ScreenShot
Created | 2021.03.14 11:45 | Machine | s1_win7_x6401 |
Filename | 5.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 46 detected (AIDetect, malware1, malicious, high confidence, Bulz, GenericKDZ, Unsafe, Save, Kryptik, confidence, 100%, Eldorado, HJXL, score, Chapak, GenericKD, TrojanX, Static AI, Malicious PE, Guloader, CoinMiner, Glupteba, R371604, ai score=100, THCABBA, CLOUD, UrSnif, susgen, ZexaF, EqW@aia72sV, Genetic, HwoC3IMA) | ||
md5 | 212b12e2686111514455c97b689c8457 | ||
sha256 | a8fe17654d8f2a952fee93bd6e78864ee4a2e766c92e6ba7dda2b0117e1ef97a | ||
ssdeep | 6144:PnL0GwFG8EdSpx4y3vwKe94genAvlXKJo7OcbV0cDfKBrIteh4bwmsaEYah+CthW:P6FG8uSpB3vW95vcOZbyB0Y4bwmoXhz | ||
imphash | 3cbd1c2235e522f6f70043c9b0c48630 | ||
impfuzzy | 48:9psUM1PAOC3vV4fTT3YXSs8hY+jnM+R1KuucLZuAXR:vsDDmNUTT3YXdJ+jnM+R1mc9uAXR |
Network IP location
Signature (6cnts)
Level | Description |
---|---|
danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
watch | Tries to unhook Windows functions monitored by Cuckoo |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | One or more processes crashed |
info | This executable has a PDB path |
Rules (9cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
info | HasDebugData | DebugData Check | binaries (upload) |
info | HasRichSignature | Rich Signature Check | binaries (upload) |
info | IsPacked | Entropy Check | binaries (upload) |
info | IsWindowsGUI | (no description) | binaries (upload) |
info | win_files_operation | Affect private profile | binaries (upload) |
info | win_mutex | Create or check mutex | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|