ScreenShot
Created | 2021.03.31 10:32 | Machine | s1_win7_x6402 |
Filename | ret1.exe | ||
Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 6 detected (Unsafe, Malicious, score, confidence) | ||
md5 | 83e6a0bec752cfa12db166b45ba49a79 | ||
sha256 | f0548ac778c8bcea06c577a13e7b0856b73838715c2fab1b1e83096e2333f82f | ||
ssdeep | 6144:11jPZmG29u87HxpEyp2SNj91keVmvOC/OXcG26EqKXfV2ldUJR94VcTAgmQ:nZdMRp70SNj91ke4Om1YVld8T4VA | ||
imphash | |||
impfuzzy | 3:: |
Network IP location
Signature (4cnts)
Level | Description |
---|---|
watch | Communicates with host for which no DNS query was performed |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
info | One or more processes crashed |
Rules (7cnts)
Level | Name | Description | Collection |
---|---|---|---|
notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
info | IsPE64 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
info | HasDebugData | DebugData Check | binaries (upload) |
info | HasRichSignature | Rich Signature Check | binaries (upload) |
info | ImportTableIsBad | ImportTable Check | binaries (upload) |
info | IsWindowsGUI | (no description) | binaries (upload) |
Network (3cnts) ?
Suricata ids
PE API
IAT(Import Address Table) is none
EAT(Export Address Table) is none
EAT(Export Address Table) is none