popup

Report - bin.exe

Generic Malware Malicious Library UPX PE File PE32 DLL
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.09.30 11:34 Machine s1_win7_x6401
Filename bin.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
9
 Behavior Score
5.4
ZERO API file : malware
VT API (file) 55 detected (AIDetectMalware, Formbook, Malicious, score, Mikey, Unsafe, confidence, 100%, Attribute, HighConfidence, high confidence, PWSX, kshkpi, Kryptik@AI, RDML, Vgxum8h8XAOdpkOTCVgJ5g, ZPACK, R002C0DIQ24, Real Protect, moderate, Detected, Noon, biiv, Kryptik, Malware@#1ywrx9dc2x8a0, ABTrojan, NGYR, R647393, Artemis, Goblin, Zwhl, susgen)
md5 aef23e8a6616618755598ea6643c457d
sha256 59cff64a3aa382c45295501bf723c99008281ec94a129117f2849c198cd5fae7
ssdeep 6144:wwIF/kr0LzZRCoijTS6mE6VdcBQDUlu9t4jPvjpToVm:w//EozZ4oinS6mE6zaBQ
imphash
impfuzzy 3::
  Network IP location

Signature (11cnts)

Level Description
danger File has been identified by 55 AntiVirus engines on VirusTotal as malicious
watch Attempts to identify installed AV products by installation directory
notice A process attempted to delay the analysis task.
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates executable files on the filesystem
notice Drops an executable to the user AppData folder
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Sends data using the HTTP POST Method
notice Steals private information from local Internet browsers
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (8cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (download)
info IsDLL (no description) binaries (download)
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)

