Report - pik.ps1

Generic Malware Antivirus

ScreenShot

Info
Location map


Created	2025.04.28 10:48	Machine	s1_win7_x6402
Filename	pik.ps1
Type	ASCII text, with CRLF line terminators
AI Score	Not founds	Behavior Score	5.6
ZERO API	file : clean
VT API (file)	21 detected (powershell, asyncrat, GenericKD, TOPIS, I8VBzmz4OfT, Detected, ABDownloader, FAIV, Hajl)
md5	61d5db12ed0611000c59d5fd7fe884c2
sha256	5c43a6d132376244c80efb953ff1d5563cd7b06a531b3e8e5f4678ec765c70a6
ssdeep	12:AUFCS5/+daZ7IaYS51gKI7M3WVbgd3pjqI5J0gdJQg+QrgxnIAg:fFCS5/vZkax51w7M3Wx2xj5J02Jx+8gA
imphash
impfuzzy

Network IP location

Signature (14cnts)

Level	Description
warning	File has been identified by 21 AntiVirus engines on VirusTotal as malicious
watch	Communicates with host for which no DNS query was performed
watch	Network communications indicative of a potential document or script payload download was initiated by the process powershell.exe
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Poweshell is sending data to a remote host
notice	URL downloaded by powershell script
info	Checks amount of memory in system
info	Command line console output was observed
info	Queries for the computername
info	Uses Windows APIs to generate a cryptographic key

Rules (2cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (download)
watch	Antivirus	Contains references to security software	binaries (download)

Network (2cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://88.214.48.26/tpnl98/ret.exe whois		M247 Ltd	88.214.48.26	45429	malware
88.214.48.26 whois		M247 Ltd	88.214.48.26		mailcious

Suricata ids

Similarity measure (PE file only) - Checking for service failure