ScreenShot
| Created | 2023.03.13 09:42 | Machine | s1_win7_x6401 |
| Filename | New1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 21 detected (malicious, high confidence, Jaik, unsafe, Save, ZexaF, IvX@a0mDL3oi, Attribute, HighConfidence, GenKryptik, GHIS, score, Strab, moderate, Detected, ai score=83, Limpopo, MachineLearning, Anomalous, Cerber) | ||
| md5 | 1cc0a962c3a1ff3a4adbdcaa49809867 | ||
| sha256 | 28bb20329cf6024057a4834e899520a55dcc7bb6b22ad783069ab2d1e2124e82 | ||
| ssdeep | 49152:e0lrax49sKfUSM27mNWx9J7ZfCzOrUhzW:HdXv76GJZfSA | ||
| imphash | 533c5409968cfac36437ac5835c4d83f | ||
| impfuzzy | 48:arZ1Y5+flkt0wqcoHvcUZ7BtayzVh0rzH/G9:arZ1Y5+fSt0wqcYvcU7BLiu | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x57b000 GetSystemDefaultLangID
0x57b004 lstrcmpA
0x57b008 lstrlenA
0x57b00c GetSystemDefaultUILanguage
0x57b010 LeaveCriticalSection
0x57b014 GetACP
0x57b018 lstrlenW
0x57b01c SetLastError
0x57b020 GetProcAddress
0x57b024 IsValidCodePage
0x57b028 GetPrivateProfileStringA
0x57b02c GetModuleHandleA
0x57b030 CreateFileA
0x57b034 GetLocaleInfoW
0x57b038 SetStdHandle
0x57b03c WriteConsoleW
0x57b040 GetConsoleOutputCP
0x57b044 WriteConsoleA
0x57b048 LoadLibraryA
0x57b04c InterlockedIncrement
0x57b050 InterlockedDecrement
0x57b054 Sleep
0x57b058 InitializeCriticalSection
0x57b05c DeleteCriticalSection
0x57b060 EnterCriticalSection
0x57b064 HeapAlloc
0x57b068 GetCommandLineA
0x57b06c GetStartupInfoA
0x57b070 TerminateProcess
0x57b074 GetCurrentProcess
0x57b078 UnhandledExceptionFilter
0x57b07c SetUnhandledExceptionFilter
0x57b080 IsDebuggerPresent
0x57b084 RaiseException
0x57b088 GetLastError
0x57b08c HeapFree
0x57b090 RtlUnwind
0x57b094 LCMapStringA
0x57b098 WideCharToMultiByte
0x57b09c MultiByteToWideChar
0x57b0a0 LCMapStringW
0x57b0a4 GetCPInfo
0x57b0a8 VirtualFree
0x57b0ac VirtualAlloc
0x57b0b0 HeapReAlloc
0x57b0b4 HeapCreate
0x57b0b8 GetModuleHandleW
0x57b0bc ExitProcess
0x57b0c0 WriteFile
0x57b0c4 GetStdHandle
0x57b0c8 GetModuleFileNameA
0x57b0cc FreeEnvironmentStringsA
0x57b0d0 GetEnvironmentStrings
0x57b0d4 FreeEnvironmentStringsW
0x57b0d8 GetEnvironmentStringsW
0x57b0dc SetHandleCount
0x57b0e0 GetFileType
0x57b0e4 TlsGetValue
0x57b0e8 TlsAlloc
0x57b0ec TlsSetValue
0x57b0f0 TlsFree
0x57b0f4 GetCurrentThreadId
0x57b0f8 QueryPerformanceCounter
0x57b0fc GetTickCount
0x57b100 GetCurrentProcessId
0x57b104 GetSystemTimeAsFileTime
0x57b108 GetConsoleCP
0x57b10c GetConsoleMode
0x57b110 FlushFileBuffers
0x57b114 ReadFile
0x57b118 SetFilePointer
0x57b11c CloseHandle
0x57b120 HeapSize
0x57b124 GetOEMCP
0x57b128 GetLocaleInfoA
0x57b12c GetStringTypeA
0x57b130 GetStringTypeW
0x57b134 GetUserDefaultLCID
