ScreenShot
| Created | 2021.03.18 09:35 | Machine | s1_win7_x6401 |
| Filename | water.php | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetect, malware2, malicious, high confidence, GenericKD, HygB8ucA, TrickBot, confidence, a variant of Generik, BFQGXAR, Trickpak, Artemis, Outbreak, pprzd, kcloud, Poison, tnUo, Wacapew, score, Trickster, ai score=88, CLOUD, Generik, ZedlaF, Bq4@aOKBlVl) | ||
| md5 | a4dc92b904b2b4b31960bf84614dad78 | ||
| sha256 | 162bfebce722e1d9d4a4b67762b58c2129d5f76db40d101f2a4ab1438a795bc5 | ||
| ssdeep | 12288:ZBQ+hBancZ5k5F1cPIesC4z77VGLkujjV6Mm:ZBhracZKC4QLkujjo | ||
| imphash | 73631ea08f5960294eeacc1cc3c8d03a | ||
| impfuzzy | 3:sUHXXLCbAJSHXX0AZAJGXWXxcHAw9XbXMB1JRWD3zM/MDn:5ebVUAZ5AxcHAij2JwDD7D | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|