ScreenShot
Created | 2023.03.20 10:02 | Machine | s1_win7_x6403 |
Filename | Slava.exe | ||
Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 39 detected (Goback, Siggen20, GenericKD, Save, TrojanPSW, malicious, confidence, Attribute, HighConfidence, high confidence, a variant of WinGo, score, QQPass, QQRob, Rcnw, AGEN, ai score=84, Vigorf, Detected, Artemis, R002H0ACG23, CLOUD) | ||
md5 | 1fa21564b4463aa7a564a20fa00dafba | ||
sha256 | f9c21532868a2cd3cbeaa22f92c237cb73bff27d73fc49716d81c89eedb72be9 | ||
ssdeep | 98304:Z8orC0paqIwP+g/pkrubbwibwHyEe/4/I3eFTF:CExaqvP+0pkruwKw/P/I | ||
imphash | 57c9b357ae0cb2f414b0a5873e2f216d | ||
impfuzzy | 96:nB0xlCFX7+C4S5O1eTucwOcX8gXj+JG46BRqt3R:nK3CN774S5lTmXxt46Bct3R |
Network IP location
Signature (2cnts)
Level | Description |
---|---|
danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
info | One or more processes crashed |
Rules (8cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | NPKI_Zero | File included NPKI | binaries (upload) |
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE64 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x12314fc AddVectoredExceptionHandler
0x1231504 AreFileApisANSI
0x123150c CloseHandle
0x1231514 CreateEventA
0x123151c CreateFileA
0x1231524 CreateFileMappingA
0x123152c CreateFileMappingW
0x1231534 CreateFileW
0x123153c CreateIoCompletionPort
0x1231544 CreateMutexW
0x123154c CreateThread
0x1231554 CreateWaitableTimerA
0x123155c CreateWaitableTimerExW
0x1231564 DeleteCriticalSection
0x123156c DeleteFileA
0x1231574 DeleteFileW
0x123157c DuplicateHandle
0x1231584 EnterCriticalSection
0x123158c ExitProcess
0x1231594 FlushFileBuffers
0x123159c FlushViewOfFile
0x12315a4 FormatMessageA
0x12315ac FormatMessageW
0x12315b4 FreeEnvironmentStringsW
0x12315bc FreeLibrary
0x12315c4 GetConsoleMode
0x12315cc GetCurrentProcess
0x12315d4 GetCurrentProcessId
0x12315dc GetCurrentThreadId
0x12315e4 GetDiskFreeSpaceA
0x12315ec GetDiskFreeSpaceW
0x12315f4 GetEnvironmentStringsW
0x12315fc GetFileAttributesA
0x1231604 GetFileAttributesExW
0x123160c GetFileAttributesW
0x1231614 GetFileSize
0x123161c GetFullPathNameA
0x1231624 GetFullPathNameW
0x123162c GetLastError
0x1231634 GetProcAddress
0x123163c GetProcessAffinityMask
0x1231644 GetProcessHeap
0x123164c GetQueuedCompletionStatusEx
0x1231654 GetStartupInfoA
0x123165c GetStdHandle
0x1231664 GetSystemDirectoryA
0x123166c GetSystemInfo
0x1231674 GetSystemTime
0x123167c GetSystemTimeAsFileTime
0x1231684 GetTempPathA
0x123168c GetTempPathW
0x1231694 GetThreadContext
0x123169c GetTickCount
0x12316a4 GetVersionExA
0x12316ac GetVersionExW
0x12316b4 HeapAlloc
0x12316bc HeapCompact
0x12316c4 HeapCreate
0x12316cc HeapDestroy
0x12316d4 HeapFree
0x12316dc HeapReAlloc
0x12316e4 HeapSize
0x12316ec HeapValidate
0x12316f4 InitializeCriticalSection
0x12316fc LeaveCriticalSection
0x1231704 LoadLibraryA
0x123170c LoadLibraryW
0x1231714 LocalFree
0x123171c LockFile
0x1231724 LockFileEx
0x123172c MapViewOfFile
0x1231734 MultiByteToWideChar
0x123173c OutputDebugStringA
0x1231744 OutputDebugStringW
