popup

Report - ik.exe

Generic Malware Malicious Library UPX PE File PE32 DLL
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2025.02.19 11:31 Machine s1_win7_x6401
Filename ik.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
6
 Behavior Score
4.6
ZERO API
VT API (file)
md5 40a3b67a99299a4f0f3a352b4f7739c9
sha256 809b7be978ee80d9b15169c9cc55a568b1a310879a4e024069f1e338470a04c9
ssdeep 6144:jh1qx/eWzTVfGA76zxOJwldxd6DVMZ1X3sMFgNQRQIeSTFzTwis:l1O/eWfQRxdUIgNQuIXPls
imphash
impfuzzy 3::
  Network IP location

Signature (11cnts)

Level Description
watch Attempts to identify installed AV products by installation directory
notice A process attempted to delay the analysis task.
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates executable files on the filesystem
notice Drops an executable to the user AppData folder
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Resolves a suspicious Top Level Domain (TLD)
notice Sends data using the HTTP POST Method
notice Steals private information from local Internet browsers
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (8cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (download)
info IsDLL (no description) binaries (download)
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)

Network (30cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://www.blissfuljo.life/p8fe/
whois
Unknown
http://www.bjogo.top/0ekp/?Rmyfu=pV4l2sJ5SKTfO2UKe3vpYQms7oDV9Z1ZTd//bSk12oBNtulDh+GDNLKspI2ybbM6Ulb9MujLBOrC2bz5gPibbXkxWVg5NcqV4sd6rfkPD23v8QrCPt85paxIo96ZJG6eSxv1+xA=&3K=dJI58bJxQ
whois
Unknown
http://www.zkderby.xyz/bqyq/
whois
Unknown
http://www.rds845.shop/h0nr/
whois
Unknown
http://www.82765.ltd/59d5/
whois
Unknown
http://www.birbacher.online/os5r/?Rmyfu=231uHx8vc2OXjfRp9MqGfmAfw0ORoc0FHs1yPQI+Y8FHV11jaHQ2ftygF7Z20+LhG+hwvpvPffWcTqqpG/gNLui17mhEo7YUi96xAksmd+3++erClo3DLaj5tFD9ebrkUZzk9Dk=&3K=dJI58bJxQ
whois
Unknown
http://www.031234103.xyz/6gd2/
whois
Unknown
http://www.birbacher.online/os5r/
whois
Unknown
http://www.sqlite.org/2019/sqlite-dll-win32-x86-3280000.zip
whois
Unknown
http://www.82765.ltd/59d5/?Rmyfu=qiWz9HwqJLKnYi7JlC6qkRM9oNVOe4dAvB5Yj2dX6M9d0oXA3FTQuLckJRO7ZlKIhJbHCMmlfOuDN9YpFc7H3lclNb/Uy7Zdu1Mg4MyeDmJL6C9SantxWX3ypDcfwQ2eRaZ57U8=&3K=dJI58bJxQ
whois
Unknown
http://www.blissfuljo.life/p8fe/?Rmyfu=nweR1c0XBtkzZggi0v3dr9kB4xCEwoCGMBQNH/aYwX8LuhjLbL5HUgqXwTet0aQ44oxYgp72GiDpetq5GT3VFYsxr5RBWjhs308QLFo3+dsZTQkp8hunF2AzxzIui5HbDfaQI0w=&3K=dJI58bJxQ
whois
Unknown
http://www.rds845.shop/h0nr/?Rmyfu=5SMA7S/38P4RaRgCp3VO1tw2rROs9wah4HH5Q6yYr3Nu4ZqcK75SUzG8TXPdlVkL75Uc/7uyt+ZBxF8Sx8kUuaqQBEx7a3bwhtWi8pbBN6KWtUApBidRHQ/G3KkasTH6o4wmaSg=&3K=dJI58bJxQ
whois
Unknown
http://www.bjogo.top/0ekp/
whois
Unknown
http://www.031234103.xyz/6gd2/?Rmyfu=eDwP/8dm6CwnhXuB5IJF6tcmrP8qMyRusivP8vJ/CAl0CGhAGK7mzvA4v30eghRxdOMQU1afgYEQdjgAooUx1K4I/phOYtNowfmzMvro50gabBLkO4mInrSdt2aBNeYGRLrQQ4U=&3K=dJI58bJxQ
whois
Unknown
http://www.zkderby.xyz/bqyq/?Rmyfu=Z6W2Due/iFNSY6roA058AuqdLgygAHlj29B3DLhDfw5gzakQrGCVCfu5pLO3yHC2Q5prfxENXL60nad/MKUoC8UQrxa2M0+WRd3DYf4bgsYWClNewfklrWL3J7GXJ+tZq73l4I4=&3K=dJI58bJxQ
whois
Unknown
www.82765.ltd
whois
Unknown
www.bjogo.top
whois
Unknown
www.031234103.xyz
whois
Unknown
www.blissfuljo.life
whois
Unknown
www.zkderby.xyz
whois
Unknown
www.rds845.shop
whois
Unknown
www.birbacher.online
whois
Unknown
156.224.194.237
whois
HK ABCDE GROUP COMPANY LIMITED 156.224.194.237
144.76.229.203
whois
DE Hetzner Online GmbH 144.76.229.203
76.223.54.146
whois
US AMAZON-02 76.223.54.146
148.72.247.70
whois
US AS-26496-GO-DADDY-COM-LLC 148.72.247.70
103.42.144.142
whois
TW Worldstar Network 103.42.144.142
162.0.225.218
whois
US NAMECHEAP-NET 162.0.225.218
217.160.0.24
whois
DE 1&1 Ionos Se 217.160.0.24
45.33.6.223
whois
US Linode, LLC 45.33.6.223

Suricata ids

ET INFO HTTP Request to Suspicious *.life Domain
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
ET HUNTING HTTP POST to XYZ TLD Containing Pass - Possible Phishing
ET INFO Observed DNS Query to .life TLD

PE API

IAT(Import Address Table) is none

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure