ScreenShot
| Created | 2023.03.29 17:44 | Machine | s1_win7_x6403 |
| Filename | 1.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 9 detected (malicious, confidence, score, Artemis) | ||
| md5 | 05d614ae9941dc597f918230c0938d11 | ||
| sha256 | 069823eb52c902e7e4c80cb0ad2395d38eb0f98d1de05d6d054b20149f9bf556 | ||
| ssdeep | 6144:BVPLGN8jlL7aYv2hQOrRpvSmy68IcScoVCNohy/2eyLZxSeFVSt4DoQqdqsZ5WVs:PVLGu2hQMRYmb8I03oI/8Xn0d/K4f9 | ||
| imphash | b79f695aab924878ad9a91fd6cfd4361 | ||
| impfuzzy | 24:fWmDhIRcpVWcGlLjVN02toS1CBgdlJh9F0ougvNjCRFZYGMAkpOovbOPZHu95:kcpV5G5toS1CBgrn0gEFZd3I | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 9 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14004f000 SetConsoleTextAttribute
0x14004f008 GetStdHandle
0x14004f010 GetModuleFileNameW
0x14004f018 LoadLibraryW
0x14004f020 GetProcAddress
0x14004f028 WideCharToMultiByte
0x14004f030 SetConsoleCursorPosition
0x14004f038 CreateFileW
0x14004f040 EnterCriticalSection
0x14004f048 LeaveCriticalSection
0x14004f050 InitializeCriticalSectionEx
0x14004f058 DeleteCriticalSection
0x14004f060 EncodePointer
0x14004f068 DecodePointer
0x14004f070 MultiByteToWideChar
0x14004f078 LCMapStringEx
0x14004f080 GetStringTypeW
0x14004f088 GetCPInfo
0x14004f090 CloseHandle
0x14004f098 InitializeCriticalSectionAndSpinCount
0x14004f0a0 SetEvent
0x14004f0a8 ResetEvent
0x14004f0b0 WaitForSingleObjectEx
0x14004f0b8 CreateEventW
0x14004f0c0 GetModuleHandleW
0x14004f0c8 RtlCaptureContext
0x14004f0d0 RtlLookupFunctionEntry
0x14004f0d8 RtlVirtualUnwind
0x14004f0e0 UnhandledExceptionFilter
0x14004f0e8 SetUnhandledExceptionFilter
0x14004f0f0 GetCurrentProcess
0x14004f0f8 TerminateProcess
0x14004f100 IsProcessorFeaturePresent
0x14004f108 IsDebuggerPresent
0x14004f110 GetStartupInfoW
0x14004f118 QueryPerformanceCounter
0x14004f120 GetCurrentProcessId
0x14004f128 GetCurrentThreadId
0x14004f130 GetSystemTimeAsFileTime
0x14004f138 InitializeSListHead
0x14004f140 RtlUnwindEx
0x14004f148 RtlPcToFileHeader
0x14004f150 RaiseException
0x14004f158 GetLastError
0x14004f160 SetLastError
0x14004f168 TlsAlloc
0x14004f170 TlsGetValue
0x14004f178 TlsSetValue
0x14004f180 TlsFree
0x14004f188 FreeLibrary
0x14004f190 LoadLibraryExW
0x14004f198 RtlUnwind
0x14004f1a0 ExitProcess
0x14004f1a8 GetModuleHandleExW
0x14004f1b0 WriteFile
0x14004f1b8 HeapAlloc
0x14004f1c0 HeapFree
0x14004f1c8 GetFileType
0x14004f1d0 WaitForSingleObject
0x14004f1d8 GetExitCodeProcess
0x14004f1e0 CreateProcessW
0x14004f1e8 GetFileAttributesExW
0x14004f1f0 FlsAlloc
0x14004f1f8 FlsGetValue
0x14004f200 FlsSetValue
0x14004f208 FlsFree
0x14004f210 CompareStringW
0x14004f218 LCMapStringW
0x14004f220 GetLocaleInfoW
0x14004f228 IsValidLocale
0x14004f230 GetUserDefaultLCID
0x14004f238 EnumSystemLocalesW
0x14004f240 FlushFileBuffers
0x14004f248 GetConsoleOutputCP
0x14004f250 GetConsoleMode
0x14004f258 ReadFile
0x14004f260 GetFileSizeEx
0x14004f268 SetFilePointerEx
0x14004f270 ReadConsoleW
0x14004f278 HeapReAlloc
0x14004f280 FindClose
0x14004f288 FindFirstFileExW
0x14004f290 FindNextFileW
0x14004f298 IsValidCodePage