0x57b138 EnumSystemLocalesA
0x57b13c IsValidLocale
0x57b140 InitializeCriticalSectionAndSpinCount
USER32.dll
0x57b148 GetMessageExtraInfo
0x57b14c GetTopWindow
0x57b150 IsZoomed
0x57b154 GetParent
0x57b158 GetForegroundWindow
0x57b15c GetDesktopWindow
0x57b160 IsWindow
0x57b164 IsWow64Message
0x57b168 GetDlgCtrlID
0x57b16c GetShellWindow
EAT(Export Address Table) is none
KERNEL32.dll
0x57b000 GetSystemDefaultLangID
0x57b004 lstrcmpA
0x57b008 lstrlenA
0x57b00c GetSystemDefaultUILanguage
0x57b010 LeaveCriticalSection
0x57b014 GetACP
0x57b018 lstrlenW
0x57b01c SetLastError
0x57b020 GetProcAddress
0x57b024 IsValidCodePage
0x57b028 GetPrivateProfileStringA
0x57b02c GetModuleHandleA
0x57b030 CreateFileA
0x57b034 GetLocaleInfoW
0x57b038 SetStdHandle
0x57b03c WriteConsoleW
0x57b040 GetConsoleOutputCP
0x57b044 WriteConsoleA
0x57b048 LoadLibraryA
0x57b04c InterlockedIncrement
0x57b050 InterlockedDecrement
0x57b054 Sleep
0x57b058 InitializeCriticalSection
0x57b05c DeleteCriticalSection
0x57b060 EnterCriticalSection
0x57b064 HeapAlloc
0x57b068 GetCommandLineA
0x57b06c GetStartupInfoA
0x57b070 TerminateProcess
0x57b074 GetCurrentProcess
0x57b078 UnhandledExceptionFilter
0x57b07c SetUnhandledExceptionFilter
0x57b080 IsDebuggerPresent
0x57b084 RaiseException
0x57b088 GetLastError
0x57b08c HeapFree
0x57b090 RtlUnwind
0x57b094 LCMapStringA
0x57b098 WideCharToMultiByte
0x57b09c MultiByteToWideChar
0x57b0a0 LCMapStringW
0x57b0a4 GetCPInfo
0x57b0a8 VirtualFree
0x57b0ac VirtualAlloc
0x57b0b0 HeapReAlloc
0x57b0b4 HeapCreate
0x57b0b8 GetModuleHandleW
0x57b0bc ExitProcess
0x57b0c0 WriteFile
0x57b0c4 GetStdHandle
0x57b0c8 GetModuleFileNameA
0x57b0cc FreeEnvironmentStringsA
0x57b0d0 GetEnvironmentStrings
0x57b0d4 FreeEnvironmentStringsW
0x57b0d8 GetEnvironmentStringsW
0x57b0dc SetHandleCount
0x57b0e0 GetFileType
0x57b0e4 TlsGetValue
0x57b0e8 TlsAlloc
0x57b0ec TlsSetValue
0x57b0f0 TlsFree
0x57b0f4 GetCurrentThreadId
0x57b0f8 QueryPerformanceCounter
0x57b0fc GetTickCount
0x57b100 GetCurrentProcessId
0x57b104 GetSystemTimeAsFileTime
0x57b108 GetConsoleCP
0x57b10c GetConsoleMode
0x57b110 FlushFileBuffers
0x57b114 ReadFile
0x57b118 SetFilePointer
0x57b11c CloseHandle
0x57b120 HeapSize
0x57b124 GetOEMCP
0x57b128 GetLocaleInfoA
0x57b12c GetStringTypeA
0x57b130 GetStringTypeW
0x57b134 GetUserDefaultLCID
0x57b138 EnumSystemLocalesA
0x57b13c IsValidLocale
0x57b140 InitializeCriticalSectionAndSpinCount
USER32.dll
0x57b148 GetMessageExtraInfo
0x57b14c GetTopWindow
0x57b150 IsZoomed
0x57b154 GetParent
0x57b158 GetForegroundWindow
0x57b15c GetDesktopWindow
0x57b160 IsWindow
0x57b164 IsWow64Message
0x57b168 GetDlgCtrlID
0x57b16c GetShellWindow
EAT(Export Address Table) is none