Report - 513c6eefa2a3097a951ee0deac651116fd9b14578df1397a6d5ecb75a9e19b1f.exe

Malicious Library UPX PE File PE32 OS Processor Check
ScreenShot
Created 2025.04.01 13:38 Machine s1_win7_x6403_us
Filename 513c6eefa2a3097a951ee0deac651116fd9b14578df1397a6d5ecb75a9e19b1f.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score Not founds Behavior Score
1.8
ZERO API file : clean
VT API (file) 53 detected (AIDetectMalware, Malicious, score, GenericmlPMF, S32885736, Lockbit, Babar, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, HWOU, CrypterX, Tofsee, Stealerc, kkmvem, SmokeLoader, CLASSIC, MulDrop9, Real Protect, high, Krypt, Static AI, Malicious PE, Detected, Eldorado, PWSX, R638491, TrojanPSW, Lumma, GdSda, Obfuscated, Giv2fQqujIc, susgen, HKBB, Injuke)
md5 97f1d67a63a4f7ff810c8c4d06911814
sha256 513c6eefa2a3097a951ee0deac651116fd9b14578df1397a6d5ecb75a9e19b1f
ssdeep 49152:iFEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEP:i
imphash 1bfb9e30602d999465ce79b11a35f99e
impfuzzy 24:jkPJIojHKdwpXQykjwvEgpv2DkoOovrU5lEcfL7/J3IjHRzT4AJ:DdOQyqSFnncmecf5CcAJ
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 53 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (5cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x40b000 PulseEvent
 0x40b004 HeapCompact
 0x40b008 GetConsoleAliasExesLengthA
 0x40b00c WriteConsoleOutputCharacterA
 0x40b010 HeapAlloc
 0x40b014 CreateJobObjectW
 0x40b018 HeapFree
 0x40b01c WaitForSingleObject
 0x40b020 CreateHardLinkA
 0x40b024 GlobalAlloc
 0x40b028 WideCharToMultiByte
 0x40b02c GetLocaleInfoW
 0x40b030 DnsHostnameToComputerNameW
 0x40b034 GetFileAttributesW
 0x40b038 GetModuleFileNameW
 0x40b03c FindNextVolumeMountPointW
 0x40b040 InterlockedExchange
 0x40b044 GetStdHandle
 0x40b048 FreeLibraryAndExitThread
 0x40b04c GetLastError
 0x40b050 GetConsoleDisplayMode
 0x40b054 BuildCommDCBW
 0x40b058 GetNumaHighestNodeNumber
 0x40b05c GetAtomNameA
 0x40b060 LoadLibraryA
 0x40b064 UnhandledExceptionFilter
 0x40b068 GetFileType
 0x40b06c FindAtomA
 0x40b070 ConvertDefaultLocale
 0x40b074 VirtualProtect
 0x40b078 GetCurrentDirectoryA
 0x40b07c ScrollConsoleScreenBufferA
 0x40b080 FileTimeToLocalFileTime
 0x40b084 HeapReAlloc
 0x40b088 GetProcAddress
 0x40b08c GetModuleHandleW
 0x40b090 ExitProcess
 0x40b094 DecodePointer
 0x40b098 GetCommandLineA
 0x40b09c HeapSetInformation
 0x40b0a0 GetStartupInfoW
 0x40b0a4 TerminateProcess
 0x40b0a8 GetCurrentProcess
 0x40b0ac SetUnhandledExceptionFilter
 0x40b0b0 IsDebuggerPresent
 0x40b0b4 EncodePointer
 0x40b0b8 HeapCreate
 0x40b0bc InitializeCriticalSectionAndSpinCount
 0x40b0c0 DeleteCriticalSection
 0x40b0c4 LeaveCriticalSection
 0x40b0c8 EnterCriticalSection
 0x40b0cc LoadLibraryW
 0x40b0d0 TlsAlloc
 0x40b0d4 TlsGetValue
 0x40b0d8 TlsSetValue
 0x40b0dc TlsFree
 0x40b0e0 InterlockedIncrement
 0x40b0e4 SetLastError
 0x40b0e8 GetCurrentThreadId
 0x40b0ec InterlockedDecrement
 0x40b0f0 WriteFile
 0x40b0f4 GetModuleFileNameA
 0x40b0f8 FreeEnvironmentStringsW
 0x40b0fc GetEnvironmentStringsW
 0x40b100 SetHandleCount
 0x40b104 QueryPerformanceCounter
 0x40b108 GetTickCount
 0x40b10c GetCurrentProcessId
 0x40b110 GetSystemTimeAsFileTime
 0x40b114 Sleep
 0x40b118 GetCPInfo
 0x40b11c GetACP
 0x40b120 GetOEMCP
 0x40b124 IsValidCodePage
 0x40b128 HeapSize
 0x40b12c RtlUnwind
 0x40b130 IsProcessorFeaturePresent
 0x40b134 LCMapStringW
 0x40b138 MultiByteToWideChar
 0x40b13c GetStringTypeW
 0x40b140 RaiseException

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure