ScreenShot
| Created | 2023.03.29 17:37 | Machine | s1_win7_x6403 |
| Filename | new_9_2022.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (CVE-2022-3580, GenericKD, Artemis, Vd7r, malicious, confidence, Attribute, HighConfidence, high confidence, score, Pnkl, Redcap, jzrir, ai score=83, R002H0CCS23, susgen, PossibleThreat, Chgt) | ||
| md5 | b626d6f8c491833f785c546389dcdbea | ||
| sha256 | 9a676c29863d06a1344b7b983b9f8c15978ca9914542bec1c20c1c5e4985c529 | ||
| ssdeep | 384:4vPhI/IqJGe/2u3bM9Var5vtLjnFToyRXU8HQSb2Wu6DsjblsgwHjJ:4XuWa2KDrNtPAhSCFhsr | ||
| imphash | e468c9647794dad1887f24aa0ada9dc0 | ||
| impfuzzy | 48:SEO+p23v7jHVg8fN3cskEjuLSwQSwJBSA:SE9p23v7re8fNMsnjvV | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ntdll.dll
0x1400052d0 RtlLookupFunctionEntry
0x1400052d8 RtlVirtualUnwind
0x1400052e0 RtlCaptureContext
0x1400052e8 ZwQuerySystemInformation
KERNEL32.dll
0x140005010 ReadFile
0x140005018 VirtualFree
0x140005020 GetCurrentProcess
0x140005028 WriteFile
0x140005030 VirtualAlloc
0x140005038 CreatePipe
0x140005040 SetFilePointer
0x140005048 LocalAlloc
0x140005050 CreateFileW
0x140005058 DuplicateHandle
0x140005060 GetModuleHandleA
0x140005068 OpenProcess
0x140005070 GetLastError
0x140005078 IsDebuggerPresent
0x140005080 GlobalAlloc
0x140005088 DeleteFileW
0x140005090 CloseHandle
0x140005098 LoadLibraryW
0x1400050a0 GetProcAddress
0x1400050a8 LocalFree
0x1400050b0 GetCurrentProcessId
0x1400050b8 GetModuleHandleW
0x1400050c0 FreeLibrary
0x1400050c8 LoadLibraryExW
0x1400050d0 SetUnhandledExceptionFilter
0x1400050d8 TerminateProcess
0x1400050e0 IsProcessorFeaturePresent
0x1400050e8 GetCurrentThread
0x1400050f0 InitializeSListHead
0x1400050f8 GetSystemTimeAsFileTime
0x140005100 GetCurrentThreadId
0x140005108 QueryPerformanceCounter
0x140005110 UnhandledExceptionFilter
USER32.dll
0x140005120 wsprintfW
ADVAPI32.dll
0x140005000 OpenProcessToken
clfsw32.dll
0x1400052b8 AddLogContainer
0x1400052c0 CreateLogFile
VCRUNTIME140.dll
0x140005130 __current_exception_context
0x140005138 _CxxThrowException
0x140005140 __std_exception_destroy
0x140005148 __C_specific_handler
0x140005150 __std_exception_copy
0x140005158 memset
0x140005160 __current_exception
api-ms-win-crt-runtime-l1-1-0.dll
0x1400051b8 _configure_narrow_argv
0x1400051c0 _get_initial_narrow_environment
0x1400051c8 _initterm
0x1400051d0 _set_app_type
0x1400051d8 _seh_filter_exe
0x1400051e0 _exit
0x1400051e8 system
0x1400051f0 __p___argc
0x1400051f8 __p___argv
0x140005200 _cexit
0x140005208 _initterm_e
0x140005210 _register_thread_local_exe_atexit_callback
0x140005218 _initialize_narrow_environment
0x140005220 _c_exit
0x140005228 exit
0x140005230 _initialize_onexit_table
0x140005238 _register_onexit_function
0x140005240 _crt_atexit
0x140005248 terminate
api-ms-win-crt-utility-l1-1-0.dll
0x1400052a0 rand
0x1400052a8 srand
api-ms-win-crt-stdio-l1-1-0.dll
0x140005258 __p__commode
0x140005260 __acrt_iob_func
0x140005268 _set_fmode
0x140005270 __stdio_common_vfprintf
api-ms-win-crt-string-l1-1-0.dll
