ScreenShot
| Created | 2022.05.23 16:55 | Machine | s1_win7_x6403 |
| Filename | update.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (malicious, high confidence, Lazy, Unsafe, Save, Attribute, HighConfidence, Kryptik, HPPO, Bingoml, TrojanX, Generic ML PUA, Static AI, Suspicious PE, ai score=87, Wacatac, score, Pandora, dGZlOgUOkVOfV9sW, ZexaF, tuX@aaOTmUmi) | ||
| md5 | 56631af68a3da74a28cd90356d3fd6d9 | ||
| sha256 | 248b9f78cabc04c5eff4f7cc9075eb6abb6cfce86585f5149fa55840fbe36342 | ||
| ssdeep | 6144:Em1c/A6lGGSvIDgIU5BA1gAOt1wKPQFi9ogPfvsF8kbN:pc/A6lGGSvYsPr1wKztPnqbN | ||
| imphash | 7e9dac1620e7ffb8082a9dca03cc96f9 | ||
| impfuzzy | 96:xuCUpjbEprB2yKlQe5LS7JqARkbdCBUf3j:xuC+vOryI2 | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
api-ms-win-core-memory-l1-1-0.dll
0x4220fc VirtualProtect
api-ms-win-core-processthreads-l1-1-0.dll
0x422124 GetCurrentThreadId
0x422128 TlsFree
0x42212c GetCurrentProcessId
0x422130 TlsAlloc
0x422134 GetStartupInfoW
0x422138 TlsGetValue
0x42213c TerminateProcess
0x422140 GetCurrentProcess
0x422144 ExitProcess
0x422148 TlsSetValue
api-ms-win-core-synch-l1-2-0.dll
0x422194 Sleep
api-ms-win-core-errorhandling-l1-1-0.dll
0x422044 SetLastError
0x422048 SetUnhandledExceptionFilter
0x42204c RaiseException
0x422050 UnhandledExceptionFilter
0x422054 GetLastError
api-ms-win-ntuser-sysparams-l1-1-0.dll
0x4221b0 GetSystemMetrics
api-ms-win-core-console-l3-2-0.dll
0x422034 GetConsoleWindow
api-ms-win-core-localization-l1-2-0.dll
0x4220d0 IsValidCodePage
0x4220d4 GetLocaleInfoW
0x4220d8 IsValidLocale
0x4220dc GetUserDefaultLCID
0x4220e0 EnumSystemLocalesW
0x4220e4 GetCPInfo
0x4220e8 LCMapStringEx
0x4220ec GetOEMCP
0x4220f0 GetACP
0x4220f4 LCMapStringW
api-ms-win-core-synch-l1-1-0.dll
0x42217c InitializeCriticalSectionAndSpinCount
0x422180 EnterCriticalSection
0x422184 InitializeCriticalSectionEx
0x422188 DeleteCriticalSection
0x42218c LeaveCriticalSection
api-ms-win-core-util-l1-1-0.dll
0x4221a4 EncodePointer
0x4221a8 DecodePointer
api-ms-win-core-string-l1-1-0.dll
0x422168 MultiByteToWideChar
0x42216c GetStringTypeW
0x422170 CompareStringW
0x422174 WideCharToMultiByte
USER32.dll
0x422000 GetForegroundWindow
0x422004 SendMessageA
0x422008 GetSysColorBrush
0x42200c FindWindowA
0x422010 GetCursorPos
0x422014 PostMessageA
0x422018 ShowWindow
api-ms-win-core-processthreads-l1-1-1.dll
0x422150 IsProcessorFeaturePresent
api-ms-win-core-debug-l1-1-0.dll
0x42203c IsDebuggerPresent
api-ms-win-core-libraryloader-l1-2-0.dll
0x4220b4 LoadLibraryExW
0x4220b8 GetModuleFileNameW
0x4220bc FreeLibrary
0x4220c0 GetModuleHandleW
0x4220c4 GetModuleHandleExW
0x4220c8 GetProcAddress
api-ms-win-core-profile-l1-1-0.dll
0x422158 QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll
0x42219c GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0.dll
0x4220ac InitializeSListHead
api-ms-win-core-rtlsupport-l1-1-0.dll
0x422160 RtlUnwind
api-ms-win-core-processenvironment-l1-1-0.dll
0x422104 GetCommandLineA
0x422108 GetStdHandle
0x42210c SetStdHandle
0x422110 SetEnvironmentVariableW
0x422114 FreeEnvironmentStringsW
0x422118 GetEnvironmentStringsW
0x42211c GetCommandLineW
api-ms-win-core-file-l1-1-0.dll
0x42205c FindFirstFileExW
0x422060 FindClose
0x422064 SetEndOfFile
0x422068 FindNextFileW
0x42206c GetFileSizeEx
0x422070 ReadFile
0x422074 CreateFileW
0x422078 SetFilePointerEx
0x42207c WriteFile
0x422080 GetFileType
0x422084 FlushFileBuffers
api-ms-win-core-console-l1-1-0.dll
0x422020 ReadConsoleW
0x422024 GetConsoleMode
0x422028 WriteConsoleW
0x42202c GetConsoleOutputCP
api-ms-win-core-heap-l1-1-0.dll
0x422094 HeapAlloc
0x422098 HeapSize
0x42209c HeapReAlloc
0x4220a0 HeapFree
0x4220a4 GetProcessHeap
api-ms-win-core-handle-l1-1-0.dll
0x42208c CloseHandle
EAT(Export Address Table) is none
api-ms-win-core-memory-l1-1-0.dll
0x4220fc VirtualProtect
api-ms-win-core-processthreads-l1-1-0.dll
0x422124 GetCurrentThreadId
0x422128 TlsFree
0x42212c GetCurrentProcessId
0x422130 TlsAlloc
0x422134 GetStartupInfoW
0x422138 TlsGetValue
0x42213c TerminateProcess
0x422140 GetCurrentProcess
0x422144 ExitProcess
0x422148 TlsSetValue
api-ms-win-core-synch-l1-2-0.dll
0x422194 Sleep
api-ms-win-core-errorhandling-l1-1-0.dll
0x422044 SetLastError
0x422048 SetUnhandledExceptionFilter
0x42204c RaiseException
0x422050 UnhandledExceptionFilter
0x422054 GetLastError
api-ms-win-ntuser-sysparams-l1-1-0.dll
0x4221b0 GetSystemMetrics
api-ms-win-core-console-l3-2-0.dll
0x422034 GetConsoleWindow
api-ms-win-core-localization-l1-2-0.dll
0x4220d0 IsValidCodePage
0x4220d4 GetLocaleInfoW
0x4220d8 IsValidLocale
0x4220dc GetUserDefaultLCID
0x4220e0 EnumSystemLocalesW
0x4220e4 GetCPInfo
0x4220e8 LCMapStringEx
0x4220ec GetOEMCP
0x4220f0 GetACP
0x4220f4 LCMapStringW
api-ms-win-core-synch-l1-1-0.dll
0x42217c InitializeCriticalSectionAndSpinCount
0x422180 EnterCriticalSection
0x422184 InitializeCriticalSectionEx
0x422188 DeleteCriticalSection
0x42218c LeaveCriticalSection
api-ms-win-core-util-l1-1-0.dll
0x4221a4 EncodePointer
0x4221a8 DecodePointer
api-ms-win-core-string-l1-1-0.dll
0x422168 MultiByteToWideChar
0x42216c GetStringTypeW
0x422170 CompareStringW
0x422174 WideCharToMultiByte
USER32.dll
0x422000 GetForegroundWindow
0x422004 SendMessageA
0x422008 GetSysColorBrush
0x42200c FindWindowA
0x422010 GetCursorPos
0x422014 PostMessageA
0x422018 ShowWindow
api-ms-win-core-processthreads-l1-1-1.dll
0x422150 IsProcessorFeaturePresent
api-ms-win-core-debug-l1-1-0.dll
0x42203c IsDebuggerPresent
api-ms-win-core-libraryloader-l1-2-0.dll
0x4220b4 LoadLibraryExW
0x4220b8 GetModuleFileNameW
0x4220bc FreeLibrary
0x4220c0 GetModuleHandleW
0x4220c4 GetModuleHandleExW
0x4220c8 GetProcAddress
api-ms-win-core-profile-l1-1-0.dll
0x422158 QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll
0x42219c GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0.dll
0x4220ac InitializeSListHead
api-ms-win-core-rtlsupport-l1-1-0.dll
0x422160 RtlUnwind
api-ms-win-core-processenvironment-l1-1-0.dll
0x422104 GetCommandLineA
0x422108 GetStdHandle
0x42210c SetStdHandle
0x422110 SetEnvironmentVariableW
0x422114 FreeEnvironmentStringsW
0x422118 GetEnvironmentStringsW
0x42211c GetCommandLineW
api-ms-win-core-file-l1-1-0.dll
0x42205c FindFirstFileExW
0x422060 FindClose
0x422064 SetEndOfFile
0x422068 FindNextFileW
0x42206c GetFileSizeEx
0x422070 ReadFile
0x422074 CreateFileW
0x422078 SetFilePointerEx
0x42207c WriteFile
0x422080 GetFileType
0x422084 FlushFileBuffers
api-ms-win-core-console-l1-1-0.dll
0x422020 ReadConsoleW
0x422024 GetConsoleMode
0x422028 WriteConsoleW
0x42202c GetConsoleOutputCP
api-ms-win-core-heap-l1-1-0.dll
0x422094 HeapAlloc
0x422098 HeapSize
0x42209c HeapReAlloc
0x4220a0 HeapFree
0x4220a4 GetProcessHeap
api-ms-win-core-handle-l1-1-0.dll
0x42208c CloseHandle
EAT(Export Address Table) is none