ScreenShot
| Created | 2023.02.07 17:30 | Machine | s1_win7_x6403 |
| Filename | video.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (Lazy, malicious, high confidence, GenericKD, Artemis, Unsafe, Vdy6, TrojanPSW, Attribute, HighConfidence, score, PWSX, Wimw, ikzlb, Steam, VIDAR, YXDBFZ, Static AI, Suspicious PE, Sabsik, kcloud, Casdet, ai score=81, TScope, Generic@AI, RDML, P19FzVuIUcvF9OdSDWLDgA, susgen, PossibleThreat, ZexaF, PwW@a8rjwzii, Chgt) | ||
| md5 | aa4963a84a64c472e1404a7c99d720d9 | ||
| sha256 | af942d89cfb53fee65fb90776f4ff5d35aef06e1ce7595b74d17500102201722 | ||
| ssdeep | 49152:JUiZg2XnNylXSFqb84OiZrq1DfP+rsNADtV6v+LV:JvZ5ylGqb84OiZrq1DfPHNADtV6v+ | ||
| imphash | ae59d36ed05eb53b902732c00e93d134 | ||
| impfuzzy | 48:lIM+iWw2Ftclc+pp/gEUQvRj1xAl3l/gn6GFZ/ppNNECK8tEQuvZjb:ly3FFtclc+pp/4A+R | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| watch | Detects Avast Antivirus through the presence of a library |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41f038 CreateFileA
0x41f03c CloseHandle
0x41f040 ExitProcess
0x41f044 WriteConsoleW
0x41f048 CreateFileW
0x41f04c SetFilePointerEx
0x41f050 GetConsoleMode
0x41f054 GetConsoleOutputCP
0x41f058 FlushFileBuffers
0x41f05c HeapReAlloc
0x41f060 HeapSize
0x41f064 LCMapStringW
0x41f068 CompareStringW
0x41f06c GetStringTypeW
0x41f070 GetFileType
0x41f074 SetStdHandle
0x41f078 SetEnvironmentVariableW
0x41f07c FreeEnvironmentStringsW
0x41f080 GetEnvironmentStringsW
0x41f084 WideCharToMultiByte
0x41f088 MultiByteToWideChar
0x41f08c WriteFile
0x41f090 GetProcessHeap
0x41f094 GetCurrentProcessId
0x41f098 GetLastError
0x41f09c GetCommandLineA
0x41f0a0 GetCurrentThreadId
0x41f0a4 GetCurrentProcess
0x41f0a8 GetCommandLineW
0x41f0ac GetCPInfo
0x41f0b0 GetOEMCP
0x41f0b4 GetACP
0x41f0b8 IsValidCodePage
0x41f0bc FindNextFileW
0x41f0c0 FindFirstFileExW
0x41f0c4 FindClose
0x41f0c8 DecodePointer
0x41f0cc HeapAlloc
0x41f0d0 HeapFree
0x41f0d4 GetModuleHandleExW
0x41f0d8 QueryPerformanceCounter
0x41f0dc GetSystemTimeAsFileTime
0x41f0e0 InitializeSListHead
0x41f0e4 IsDebuggerPresent
0x41f0e8 UnhandledExceptionFilter
0x41f0ec SetUnhandledExceptionFilter
0x41f0f0 GetStartupInfoW
0x41f0f4 IsProcessorFeaturePresent
0x41f0f8 GetModuleHandleW
0x41f0fc TerminateProcess
0x41f100 RtlUnwind
0x41f104 SetLastError
0x41f108 EnterCriticalSection
0x41f10c LeaveCriticalSection
0x41f110 DeleteCriticalSection
0x41f114 InitializeCriticalSectionAndSpinCount
0x41f118 TlsAlloc
0x41f11c TlsGetValue
0x41f120 TlsSetValue
0x41f124 TlsFree
0x41f128 FreeLibrary
0x41f12c GetProcAddress
0x41f130 LoadLibraryExW
0x41f134 RaiseException
0x41f138 GetStdHandle
0x41f13c GetModuleFileNameW
USER32.dll
0x41f14c EnableWindow
0x41f150 CharUpperA
0x41f154 InvalidateRect
0x41f158 FindWindowA
0x41f15c GetDlgItem
0x41f160 ChildWindowFromPoint
0x41f164 CreateDialogParamA
0x41f168 RedrawWindow
0x41f16c SetClipboardData
0x41f170 GetMessageA
0x41f174 SetWindowPos
0x41f178 MessageBoxW
0x41f17c PostMessageA
0x41f180 GetSystemMetrics
0x41f184 DestroyCursor
0x41f188 OpenClipboard
0x41f18c TranslateAcceleratorA
0x41f190 SendDlgItemMessageA
0x41f194 IsDialogMessageA
0x41f198 GetWindowTextA
0x41f19c LoadAcceleratorsA
0x41f1a0 GetWindowLongA
0x41f1a4 wvsprintfA
0x41f1a8 MessageBoxA
0x41f1ac SetFocus
0x41f1b0 RemoveMenu
GDI32.dll
0x41f01c GdiComment
0x41f020 DeleteObject
0x41f024 GdiAlphaBlend
0x41f028 GdiFlush
0x41f02c GetStockObject
0x41f030 GdiTransparentBlt
COMDLG32.dll
0x41f014 GetSaveFileNameA
ADVAPI32.dll
0x41f000 RegOpenKeyExW
0x41f004 RegCloseKey
0x41f008 RegQueryInfoKeyW
0x41f00c GetUserNameW
SHELL32.dll
0x41f144 ShellExecuteW
EAT(Export Address Table) is none
KERNEL32.dll
0x41f038 CreateFileA
0x41f03c CloseHandle
0x41f040 ExitProcess
0x41f044 WriteConsoleW
0x41f048 CreateFileW
0x41f04c SetFilePointerEx
0x41f050 GetConsoleMode
0x41f054 GetConsoleOutputCP
0x41f058 FlushFileBuffers
0x41f05c HeapReAlloc
0x41f060 HeapSize
0x41f064 LCMapStringW
0x41f068 CompareStringW
0x41f06c GetStringTypeW
0x41f070 GetFileType
0x41f074 SetStdHandle
0x41f078 SetEnvironmentVariableW
0x41f07c FreeEnvironmentStringsW
0x41f080 GetEnvironmentStringsW
0x41f084 WideCharToMultiByte
0x41f088 MultiByteToWideChar
0x41f08c WriteFile
0x41f090 GetProcessHeap
0x41f094 GetCurrentProcessId
0x41f098 GetLastError
0x41f09c GetCommandLineA
0x41f0a0 GetCurrentThreadId
0x41f0a4 GetCurrentProcess
0x41f0a8 GetCommandLineW
0x41f0ac GetCPInfo
0x41f0b0 GetOEMCP
0x41f0b4 GetACP
0x41f0b8 IsValidCodePage
0x41f0bc FindNextFileW
0x41f0c0 FindFirstFileExW
0x41f0c4 FindClose
0x41f0c8 DecodePointer
0x41f0cc HeapAlloc
0x41f0d0 HeapFree
0x41f0d4 GetModuleHandleExW
0x41f0d8 QueryPerformanceCounter
0x41f0dc GetSystemTimeAsFileTime
0x41f0e0 InitializeSListHead
0x41f0e4 IsDebuggerPresent
0x41f0e8 UnhandledExceptionFilter
0x41f0ec SetUnhandledExceptionFilter
0x41f0f0 GetStartupInfoW
0x41f0f4 IsProcessorFeaturePresent
0x41f0f8 GetModuleHandleW
0x41f0fc TerminateProcess
0x41f100 RtlUnwind
0x41f104 SetLastError
0x41f108 EnterCriticalSection
0x41f10c LeaveCriticalSection
0x41f110 DeleteCriticalSection
0x41f114 InitializeCriticalSectionAndSpinCount
0x41f118 TlsAlloc
0x41f11c TlsGetValue
0x41f120 TlsSetValue
0x41f124 TlsFree
0x41f128 FreeLibrary
0x41f12c GetProcAddress
0x41f130 LoadLibraryExW
0x41f134 RaiseException
0x41f138 GetStdHandle
0x41f13c GetModuleFileNameW
USER32.dll
0x41f14c EnableWindow
0x41f150 CharUpperA
0x41f154 InvalidateRect
0x41f158 FindWindowA
0x41f15c GetDlgItem
0x41f160 ChildWindowFromPoint
0x41f164 CreateDialogParamA
0x41f168 RedrawWindow
0x41f16c SetClipboardData
0x41f170 GetMessageA
0x41f174 SetWindowPos
0x41f178 MessageBoxW
0x41f17c PostMessageA
0x41f180 GetSystemMetrics
0x41f184 DestroyCursor
0x41f188 OpenClipboard
0x41f18c TranslateAcceleratorA
0x41f190 SendDlgItemMessageA
0x41f194 IsDialogMessageA
0x41f198 GetWindowTextA
0x41f19c LoadAcceleratorsA
0x41f1a0 GetWindowLongA
0x41f1a4 wvsprintfA
0x41f1a8 MessageBoxA
0x41f1ac SetFocus
0x41f1b0 RemoveMenu
GDI32.dll
0x41f01c GdiComment
0x41f020 DeleteObject
0x41f024 GdiAlphaBlend
0x41f028 GdiFlush
0x41f02c GetStockObject
0x41f030 GdiTransparentBlt
COMDLG32.dll
0x41f014 GetSaveFileNameA
ADVAPI32.dll
0x41f000 RegOpenKeyExW
0x41f004 RegCloseKey
0x41f008 RegQueryInfoKeyW
0x41f00c GetUserNameW
SHELL32.dll
0x41f144 ShellExecuteW
EAT(Export Address Table) is none