ScreenShot
| Created | 2023.04.04 17:15 | Machine | s1_win7_x6401 |
| Filename | 1bz7KfahvU.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 51 detected (Coins, tseu, MulDrop21, GenericKD, Sabsik, Foreign, V53r, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, a variant of WinGo, score, ompf, RansomX, Gtgl, zaxan, Meterpreter, Genkd, Casdet, Detected, R565774, Artemis, ai score=80, unsafe, RansomGen, R002H0ACC23, CLOUD, Static AI, Suspicious PE, susgen) | ||
| md5 | e0d2634fe2b085685f0b71e66ac91ec9 | ||
| sha256 | 24c485ecb00d9d6ed8c12fb7a3162169cb1b666ab9a90eb3c1bcdf8dd8c40df4 | ||
| ssdeep | 49152:pyWMOEmrU4VWLP6zev05oej0EL9gCegK/efy5d8A45EG273LCV0UOQJUh9q101GF:Eq6PQn4/9GEp32VLV+h9sF | ||
| imphash | 9cbefe68f395e67356e2a5d8d1b285c0 | ||
| impfuzzy | 24:UbVjhNwO+VuT2oLtXOr6kwmDruMztxdEr6tP:KwO+VAXOmGx0oP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| watch | Detects the presence of Wine emulator |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x90b5e0 WriteFile
0x90b5e8 WriteConsoleW
0x90b5f0 WaitForMultipleObjects
0x90b5f8 WaitForSingleObject
0x90b600 VirtualQuery
0x90b608 VirtualFree
0x90b610 VirtualAlloc
0x90b618 SwitchToThread
0x90b620 SuspendThread
0x90b628 SetWaitableTimer
0x90b630 SetUnhandledExceptionFilter
0x90b638 SetProcessPriorityBoost
0x90b640 SetEvent
0x90b648 SetErrorMode
0x90b650 SetConsoleCtrlHandler
0x90b658 ResumeThread
0x90b660 PostQueuedCompletionStatus
0x90b668 LoadLibraryA
0x90b670 LoadLibraryW
0x90b678 SetThreadContext
0x90b680 GetThreadContext
0x90b688 GetSystemInfo
0x90b690 GetSystemDirectoryA
0x90b698 GetStdHandle
0x90b6a0 GetQueuedCompletionStatusEx
0x90b6a8 GetProcessAffinityMask
0x90b6b0 GetProcAddress
0x90b6b8 GetEnvironmentStringsW
0x90b6c0 GetConsoleMode
0x90b6c8 FreeEnvironmentStringsW
0x90b6d0 ExitProcess
0x90b6d8 DuplicateHandle
0x90b6e0 CreateWaitableTimerExW
0x90b6e8 CreateThread
0x90b6f0 CreateIoCompletionPort
0x90b6f8 CreateFileA
0x90b700 CreateEventA
0x90b708 CloseHandle
0x90b710 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x90b5e0 WriteFile
0x90b5e8 WriteConsoleW
0x90b5f0 WaitForMultipleObjects
0x90b5f8 WaitForSingleObject
0x90b600 VirtualQuery
0x90b608 VirtualFree
0x90b610 VirtualAlloc
0x90b618 SwitchToThread
0x90b620 SuspendThread
0x90b628 SetWaitableTimer
0x90b630 SetUnhandledExceptionFilter
0x90b638 SetProcessPriorityBoost
0x90b640 SetEvent
0x90b648 SetErrorMode
0x90b650 SetConsoleCtrlHandler
0x90b658 ResumeThread
0x90b660 PostQueuedCompletionStatus
0x90b668 LoadLibraryA
0x90b670 LoadLibraryW
0x90b678 SetThreadContext
0x90b680 GetThreadContext
0x90b688 GetSystemInfo
0x90b690 GetSystemDirectoryA
0x90b698 GetStdHandle
0x90b6a0 GetQueuedCompletionStatusEx
0x90b6a8 GetProcessAffinityMask
0x90b6b0 GetProcAddress
0x90b6b8 GetEnvironmentStringsW
0x90b6c0 GetConsoleMode
0x90b6c8 FreeEnvironmentStringsW
0x90b6d0 ExitProcess
0x90b6d8 DuplicateHandle
0x90b6e0 CreateWaitableTimerExW
0x90b6e8 CreateThread
0x90b6f0 CreateIoCompletionPort
0x90b6f8 CreateFileA
0x90b700 CreateEventA
0x90b708 CloseHandle
0x90b710 AddVectoredExceptionHandler
EAT(Export Address Table) is none