ScreenShot
| Created | 2023.04.07 17:57 | Machine | s1_win7_x6403 |
| Filename | CC.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (Goback, Siggen20, Artemis, PasswordStealer, Save, malicious, confidence, 100%, ABRisk, OCOQ, Attribute, HighConfidence, high confidence, a variant of WinGo, score, QQPass, QQRob, Zwhl, Redcap, hawye, ai score=80, Emotet, Sabsik, Casdet, Detected, unsafe, R03BH0CD423, CLOUD) | ||
| md5 | 0abca5a76379dc774f4c133a177cde59 | ||
| sha256 | 59a16f9faf29768ed027a33dced3dc1cd61c4be814b59070b3ce79e34bb6b963 | ||
| ssdeep | 98304:Q5ATsXQnnmlLqWj9UVmvihtpE0EX/4XkCWdpKMj:QEbnmlLdjqMmpeAXkD | ||
| imphash | 57c9b357ae0cb2f414b0a5873e2f216d | ||
| impfuzzy | 96:nB0xlCFX7+C4S5O1eTucwOcX8gXj+JG46BRqt3R:nK3CN774S5lTmXxt46Bct3R | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | NPKI_Zero | File included NPKI | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x12324fc AddVectoredExceptionHandler
0x1232504 AreFileApisANSI
0x123250c CloseHandle
0x1232514 CreateEventA
0x123251c CreateFileA
0x1232524 CreateFileMappingA
0x123252c CreateFileMappingW
0x1232534 CreateFileW
0x123253c CreateIoCompletionPort
0x1232544 CreateMutexW
0x123254c CreateThread
0x1232554 CreateWaitableTimerA
0x123255c CreateWaitableTimerExW
0x1232564 DeleteCriticalSection
0x123256c DeleteFileA
0x1232574 DeleteFileW
0x123257c DuplicateHandle
0x1232584 EnterCriticalSection
0x123258c ExitProcess
0x1232594 FlushFileBuffers
0x123259c FlushViewOfFile
0x12325a4 FormatMessageA
0x12325ac FormatMessageW
0x12325b4 FreeEnvironmentStringsW
0x12325bc FreeLibrary
0x12325c4 GetConsoleMode
0x12325cc GetCurrentProcess
0x12325d4 GetCurrentProcessId
0x12325dc GetCurrentThreadId
0x12325e4 GetDiskFreeSpaceA
0x12325ec GetDiskFreeSpaceW
0x12325f4 GetEnvironmentStringsW
0x12325fc GetFileAttributesA
0x1232604 GetFileAttributesExW
0x123260c GetFileAttributesW
0x1232614 GetFileSize
0x123261c GetFullPathNameA
0x1232624 GetFullPathNameW
0x123262c GetLastError
0x1232634 GetProcAddress
0x123263c GetProcessAffinityMask
0x1232644 GetProcessHeap
0x123264c GetQueuedCompletionStatusEx
0x1232654 GetStartupInfoA
0x123265c GetStdHandle
0x1232664 GetSystemDirectoryA
0x123266c GetSystemInfo
0x1232674 GetSystemTime
0x123267c GetSystemTimeAsFileTime
0x1232684 GetTempPathA
0x123268c GetTempPathW
0x1232694 GetThreadContext
0x123269c GetTickCount
0x12326a4 GetVersionExA
0x12326ac GetVersionExW
0x12326b4 HeapAlloc
0x12326bc HeapCompact
0x12326c4 HeapCreate
0x12326cc HeapDestroy
0x12326d4 HeapFree
0x12326dc HeapReAlloc
0x12326e4 HeapSize
0x12326ec HeapValidate
0x12326f4 InitializeCriticalSection
0x12326fc LeaveCriticalSection
0x1232704 LoadLibraryA
0x123270c LoadLibraryW
0x1232714 LocalFree
0x123271c LockFile
0x1232724 LockFileEx
0x123272c MapViewOfFile
0x1232734 MultiByteToWideChar
0x123273c OutputDebugStringA
0x1232744 OutputDebugStringW
0x123274c PostQueuedCompletionStatus
0x1232754 QueryPerformanceCounter
0x123275c ReadFile
0x1232764 ResumeThread
0x123276c RtlAddFunctionTable
0x1232774 RtlCaptureContext
0x123277c RtlLookupFunctionEntry
0x1232784 RtlVirtualUnwind
0x123278c SetConsoleCtrlHandler
0x1232794 SetEndOfFile
0x123279c SetErrorMode
0x12327a4 SetEvent
0x12327ac SetFilePointer
0x12327b4 SetProcessPriorityBoost
0x12327bc SetThreadContext
0x12327c4 SetUnhandledExceptionFilter
0x12327cc SetWaitableTimer
0x12327d4 Sleep
0x12327dc SuspendThread
0x12327e4 SwitchToThread
0x12327ec SystemTimeToFileTime
0x12327f4 TerminateProcess
0x12327fc TlsGetValue
0x1232804 TryEnterCriticalSection
0x123280c UnhandledExceptionFilter
0x1232814 UnlockFile
0x123281c UnlockFileEx
0x1232824 UnmapViewOfFile
0x123282c VirtualAlloc
0x1232834 VirtualFree
0x123283c VirtualProtect
0x1232844 VirtualQuery
0x123284c WaitForMultipleObjects
0x1232854 WaitForSingleObject
0x123285c WaitForSingleObjectEx
0x1232864 WideCharToMultiByte
0x123286c WriteConsoleW
0x1232874 WriteFile
0x123287c __C_specific_handler
msvcrt.dll
0x123288c __getmainargs
0x1232894 __initenv
0x123289c __iob_func
