ScreenShot
Created | 2021.03.30 11:05 | Machine | s1_win7_x6402 |
Filename | ret5ret3.exe | ||
Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 14 detected (malicious, high confidence, Save, MalwareX, Fuerboos, CLOUD, score, Artemis, confidence, HgEASRwA) | ||
md5 | cdd95ff38e182507086b604b395c5131 | ||
sha256 | 42edefa09a3d85a3d4284f6ef57691c8b409ac00da21c799ae14b1adf17435f0 | ||
ssdeep | 6144:5RdcItrldgXTU4G0C2vg9QAJtn98PwuK3tTX+gGELCg4:5QuxaTdAJx98PwuKdXbGEO | ||
imphash | 8dd1cda0958dadd2459ce45a88de587f | ||
impfuzzy | 6:Ef0gldkz7dKfEiXpKJjPYvFHHbPpAz6HaKTqT20u:Ef1bkzEfEpJjAtHdAuHaI5 |
Network IP location
Signature (4cnts)
Level | Description |
---|---|
watch | Communicates with host for which no DNS query was performed |
watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
info | One or more processes crashed |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsPE64 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
info | HasDebugData | DebugData Check | binaries (upload) |
info | HasRichSignature | Rich Signature Check | binaries (upload) |
info | IsWindowsGUI | (no description) | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x140006060 InsertMenuA
0x140006068 GetSubMenu
0x140006070 CreateWindowExA
GDI32.dll
0x140006000 GetNearestColor
0x140006008 DPtoLP
0x140006010 CombineTransform
0x140006018 GetCharWidthFloatW
0x140006020 CreateScalableFontResourceA
0x140006028 GetCharWidthW
0x140006030 GetCharWidthFloatA
SHLWAPI.dll
0x140006040 StrToInt64ExA
0x140006048 None
0x140006050 StrDupA
EAT(Export Address Table) is none
USER32.dll
0x140006060 InsertMenuA
0x140006068 GetSubMenu
0x140006070 CreateWindowExA
GDI32.dll
0x140006000 GetNearestColor
0x140006008 DPtoLP
0x140006010 CombineTransform
0x140006018 GetCharWidthFloatW
0x140006020 CreateScalableFontResourceA
0x140006028 GetCharWidthW
0x140006030 GetCharWidthFloatA
SHLWAPI.dll
0x140006040 StrToInt64ExA
0x140006048 None
0x140006050 StrDupA
EAT(Export Address Table) is none