ScreenShot
Created 2021.03.18 09:35 Machine s1_win7_x6401
Filename water.php
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
5
Behavior Score
1.0
ZERO API file : malware
VT API (file) 30 detected (AIDetect, malware2, malicious, high confidence, GenericKD, HygB8ucA, TrickBot, confidence, a variant of Generik, BFQGXAR, Trickpak, Artemis, Outbreak, pprzd, kcloud, Poison, tnUo, Wacapew, score, Trickster, ai score=88, CLOUD, Generik, ZedlaF, Bq4@aOKBlVl)
md5 a4dc92b904b2b4b31960bf84614dad78
sha256 162bfebce722e1d9d4a4b67762b58c2129d5f76db40d101f2a4ab1438a795bc5
ssdeep 12288:ZBQ+hBancZ5k5F1cPIesC4z77VGLkujjV6Mm:ZBhracZKC4QLkujjo
imphash 73631ea08f5960294eeacc1cc3c8d03a
impfuzzy 3:sUHXXLCbAJSHXX0AZAJGXWXxcHAw9XbXMB1JRWD3zM/MDn:5ebVUAZ5AxcHAij2JwDD7D
  Network IP location

Signature (1cnts)

Level Description
danger File has been identified by 30 AntiVirus engines on VirusTotal as malicious

Rules (6cnts)

Level Name Description Collection
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature Zero binaries (upload)
info HasDebugData DebugData Check binaries (upload)
info HasRichSignature Rich Signature Check binaries (upload)
info IsWindowsGUI (no description) binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids



Similarity measure (PE file only) - Checking for service failure