0x14004f2a0 GetACP
0x14004f2a8 GetOEMCP
0x14004f2b0 GetCommandLineA
0x14004f2b8 GetCommandLineW
0x14004f2c0 GetEnvironmentStringsW
0x14004f2c8 FreeEnvironmentStringsW
0x14004f2d0 SetEnvironmentVariableW
0x14004f2d8 GetProcessHeap
0x14004f2e0 SetStdHandle
0x14004f2e8 HeapSize
0x14004f2f0 WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x14004f000 SetConsoleTextAttribute
0x14004f008 GetStdHandle
0x14004f010 GetModuleFileNameW
0x14004f018 LoadLibraryW
0x14004f020 GetProcAddress
0x14004f028 WideCharToMultiByte
0x14004f030 SetConsoleCursorPosition
0x14004f038 CreateFileW
0x14004f040 EnterCriticalSection
0x14004f048 LeaveCriticalSection
0x14004f050 InitializeCriticalSectionEx
0x14004f058 DeleteCriticalSection
0x14004f060 EncodePointer
0x14004f068 DecodePointer
0x14004f070 MultiByteToWideChar
0x14004f078 LCMapStringEx
0x14004f080 GetStringTypeW
0x14004f088 GetCPInfo
0x14004f090 CloseHandle
0x14004f098 InitializeCriticalSectionAndSpinCount
0x14004f0a0 SetEvent
0x14004f0a8 ResetEvent
0x14004f0b0 WaitForSingleObjectEx
0x14004f0b8 CreateEventW
0x14004f0c0 GetModuleHandleW
0x14004f0c8 RtlCaptureContext
0x14004f0d0 RtlLookupFunctionEntry
0x14004f0d8 RtlVirtualUnwind
0x14004f0e0 UnhandledExceptionFilter
0x14004f0e8 SetUnhandledExceptionFilter
0x14004f0f0 GetCurrentProcess
0x14004f0f8 TerminateProcess
0x14004f100 IsProcessorFeaturePresent
0x14004f108 IsDebuggerPresent
0x14004f110 GetStartupInfoW
0x14004f118 QueryPerformanceCounter
0x14004f120 GetCurrentProcessId
0x14004f128 GetCurrentThreadId
0x14004f130 GetSystemTimeAsFileTime
0x14004f138 InitializeSListHead
0x14004f140 RtlUnwindEx
0x14004f148 RtlPcToFileHeader
0x14004f150 RaiseException
0x14004f158 GetLastError
0x14004f160 SetLastError
0x14004f168 TlsAlloc
0x14004f170 TlsGetValue
0x14004f178 TlsSetValue
0x14004f180 TlsFree
0x14004f188 FreeLibrary
0x14004f190 LoadLibraryExW
0x14004f198 RtlUnwind
0x14004f1a0 ExitProcess
0x14004f1a8 GetModuleHandleExW
0x14004f1b0 WriteFile
0x14004f1b8 HeapAlloc
0x14004f1c0 HeapFree
0x14004f1c8 GetFileType
0x14004f1d0 WaitForSingleObject
0x14004f1d8 GetExitCodeProcess
0x14004f1e0 CreateProcessW
0x14004f1e8 GetFileAttributesExW
0x14004f1f0 FlsAlloc
0x14004f1f8 FlsGetValue
0x14004f200 FlsSetValue
0x14004f208 FlsFree
0x14004f210 CompareStringW
0x14004f218 LCMapStringW
0x14004f220 GetLocaleInfoW
0x14004f228 IsValidLocale
0x14004f230 GetUserDefaultLCID
0x14004f238 EnumSystemLocalesW
0x14004f240 FlushFileBuffers
0x14004f248 GetConsoleOutputCP
0x14004f250 GetConsoleMode
0x14004f258 ReadFile
0x14004f260 GetFileSizeEx
0x14004f268 SetFilePointerEx
0x14004f270 ReadConsoleW
0x14004f278 HeapReAlloc
0x14004f280 FindClose
0x14004f288 FindFirstFileExW
0x14004f290 FindNextFileW
0x14004f298 IsValidCodePage
0x14004f2a0 GetACP
0x14004f2a8 GetOEMCP
0x14004f2b0 GetCommandLineA
0x14004f2b8 GetCommandLineW
0x14004f2c0 GetEnvironmentStringsW
0x14004f2c8 FreeEnvironmentStringsW
0x14004f2d0 SetEnvironmentVariableW
0x14004f2d8 GetProcessHeap
0x14004f2e0 SetStdHandle
0x14004f2e8 HeapSize
0x14004f2f0 WriteConsoleW
EAT(Export Address Table) is none