ScreenShot
| Created | 2022.02.05 18:30 | Machine | s1_win7_x6401 |
| Filename | WW14.bmp | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 43 detected (lJns, malicious, high confidence, GenericKD, Zapchast, GenericRXRO, Unsafe, ZexaF, ju0@aqfO54iO, PYSZ, Attribute, HighConfidence, R002C0WAU22, DropperX, Wozt, Malware@#jxlj5icm0k38, kcloud, GenericMC, Sabsik, R467245, ai score=84, CLOUD, WkqP6LvoeZ4, PossibleThreat, GdSda, confidence, 100%) | ||
| md5 | 68658cac51a3ee725891799aac339613 | ||
| sha256 | e96bffaf47466cbe75dcf428e6644292c49af8db919bfbcf6d5797cb0eeef35d | ||
| ssdeep | 3072:57IuMJuuw/nEmsvs6sgErUV9pWCEoevUHuvAHL+fg5WH96R1c/KlO:FDGw/nEHqgW6ptEocUHuvAHLtjcSY | ||
| imphash | 814f7fd30adaf5f4c13577b5442db364 | ||
| impfuzzy | 24:TRXOpLDjkFcMU2viu9QH7tV1rMYDc+i9roUOovbODlPX8U6LZiJp0sAfUAfHAf4i:JO4dCtV1rMmc+iZi3DlkJLZFJBetSbC | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d000 ReadFile
0x41d004 lstrcatA
0x41d008 GetModuleHandleA
0x41d00c Sleep
0x41d010 LoadLibraryA
0x41d014 DeleteFileW
0x41d018 lstrcpyA
0x41d01c CloseHandle
0x41d020 GetProcAddress
0x41d024 GetFileSize
0x41d028 GetConsoleWindow
0x41d02c GetLastError
0x41d030 lstrlenA
0x41d034 WriteConsoleW
0x41d038 CreateFileW
0x41d03c SetFilePointerEx
0x41d040 GetConsoleMode
0x41d044 GetConsoleOutputCP
0x41d048 FlushFileBuffers
0x41d04c HeapReAlloc
0x41d050 HeapSize
0x41d054 GetStringTypeW
0x41d058 SetStdHandle
0x41d05c GetFileType
0x41d060 GetProcessHeap
0x41d064 SetEnvironmentVariableW
0x41d068 FreeEnvironmentStringsW
0x41d06c GetEnvironmentStringsW
0x41d070 WideCharToMultiByte
0x41d074 MultiByteToWideChar
0x41d078 GetCPInfo
0x41d07c UnhandledExceptionFilter
0x41d080 SetUnhandledExceptionFilter
0x41d084 GetCurrentProcess
0x41d088 TerminateProcess
0x41d08c IsProcessorFeaturePresent
0x41d090 IsDebuggerPresent
0x41d094 GetStartupInfoW
0x41d098 GetCurrentProcessId
0x41d09c GetCurrentThreadId
0x41d0a0 InitializeSListHead
0x41d0a4 RtlUnwind
0x41d0a8 RaiseException
0x41d0ac EncodePointer
0x41d0b0 EnterCriticalSection
0x41d0b4 LeaveCriticalSection
0x41d0b8 DeleteCriticalSection
0x41d0bc FreeLibrary
0x41d0c0 LoadLibraryExW
0x41d0c4 ExitProcess
0x41d0c8 GetModuleHandleExW
0x41d0cc GetModuleFileNameW
0x41d0d0 GetStdHandle
0x41d0d4 WriteFile
0x41d0d8 GetCommandLineA
0x41d0dc GetCommandLineW
0x41d0e0 CompareStringW
0x41d0e4 LCMapStringW
0x41d0e8 GetTimeZoneInformation
0x41d0ec HeapFree
0x41d0f0 HeapAlloc
0x41d0f4 FindClose
0x41d0f8 FindFirstFileExW
0x41d0fc FindNextFileW
0x41d100 IsValidCodePage
0x41d104 GetACP
0x41d108 GetOEMCP
0x41d10c DecodePointer
USER32.dll
0x41d114 ShowWindow
api-ms-win-core-profile-l1-1-0.dll
0x41d140 QueryPerformanceCounter
