ScreenShot
| Created | 2025.04.13 15:21 | Machine | s1_win7_x6401 |
| Filename | Gangway.ps1 | ||
| Type | UTF-8 Unicode text | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | ded10f323ef93757568915789c9cd3eb | ||
| sha256 | fd790c0644021d07c08f6d2c58d34d1ede347aceae37f246a47afc2921252cac | ||
| ssdeep | 192:WPdIIX+TX+fXEMXYcZd0fXW/iQ/RHIV1y2aPSM6MW8/ghYqoo2xIr4/rAncLgH6G:WPqJqMva8yNSM6MW8eYqoo2xIr4/rAnx | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Executes one or more WMI queries |
| notice | Executes one or more WMI queries which can be used to identify virtual machines |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|