0x123174c PostQueuedCompletionStatus
0x1231754 QueryPerformanceCounter
0x123175c ReadFile
0x1231764 ResumeThread
0x123176c RtlAddFunctionTable
0x1231774 RtlCaptureContext
0x123177c RtlLookupFunctionEntry
0x1231784 RtlVirtualUnwind
0x123178c SetConsoleCtrlHandler
0x1231794 SetEndOfFile
0x123179c SetErrorMode
0x12317a4 SetEvent
0x12317ac SetFilePointer
0x12317b4 SetProcessPriorityBoost
0x12317bc SetThreadContext
0x12317c4 SetUnhandledExceptionFilter
0x12317cc SetWaitableTimer
0x12317d4 Sleep
0x12317dc SuspendThread
0x12317e4 SwitchToThread
0x12317ec SystemTimeToFileTime
0x12317f4 TerminateProcess
0x12317fc TlsGetValue
0x1231804 TryEnterCriticalSection
0x123180c UnhandledExceptionFilter
0x1231814 UnlockFile
0x123181c UnlockFileEx
0x1231824 UnmapViewOfFile
0x123182c VirtualAlloc
0x1231834 VirtualFree
0x123183c VirtualProtect
0x1231844 VirtualQuery
0x123184c WaitForMultipleObjects
0x1231854 WaitForSingleObject
0x123185c WaitForSingleObjectEx
0x1231864 WideCharToMultiByte
0x123186c WriteConsoleW
0x1231874 WriteFile
0x123187c __C_specific_handler
msvcrt.dll
0x123188c __getmainargs
0x1231894 __initenv
0x123189c __iob_func
0x12318a4 __lconv_init
0x12318ac __set_app_type
0x12318b4 __setusermatherr
0x12318bc _acmdln
0x12318c4 _amsg_exit
0x12318cc _beginthread
0x12318d4 _beginthreadex
0x12318dc _cexit
0x12318e4 _endthreadex
0x12318ec _errno
0x12318f4 _fmode
0x12318fc _initterm
0x1231904 _localtime64
0x123190c _onexit
0x1231914 abort
0x123191c calloc
0x1231924 exit
0x123192c fprintf
0x1231934 free
0x123193c fwrite
0x1231944 malloc
0x123194c memcmp
0x1231954 memcpy
0x123195c memmove
0x1231964 memset
0x123196c qsort
0x1231974 realloc
0x123197c signal
0x1231984 strcmp
0x123198c strcspn
0x1231994 strlen
0x123199c strncmp
0x12319a4 strrchr
0x12319ac vfprintf
EAT(Export Address Table) Library
0x122ffd0 _cgo_dummy_export
0x8ce0e0 authorizerTrampoline
0x8cde00 callbackTrampoline
0x8cdfc0 commitHookTrampoline
0x8cdf20 compareTrampoline
0x8cded0 doneTrampoline
0x8ce160 preUpdateHookTrampoline
0x8ce020 rollbackHookTrampoline
0x8cde60 stepTrampoline
0x8ce070 updateHookTrampoline
KERNEL32.dll
0x12314fc AddVectoredExceptionHandler
0x1231504 AreFileApisANSI
0x123150c CloseHandle
0x1231514 CreateEventA
0x123151c CreateFileA
0x1231524 CreateFileMappingA
0x123152c CreateFileMappingW
0x1231534 CreateFileW
0x123153c CreateIoCompletionPort
0x1231544 CreateMutexW
0x123154c CreateThread
0x1231554 CreateWaitableTimerA
0x123155c CreateWaitableTimerExW
0x1231564 DeleteCriticalSection
0x123156c DeleteFileA
0x1231574 DeleteFileW
0x123157c DuplicateHandle
0x1231584 EnterCriticalSection
0x123158c ExitProcess
0x1231594 FlushFileBuffers
0x123159c FlushViewOfFile
0x12315a4 FormatMessageA
0x12315ac FormatMessageW
0x12315b4 FreeEnvironmentStringsW
0x12315bc FreeLibrary
0x12315c4 GetConsoleMode
0x12315cc GetCurrentProcess
0x12315d4 GetCurrentProcessId
0x12315dc GetCurrentThreadId
0x12315e4 GetDiskFreeSpaceA
0x12315ec GetDiskFreeSpaceW
0x12315f4 GetEnvironmentStringsW
0x12315fc GetFileAttributesA
0x1231604 GetFileAttributesExW
0x123160c GetFileAttributesW
