress
 0x41b1ec ExitProcess
COMCTL32.dll
 0x41b1f4 InitCommonControlsEx
USER32.dll
 0x41b1fc wsprintfA
WS2_32.dll
 0x41b204 socket

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure