ScreenShot
| Created | 2024.09.30 11:36 | Machine | s1_win7_x6403 |
| Filename | AQ2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetectMalware, Malicious, score, Barys, Unsafe, Vzrg, confidence, Attribute, HighConfidence, high confidence, BlackMoon, A suspicious, TrojanX, MalCert, CLOUD, Real Protect, high, Static AI, Malicious PE, Detected, Blamon, MUPX, Gen@24tbus, Wacatac, Eldorado, Artemis, BScope, ChinAd, Fkjl, Dinwod, frindll, CoinMiner, ESFJ, Wacapew, C9nj) | ||
| md5 | f5982c5d15d53a2fb2aaf0f473742082 | ||
| sha256 | 9591e05c394b7c0044c08bb5eb6500fcfceb109bf5b52ba212b3ed17d25b4108 | ||
| ssdeep | 12288:LoHv5MRHcZHo17/qfRh0jEe/Fo+V04YJAGuuGVxR9uuvzH/1PEc3noS:c8cduORh0jEe/lu4AABZJH | ||
| imphash | 51e2101e560f36b10a33f3ea6df5bbc7 | ||
| impfuzzy | 6:omRgE+alyPs6UBJAEoZ/OEGDzyR6I9w5/KJMLMKJABK8J0PE5uLbBnaMB9OweW4X:omRgE+rUFABZG/DzHj5p+ePyuxFNeNIU | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x6cc404 RegCloseKey
ATL.DLL
0x6cc40c None
COMCTL32.dll
0x6cc414 None
GDI32.dll
0x6cc41c Escape
gdiplus.dll
0x6cc424 GdipGetDC
KERNEL32.DLL
0x6cc42c LoadLibraryA
0x6cc430 ExitProcess
0x6cc434 GetProcAddress
0x6cc438 VirtualProtect
MSIMG32.dll
0x6cc440 AlphaBlend
ole32.dll
0x6cc448 OleInitialize
oledlg.dll
0x6cc450 None
PSAPI.DLL
0x6cc458 EnumProcesses
RASAPI32.dll
0x6cc460 RasHangUpA
SHELL32.dll
0x6cc468 DragFinish
SHLWAPI.dll
0x6cc470 PathFindFileNameW
USER32.dll
0x6cc478 GetDC
WININET.dll
0x6cc480 InternetOpenA
WINSPOOL.DRV
0x6cc488 ClosePrinter
WSOCK32.dll
0x6cc490 ntohs
EAT(Export Address Table) is none
ADVAPI32.dll
0x6cc404 RegCloseKey
ATL.DLL
0x6cc40c None
COMCTL32.dll
0x6cc414 None
GDI32.dll
0x6cc41c Escape
gdiplus.dll
0x6cc424 GdipGetDC
KERNEL32.DLL
0x6cc42c LoadLibraryA
0x6cc430 ExitProcess
0x6cc434 GetProcAddress
0x6cc438 VirtualProtect
MSIMG32.dll
0x6cc440 AlphaBlend
ole32.dll
0x6cc448 OleInitialize
oledlg.dll
0x6cc450 None
PSAPI.DLL
0x6cc458 EnumProcesses
RASAPI32.dll
0x6cc460 RasHangUpA
SHELL32.dll
0x6cc468 DragFinish
SHLWAPI.dll
0x6cc470 PathFindFileNameW
USER32.dll
0x6cc478 GetDC
WININET.dll
0x6cc480 InternetOpenA
WINSPOOL.DRV
0x6cc488 ClosePrinter
WSOCK32.dll
0x6cc490 ntohs
EAT(Export Address Table) is none