0x140005280 _stricmp
api-ms-win-crt-time-l1-1-0.dll
0x140005290 _time64
api-ms-win-crt-heap-l1-1-0.dll
0x140005170 malloc
0x140005178 _callnewh
0x140005180 free
0x140005188 _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
0x1400051a8 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x140005198 _configthreadlocale
EAT(Export Address Table) is none
ntdll.dll
0x1400052d0 RtlLookupFunctionEntry
0x1400052d8 RtlVirtualUnwind
0x1400052e0 RtlCaptureContext
0x1400052e8 ZwQuerySystemInformation
KERNEL32.dll
0x140005010 ReadFile
0x140005018 VirtualFree
0x140005020 GetCurrentProcess
0x140005028 WriteFile
0x140005030 VirtualAlloc
0x140005038 CreatePipe
0x140005040 SetFilePointer
0x140005048 LocalAlloc
0x140005050 CreateFileW
0x140005058 DuplicateHandle
0x140005060 GetModuleHandleA
0x140005068 OpenProcess
0x140005070 GetLastError
0x140005078 IsDebuggerPresent
0x140005080 GlobalAlloc
0x140005088 DeleteFileW
0x140005090 CloseHandle
0x140005098 LoadLibraryW
0x1400050a0 GetProcAddress
0x1400050a8 LocalFree
0x1400050b0 GetCurrentProcessId
0x1400050b8 GetModuleHandleW
0x1400050c0 FreeLibrary
0x1400050c8 LoadLibraryExW
0x1400050d0 SetUnhandledExceptionFilter
0x1400050d8 TerminateProcess
0x1400050e0 IsProcessorFeaturePresent
0x1400050e8 GetCurrentThread
0x1400050f0 InitializeSListHead
0x1400050f8 GetSystemTimeAsFileTime
0x140005100 GetCurrentThreadId
0x140005108 QueryPerformanceCounter
0x140005110 UnhandledExceptionFilter
USER32.dll
0x140005120 wsprintfW
ADVAPI32.dll
0x140005000 OpenProcessToken
clfsw32.dll
0x1400052b8 AddLogContainer
0x1400052c0 CreateLogFile
VCRUNTIME140.dll
0x140005130 __current_exception_context
0x140005138 _CxxThrowException
0x140005140 __std_exception_destroy
0x140005148 __C_specific_handler
0x140005150 __std_exception_copy
0x140005158 memset
0x140005160 __current_exception
api-ms-win-crt-runtime-l1-1-0.dll
0x1400051b8 _configure_narrow_argv
0x1400051c0 _get_initial_narrow_environment
0x1400051c8 _initterm
0x1400051d0 _set_app_type
0x1400051d8 _seh_filter_exe
0x1400051e0 _exit
0x1400051e8 system
0x1400051f0 __p___argc
0x1400051f8 __p___argv
0x140005200 _cexit
0x140005208 _initterm_e
0x140005210 _register_thread_local_exe_atexit_callback
0x140005218 _initialize_narrow_environment
0x140005220 _c_exit
0x140005228 exit
0x140005230 _initialize_onexit_table
0x140005238 _register_onexit_function
0x140005240 _crt_atexit
0x140005248 terminate
api-ms-win-crt-utility-l1-1-0.dll
0x1400052a0 rand
0x1400052a8 srand
api-ms-win-crt-stdio-l1-1-0.dll
0x140005258 __p__commode
0x140005260 __acrt_iob_func
0x140005268 _set_fmode
0x140005270 __stdio_common_vfprintf
api-ms-win-crt-string-l1-1-0.dll
0x140005280 _stricmp
api-ms-win-crt-time-l1-1-0.dll
0x140005290 _time64
api-ms-win-crt-heap-l1-1-0.dll
0x140005170 malloc
0x140005178 _callnewh
0x140005180 free
0x140005188 _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
0x1400051a8 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x140005198 _configthreadlocale
EAT(Export Address Table) is none