ScreenShot
| Created | 2023.03.20 10:15 | Machine | s1_win7_x6403 |
| Filename | ChromeFIX_errorMEM.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (AIDetectNet, malicious, high confidence, Zusy, Ransomware, Tescrypt, Artemis, Save, confidence, 100%, ZexaE, pu0@aimvgTdi, Attribute, HighConfidence, Kryptik, HSEV, score, CrypterX, StealerNET, Jaik, HPGen, high, RedLine, Fragtor, Detected, R564417, unsafe, plPaISbghQH, ai score=87) | ||
| md5 | 74b6b35627f6453d787f1c7ea3b9ec33 | ||
| sha256 | 51921d13908bd84b1c8fbdd77e6e29d4359ce0fc40857f6f0ad15b1b6ee74730 | ||
| ssdeep | 3072:W1jGFFPBsryKxPUBnIZ/C9FUYHwKLLgQmsbVVTjC3r7wcLl2byii5DzrIlu:ug3iPUZIAFUYHDPaQVXC3xR2/iNo | ||
| imphash | df35d969e1568731b4c070bee6bd7122 | ||
| impfuzzy | 24:RDaOovnOQFQjERyvDh/J3ISlRT4aWmfLpl8rr1gLm:rEOLDjhcaWmfFKrr19 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40d00c GetNativeSystemInfo
0x40d010 IsValidCodePage
0x40d014 GetModuleHandleA
0x40d018 FreeConsole
0x40d01c MultiByteToWideChar
0x40d020 GetProcAddress
0x40d024 GetCommandLineA
0x40d028 SetUnhandledExceptionFilter
0x40d02c GetModuleHandleW
0x40d030 Sleep
0x40d034 ExitProcess
0x40d038 WriteFile
0x40d03c GetStdHandle
0x40d040 GetModuleFileNameA
0x40d044 FreeEnvironmentStringsA
0x40d048 GetEnvironmentStrings
0x40d04c FreeEnvironmentStringsW
0x40d050 WideCharToMultiByte
0x40d054 GetLastError
0x40d058 GetEnvironmentStringsW
0x40d05c SetHandleCount
0x40d060 GetFileType
0x40d064 GetStartupInfoA
0x40d068 DeleteCriticalSection
0x40d06c TlsGetValue
0x40d070 TlsAlloc
0x40d074 TlsSetValue
0x40d078 TlsFree
0x40d07c InterlockedIncrement
0x40d080 SetLastError
0x40d084 GetCurrentThreadId
0x40d088 InterlockedDecrement
0x40d08c HeapCreate
0x40d090 VirtualFree
0x40d094 HeapFree
0x40d098 QueryPerformanceCounter
0x40d09c GetTickCount
0x40d0a0 GetCurrentProcessId
0x40d0a4 GetSystemTimeAsFileTime
0x40d0a8 HeapAlloc
0x40d0ac RaiseException
0x40d0b0 GetCPInfo
0x40d0b4 GetACP
0x40d0b8 GetOEMCP
0x40d0bc TerminateProcess
0x40d0c0 GetCurrentProcess
0x40d0c4 UnhandledExceptionFilter
0x40d0c8 IsDebuggerPresent
0x40d0cc LeaveCriticalSection
0x40d0d0 EnterCriticalSection
0x40d0d4 LoadLibraryA
0x40d0d8 InitializeCriticalSectionAndSpinCount
0x40d0dc VirtualAlloc
0x40d0e0 HeapReAlloc
0x40d0e4 RtlUnwind
0x40d0e8 HeapSize
0x40d0ec LCMapStringA
0x40d0f0 LCMapStringW
0x40d0f4 GetStringTypeA
0x40d0f8 GetStringTypeW
0x40d0fc GetLocaleInfoA
USER32.dll
0x40d104 ShowScrollBar
COMDLG32.dll
0x40d000 GetSaveFileNameA
0x40d004 GetOpenFileNameA
EAT(Export Address Table) is none
KERNEL32.dll
0x40d00c GetNativeSystemInfo
0x40d010 IsValidCodePage
0x40d014 GetModuleHandleA
0x40d018 FreeConsole
0x40d01c MultiByteToWideChar
0x40d020 GetProcAddress
0x40d024 GetCommandLineA
0x40d028 SetUnhandledExceptionFilter
0x40d02c GetModuleHandleW
0x40d030 Sleep
0x40d034 ExitProcess
0x40d038 WriteFile
0x40d03c GetStdHandle
0x40d040 GetModuleFileNameA
0x40d044 FreeEnvironmentStringsA
0x40d048 GetEnvironmentStrings
0x40d04c FreeEnvironmentStringsW
0x40d050 WideCharToMultiByte
0x40d054 GetLastError
0x40d058 GetEnvironmentStringsW
0x40d05c SetHandleCount
0x40d060 GetFileType
0x40d064 GetStartupInfoA
0x40d068 DeleteCriticalSection
0x40d06c TlsGetValue
0x40d070 TlsAlloc
0x40d074 TlsSetValue
0x40d078 TlsFree
0x40d07c InterlockedIncrement
0x40d080 SetLastError
0x40d084 GetCurrentThreadId
0x40d088 InterlockedDecrement
0x40d08c HeapCreate
0x40d090 VirtualFree
0x40d094 HeapFree
0x40d098 QueryPerformanceCounter
0x40d09c GetTickCount
0x40d0a0 GetCurrentProcessId
0x40d0a4 GetSystemTimeAsFileTime
0x40d0a8 HeapAlloc
0x40d0ac RaiseException
0x40d0b0 GetCPInfo
0x40d0b4 GetACP
0x40d0b8 GetOEMCP
0x40d0bc TerminateProcess
0x40d0c0 GetCurrentProcess
0x40d0c4 UnhandledExceptionFilter
0x40d0c8 IsDebuggerPresent
0x40d0cc LeaveCriticalSection
0x40d0d0 EnterCriticalSection
0x40d0d4 LoadLibraryA
0x40d0d8 InitializeCriticalSectionAndSpinCount
0x40d0dc VirtualAlloc
0x40d0e0 HeapReAlloc
0x40d0e4 RtlUnwind
0x40d0e8 HeapSize
0x40d0ec LCMapStringA
0x40d0f0 LCMapStringW
0x40d0f4 GetStringTypeA
0x40d0f8 GetStringTypeW
0x40d0fc GetLocaleInfoA
USER32.dll
0x40d104 ShowScrollBar
COMDLG32.dll
0x40d000 GetSaveFileNameA
0x40d004 GetOpenFileNameA
EAT(Export Address Table) is none