ScreenShot
| Created | 2021.03.17 10:54 | Machine | s1_win7_x6402 |
| Filename | 4.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 20 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Urlbot, Save, confidence, ZexaF, rqW@aKHIPlI, Attribute, HighConfidence, FileRepMetagen, Glupteba, score, MachineLearning, Anomalous, Static AI, Suspicious PE) | ||
| md5 | 10eefbe8d8e288f2ea7882820dafe275 | ||
| sha256 | 69c7a6358e831676867f0ad2e7319466711c5396f9d5ecd9a8dfe06be3815121 | ||
| ssdeep | 6144:LT5ZzpPjb94x18CQljNF8FwrW+Uwk3OOnd/r6H:BhpP+nTU5kwKD1OOt | ||
| imphash | 212e998df016305bc284a50afd851b4f | ||
| impfuzzy | 48:7XdwjWcrWvBFfO1KH6dOzjUpguXqOMsXApDcjtxvqgDP0cwTZuA8f:7XdwjUB3WUj0guXqmyDcjt5qgD8c6uH | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
