ScreenShot
| Created | 2022.12.13 09:51 | Machine | s1_win7_x6401 |
| Filename | LIMMin.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (malicious, high confidence, GenericKD, Artemis, Unsafe, Kryptik, V0b6, Attribute, HighConfidence, Trojanx, xasfkb, Hosts, jtqohh, score, Ximw, AGen, cmyxf, Ransombianlian, kcloud, Sabsik, Tiggre, Detected, ai score=82, R002H0CL622, mJL08voCrEL, GyVTmwFqUDg, susgen, AGENMM, Chgt) | ||
| md5 | d0525e69e54066d5b3764acefd16a754 | ||
| sha256 | d700f47bdc52906c398c026b3ac69382fb012434f7a6967323ede937af1658ce | ||
| ssdeep | 98304:vKNU8zvQiW+xPSCcgu3ebV6GDRjar2H2wKr3:avhWXrycG1jamKr3 | ||
| imphash | c24ea937b2b0d62e829e8a8faeff5a8d | ||
| impfuzzy | 24:Dfjz+kQYJd1j9Mblif5XGTqqXZPFkomtcqcxvZJF:DfH+kXHslEJGTqqJdk1uqcxLF | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140395254 CreateSemaphoreW
0x14039525c DeleteCriticalSection
0x140395264 EnterCriticalSection
0x14039526c GetLastError
0x140395274 GetModuleFileNameW
0x14039527c GetStartupInfoW
0x140395284 InitializeCriticalSection
0x14039528c IsDBCSLeadByteEx
0x140395294 LeaveCriticalSection
0x14039529c MultiByteToWideChar
0x1403952a4 ReleaseSemaphore
0x1403952ac SetLastError
0x1403952b4 SetUnhandledExceptionFilter
0x1403952bc Sleep
0x1403952c4 TlsAlloc
0x1403952cc TlsFree
0x1403952d4 TlsGetValue
0x1403952dc TlsSetValue
0x1403952e4 VirtualProtect
0x1403952ec VirtualQuery
0x1403952f4 WaitForSingleObject
msvcrt.dll
0x140395304 __C_specific_handler
0x14039530c ___lc_codepage_func
0x140395314 ___mb_cur_max_func
0x14039531c __iob_func
0x140395324 __set_app_type
0x14039532c __setusermatherr
0x140395334 __wgetmainargs
0x14039533c __winitenv
0x140395344 _amsg_exit
0x14039534c _assert
0x140395354 _cexit
0x14039535c _commode
0x140395364 _errno
0x14039536c _fmode
0x140395374 _initterm
0x14039537c _onexit
0x140395384 _wcmdln
0x14039538c _wcsicmp
0x140395394 _wgetenv
0x14039539c abort
0x1403953a4 calloc
0x1403953ac exit
0x1403953b4 fprintf
0x1403953bc fputwc
0x1403953c4 free
0x1403953cc fwprintf
0x1403953d4 fwrite
0x1403953dc localeconv
0x1403953e4 malloc
0x1403953ec memcpy
0x1403953f4 memset
0x1403953fc realloc
0x140395404 signal
0x14039540c strcat
0x140395414 strerror
0x14039541c strlen
0x140395424 strncmp
0x14039542c strstr
0x140395434 vfprintf
0x14039543c wcscat
0x140395444 wcscpy
0x14039544c wcslen
0x140395454 wcsncmp
0x14039545c wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x140395254 CreateSemaphoreW
0x14039525c DeleteCriticalSection
0x140395264 EnterCriticalSection
0x14039526c GetLastError
0x140395274 GetModuleFileNameW
0x14039527c GetStartupInfoW
0x140395284 InitializeCriticalSection
0x14039528c IsDBCSLeadByteEx
0x140395294 LeaveCriticalSection
0x14039529c MultiByteToWideChar
0x1403952a4 ReleaseSemaphore
0x1403952ac SetLastError
0x1403952b4 SetUnhandledExceptionFilter
0x1403952bc Sleep
0x1403952c4 TlsAlloc
0x1403952cc TlsFree
0x1403952d4 TlsGetValue
0x1403952dc TlsSetValue
0x1403952e4 VirtualProtect
0x1403952ec VirtualQuery
0x1403952f4 WaitForSingleObject
msvcrt.dll
0x140395304 __C_specific_handler
0x14039530c ___lc_codepage_func
0x140395314 ___mb_cur_max_func
0x14039531c __iob_func
0x140395324 __set_app_type
0x14039532c __setusermatherr
0x140395334 __wgetmainargs
0x14039533c __winitenv
0x140395344 _amsg_exit
0x14039534c _assert
0x140395354 _cexit
0x14039535c _commode
0x140395364 _errno
0x14039536c _fmode
0x140395374 _initterm
0x14039537c _onexit
0x140395384 _wcmdln
0x14039538c _wcsicmp
0x140395394 _wgetenv
0x14039539c abort
0x1403953a4 calloc
0x1403953ac exit
0x1403953b4 fprintf
0x1403953bc fputwc
0x1403953c4 free
0x1403953cc fwprintf
0x1403953d4 fwrite
0x1403953dc localeconv
0x1403953e4 malloc
0x1403953ec memcpy
0x1403953f4 memset
0x1403953fc realloc
0x140395404 signal
0x14039540c strcat
0x140395414 strerror
0x14039541c strlen
0x140395424 strncmp
0x14039542c strstr
0x140395434 vfprintf
0x14039543c wcscat
0x140395444 wcscpy
0x14039544c wcslen
0x140395454 wcsncmp
0x14039545c wcsstr
EAT(Export Address Table) is none