Report - dwinx64.exe

Generic Malware PE File PE64

ScreenShot

Info
Location map


Created	2025.04.21 13:31	Machine	s1_win7_x6403
Filename	dwinx64.exe
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score	5	Behavior Score	2.2
ZERO API	file : malware
VT API (file)	50 detected (AIDetectMalware, Malicious, score, Demon, S33863801, Havokiz, Marte, Unsafe, confidence, Attribute, HighConfidence, Windows, Threat, Havoc, MalwareX, CLASSIC, AGEN, SMPK, Static AI, Malicious PE, Detected, Eldorado, R673056)
md5	ef8cd2d2915fabbe1032fad585172073
sha256	eb8cc7d6a2ac1b048250cbd78d7663f034e5249932a337b1298ccc0d120ef073
ssdeep	1536:lkIoalOYktfCM83vGT4HJVE/kGE5+Kb+LwoMSJZNR5FOINb:dFITtfCMjTOVE/kOXMSJZjPOINb
imphash
impfuzzy	3::

Network IP location

Signature (3cnts)

Level	Description
danger	File has been identified by 50 AntiVirus engines on VirusTotal as malicious
watch	Communicates with host for which no DNS query was performed
notice	Checks adapter addresses which can be used to detect virtual network interfaces

Rules (3cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (2cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://196.251.118.210:8088/ whois		xneelo	196.251.118.210		clean
196.251.118.210 whois		xneelo	196.251.118.210		malware

Suricata ids

Similarity measure (PE file only) - Checking for service failure