ScreenShot
| Created | 2023.03.08 17:30 | Machine | s1_win7_x6401 |
| Filename | ChatGPT.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 11 detected (malicious, high confidence, Attribute, HighConfidence, score, Convagent, Detected, R550090) | ||
| md5 | cd12cb026f70700b6d7d3122360c52e8 | ||
| sha256 | 70805738871f24f390c7b1e62e6b48bc4850399992d8b62bba3160550a0a3655 | ||
| ssdeep | 49152:T5wh59b5nEKS6JKokJL06d4vD9GJjq/5qS3mynxdD4/7AQxDy:TUnuxBzd1IgYmoIfD | ||
| imphash | 07d6165a937a57fe512cd3fff119e68c | ||
| impfuzzy | 192:ol9HSvWrIFs4Za7aqW4F+2gHbW3a4RcroB:M980IFs4Zar+r7z4QoB | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 11 AntiVirus engines on VirusTotal as malicious |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x140250778 SysFreeString
0x140250780 SafeArrayUnaccessData
0x140250788 SysAllocStringLen
0x140250790 SafeArrayGetUBound
0x140250798 SafeArrayGetLBound
0x1402507a0 VariantClear
0x1402507a8 SafeArrayAccessData
0x1402507b0 SafeArrayDestroy
kernel32.dll
0x1402502e0 GetStdHandle
0x1402502e8 GetConsoleMode
0x1402502f0 WriteConsoleW
0x1402502f8 WaitForSingleObjectEx
0x140250300 LoadLibraryA
0x140250308 CreateMutexA
0x140250310 GetCurrentProcess
0x140250318 ReleaseMutex
0x140250320 GetEnvironmentVariableW
0x140250328 RtlLookupFunctionEntry
0x140250330 GetModuleHandleW
0x140250338 FormatMessageW
0x140250340 GetTempPathW
0x140250348 GetModuleFileNameW
0x140250350 CreateFileW
0x140250358 SetFilePointerEx
0x140250360 GetFileInformationByHandleEx
0x140250368 GetFullPathNameW
0x140250370 SetThreadStackGuarantee
0x140250378 CreateDirectoryW
0x140250380 FindFirstFileW
0x140250388 FindClose
0x140250390 AddVectoredExceptionHandler
0x140250398 GetTimeZoneInformation
0x1402503a0 SystemTimeToFileTime
0x1402503a8 SystemTimeToTzSpecificLocalTime
0x1402503b0 GetEnvironmentStringsW
0x1402503b8 FreeEnvironmentStringsW
0x1402503c0 CompareStringOrdinal
0x1402503c8 GetSystemDirectoryW
0x1402503d0 GetWindowsDirectoryW
0x1402503d8 CreateProcessW
0x1402503e0 GetFileAttributesW
0x1402503e8 DuplicateHandle
0x1402503f0 GetCurrentProcessId
0x1402503f8 CreateNamedPipeW
0x140250400 CreateThread
0x140250408 WriteFileEx
0x140250410 ReleaseSRWLockShared
0x140250418 AcquireSRWLockShared
0x140250420 CreateEventW
0x140250428 CancelIo
0x140250430 ReadFile
0x140250438 ExitProcess
0x140250440 QueryPerformanceCounter
0x140250448 QueryPerformanceFrequency
0x140250450 RtlCaptureContext
0x140250458 CopyFileExW
0x140250460 SleepConditionVariableSRW
0x140250468 CreateIoCompletionPort
0x140250470 PostQueuedCompletionStatus
0x140250478 GetCurrentThread
0x140250480 GetSystemTimeAsFileTime
0x140250488 GetProcAddress
0x140250490 GetModuleHandleA
0x140250498 HeapAlloc
0x1402504a0 GetProcessHeap
0x1402504a8 ReleaseSRWLockExclusive
0x1402504b0 SetHandleInformation
0x1402504b8 GetQueuedCompletionStatusEx
0x1402504c0 SwitchToThread
0x1402504c8 UnhandledExceptionFilter
0x1402504d0 RtlVirtualUnwind
0x1402504d8 FlushFileBuffers
0x1402504e0 GetTickCount
0x1402504e8 MapViewOfFile
0x1402504f0 CreateFileMappingW
0x1402504f8 FormatMessageA
0x140250500 GetSystemTime
0x140250508 WideCharToMultiByte
0x140250510 FreeLibrary
0x140250518 GetFileSize
0x140250520 LockFileEx
0x140250528 LocalFree
0x140250530 UnlockFile
0x140250538 HeapDestroy
0x140250540 HeapCompact
0x140250548 LoadLibraryW
0x140250550 DeleteFileW
