ScreenShot
| Created | 2024.10.15 17:29 | Machine | s1_win7_x6403 |
| Filename | update.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 41 detected (AIDetectMalware, Fragtor, Unsafe, Save, grayware, confidence, Attribute, HighConfidence, malicious, high confidence, FlyStudio, MalwareX, Wsgame, Real Protect, high, score, Generic Reputation PUA, Detected, Wacapew, Puwaders, 11XSHKX, Eldorado, R545492, Artemis, ChinAd, R002H09FH24, Dinwod, frindll, FlyApplication) | ||
| md5 | d77ae460c0411b137e405520a0fd5120 | ||
| sha256 | 760727b8043010cd86d76da1fc61824541c480aa2d8c59c9d953248c9c7123c2 | ||
| ssdeep | 6144:GKGgF1eB/xfWRwuCePVo3QGgImlQkmw5iz9TnFb5PDh1jrnE8qKy1hoSsPKo:GXm0GRRq31mSkmw4TF1bXrqKy1hoS6x | ||
| imphash | 8acc545cda4615213788727b7f8ff21e | ||
| impfuzzy | 6:omRgsyIBM9IVbyP1BJAEoZ/OEGDzyRPLMKJAmzRjLbtuISXqVqXvkT:omRghIBAIVeVABZG/DzA+m9xutXukcT | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x4f2bc8 RegCloseKey
COMCTL32.dll
0x4f2bd0 None
comdlg32.dll
0x4f2bd8 ChooseColorA
GDI32.dll
0x4f2be0 Escape
KERNEL32.DLL
0x4f2be8 LoadLibraryA
0x4f2bec ExitProcess
0x4f2bf0 GetProcAddress
0x4f2bf4 VirtualProtect
ole32.dll
0x4f2bfc OleInitialize
OLEAUT32.dll
0x4f2c04 LoadTypeLib
SHELL32.dll
0x4f2c0c ShellExecuteA
USER32.dll
0x4f2c14 GetDC
WINMM.dll
0x4f2c1c waveOutOpen
WINSPOOL.DRV
0x4f2c24 OpenPrinterA
WS2_32.dll
0x4f2c2c recv
EAT(Export Address Table) is none
ADVAPI32.dll
0x4f2bc8 RegCloseKey
COMCTL32.dll
0x4f2bd0 None
comdlg32.dll
0x4f2bd8 ChooseColorA
GDI32.dll
0x4f2be0 Escape
KERNEL32.DLL
0x4f2be8 LoadLibraryA
0x4f2bec ExitProcess
0x4f2bf0 GetProcAddress
0x4f2bf4 VirtualProtect
ole32.dll
0x4f2bfc OleInitialize
OLEAUT32.dll
0x4f2c04 LoadTypeLib
SHELL32.dll
0x4f2c0c ShellExecuteA
USER32.dll
0x4f2c14 GetDC
WINMM.dll
0x4f2c1c waveOutOpen
WINSPOOL.DRV
0x4f2c24 OpenPrinterA
WS2_32.dll
0x4f2c2c recv
EAT(Export Address Table) is none