Report - Slava.exe

NPKI Generic Malware UPX Malicious Library Malicious Packer OS Processor Check PE64 PE File
ScreenShot
Created 2023.03.20 10:02 Machine s1_win7_x6403
Filename Slava.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score Not founds Behavior Score
1.2
ZERO API file : malware
VT API (file) 39 detected (Goback, Siggen20, GenericKD, Save, TrojanPSW, malicious, confidence, Attribute, HighConfidence, high confidence, a variant of WinGo, score, QQPass, QQRob, Rcnw, AGEN, ai score=84, Vigorf, Detected, Artemis, R002H0ACG23, CLOUD)
md5 1fa21564b4463aa7a564a20fa00dafba
sha256 f9c21532868a2cd3cbeaa22f92c237cb73bff27d73fc49716d81c89eedb72be9
ssdeep 98304:Z8orC0paqIwP+g/pkrubbwibwHyEe/4/I3eFTF:CExaqvP+0pkruwKw/P/I
imphash 57c9b357ae0cb2f414b0a5873e2f216d
impfuzzy 96:nB0xlCFX7+C4S5O1eTucwOcX8gXj+JG46BRqt3R:nK3CN774S5lTmXxt46Bct3R
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 39 AntiVirus engines on VirusTotal as malicious
info One or more processes crashed

Rules (8cnts)

Level Name Description Collection
danger NPKI_Zero File included NPKI binaries (upload)
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x12314fc AddVectoredExceptionHandler
 0x1231504 AreFileApisANSI
 0x123150c CloseHandle
 0x1231514 CreateEventA
 0x123151c CreateFileA
 0x1231524 CreateFileMappingA
 0x123152c CreateFileMappingW
 0x1231534 CreateFileW
 0x123153c CreateIoCompletionPort
 0x1231544 CreateMutexW
 0x123154c CreateThread
 0x1231554 CreateWaitableTimerA
 0x123155c CreateWaitableTimerExW
 0x1231564 DeleteCriticalSection
 0x123156c DeleteFileA
 0x1231574 DeleteFileW
 0x123157c DuplicateHandle
 0x1231584 EnterCriticalSection
 0x123158c ExitProcess
 0x1231594 FlushFileBuffers
 0x123159c FlushViewOfFile
 0x12315a4 FormatMessageA
 0x12315ac FormatMessageW
 0x12315b4 FreeEnvironmentStringsW
 0x12315bc FreeLibrary
 0x12315c4 GetConsoleMode
 0x12315cc GetCurrentProcess
 0x12315d4 GetCurrentProcessId
 0x12315dc GetCurrentThreadId
 0x12315e4 GetDiskFreeSpaceA
 0x12315ec GetDiskFreeSpaceW
 0x12315f4 GetEnvironmentStringsW
 0x12315fc GetFileAttributesA
 0x1231604 GetFileAttributesExW
 0x123160c GetFileAttributesW
 0x1231614 GetFileSize
 0x123161c GetFullPathNameA
 0x1231624 GetFullPathNameW
 0x123162c GetLastError
 0x1231634 GetProcAddress
 0x123163c GetProcessAffinityMask
 0x1231644 GetProcessHeap
 0x123164c GetQueuedCompletionStatusEx
 0x1231654 GetStartupInfoA
 0x123165c GetStdHandle
 0x1231664 GetSystemDirectoryA
 0x123166c GetSystemInfo
 0x1231674 GetSystemTime
 0x123167c GetSystemTimeAsFileTime
 0x1231684 GetTempPathA
 0x123168c GetTempPathW
 0x1231694 GetThreadContext
 0x123169c GetTickCount
 0x12316a4 GetVersionExA
 0x12316ac GetVersionExW
 0x12316b4 HeapAlloc
 0x12316bc HeapCompact
 0x12316c4 HeapCreate
 0x12316cc HeapDestroy
 0x12316d4 HeapFree
 0x12316dc HeapReAlloc
 0x12316e4 HeapSize
 0x12316ec HeapValidate
 0x12316f4 InitializeCriticalSection
 0x12316fc LeaveCriticalSection
 0x1231704 LoadLibraryA
 0x123170c LoadLibraryW
 0x1231714 LocalFree
 0x123171c LockFile
 0x1231724 LockFileEx
 0x123172c MapViewOfFile
 0x1231734 MultiByteToWideChar
 0x123173c OutputDebugStringA
 0x1231744 OutputDebugStringW
 0x123174c PostQueuedCompletionStatus
 0x1231754 QueryPerformanceCounter
 0x123175c ReadFile
 0x1231764 ResumeThread
 0x123176c RtlAddFunctionTable
 0x1231774 RtlCaptureContext
 0x123177c RtlLookupFunctionEntry
 0x1231784 RtlVirtualUnwind
 0x123178c SetConsoleCtrlHandler
 0x1231794 SetEndOfFile
 0x123179c SetErrorMode
 0x12317a4 SetEvent
 0x12317ac SetFilePointer
 0x12317b4 SetProcessPriorityBoost
 0x12317bc SetThreadContext
 0x12317c4 SetUnhandledExceptionFilter
 0x12317cc SetWaitableTimer
 0x12317d4 Sleep
 0x12317dc SuspendThread
 0x12317e4 SwitchToThread
 0x12317ec SystemTimeToFileTime
 0x12317f4 TerminateProcess
 0x12317fc TlsGetValue
 0x1231804 TryEnterCriticalSection
 0x123180c UnhandledExceptionFilter
 0x1231814 UnlockFile
 0x123181c UnlockFileEx
 0x1231824 UnmapViewOfFile
 0x123182c VirtualAlloc
 0x1231834 VirtualFree
 0x123183c VirtualProtect
 0x1231844 VirtualQuery
 0x123184c WaitForMultipleObjects
 0x1231854 WaitForSingleObject
 0x123185c WaitForSingleObjectEx
 0x1231864 WideCharToMultiByte
 0x123186c WriteConsoleW
 0x1231874 WriteFile
 0x123187c __C_specific_handler
msvcrt.dll
 0x123188c __getmainargs
 0x1231894 __initenv
 0x123189c __iob_func
 0x12318a4 __lconv_init
 0x12318ac __set_app_type
 0x12318b4 __setusermatherr
 0x12318bc _acmdln
 0x12318c4 _amsg_exit
 0x12318cc _beginthread
 0x12318d4 _beginthreadex
 0x12318dc _cexit
 0x12318e4 _endthreadex
 0x12318ec _errno
 0x12318f4 _fmode
 0x12318fc _initterm
 0x1231904 _localtime64
 0x123190c _onexit
 0x1231914 abort
 0x123191c calloc
 0x1231924 exit
 0x123192c fprintf
 0x1231934 free
 0x123193c fwrite
 0x1231944 malloc
 0x123194c memcmp
 0x1231954 memcpy
 0x123195c memmove
 0x1231964 memset
 0x123196c qsort
 0x1231974 realloc
 0x123197c signal
 0x1231984 strcmp
 0x123198c strcspn
 0x1231994 strlen
 0x123199c strncmp
 0x12319a4 strrchr
 0x12319ac vfprintf

EAT(Export Address Table) Library

0x122ffd0 _cgo_dummy_export
0x8ce0e0 authorizerTrampoline
0x8cde00 callbackTrampoline
0x8cdfc0 commitHookTrampoline
0x8cdf20 compareTrampoline
0x8cded0 doneTrampoline
0x8ce160 preUpdateHookTrampoline
0x8ce020 rollbackHookTrampoline
0x8cde60 stepTrampoline
0x8ce070 updateHookTrampoline


Similarity measure (PE file only) - Checking for service failure