0x140250558 DeleteFileA
0x140250560 CreateFileA
0x140250568 FlushViewOfFile
0x140250570 OutputDebugStringW
0x140250578 GetFileAttributesExW
0x140250580 GetFileAttributesA
0x140250588 GetDiskFreeSpaceA
0x140250590 GetTempPathA
0x140250598 Sleep
0x1402505a0 MultiByteToWideChar
0x1402505a8 HeapSize
0x1402505b0 HeapValidate
0x1402505b8 UnmapViewOfFile
0x1402505c0 CreateMutexW
0x1402505c8 UnlockFileEx
0x1402505d0 SetEndOfFile
0x1402505d8 GetFullPathNameA
0x1402505e0 SetFilePointer
0x1402505e8 LockFile
0x1402505f0 OutputDebugStringA
0x1402505f8 GetDiskFreeSpaceW
0x140250600 WriteFile
0x140250608 HeapCreate
0x140250610 AreFileApisANSI
0x140250618 InitializeCriticalSection
0x140250620 EnterCriticalSection
0x140250628 LeaveCriticalSection
0x140250630 TryEnterCriticalSection
0x140250638 DeleteCriticalSection
0x140250640 GetCurrentThreadId
0x140250648 TryAcquireSRWLockExclusive
0x140250650 GetFinalPathNameByHandleW
0x140250658 SetLastError
0x140250660 GetFileInformationByHandle
0x140250668 SetUnhandledExceptionFilter
0x140250670 GetExitCodeProcess
0x140250678 FileTimeToSystemTime
0x140250680 SetFileCompletionNotificationModes
0x140250688 WaitForSingleObject
0x140250690 TerminateProcess
0x140250698 IsProcessorFeaturePresent
0x1402506a0 GetOverlappedResult
0x1402506a8 WaitForMultipleObjects
0x1402506b0 ReadFileEx
0x1402506b8 SleepEx
0x1402506c0 WakeAllConditionVariable
0x1402506c8 HeapReAlloc
0x1402506d0 GetSystemInfo
0x1402506d8 GetLastError
0x1402506e0 WakeConditionVariable
0x1402506e8 AcquireSRWLockExclusive
0x1402506f0 CloseHandle
0x1402506f8 HeapFree
0x140250700 InitializeSListHead
0x140250708 IsDebuggerPresent
0x140250710 FindNextFileW
0x140250718 GetCurrentDirectoryW
crypt32.dll
0x140250218 CertDuplicateStore
0x140250220 CertGetCertificateChain
0x140250228 CertCloseStore
0x140250230 CryptUnprotectData
0x140250238 CertVerifyCertificateChainPolicy
0x140250240 CertFreeCertificateContext
0x140250248 CertDuplicateCertificateContext
0x140250250 CertFreeCertificateChain
0x140250258 CertEnumCertificatesInStore
0x140250260 CertOpenStore
0x140250268 CertAddCertificateContextToStore
0x140250270 CertDuplicateCertificateChain
ole32.dll
0x140250750 CoInitializeSecurity
0x140250758 CoCreateInstance
0x140250760 CoSetProxyBlanket
0x140250768 CoInitializeEx
advapi32.dll
0x140250050 RegCloseKey
0x140250058 RegOpenKeyExW
0x140250060 RegQueryValueExW
0x140250068 FreeSid
0x140250070 CheckTokenMembership
0x140250078 AllocateAndInitializeSid
user32.dll
0x140250818 EnumDisplaySettingsExW
0x140250820 GetMonitorInfoW
0x140250828 EnumDisplayMonitors
gdi32.dll
0x140250280 CreateDCW
0x140250288 SetStretchBltMode
0x140250290 GetDeviceCaps
0x140250298 DeleteDC
0x1402502a0 CreateCompatibleDC
0x1402502a8 CreateCompatibleBitmap
0x1402502b0 SelectObject
0x1402502b8 StretchBlt
0x1402502c0 GetDIBits
0x1402502c8 GetObjectW
0x1402502d0 DeleteObject
crypt.dll
0x1402501f8 BCryptCloseAlgorithmProvider
0x140250200 BCryptGenRandom
0x140250208 BCryptOpenAlgorithmProvider
ws2_32.dll
0x140250838 WSASend
0x140250840 WSACleanup
0x140250848 closesocket
0x140250850 ind
0x140250858 setsockopt
0x140250860 connect
0x140250868 WSAIoctl
0x140250870 recv
0x140250878 send
0x140250880 shutdown
0x140250888 getsockname
0x140250890 WSAGetLastError
0x140250898 getpeername
0x1402508a0 ioctlsocket
0x1402508a8 getaddrinfo
0x1402508b0 freeaddrinfo
0x1402508b8 WSASocketW
0x1402508c0 WSAStartup
0x1402508c8 getsockopt
ntdll.dll
0x140250728 RtlNtStatusToDosError
0x140250730 NtCreateFile
0x140250738 NtDeviceIoControlFile
0x140250740 NtCancelIoFileEx
secur32.dll
0x1402507c0 EncryptMessage
0x1402507c8 FreeContextBuffer
0x1402507d0 DeleteSecurityContext
0x1402507d8 FreeCredentialsHandle
0x1402507e0 DecryptMessage
0x1402507e8 AcquireCredentialsHandleA
0x1402507f0 AcceptSecurityContext
0x1402507f8 InitializeSecurityContextW
0x140250800 QueryContextAttributesW
0x140250808 ApplyControlToken
VCRUNTIME140.dll
0x140250000 __C_specific_handler
0x140250008 memcmp
0x140250010 memset
0x140250018 __CxxFrameHandler3
0x140250020 __current_exception_context
0x140250028 __current_exception
0x140250030 memcpy
0x140250038 strrchr
0x140250040 memmove
api-ms-win-crt-string-l1-1-0.dll
0x1402501a8 strcmp
0x1402501b0 strlen
0x1402501b8 strncmp
0x1402501c0 strcspn
api-ms-win-crt-utility-l1-1-0.dll
0x1402501e0 _rotl64
0x1402501e8 qsort
api-ms-win-crt-heap-l1-1-0.dll
0x140250088 malloc
0x140250090 free
0x140250098 realloc
0x1402500a0 _set_new_mode
0x1402500a8 _msize
api-ms-win-crt-time-l1-1-0.dll
0x1402501d0 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
0x1402500c8 _dclass
0x1402500d0 log
0x1402500d8 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x1402500e8 _endthreadex
0x1402500f0 _seh_filter_exe
0x1402500f8 _beginthreadex
0x140250100 _register_onexit_function
0x140250108 _configure_narrow_argv
0x140250110 _initialize_narrow_environment
0x140250118 _get_initial_narrow_environment
0x140250120 _initterm
0x140250128 _initterm_e
0x140250130 _crt_atexit
0x140250138 exit
0x140250140 _exit
0x140250148 _register_thread_local_exe_atexit_callback
0x140250150 __p___argc
0x140250158 terminate
0x140250160 _c_exit
0x140250168 _initialize_onexit_table
0x140250170 _set_app_type
0x140250178 __p___argv
0x140250180 _cexit
api-ms-win-crt-stdio-l1-1-0.dll
0x140250190 _set_fmode
0x140250198 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1402500b8 _configthreadlocale
EAT(Export Address Table) is none
oleaut32.dll
0x140250778 SysFreeString
0x140250780 SafeArrayUnaccessData
0x140250788 SysAllocStringLen
0x140250790 SafeArrayGetUBound
0x140250798 SafeArrayGetLBound
0x1402507a0 VariantClear
0x1402507a8 SafeArrayAccessData
0x1402507b0 SafeArrayDestroy
kernel32.dll
0x1402502e0 GetStdHandle
0x1402502e8 GetConsoleMode
0x1402502f0 WriteConsoleW
0x1402502f8 WaitForSingleObjectEx
0x140250300 LoadLibraryA
0x140250308 CreateMutexA
0x140250310 GetCurrentProcess
0x140250318 ReleaseMutex
0x140250320 GetEnvironmentVariableW
0x140250328 RtlLookupFunctionEntry
0x140250330 GetModuleHandleW
0x140250338 FormatMessageW
0x140250340 GetTempPathW
0x140250348 GetModuleFileNameW
0x140250350 CreateFileW
0x140250358 SetFilePointerEx
0x140250360 GetFileInformationByHandleEx
0x140250368 GetFullPathNameW
0x140250370 SetThreadStackGuarantee
0x140250378 CreateDirectoryW
0x140250380 FindFirstFileW
0x140250388 FindClose
0x140250390 AddVectoredExceptionHandler
0x140250398 GetTimeZoneInformation
0x1402503a0 SystemTimeToFileTime
0x1402503a8 SystemTimeToTzSpecificLocalTime
0x1402503b0 GetEnvironmentStringsW
0x1402503b8 FreeEnvironmentStringsW
0x1402503c0 CompareStringOrdinal
0x1402503c8 GetSystemDirectoryW
0x1402503d0 GetWindowsDirectoryW
0x1402503d8 CreateProcessW
0x1402503e0 GetFileAttributesW
0x1402503e8 DuplicateHandle
