popup

Report - reverse.exe

Metasploit Meterpreter Generic Malware PE File PE64
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.10.21 14:07 Machine s1_win7_x6403
Filename reverse.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
8
 Behavior Score
3.0
ZERO API file : malware
VT API (file) 59 detected (AIDetectMalware, Malicious, score, HackTool, Metasploit, S9212471, Infected, Unsafe, Save, confidence, 100%, BZPS, Meterpreter, Windows, Rozena, MsfShell, Shelma, Kryptik, CLASSIC, XPACK, Gen7, Shell, SMB1, Real Protect, high, Meter, Static AI, Malicious PE, auyjj, Detected, GrayWare, R274246, FJIN, Probably Heur, ExeHeaderL, GenAsa, RZuPNlUDbQk, susgen)
md5 2a18a597200994af2b1eaa57d789f979
sha256 43c13796f343898e53317703cd4178e7e00efcf8b1aa20ce6a5d349ddca5949e
ssdeep 24:eFGStrJ9u0/6PEnZdkBQAVoakfwKLqFeNDMSCvOXpmB:is0CokBQVxolSD9C2kB
imphash b4c6fff030479aa3b12625be67bf4914
impfuzzy 3:siBJJ671MOB:tUZB
  Network IP location

Signature (4cnts)

Level Description
danger File has been identified by 59 AntiVirus engines on VirusTotal as malicious
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
watch Communicates with host for which no DNS query was performed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (5cnts)

Level Name Description Collection
danger MALWARE_Win_MeterpreterStager Detects Meterpreter stager payload binaries (upload)
danger Windows_Trojan_Metasploit_91bc5d7d (no description) binaries (upload)
warning Generic_Malware_Zero Generic Malware binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
188.166.177.132
whois
SG DIGITALOCEAN-ASN 188.166.177.132 malware

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x140003000 VirtualAlloc
 0x140003008 ExitProcess

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure