ScreenShot
| Created | 2022.12.05 17:03 | Machine | s1_win7_x6403 |
| Filename | f429fjd4uf84u.sdfh | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 48 detected (GenericKD, Lazy, Save, ZexaF, @x0@aGbBpmhi, ABRisk, QMYD, Attribute, HighConfidence, malicious, high confidence, AEWZ, score, Generic@AI, RDML, uGA8, e3H2FlUP9SOAUUilQ, Malware@#lf2h65387aqp, AGEN, ehea, Phonzy, kcloud, Malgent, Detected, Artemis, ai score=100, Unsafe, Chgt, R002H0CKE22, Sgil, Static AI, Suspicious PE, PossibleThreat, FileRepMalware) | ||
| md5 | 8cd1ea50f8f4c45055400e70da52b326 | ||
| sha256 | 66552cbe03b205cba08a2524fb93303dec5edf51188758b08d12624db1ee73e1 | ||
| ssdeep | 98304:Zr+dbd33oSpsJu9oR+bY11UhoIwBOqF85EiqrvBb2s4U5OoNkI9xFvPrBtOs6ha:x+BzpWu891ZDBOr+iqrpbTLp/U | ||
| imphash | cf016c4fba6ba7bde12c075b1bf716d1 | ||
| impfuzzy | 24:NlD7P10teX7MdlJeDc+pl39YoBUSOovbO3iv2GMD5:DeteX7Mic+ppCX30C5 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x415000 GetCurrentProcess
0x415004 GetStdHandle
0x415008 GetCurrentThread
0x41500c LoadLibraryA
0x415010 FreeConsole
0x415014 GetProcAddress
0x415018 GetCurrentProcessId
0x41501c GetConsoleWindow
0x415020 GetEnvironmentStringsW
0x415024 WriteConsoleW
0x415028 CloseHandle
0x41502c CreateFileW
0x415030 UnhandledExceptionFilter
0x415034 SetUnhandledExceptionFilter
0x415038 TerminateProcess
0x41503c IsProcessorFeaturePresent
0x415040 QueryPerformanceCounter
0x415044 GetCurrentThreadId
0x415048 GetSystemTimeAsFileTime
0x41504c InitializeSListHead
0x415050 IsDebuggerPresent
0x415054 GetStartupInfoW
0x415058 GetModuleHandleW
0x41505c RtlUnwind
0x415060 RaiseException
0x415064 GetLastError
0x415068 SetLastError
0x41506c EncodePointer
0x415070 EnterCriticalSection
0x415074 LeaveCriticalSection
0x415078 DeleteCriticalSection
0x41507c InitializeCriticalSectionAndSpinCount
0x415080 TlsAlloc
0x415084 TlsGetValue
0x415088 TlsSetValue
0x41508c TlsFree
0x415090 FreeLibrary
0x415094 LoadLibraryExW
0x415098 WriteFile
0x41509c GetModuleFileNameW
0x4150a0 ExitProcess
0x4150a4 GetModuleHandleExW
0x4150a8 HeapAlloc
0x4150ac HeapFree
0x4150b0 FindClose
0x4150b4 FindFirstFileExW
0x4150b8 FindNextFileW
0x4150bc IsValidCodePage
0x4150c0 GetACP
0x4150c4 GetOEMCP
0x4150c8 GetCPInfo
0x4150cc GetCommandLineA
0x4150d0 GetCommandLineW
0x4150d4 MultiByteToWideChar
0x4150d8 WideCharToMultiByte
0x4150dc FreeEnvironmentStringsW
0x4150e0 SetStdHandle
0x4150e4 GetFileType
0x4150e8 GetStringTypeW
0x4150ec LCMapStringW
0x4150f0 GetProcessHeap
0x4150f4 HeapSize
0x4150f8 HeapReAlloc
0x4150fc FlushFileBuffers
0x415100 GetConsoleOutputCP
0x415104 GetConsoleMode
0x415108 SetFilePointerEx
0x41510c DecodePointer
USER32.dll
0x415114 GetCapture
EAT(Export Address Table) is none
KERNEL32.dll
0x415000 GetCurrentProcess
0x415004 GetStdHandle
0x415008 GetCurrentThread
0x41500c LoadLibraryA
0x415010 FreeConsole
0x415014 GetProcAddress
0x415018 GetCurrentProcessId
0x41501c GetConsoleWindow
0x415020 GetEnvironmentStringsW
0x415024 WriteConsoleW
0x415028 CloseHandle
0x41502c CreateFileW
0x415030 UnhandledExceptionFilter
0x415034 SetUnhandledExceptionFilter
0x415038 TerminateProcess
0x41503c IsProcessorFeaturePresent
0x415040 QueryPerformanceCounter
0x415044 GetCurrentThreadId
0x415048 GetSystemTimeAsFileTime
0x41504c InitializeSListHead
0x415050 IsDebuggerPresent
0x415054 GetStartupInfoW
0x415058 GetModuleHandleW
0x41505c RtlUnwind
0x415060 RaiseException
0x415064 GetLastError
0x415068 SetLastError
0x41506c EncodePointer
0x415070 EnterCriticalSection
0x415074 LeaveCriticalSection
0x415078 DeleteCriticalSection
0x41507c InitializeCriticalSectionAndSpinCount
0x415080 TlsAlloc
0x415084 TlsGetValue
0x415088 TlsSetValue
0x41508c TlsFree
0x415090 FreeLibrary
0x415094 LoadLibraryExW
0x415098 WriteFile
0x41509c GetModuleFileNameW
0x4150a0 ExitProcess
0x4150a4 GetModuleHandleExW
0x4150a8 HeapAlloc
0x4150ac HeapFree
0x4150b0 FindClose
0x4150b4 FindFirstFileExW
0x4150b8 FindNextFileW
0x4150bc IsValidCodePage
0x4150c0 GetACP
0x4150c4 GetOEMCP
0x4150c8 GetCPInfo
0x4150cc GetCommandLineA
0x4150d0 GetCommandLineW
0x4150d4 MultiByteToWideChar
0x4150d8 WideCharToMultiByte
0x4150dc FreeEnvironmentStringsW
0x4150e0 SetStdHandle
0x4150e4 GetFileType
0x4150e8 GetStringTypeW
0x4150ec LCMapStringW
0x4150f0 GetProcessHeap
0x4150f4 HeapSize
0x4150f8 HeapReAlloc
0x4150fc FlushFileBuffers
0x415100 GetConsoleOutputCP
0x415104 GetConsoleMode
0x415108 SetFilePointerEx
0x41510c DecodePointer
USER32.dll
0x415114 GetCapture
EAT(Export Address Table) is none