ScreenShot
| Created | 2022.12.13 17:14 | Machine | s1_win7_x6403 |
| Filename | BNSREveZbTkD.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (AIDetect, malware2, Artemis, Unsafe, Save, GenericKD, Attribute, HighConfidence, malicious, high confidence, a variant of Generik, JABKJZ, Reline, Kryptik, pYfVodzM5IU, ai score=83, Wacatac, Sabsik, MachineLearning, Anomalous, FalseSign, Qqil, susgen, ZexaF, wvX@amLwy, PWSX) | ||
| md5 | 1f00638214824577f764026104668add | ||
| sha256 | 78d2ae83a34339fd455214e96d9465360eff9c8a99d654f673350815f8f19c59 | ||
| ssdeep | 24576:siMLG8NWP8751MuO72cRopWkQ1D56jrBMm+3ZN2LwEQq2KNIxH1FUmmkng:QLG2WP8751Y72/4kQtyrBz+3ZQwEH1Si | ||
| imphash | 2ea0d8985489fac9d703f2d23c1ba077 | ||
| impfuzzy | 48:arX1pkrCng5+jhEOth/8fM//EkVtdhKz+c31rzxH/FLGzOlyn:arFpkrCg5+NPth/8fMXXWiOmn | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x524000 GetSystemDefaultLangID
0x524004 GetFileSize
0x524008 GlobalDeleteAtom
0x52400c TlsGetValue
0x524010 GetSystemDefaultUILanguage
0x524014 GetDefaultCommConfigW
0x524018 HeapAlloc
0x52401c HeapFree
0x524020 GetEnvironmentStringsW
0x524024 SleepEx
0x524028 GetTickCount
0x52402c GetCurrentThread
0x524030 GetProcessHeap
0x524034 IsBadReadPtr
0x524038 GetUserDefaultLangID
0x52403c GetCurrencyFormatW
0x524040 GetConsoleCP
0x524044 LoadLibraryW
0x524048 Sleep
0x52404c HeapCreate
0x524050 GetFileAttributesW
0x524054 ReadFile
0x524058 CreateFileW
0x52405c GetACP
0x524060 lstrlenW
0x524064 RaiseException
0x524068 GetLastError
0x52406c SetLastError
0x524070 GetProcAddress
0x524074 IsValidCodePage
0x524078 GetLargePageMinimum
0x52407c FoldStringW
0x524080 SetConsoleTitleW
0x524084 GetModuleHandleA
0x524088 GetThreadId
0x52408c GetConsoleTitleW
0x524090 GetCurrentThreadId
0x524094 CloseHandle
0x524098 GetCurrentProcessId
0x52409c GlobalAddAtomW
0x5240a0 GetThreadUILanguage
0x5240a4 WriteConsoleW
0x5240a8 GetStringTypeW
0x5240ac LCMapStringW
0x5240b0 IsProcessorFeaturePresent
0x5240b4 MultiByteToWideChar
0x5240b8 SetEndOfFile
0x5240bc SetFilePointer
0x5240c0 FlushFileBuffers
0x5240c4 GetConsoleMode
0x5240c8 SetStdHandle
0x5240cc HeapReAlloc
0x5240d0 HeapSize
0x5240d4 WideCharToMultiByte
0x5240d8 GetOEMCP
0x5240dc GetCPInfo
0x5240e0 CreateFileA
0x5240e4 DeleteCriticalSection
0x5240e8 GetCommandLineW
0x5240ec HeapSetInformation
0x5240f0 GetStartupInfoW
0x5240f4 TerminateProcess
0x5240f8 GetCurrentProcess
0x5240fc UnhandledExceptionFilter
0x524100 SetUnhandledExceptionFilter
0x524104 IsDebuggerPresent
0x524108 GetModuleHandleW
0x52410c ExitProcess
0x524110 DecodePointer
0x524114 WriteFile
0x524118 GetStdHandle
0x52411c GetModuleFileNameW
0x524120 EncodePointer
0x524124 InitializeCriticalSectionAndSpinCount
0x524128 LeaveCriticalSection
0x52412c EnterCriticalSection
0x524130 RtlUnwind
0x524134 FreeEnvironmentStringsW
0x524138 SetHandleCount
0x52413c GetFileType
0x524140 TlsAlloc
0x524144 TlsSetValue
0x524148 TlsFree
0x52414c InterlockedIncrement
0x524150 InterlockedDecrement
0x524154 QueryPerformanceCounter
0x524158 GetSystemTimeAsFileTime
USER32.dll
0x524160 IsMenu
0x524164 IsZoomed
0x524168 GetLastActivePopup
0x52416c GetParent
0x524170 EnumClipboardFormats
0x524174 AnyPopup
0x524178 wsprintfW
0x52417c GetDoubleClickTime
0x524180 GetDesktopWindow
0x524184 LoadBitmapW
0x524188 IsWindow
0x52418c IsWow64Message
0x524190 GetSystemMetrics
0x524194 IsWindowVisible
0x524198 GetDlgCtrlID
0x52419c GetDialogBaseUnits
0x5241a0 GetMessagePos
0x5241a4 GetShellWindow
0x5241a8 GetTopWindow
EAT(Export Address Table) is none
KERNEL32.dll
0x524000 GetSystemDefaultLangID
0x524004 GetFileSize
0x524008 GlobalDeleteAtom
0x52400c TlsGetValue
0x524010 GetSystemDefaultUILanguage
0x524014 GetDefaultCommConfigW
0x524018 HeapAlloc
0x52401c HeapFree
0x524020 GetEnvironmentStringsW
0x524024 SleepEx
0x524028 GetTickCount
0x52402c GetCurrentThread
0x524030 GetProcessHeap
0x524034 IsBadReadPtr
0x524038 GetUserDefaultLangID
0x52403c GetCurrencyFormatW
0x524040 GetConsoleCP
0x524044 LoadLibraryW
0x524048 Sleep
0x52404c HeapCreate
0x524050 GetFileAttributesW
0x524054 ReadFile
0x524058 CreateFileW
0x52405c GetACP
0x524060 lstrlenW
0x524064 RaiseException
0x524068 GetLastError
0x52406c SetLastError
0x524070 GetProcAddress
0x524074 IsValidCodePage
0x524078 GetLargePageMinimum
0x52407c FoldStringW
0x524080 SetConsoleTitleW
0x524084 GetModuleHandleA
0x524088 GetThreadId
0x52408c GetConsoleTitleW
0x524090 GetCurrentThreadId
0x524094 CloseHandle
0x524098 GetCurrentProcessId
0x52409c GlobalAddAtomW
0x5240a0 GetThreadUILanguage
0x5240a4 WriteConsoleW
0x5240a8 GetStringTypeW
0x5240ac LCMapStringW
0x5240b0 IsProcessorFeaturePresent
0x5240b4 MultiByteToWideChar
0x5240b8 SetEndOfFile
0x5240bc SetFilePointer
0x5240c0 FlushFileBuffers
0x5240c4 GetConsoleMode
0x5240c8 SetStdHandle
0x5240cc HeapReAlloc
0x5240d0 HeapSize
0x5240d4 WideCharToMultiByte
0x5240d8 GetOEMCP
0x5240dc GetCPInfo
0x5240e0 CreateFileA
0x5240e4 DeleteCriticalSection
0x5240e8 GetCommandLineW
0x5240ec HeapSetInformation
0x5240f0 GetStartupInfoW
0x5240f4 TerminateProcess
0x5240f8 GetCurrentProcess
0x5240fc UnhandledExceptionFilter
0x524100 SetUnhandledExceptionFilter
0x524104 IsDebuggerPresent
0x524108 GetModuleHandleW
0x52410c ExitProcess
0x524110 DecodePointer
0x524114 WriteFile
0x524118 GetStdHandle
0x52411c GetModuleFileNameW
0x524120 EncodePointer
0x524124 InitializeCriticalSectionAndSpinCount
0x524128 LeaveCriticalSection
0x52412c EnterCriticalSection
0x524130 RtlUnwind
0x524134 FreeEnvironmentStringsW
0x524138 SetHandleCount
0x52413c GetFileType
0x524140 TlsAlloc
0x524144 TlsSetValue
0x524148 TlsFree
0x52414c InterlockedIncrement
0x524150 InterlockedDecrement
0x524154 QueryPerformanceCounter
0x524158 GetSystemTimeAsFileTime
USER32.dll
0x524160 IsMenu
0x524164 IsZoomed
0x524168 GetLastActivePopup
0x52416c GetParent
0x524170 EnumClipboardFormats
0x524174 AnyPopup
0x524178 wsprintfW
0x52417c GetDoubleClickTime
0x524180 GetDesktopWindow
0x524184 LoadBitmapW
0x524188 IsWindow
0x52418c IsWow64Message
0x524190 GetSystemMetrics
0x524194 IsWindowVisible
0x524198 GetDlgCtrlID
0x52419c GetDialogBaseUnits
0x5241a0 GetMessagePos
0x5241a4 GetShellWindow
0x5241a8 GetTopWindow
EAT(Export Address Table) is none