Report - regasm.exe

ScreenShot

Info
Location map


Created	2021.03.09 11:12	Machine	s1_win7_x6402
Filename	regasm.exe
Type	PE32 executable (GUI) Intel 80386, for MS Windows
AI Score	1	Behavior Score	3.6
ZERO API	file : malware
VT API (file)	37 detected (AIDetect, malware1, malicious, high confidence, Bulz, Unsafe, Save, ZexaF, puW@aa4, IskG, Kryptik, Eldorado, Attribute, HighConfidence, MalwareX, Static AI, Suspicious PE, ai score=83, Glupteba, score, R371107, HJUY, CLASSIC, UrSnif, susgen, HJUV, confidence, 100%, QVM10)
md5	10db8380a0deb4453f10f72777ffbe7a
sha256	514f32acee7052cb11a746b39413eee3d8292a203cb309e1c9e9f9c60bbcb26f
ssdeep	3072:ji6a646RwIWbKGMYO4RueyqlCfV2f3ZLVEYBPSwZgqm+RV:eZCRPN+MeMfShVPPPa+r
imphash	711da2307affe355e903c6ae1f15c562
impfuzzy	48:5Ips7d5OSGHt8BZmz5WWuFzwdS+ceh62MZUje0c9ZT:5gs7qSGj5WWAzoS+ceh/MZUy0c3T

Network IP location

Signature (8cnts)

Level	Description
danger	File has been identified by 37 AntiVirus engines on VirusTotal as malicious
watch	Communicates with host for which no DNS query was performed
watch	Tries to unhook Windows functions monitored by Cuckoo
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	One or more processes crashed
info	The file contains an unknown PE resource name possibly indicative of a packer
info	This executable has a PDB path

Rules (7cnts)

Level	Name	Description	Collection
info	IsPE32	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check Signature Zero	binaries (upload)
info	PE_Header_Zero	PE File Signature Zero	binaries (upload)
info	HasDebugData	DebugData Check	binaries (upload)
info	IsWindowsGUI	(no description)	binaries (upload)
info	win_files_operation	Affect private profile	binaries (upload)
info	win_mutex	Create or check mutex	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure