ScreenShot
| Created | 2023.04.04 17:13 | Machine | s1_win7_x6401 |
| Filename | nmooul5hrjbg6.channal1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (AIDetectNet, Convagent, malicious, high confidence, Zusy, Artemis, unsafe, Save, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, HSZW, score, Vimw, wmado, Steam, high, Static AI, Suspicious PE, Tiggre, Detected, ai score=84, PasswordStealer, Genetic, R002H0CCS23, Generic@AI, RDML, LtCEmfuHjndPWx0RqWlWMw, susgen, HSKS) | ||
| md5 | b8ff396f094c22492fa957fbcf2d6a94 | ||
| sha256 | d504922abfbd95fed6cc1bcc7558dd44fe268f28a6b990e26b32df0c4ff96e82 | ||
| ssdeep | 12288:cfjlo/jfjO+IQAZr3bH44+Z1E10NydOAh:cfjAhM3bY4yq0NJY | ||
| imphash | 4a46d3ddf97b254fa034bc59233d41dd | ||
| impfuzzy | 24:lgcpVWZjS1jtFGhlJBl3eDoNoEOovbOIkFZVvtGMA+EZHu93:lgcpVejS1jtFGnpBc3NFZd1 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHELL32.dll
0x420130 SHCreateShellItemArray
KERNEL32.dll
0x420000 GetStdHandle
0x420004 CreateFileW
0x420008 GetModuleHandleW
0x42000c MultiByteToWideChar
0x420010 GetStringTypeW
0x420014 WideCharToMultiByte
0x420018 EnterCriticalSection
0x42001c LeaveCriticalSection
0x420020 InitializeCriticalSectionEx
0x420024 DeleteCriticalSection
0x420028 EncodePointer
0x42002c DecodePointer
0x420030 LCMapStringEx
0x420034 GetCPInfo
0x420038 IsProcessorFeaturePresent
0x42003c QueryPerformanceCounter
0x420040 GetCurrentProcessId
0x420044 GetCurrentThreadId
0x420048 GetSystemTimeAsFileTime
0x42004c InitializeSListHead
0x420050 IsDebuggerPresent
0x420054 UnhandledExceptionFilter
0x420058 SetUnhandledExceptionFilter
0x42005c GetStartupInfoW
0x420060 GetCurrentProcess
0x420064 TerminateProcess
0x420068 HeapSize
0x42006c RaiseException
0x420070 RtlUnwind
0x420074 GetLastError
0x420078 SetLastError
0x42007c InitializeCriticalSectionAndSpinCount
0x420080 TlsAlloc
0x420084 TlsGetValue
0x420088 TlsSetValue
0x42008c TlsFree
0x420090 FreeLibrary
0x420094 GetProcAddress
0x420098 LoadLibraryExW
0x42009c WriteConsoleW
0x4200a0 WriteFile
0x4200a4 GetModuleFileNameW
0x4200a8 ExitProcess
0x4200ac GetModuleHandleExW
0x4200b0 GetCommandLineA
0x4200b4 GetCommandLineW
0x4200b8 HeapFree
0x4200bc CompareStringW
0x4200c0 LCMapStringW
0x4200c4 GetLocaleInfoW
0x4200c8 IsValidLocale
0x4200cc GetUserDefaultLCID
0x4200d0 EnumSystemLocalesW
0x4200d4 HeapAlloc
0x4200d8 GetFileType
0x4200dc GetFileSizeEx
0x4200e0 SetFilePointerEx
0x4200e4 CloseHandle
0x4200e8 FlushFileBuffers
0x4200ec GetConsoleOutputCP
0x4200f0 GetConsoleMode
0x4200f4 ReadFile
0x4200f8 HeapReAlloc
0x4200fc FindClose
0x420100 FindFirstFileExW
0x420104 FindNextFileW
0x420108 IsValidCodePage
0x42010c GetACP
0x420110 GetOEMCP
0x420114 GetEnvironmentStringsW
0x420118 FreeEnvironmentStringsW
0x42011c SetEnvironmentVariableW
0x420120 SetStdHandle
0x420124 GetProcessHeap
0x420128 ReadConsoleW
EAT(Export Address Table) is none
SHELL32.dll
0x420130 SHCreateShellItemArray
KERNEL32.dll
0x420000 GetStdHandle
0x420004 CreateFileW
0x420008 GetModuleHandleW
0x42000c MultiByteToWideChar
0x420010 GetStringTypeW
0x420014 WideCharToMultiByte
0x420018 EnterCriticalSection
0x42001c LeaveCriticalSection
0x420020 InitializeCriticalSectionEx
0x420024 DeleteCriticalSection
0x420028 EncodePointer
0x42002c DecodePointer
0x420030 LCMapStringEx
0x420034 GetCPInfo
0x420038 IsProcessorFeaturePresent
0x42003c QueryPerformanceCounter
0x420040 GetCurrentProcessId
0x420044 GetCurrentThreadId
0x420048 GetSystemTimeAsFileTime
0x42004c InitializeSListHead
0x420050 IsDebuggerPresent
0x420054 UnhandledExceptionFilter
0x420058 SetUnhandledExceptionFilter
0x42005c GetStartupInfoW
0x420060 GetCurrentProcess
0x420064 TerminateProcess
0x420068 HeapSize
0x42006c RaiseException
0x420070 RtlUnwind
0x420074 GetLastError
0x420078 SetLastError
0x42007c InitializeCriticalSectionAndSpinCount
0x420080 TlsAlloc
0x420084 TlsGetValue
0x420088 TlsSetValue
0x42008c TlsFree
0x420090 FreeLibrary
0x420094 GetProcAddress
0x420098 LoadLibraryExW
0x42009c WriteConsoleW
0x4200a0 WriteFile
0x4200a4 GetModuleFileNameW
0x4200a8 ExitProcess
0x4200ac GetModuleHandleExW
0x4200b0 GetCommandLineA
0x4200b4 GetCommandLineW
0x4200b8 HeapFree
0x4200bc CompareStringW
0x4200c0 LCMapStringW
0x4200c4 GetLocaleInfoW
0x4200c8 IsValidLocale
0x4200cc GetUserDefaultLCID
0x4200d0 EnumSystemLocalesW
0x4200d4 HeapAlloc
0x4200d8 GetFileType
0x4200dc GetFileSizeEx
0x4200e0 SetFilePointerEx
0x4200e4 CloseHandle
0x4200e8 FlushFileBuffers
0x4200ec GetConsoleOutputCP
0x4200f0 GetConsoleMode
0x4200f4 ReadFile
0x4200f8 HeapReAlloc
0x4200fc FindClose
0x420100 FindFirstFileExW
0x420104 FindNextFileW
0x420108 IsValidCodePage
0x42010c GetACP
0x420110 GetOEMCP
0x420114 GetEnvironmentStringsW
0x420118 FreeEnvironmentStringsW
0x42011c SetEnvironmentVariableW
0x420120 SetStdHandle
0x420124 GetProcessHeap
0x420128 ReadConsoleW
EAT(Export Address Table) is none