popup

Report - 66f410932765c_videoshaper.exe

Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File DllRegisterServer dll PE32 OS Processor Check
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.09.30 11:52 Machine s1_win7_x6403
Filename 66f410932765c_videoshaper.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
1
 Behavior Score
1.4
ZERO API file : mailcious
VT API (file) 48 detected (AIDetectMalware, Lumma, GenericKD, Vrp1, malicious, confidence, Attribute, HighConfidence, high confidence, a variant of WinGo, TrojanPSW, muouy, LUMMASTEALER, YXEI1Z, moderate, score, GenKD, Malware@#1xw23sr3grwr4, Znyonm, ABTrojan, FFPR, Artemis, BScope, Chgt, QQPass, QQRob, Ncnw)
md5 927f42900da344192bdfea8e3325d631
sha256 cee3ebb7e1f0dcbb9d34e16e7a7aaf40d8a20ede56a9435ee440effe3e2cd4e2
ssdeep 49152:yLDNdHNC1lkP26fSZbg/IFetZEN541YotxhJRrjWdECkTBMOzpvRnE:ANdHNCvugi1BQ1Ozp
imphash 4f2f006e2ecf7172ad368f8289dc96c1
impfuzzy 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6tP:AwO+VUjXOmokx0oP
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 48 AntiVirus engines on VirusTotal as malicious
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (9cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Admin_Tool_IN_Zero Admin Tool Sysinternals binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info DllRegisterServer_Zero execute regsvr32.exe binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x9239a0 WriteFile
 0x9239a4 WriteConsoleW
 0x9239a8 WerSetFlags
 0x9239ac WerGetFlags
 0x9239b0 WaitForMultipleObjects
 0x9239b4 WaitForSingleObject
 0x9239b8 VirtualQuery
 0x9239bc VirtualFree
 0x9239c0 VirtualAlloc
 0x9239c4 TlsAlloc
 0x9239c8 SwitchToThread
 0x9239cc SuspendThread
 0x9239d0 SetWaitableTimer
 0x9239d4 SetUnhandledExceptionFilter
 0x9239d8 SetProcessPriorityBoost
 0x9239dc SetEvent
 0x9239e0 SetErrorMode
 0x9239e4 SetConsoleCtrlHandler
 0x9239e8 ResumeThread
 0x9239ec RaiseFailFastException
 0x9239f0 PostQueuedCompletionStatus
 0x9239f4 LoadLibraryW
 0x9239f8 LoadLibraryExW
 0x9239fc SetThreadContext
 0x923a00 GetThreadContext
 0x923a04 GetSystemInfo
 0x923a08 GetSystemDirectoryA
 0x923a0c GetStdHandle
 0x923a10 GetQueuedCompletionStatusEx
 0x923a14 GetProcessAffinityMask
 0x923a18 GetProcAddress
 0x923a1c GetErrorMode
 0x923a20 GetEnvironmentStringsW
 0x923a24 GetCurrentThreadId
 0x923a28 GetConsoleMode
 0x923a2c FreeEnvironmentStringsW
 0x923a30 ExitProcess
 0x923a34 DuplicateHandle
 0x923a38 CreateWaitableTimerExW
 0x923a3c CreateThread
 0x923a40 CreateIoCompletionPort
 0x923a44 CreateFileA
 0x923a48 CreateEventA
 0x923a4c CloseHandle
 0x923a50 AddVectoredExceptionHandler

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure