ScreenShot
| Created | 2025.05.04 13:05 | Machine | s1_win7_x6401 |
| Filename | 61deea59-694d-48eb-8a54-8dd0d6681a29 | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetectMalware, Plugx, Sonbokli, Artemis, Fragtor, Unsafe, Attribute, HighConfidence, xbykvs, Generic Reputation PUA, Detected, Wacapew, ABTrojan, UCGX, MALICIOUS, Chgt, R002H09DU25, susgen, PossibleThreat) | ||
| md5 | 5e27bea92dab3452d825ea4abb14bd43 | ||
| sha256 | 92d1ec28099bbebaaf27dc5c8c12dc2bee8d0a73855359960b4ea536cb93f5c3 | ||
| ssdeep | 393216:/wvy7bYHoHgJzUXIc7TvYb9zVpKcObXqJo26ZcNUM8yo88:/oH9zqBTYxzVp1JoIk188 | ||
| imphash | 71ff7d2fc8172e627900903df60566f8 | ||
| impfuzzy | 6:oIFGVKXS7Oz0aZwAZBJAEoZ/OEGDzyRG6cSbzudbB8Vyc2AxyTO6bCA+tx/xKXn:o0WpjWFABZG/Dzn6Ib8Qc2A+O6bCv/xM | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x4ddbbac FreeSid
crypt.dll
0x4ddbbb4 BCryptGenRandom
CRYPT32.dll
0x4ddbbbc CertOpenStore
dbghelp.dll
0x4ddbbc4 SymCleanup
IPHLPAPI.DLL
0x4ddbbcc GetBestRoute2
KERNEL32.DLL
0x4ddbbd4 LoadLibraryA
0x4ddbbd8 ExitProcess
0x4ddbbdc GetProcAddress
0x4ddbbe0 VirtualProtect
ole32.dll
0x4ddbbe8 CoTaskMemFree
PSAPI.DLL
0x4ddbbf0 EnumProcessModules
SHELL32.dll
0x4ddbbf8 SHGetKnownFolderPath
USER32.dll
0x4ddbc00 CharUpperA
USERENV.dll
0x4ddbc08 GetUserProfileDirectoryW
WINMM.dll
0x4ddbc10 timeGetTime
WS2_32.dll
0x4ddbc18 WSASetLastError
EAT(Export Address Table) is none
ADVAPI32.dll
0x4ddbbac FreeSid
crypt.dll
0x4ddbbb4 BCryptGenRandom
CRYPT32.dll
0x4ddbbbc CertOpenStore
dbghelp.dll
0x4ddbbc4 SymCleanup
IPHLPAPI.DLL
0x4ddbbcc GetBestRoute2
KERNEL32.DLL
0x4ddbbd4 LoadLibraryA
0x4ddbbd8 ExitProcess
0x4ddbbdc GetProcAddress
0x4ddbbe0 VirtualProtect
ole32.dll
0x4ddbbe8 CoTaskMemFree
PSAPI.DLL
0x4ddbbf0 EnumProcessModules
SHELL32.dll
0x4ddbbf8 SHGetKnownFolderPath
USER32.dll
0x4ddbc00 CharUpperA
USERENV.dll
0x4ddbc08 GetUserProfileDirectoryW
WINMM.dll
0x4ddbc10 timeGetTime
WS2_32.dll
0x4ddbc18 WSASetLastError
EAT(Export Address Table) is none