ScreenShot
| Created | 2023.03.27 10:27 | Machine | s1_win7_x6401 |
| Filename | ox.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (Evader, malicious, high confidence, Siggen3, Zusy, Jaik, Adh9, Attribute, HighConfidence, Kryptik, HSYN, CrypterX, Artemis, high, score, ai score=85, Sabsik, 21EV88, Detected, unsafe, GoYKachOE1N) | ||
| md5 | 7b9742c442c28ca29907a0ffcaca47fa | ||
| sha256 | 6d615929475897b42f7bbc9ae8a5fdc591a15a08ab4696dbabb3ff912fb5cbf9 | ||
| ssdeep | 6144:/DB9/8sAqMQ107vvjmokAxGnHZIkIx1P7:bB9/8JE1OvCixGnm | ||
| imphash | 03a003b2ab5e4e0a5303d82cb2f0927e | ||
| impfuzzy | 24:aQRefvfOiYkD8MjOovnG/JKOtLQFQ8RyvDkRT4Qf4plW+oT0EpWlr:aMefvWiYJMCltL3DgcQfAIe | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41700c MultiByteToWideChar
0x417010 FreeConsole
0x417014 GetVersionExW
0x417018 GetFileInformationByHandle
0x41701c MapUserPhysicalPagesScatter
0x417020 CreateFileW
0x417024 LocalCompact
0x417028 DeleteAtom
0x41702c GetLastError
0x417030 QueryPerformanceFrequency
0x417034 CreateMutexW
0x417038 AssignProcessToJobObject
0x41703c GetCurrentThreadId
0x417040 GetCurrentProcess
0x417044 AddAtomW
0x417048 GetCurrentThread
0x41704c GetCommandLineW
0x417050 GetModuleHandleA
0x417054 AreFileApisANSI
0x417058 GetProcAddress
0x41705c GetLocaleInfoA
0x417060 RtlUnwind
0x417064 RaiseException
0x417068 GetCommandLineA
0x41706c HeapFree
0x417070 GetModuleHandleW
0x417074 TlsGetValue
0x417078 TlsAlloc
0x41707c TlsSetValue
0x417080 TlsFree
0x417084 InterlockedIncrement
0x417088 SetLastError
0x41708c InterlockedDecrement
0x417090 HeapAlloc
0x417094 TerminateProcess
0x417098 UnhandledExceptionFilter
0x41709c SetUnhandledExceptionFilter
0x4170a0 IsDebuggerPresent
0x4170a4 Sleep
0x4170a8 ExitProcess
0x4170ac WriteFile
0x4170b0 GetStdHandle
0x4170b4 GetModuleFileNameA
0x4170b8 FreeEnvironmentStringsA
0x4170bc GetEnvironmentStrings
0x4170c0 FreeEnvironmentStringsW
0x4170c4 WideCharToMultiByte
0x4170c8 GetEnvironmentStringsW
0x4170cc SetHandleCount
0x4170d0 GetFileType
0x4170d4 GetStartupInfoA
0x4170d8 DeleteCriticalSection
0x4170dc HeapCreate
0x4170e0 VirtualFree
0x4170e4 QueryPerformanceCounter
0x4170e8 GetTickCount
0x4170ec GetCurrentProcessId
0x4170f0 GetSystemTimeAsFileTime
0x4170f4 GetCPInfo
0x4170f8 GetACP
0x4170fc GetOEMCP
0x417100 IsValidCodePage
0x417104 LeaveCriticalSection
0x417108 EnterCriticalSection
0x41710c VirtualAlloc
0x417110 HeapReAlloc
0x417114 HeapSize
0x417118 LoadLibraryA
0x41711c InitializeCriticalSectionAndSpinCount
0x417120 LCMapStringA
0x417124 LCMapStringW
0x417128 GetStringTypeA
0x41712c GetStringTypeW
GDI32.dll
0x417000 SelectObject
0x417004 CreateFontIndirectA
WINSPOOL.DRV
0x41713c ReadPrinter
0x417140 FindNextPrinterChangeNotification
0x417144 FindFirstPrinterChangeNotification
0x417148 AbortPrinter
0x41714c WritePrinter
0x417150 FindClosePrinterChangeNotification
0x417154 ScheduleJob
SHELL32.dll
0x417134 SHBrowseForFolderW
EAT(Export Address Table) is none
KERNEL32.dll
0x41700c MultiByteToWideChar
0x417010 FreeConsole
0x417014 GetVersionExW
0x417018 GetFileInformationByHandle
0x41701c MapUserPhysicalPagesScatter
0x417020 CreateFileW
0x417024 LocalCompact
0x417028 DeleteAtom
0x41702c GetLastError
0x417030 QueryPerformanceFrequency
0x417034 CreateMutexW
0x417038 AssignProcessToJobObject
0x41703c GetCurrentThreadId
0x417040 GetCurrentProcess
0x417044 AddAtomW
0x417048 GetCurrentThread
0x41704c GetCommandLineW
0x417050 GetModuleHandleA
0x417054 AreFileApisANSI
0x417058 GetProcAddress
0x41705c GetLocaleInfoA
0x417060 RtlUnwind
0x417064 RaiseException
0x417068 GetCommandLineA
0x41706c HeapFree
0x417070 GetModuleHandleW
0x417074 TlsGetValue
0x417078 TlsAlloc
0x41707c TlsSetValue
0x417080 TlsFree
0x417084 InterlockedIncrement
0x417088 SetLastError
0x41708c InterlockedDecrement
0x417090 HeapAlloc
0x417094 TerminateProcess
0x417098 UnhandledExceptionFilter
0x41709c SetUnhandledExceptionFilter
0x4170a0 IsDebuggerPresent
0x4170a4 Sleep
0x4170a8 ExitProcess
0x4170ac WriteFile
0x4170b0 GetStdHandle
0x4170b4 GetModuleFileNameA
0x4170b8 FreeEnvironmentStringsA
0x4170bc GetEnvironmentStrings
0x4170c0 FreeEnvironmentStringsW
0x4170c4 WideCharToMultiByte
0x4170c8 GetEnvironmentStringsW
0x4170cc SetHandleCount
0x4170d0 GetFileType
0x4170d4 GetStartupInfoA
0x4170d8 DeleteCriticalSection
0x4170dc HeapCreate
0x4170e0 VirtualFree
0x4170e4 QueryPerformanceCounter
0x4170e8 GetTickCount
0x4170ec GetCurrentProcessId
0x4170f0 GetSystemTimeAsFileTime
0x4170f4 GetCPInfo
0x4170f8 GetACP
0x4170fc GetOEMCP
0x417100 IsValidCodePage
0x417104 LeaveCriticalSection
0x417108 EnterCriticalSection
0x41710c VirtualAlloc
0x417110 HeapReAlloc
0x417114 HeapSize
0x417118 LoadLibraryA
0x41711c InitializeCriticalSectionAndSpinCount
0x417120 LCMapStringA
0x417124 LCMapStringW
0x417128 GetStringTypeA
0x41712c GetStringTypeW
GDI32.dll
0x417000 SelectObject
0x417004 CreateFontIndirectA
WINSPOOL.DRV
0x41713c ReadPrinter
0x417140 FindNextPrinterChangeNotification
0x417144 FindFirstPrinterChangeNotification
0x417148 AbortPrinter
0x41714c WritePrinter
0x417150 FindClosePrinterChangeNotification
0x417154 ScheduleJob
SHELL32.dll
0x417134 SHBrowseForFolderW
EAT(Export Address Table) is none