api-ms-win-core-errorhandling-l1-1-0.dll
0x41d11c SetLastError
api-ms-win-core-synch-l1-1-0.dll
0x41d148 InitializeCriticalSectionAndSpinCount
api-ms-win-core-processthreads-l1-1-0.dll
0x41d12c TlsGetValue
0x41d130 TlsFree
0x41d134 TlsSetValue
0x41d138 TlsAlloc
api-ms-win-core-sysinfo-l1-1-0.dll
0x41d150 GetSystemTimeAsFileTime
api-ms-win-core-libraryloader-l1-2-0.dll
0x41d124 GetModuleHandleW
EAT(Export Address Table) is none
KERNEL32.dll
0x41d000 ReadFile
0x41d004 lstrcatA
0x41d008 GetModuleHandleA
0x41d00c Sleep
0x41d010 LoadLibraryA
0x41d014 DeleteFileW
0x41d018 lstrcpyA
0x41d01c CloseHandle
0x41d020 GetProcAddress
0x41d024 GetFileSize
0x41d028 GetConsoleWindow
0x41d02c GetLastError
0x41d030 lstrlenA
0x41d034 WriteConsoleW
0x41d038 CreateFileW
0x41d03c SetFilePointerEx
0x41d040 GetConsoleMode
0x41d044 GetConsoleOutputCP
0x41d048 FlushFileBuffers
0x41d04c HeapReAlloc
0x41d050 HeapSize
0x41d054 GetStringTypeW
0x41d058 SetStdHandle
0x41d05c GetFileType
0x41d060 GetProcessHeap
0x41d064 SetEnvironmentVariableW
0x41d068 FreeEnvironmentStringsW
0x41d06c GetEnvironmentStringsW
0x41d070 WideCharToMultiByte
0x41d074 MultiByteToWideChar
0x41d078 GetCPInfo
0x41d07c UnhandledExceptionFilter
0x41d080 SetUnhandledExceptionFilter
0x41d084 GetCurrentProcess
0x41d088 TerminateProcess
0x41d08c IsProcessorFeaturePresent
0x41d090 IsDebuggerPresent
0x41d094 GetStartupInfoW
0x41d098 GetCurrentProcessId
0x41d09c GetCurrentThreadId
0x41d0a0 InitializeSListHead
0x41d0a4 RtlUnwind
0x41d0a8 RaiseException
0x41d0ac EncodePointer
0x41d0b0 EnterCriticalSection
0x41d0b4 LeaveCriticalSection
0x41d0b8 DeleteCriticalSection
0x41d0bc FreeLibrary
0x41d0c0 LoadLibraryExW
0x41d0c4 ExitProcess
0x41d0c8 GetModuleHandleExW
0x41d0cc GetModuleFileNameW
0x41d0d0 GetStdHandle
0x41d0d4 WriteFile
0x41d0d8 GetCommandLineA
0x41d0dc GetCommandLineW
0x41d0e0 CompareStringW
0x41d0e4 LCMapStringW
0x41d0e8 GetTimeZoneInformation
0x41d0ec HeapFree
0x41d0f0 HeapAlloc
0x41d0f4 FindClose
0x41d0f8 FindFirstFileExW
0x41d0fc FindNextFileW
0x41d100 IsValidCodePage
0x41d104 GetACP
0x41d108 GetOEMCP
0x41d10c DecodePointer
USER32.dll
0x41d114 ShowWindow
api-ms-win-core-profile-l1-1-0.dll
0x41d140 QueryPerformanceCounter
api-ms-win-core-errorhandling-l1-1-0.dll
0x41d11c SetLastError
api-ms-win-core-synch-l1-1-0.dll
0x41d148 InitializeCriticalSectionAndSpinCount
api-ms-win-core-processthreads-l1-1-0.dll
0x41d12c TlsGetValue
0x41d130 TlsFree
0x41d134 TlsSetValue
0x41d138 TlsAlloc
api-ms-win-core-sysinfo-l1-1-0.dll
0x41d150 GetSystemTimeAsFileTime
api-ms-win-core-libraryloader-l1-2-0.dll
0x41d124 GetModuleHandleW
EAT(Export Address Table) is none