0x1402503f0 GetCurrentProcessId
0x1402503f8 CreateNamedPipeW
0x140250400 CreateThread
0x140250408 WriteFileEx
0x140250410 ReleaseSRWLockShared
0x140250418 AcquireSRWLockShared
0x140250420 CreateEventW
0x140250428 CancelIo
0x140250430 ReadFile
0x140250438 ExitProcess
0x140250440 QueryPerformanceCounter
0x140250448 QueryPerformanceFrequency
0x140250450 RtlCaptureContext
0x140250458 CopyFileExW
0x140250460 SleepConditionVariableSRW
0x140250468 CreateIoCompletionPort
0x140250470 PostQueuedCompletionStatus
0x140250478 GetCurrentThread
0x140250480 GetSystemTimeAsFileTime
0x140250488 GetProcAddress
0x140250490 GetModuleHandleA
0x140250498 HeapAlloc
0x1402504a0 GetProcessHeap
0x1402504a8 ReleaseSRWLockExclusive
0x1402504b0 SetHandleInformation
0x1402504b8 GetQueuedCompletionStatusEx
0x1402504c0 SwitchToThread
0x1402504c8 UnhandledExceptionFilter
0x1402504d0 RtlVirtualUnwind
0x1402504d8 FlushFileBuffers
0x1402504e0 GetTickCount
0x1402504e8 MapViewOfFile
0x1402504f0 CreateFileMappingW
0x1402504f8 FormatMessageA
0x140250500 GetSystemTime
0x140250508 WideCharToMultiByte
0x140250510 FreeLibrary
0x140250518 GetFileSize
0x140250520 LockFileEx
0x140250528 LocalFree
0x140250530 UnlockFile
0x140250538 HeapDestroy
0x140250540 HeapCompact
0x140250548 LoadLibraryW
0x140250550 DeleteFileW
0x140250558 DeleteFileA
0x140250560 CreateFileA
0x140250568 FlushViewOfFile
0x140250570 OutputDebugStringW
0x140250578 GetFileAttributesExW
0x140250580 GetFileAttributesA
0x140250588 GetDiskFreeSpaceA
0x140250590 GetTempPathA
0x140250598 Sleep
0x1402505a0 MultiByteToWideChar
0x1402505a8 HeapSize
0x1402505b0 HeapValidate
0x1402505b8 UnmapViewOfFile
0x1402505c0 CreateMutexW
0x1402505c8 UnlockFileEx
0x1402505d0 SetEndOfFile
0x1402505d8 GetFullPathNameA
0x1402505e0 SetFilePointer
0x1402505e8 LockFile
0x1402505f0 OutputDebugStringA
0x1402505f8 GetDiskFreeSpaceW
0x140250600 WriteFile
0x140250608 HeapCreate
0x140250610 AreFileApisANSI
0x140250618 InitializeCriticalSection
0x140250620 EnterCriticalSection
0x140250628 LeaveCriticalSection
0x140250630 TryEnterCriticalSection
0x140250638 DeleteCriticalSection
0x140250640 GetCurrentThreadId
0x140250648 TryAcquireSRWLockExclusive
0x140250650 GetFinalPathNameByHandleW
0x140250658 SetLastError
0x140250660 GetFileInformationByHandle
0x140250668 SetUnhandledExceptionFilter
0x140250670 GetExitCodeProcess
0x140250678 FileTimeToSystemTime
0x140250680 SetFileCompletionNotificationModes
0x140250688 WaitForSingleObject
0x140250690 TerminateProcess
0x140250698 IsProcessorFeaturePresent
0x1402506a0 GetOverlappedResult
0x1402506a8 WaitForMultipleObjects
0x1402506b0 ReadFileEx
0x1402506b8 SleepEx
0x1402506c0 WakeAllConditionVariable
0x1402506c8 HeapReAlloc
0x1402506d0 GetSystemInfo
0x1402506d8 GetLastError
0x1402506e0 WakeConditionVariable
0x1402506e8 AcquireSRWLockExclusive
0x1402506f0 CloseHandle
0x1402506f8 HeapFree
0x140250700 InitializeSListHead
0x140250708 IsDebuggerPresent
0x140250710 FindNextFileW
0x140250718 GetCurrentDirectoryW
crypt32.dll
0x140250218 CertDuplicateStore
0x140250220 CertGetCertificateChain
0x140250228 CertCloseStore
0x140250230 CryptUnprotectData
0x140250238 CertVerifyCertificateChainPolicy
0x140250240 CertFreeCertificateContext
0x140250248 CertDuplicateCertificateContext
0x140250250 CertFreeCertificateChain
0x140250258 CertEnumCertificatesInStore
0x140250260 CertOpenStore