Network (41cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://www.asiapartnars.online/tkmh/?YL4Xuo8=xPv3ed6Vo6P/OeD9iYc0axaLiCbQz9tO+ter//brXKVYevLLhvaYqC5awYxtTwn3UYU3uWYA8pDaQLyA3tguhPnmONlJZZk7g7tUcQtoghx7Pdn1Dg+KuHxXpvtQneLtoLRoCkY=&juF=JFgRcS6ZmEX
whois
Unknown 3.33.130.190 clean
http://www.inastra.online/gbk4/
whois
VG CONFLUENCE-NETWORK-INC 208.91.197.27 clean
http://www.ks1x7i.vip/dlcs/?YL4Xuo8=w6QiAdP8awPLsa7dPlQNtgvFVHWdhtnaseEO6V4cXiHKOPXUCZsKWJ9BGfaAmTYzhN2K6Z5BOaQngwCX0AepSI0rlStBxd2X44bqJ9X+cKgImybpEIaXAhb5orDW/Ux0f9JI5tE=&juF=JFgRcS6ZmEX
whois
Unknown 15.197.148.33 clean
http://www.inastra.online/gbk4/?YL4Xuo8=Xcz/lKtmYzaclw30mRutCrMz0iCvMoWn4C+TPx5KwIQWTY7xXXdhjUXlNPIh25/crbVrIq+nqpDO6TzyKKRH1LwSOwIdyX9mToTVu2V82ZZJItXHAeKXLpKG0S9SlUSIj/WTYQM=&juF=JFgRcS6ZmEX
whois
VG CONFLUENCE-NETWORK-INC 208.91.197.27 clean
http://www.sqlite.org/2016/sqlite-dll-win32-x86-3100000.zip
whois
US Linode, LLC 45.33.6.223 clean
http://www.asiapartnars.online/tkmh/
whois
Unknown 3.33.130.190 clean
http://www.ortenckt.online/aj1a/?YL4Xuo8=Ur0ZWyFT8OiEfJLn3yPLdSBdWX8a8l8OC6gmTkbLwRlGrqwEpeuLxkPxSjH/HqLy3xgFwJuVqXT+/HpjTyaqXcBPjlyI/3D9P6Efe5WF0giYwWm9vrm6ZqnLm72faS9ZVKNPUgI=&juF=JFgRcS6ZmEX
whois
Unknown 15.197.148.33 clean
http://www.deikamalaharris.info/lrgf/?YL4Xuo8=hLl6Iyyv1/RGmZWkf5wh2yQvtjTpeji4gm2wi1fTCYCBRK5IakRwAMv3vntWZSb514WYAvfIVrM3RAyCjUSkRZGkPQg369vB4a8W0zuuOFNbaqB8dz2rlOz6hc3LPF0c7/Wc2h4=&juF=JFgRcS6ZmEX
whois
Unknown 3.33.130.190 clean
http://www.deikamalaharris.info/lrgf/
whois
Unknown 3.33.130.190 clean
http://www.ks1x7i.vip/dlcs/
whois
Unknown 3.33.130.190 clean
http://www.yu12345.xyz/mnl8/?YL4Xuo8=RGOQJd/YEggQptEhSR7QqNo9UXjxoHpnx+ZpwzxB5TUNCs3vZOAWVTa00MSp05vDjRsJpPlMBwR2f8tV0y9dQ8/CXq/FAb0GI/CYzLlsH+CYRwfr/US/g2IdAuaggqbc54PbH5Q=&juF=JFgRcS6ZmEX
whois
US ROOTNETWORKS 154.82.100.162 clean
http://www.healthyloveforall.net/566f/
whois
Unknown 3.33.130.190 clean
http://www.tophcom.online/vfa8/?YL4Xuo8=yTDEjSVS0lCRYcLLSbErnDAkT0JZNa8zZB0jcnDiZYtjnJOoqq5Z40Gn1U7J3oatl6C8awuakmbsKCgMViK0oesm5qwmAD1qOIwHCZzBZd3TJmynBSVD9f0/1JF0ONRaQoLyR2E=&juF=JFgRcS6ZmEX
whois
US NAMECHEAP-NET 162.213.249.216 clean
http://www.tophcom.online/vfa8/
whois
US NAMECHEAP-NET 162.213.249.216 clean
http://www.ortenckt.online/aj1a/
whois
Unknown 15.197.148.33 clean
http://www.chalet-tofane.net/obbp/
whois
IT Aruba S.p.A. 62.149.128.40 clean
http://www.aaavvejibej.bond/j82t/
whois
US CLOUDFLARENET 104.21.31.249 clean
http://www.aaavvejibej.bond/j82t/?YL4Xuo8=NfWXDnAQh5K3pnOsCF0vDii8tXVcfmo/Yfv/BKk9TV5fOF3SI/PjI16lUcBoGutUdhauXHkkA4AYZcOT8aQA2N1B1+ukfsmATKdKfQuCh0ukTvZla/6w1Gm/BhFsxzKoGcO0xyo=&juF=JFgRcS6ZmEX
whois
US CLOUDFLARENET 104.21.31.249 clean
http://www.chalet-tofane.net/obbp/?YL4Xuo8=q8u4kFvwJtfA9Pl1ds3tjQ7ow4KT7LOOGaMFAF6owipiqs4LNofKW4Y9CH1Win64WDwfsJ4uRP0wkw8hq3GbZS6kjA9nI0yHzN0mlQXpHN0/trnvSXB4Lf7XHG3+J/AtNs7QOpo=&juF=JFgRcS6ZmEX
whois
IT Aruba S.p.A. 62.149.128.40 clean
http://www.yu12345.xyz/mnl8/
whois
US ROOTNETWORKS 154.82.100.177 clean
http://www.healthyloveforall.net/566f/?YL4Xuo8=81geMJs5jQmVeK4i+zN1aXdgkXoAl5xwgeOmc9jTU6Fy38DzzGnJ7+rIeILM3vuuxnxtHSDzEYKSpKxEJp8TaMn+YY9ZjvrM5UkR73FkAqX/axSnrZS74daOnbcz5lsS/OUHPys=&juF=JFgRcS6ZmEX
whois
Unknown 15.197.148.33 clean
www.inastra.online
whois
VG CONFLUENCE-NETWORK-INC 208.91.197.27 clean
www.asiapartnars.online
whois
Unknown 15.197.148.33 clean
www.yu12345.xyz
whois
US ROOTNETWORKS 154.82.100.162 clean
www.healthyloveforall.net
whois
Unknown 15.197.148.33 clean
www.tophcom.online
whois
US NAMECHEAP-NET 162.213.249.216 clean
www.chalet-tofane.net
whois
IT Aruba S.p.A. 62.149.128.40 clean
www.ks1x7i.vip
whois
Unknown 3.33.130.190 clean
www.qmmkl.buzz
whois
US IT7NET 199.115.230.222 clean
www.ortenckt.online
whois
Unknown 3.33.130.190 clean
www.aaavvejibej.bond
whois
US CLOUDFLARENET 104.21.31.249 clean
www.deikamalaharris.info
whois
Unknown 3.33.130.190 clean
15.197.148.33
whois
Unknown 15.197.148.33 mailcious
199.115.230.222
whois
US IT7NET 199.115.230.222 clean
62.149.128.40
whois
IT Aruba S.p.A. 62.149.128.40 mailcious
208.91.197.27
whois
VG CONFLUENCE-NETWORK-INC 208.91.197.27 mailcious
3.33.130.190
whois
Unknown 3.33.130.190 phishing
154.82.100.162
whois
US ROOTNETWORKS 154.82.100.162 clean
104.21.31.249
whois
US CLOUDFLARENET 104.21.31.249 clean
45.33.6.223
whois
US Linode, LLC 45.33.6.223 clean
162.213.249.216
whois
US NAMECHEAP-NET 162.213.249.216 clean

Suricata ids

PE API

IAT(Import Address Table) is none

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure