ScreenShot
| Created | 2024.12.16 18:42 | Machine | s1_win7_x6401 |
| Filename | 41a1111.hta | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 58 detected (Farfli, Dump, Dacic, Mauvaise, Unsafe, Vokz, malicious, confidence, 100%, Attribute, HighConfidence, moderate confidence, score, dxihqn, CQejOpL0yUV, Gh0stCringe, rrfda, DownLoader16, ZEGOST, SM44, moderate, Bjlog, bqnp, Detected, AntiAV, ~D@fny3h, ASDI, ABTrojan, CBQH, R97143, GenericRXAA, MachineLearning, Anomalous, Genetic, Gencirc, GenAsa, iwTZsTxBTgQ, ToBea, Mint) | ||
| md5 | 8d3008b1b51e600b464f1458142a3f0f | ||
| sha256 | d73f5eddae8d37b97c5844576ab4c78b49b222a174714f819be479913a6dfec5 | ||
| ssdeep | 1536:F2kY17omXGwaA82rOGJQV0RIyauLAkBIR0x:F2kY6wGL2rO+Y0RIyFGqx | ||
| imphash | 0fd81f440ebc75b9643f0a9a76fd8d29 | ||
| impfuzzy | 6:dBJAEHGDvZ/ED2vI73T7dCgwyvcSbVIS11n:VA/DvZ2H7j7HwyvDpn | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 58 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | A process attempted to delay the analysis task. |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x4327e0 LoadLibraryA
0x4327e4 GetProcAddress
0x4327e8 ExitProcess
ADVAPI32.dll
0x4327f0 LsaClose
GDI32.dll
0x4327f8 BitBlt
MSVCP60.dll
0x432800 ?_Xran@std@@YAXXZ
MSVCRT.dll
0x432808 free
MSVFW32.dll
0x432810 ICOpen
PSAPI.DLL
0x432818 EnumProcessModules
SHELL32.dll
0x432820 ShellExecuteA
WINMM.dll
0x432828 waveInStop
WS2_32.dll
0x432830 send
EAT(Export Address Table) Library
0x4014d3 dfdg
KERNEL32.DLL
0x4327e0 LoadLibraryA
0x4327e4 GetProcAddress
0x4327e8 ExitProcess
ADVAPI32.dll
0x4327f0 LsaClose
GDI32.dll
0x4327f8 BitBlt
MSVCP60.dll
0x432800 ?_Xran@std@@YAXXZ
MSVCRT.dll
0x432808 free
MSVFW32.dll
0x432810 ICOpen
PSAPI.DLL
0x432818 EnumProcessModules
SHELL32.dll
0x432820 ShellExecuteA
WINMM.dll
0x432828 waveInStop
WS2_32.dll
0x432830 send
EAT(Export Address Table) Library
0x4014d3 dfdg