0x140250268 CertAddCertificateContextToStore
0x140250270 CertDuplicateCertificateChain
ole32.dll
0x140250750 CoInitializeSecurity
0x140250758 CoCreateInstance
0x140250760 CoSetProxyBlanket
0x140250768 CoInitializeEx
advapi32.dll
0x140250050 RegCloseKey
0x140250058 RegOpenKeyExW
0x140250060 RegQueryValueExW
0x140250068 FreeSid
0x140250070 CheckTokenMembership
0x140250078 AllocateAndInitializeSid
user32.dll
0x140250818 EnumDisplaySettingsExW
0x140250820 GetMonitorInfoW
0x140250828 EnumDisplayMonitors
gdi32.dll
0x140250280 CreateDCW
0x140250288 SetStretchBltMode
0x140250290 GetDeviceCaps
0x140250298 DeleteDC
0x1402502a0 CreateCompatibleDC
0x1402502a8 CreateCompatibleBitmap
0x1402502b0 SelectObject
0x1402502b8 StretchBlt
0x1402502c0 GetDIBits
0x1402502c8 GetObjectW
0x1402502d0 DeleteObject
crypt.dll
0x1402501f8 BCryptCloseAlgorithmProvider
0x140250200 BCryptGenRandom
0x140250208 BCryptOpenAlgorithmProvider
ws2_32.dll
0x140250838 WSASend
0x140250840 WSACleanup
0x140250848 closesocket
0x140250850 ind
0x140250858 setsockopt
0x140250860 connect
0x140250868 WSAIoctl
0x140250870 recv
0x140250878 send
0x140250880 shutdown
0x140250888 getsockname
0x140250890 WSAGetLastError
0x140250898 getpeername
0x1402508a0 ioctlsocket
0x1402508a8 getaddrinfo
0x1402508b0 freeaddrinfo
0x1402508b8 WSASocketW
0x1402508c0 WSAStartup
0x1402508c8 getsockopt
ntdll.dll
0x140250728 RtlNtStatusToDosError
0x140250730 NtCreateFile
0x140250738 NtDeviceIoControlFile
0x140250740 NtCancelIoFileEx
secur32.dll
0x1402507c0 EncryptMessage
0x1402507c8 FreeContextBuffer
0x1402507d0 DeleteSecurityContext
0x1402507d8 FreeCredentialsHandle
0x1402507e0 DecryptMessage
0x1402507e8 AcquireCredentialsHandleA
0x1402507f0 AcceptSecurityContext
0x1402507f8 InitializeSecurityContextW
0x140250800 QueryContextAttributesW
0x140250808 ApplyControlToken
VCRUNTIME140.dll
0x140250000 __C_specific_handler
0x140250008 memcmp
0x140250010 memset
0x140250018 __CxxFrameHandler3
0x140250020 __current_exception_context
0x140250028 __current_exception
0x140250030 memcpy
0x140250038 strrchr
0x140250040 memmove
api-ms-win-crt-string-l1-1-0.dll
0x1402501a8 strcmp
0x1402501b0 strlen
0x1402501b8 strncmp
0x1402501c0 strcspn
api-ms-win-crt-utility-l1-1-0.dll
0x1402501e0 _rotl64
0x1402501e8 qsort
api-ms-win-crt-heap-l1-1-0.dll
0x140250088 malloc
0x140250090 free
0x140250098 realloc
0x1402500a0 _set_new_mode
0x1402500a8 _msize
api-ms-win-crt-time-l1-1-0.dll
0x1402501d0 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
0x1402500c8 _dclass
0x1402500d0 log
0x1402500d8 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x1402500e8 _endthreadex
0x1402500f0 _seh_filter_exe
0x1402500f8 _beginthreadex
0x140250100 _register_onexit_function
0x140250108 _configure_narrow_argv
0x140250110 _initialize_narrow_environment
0x140250118 _get_initial_narrow_environment
0x140250120 _initterm
0x140250128 _initterm_e
0x140250130 _crt_atexit
0x140250138 exit
0x140250140 _exit
0x140250148 _register_thread_local_exe_atexit_callback
0x140250150 __p___argc
0x140250158 terminate
0x140250160 _c_exit
0x140250168 _initialize_onexit_table
0x140250170 _set_app_type
0x140250178 __p___argv
0x140250180 _cexit
api-ms-win-crt-stdio-l1-1-0.dll
0x140250190 _set_fmode
0x140250198 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1402500b8 _configthreadlocale
EAT(Export Address Table) is none