0x1231614 GetFileSize
0x123161c GetFullPathNameA
0x1231624 GetFullPathNameW
0x123162c GetLastError
0x1231634 GetProcAddress
0x123163c GetProcessAffinityMask
0x1231644 GetProcessHeap
0x123164c GetQueuedCompletionStatusEx
0x1231654 GetStartupInfoA
0x123165c GetStdHandle
0x1231664 GetSystemDirectoryA
0x123166c GetSystemInfo
0x1231674 GetSystemTime
0x123167c GetSystemTimeAsFileTime
0x1231684 GetTempPathA
0x123168c GetTempPathW
0x1231694 GetThreadContext
0x123169c GetTickCount
0x12316a4 GetVersionExA
0x12316ac GetVersionExW
0x12316b4 HeapAlloc
0x12316bc HeapCompact
0x12316c4 HeapCreate
0x12316cc HeapDestroy
0x12316d4 HeapFree
0x12316dc HeapReAlloc
0x12316e4 HeapSize
0x12316ec HeapValidate
0x12316f4 InitializeCriticalSection
0x12316fc LeaveCriticalSection
0x1231704 LoadLibraryA
0x123170c LoadLibraryW
0x1231714 LocalFree
0x123171c LockFile
0x1231724 LockFileEx
0x123172c MapViewOfFile
0x1231734 MultiByteToWideChar
0x123173c OutputDebugStringA
0x1231744 OutputDebugStringW
0x123174c PostQueuedCompletionStatus
0x1231754 QueryPerformanceCounter
0x123175c ReadFile
0x1231764 ResumeThread
0x123176c RtlAddFunctionTable
0x1231774 RtlCaptureContext
0x123177c RtlLookupFunctionEntry
0x1231784 RtlVirtualUnwind
0x123178c SetConsoleCtrlHandler
0x1231794 SetEndOfFile
0x123179c SetErrorMode
0x12317a4 SetEvent
0x12317ac SetFilePointer
0x12317b4 SetProcessPriorityBoost
0x12317bc SetThreadContext
0x12317c4 SetUnhandledExceptionFilter
0x12317cc SetWaitableTimer
0x12317d4 Sleep
0x12317dc SuspendThread
0x12317e4 SwitchToThread
0x12317ec SystemTimeToFileTime
0x12317f4 TerminateProcess
0x12317fc TlsGetValue
0x1231804 TryEnterCriticalSection
0x123180c UnhandledExceptionFilter
0x1231814 UnlockFile
0x123181c UnlockFileEx
0x1231824 UnmapViewOfFile
0x123182c VirtualAlloc
0x1231834 VirtualFree
0x123183c VirtualProtect
0x1231844 VirtualQuery
0x123184c WaitForMultipleObjects
0x1231854 WaitForSingleObject
0x123185c WaitForSingleObjectEx
0x1231864 WideCharToMultiByte
0x123186c WriteConsoleW
0x1231874 WriteFile
0x123187c __C_specific_handler
msvcrt.dll
0x123188c __getmainargs
0x1231894 __initenv
0x123189c __iob_func
0x12318a4 __lconv_init
0x12318ac __set_app_type
0x12318b4 __setusermatherr
0x12318bc _acmdln
0x12318c4 _amsg_exit
0x12318cc _beginthread
0x12318d4 _beginthreadex
0x12318dc _cexit
0x12318e4 _endthreadex
0x12318ec _errno
0x12318f4 _fmode
0x12318fc _initterm
0x1231904 _localtime64
0x123190c _onexit
0x1231914 abort
0x123191c calloc
0x1231924 exit
0x123192c fprintf
0x1231934 free
0x123193c fwrite
0x1231944 malloc
0x123194c memcmp
0x1231954 memcpy
0x123195c memmove
0x1231964 memset
0x123196c qsort
0x1231974 realloc
0x123197c signal
0x1231984 strcmp
0x123198c strcspn
0x1231994 strlen
0x123199c strncmp
0x12319a4 strrchr
0x12319ac vfprintf
EAT(Export Address Table) Library
0x122ffd0 _cgo_dummy_export
0x8ce0e0 authorizerTrampoline
0x8cde00 callbackTrampoline
0x8cdfc0 commitHookTrampoline
0x8cdf20 compareTrampoline
0x8cded0 doneTrampoline
0x8ce160 preUpdateHookTrampoline
0x8ce020 rollbackHookTrampoline
0x8cde60 stepTrampoline
0x8ce070 updateHookTrampoline