0x12328a4 __lconv_init
0x12328ac __set_app_type
0x12328b4 __setusermatherr
0x12328bc _acmdln
0x12328c4 _amsg_exit
0x12328cc _beginthread
0x12328d4 _beginthreadex
0x12328dc _cexit
0x12328e4 _endthreadex
0x12328ec _errno
0x12328f4 _fmode
0x12328fc _initterm
0x1232904 _localtime64
0x123290c _onexit
0x1232914 abort
0x123291c calloc
0x1232924 exit
0x123292c fprintf
0x1232934 free
0x123293c fwrite
0x1232944 malloc
0x123294c memcmp
0x1232954 memcpy
0x123295c memmove
0x1232964 memset
0x123296c qsort
0x1232974 realloc
0x123297c signal
0x1232984 strcmp
0x123298c strcspn
0x1232994 strlen
0x123299c strncmp
0x12329a4 strrchr
0x12329ac vfprintf
EAT(Export Address Table) Library
0x1230fd0 _cgo_dummy_export
0x8ce760 authorizerTrampoline
0x8ce480 callbackTrampoline
0x8ce640 commitHookTrampoline
0x8ce5a0 compareTrampoline
0x8ce550 doneTrampoline
0x8ce7e0 preUpdateHookTrampoline
0x8ce6a0 rollbackHookTrampoline
0x8ce4e0 stepTrampoline
0x8ce6f0 updateHookTrampoline
KERNEL32.dll
0x12324fc AddVectoredExceptionHandler
0x1232504 AreFileApisANSI
0x123250c CloseHandle
0x1232514 CreateEventA
0x123251c CreateFileA
0x1232524 CreateFileMappingA
0x123252c CreateFileMappingW
0x1232534 CreateFileW
0x123253c CreateIoCompletionPort
0x1232544 CreateMutexW
0x123254c CreateThread
0x1232554 CreateWaitableTimerA
0x123255c CreateWaitableTimerExW
0x1232564 DeleteCriticalSection
0x123256c DeleteFileA
0x1232574 DeleteFileW
0x123257c DuplicateHandle
0x1232584 EnterCriticalSection
0x123258c ExitProcess
0x1232594 FlushFileBuffers
0x123259c FlushViewOfFile
0x12325a4 FormatMessageA
0x12325ac FormatMessageW
0x12325b4 FreeEnvironmentStringsW
0x12325bc FreeLibrary
0x12325c4 GetConsoleMode
0x12325cc GetCurrentProcess
0x12325d4 GetCurrentProcessId
0x12325dc GetCurrentThreadId
0x12325e4 GetDiskFreeSpaceA
0x12325ec GetDiskFreeSpaceW
0x12325f4 GetEnvironmentStringsW
0x12325fc GetFileAttributesA
0x1232604 GetFileAttributesExW
0x123260c GetFileAttributesW
0x1232614 GetFileSize
0x123261c GetFullPathNameA
0x1232624 GetFullPathNameW
0x123262c GetLastError
0x1232634 GetProcAddress
0x123263c GetProcessAffinityMask
0x1232644 GetProcessHeap
0x123264c GetQueuedCompletionStatusEx
0x1232654 GetStartupInfoA
0x123265c GetStdHandle
0x1232664 GetSystemDirectoryA
0x123266c GetSystemInfo
0x1232674 GetSystemTime
0x123267c GetSystemTimeAsFileTime
0x1232684 GetTempPathA
0x123268c GetTempPathW
0x1232694 GetThreadContext
0x123269c GetTickCount
0x12326a4 GetVersionExA
0x12326ac GetVersionExW
0x12326b4 HeapAlloc
0x12326bc HeapCompact
0x12326c4 HeapCreate
0x12326cc HeapDestroy
0x12326d4 HeapFree
0x12326dc HeapReAlloc
0x12326e4 HeapSize
0x12326ec HeapValidate
0x12326f4 InitializeCriticalSection
0x12326fc LeaveCriticalSection
0x1232704 LoadLibraryA
0x123270c LoadLibraryW
0x1232714 LocalFree
0x123271c LockFile
0x1232724 LockFileEx
0x123272c MapViewOfFile
0x1232734 MultiByteToWideChar
0x123273c OutputDebugStringA
0x1232744 OutputDebugStringW
0x123274c PostQueuedCompletionStatus
0x1232754 QueryPerformanceCounter
0x123275c ReadFile
0x1232764 ResumeThread
0x123276c RtlAddFunctionTable
0x1232774 RtlCaptureContext
0x123277c RtlLookupFunctionEntry
0x1232784 RtlVirtualUnwind
0x123278c SetConsoleCtrlHandler
0x1232794 SetEndOfFile
0x123279c SetErrorMode
0x12327a4 SetEvent
0x12327ac SetFilePointer
0x12327b4 SetProcessPriorityBoost
0x12327bc SetThreadContext
0x12327c4 SetUnhandledExceptionFilter
0x12327cc SetWaitableTimer
0x12327d4 Sleep
0x12327dc SuspendThread
0x12327e4 SwitchToThread
0x12327ec SystemTimeToFileTime
0x12327f4 TerminateProcess
0x12327fc TlsGetValue
0x1232804 TryEnterCriticalSection
0x123280c UnhandledExceptionFilter
0x1232814 UnlockFile
0x123281c UnlockFileEx
0x1232824 UnmapViewOfFile
0x123282c VirtualAlloc
0x1232834 VirtualFree
0x123283c VirtualProtect
0x1232844 VirtualQuery
0x123284c WaitForMultipleObjects
0x1232854 WaitForSingleObject
0x123285c WaitForSingleObjectEx
0x1232864 WideCharToMultiByte
0x123286c WriteConsoleW
0x1232874 WriteFile
0x123287c __C_specific_handler
msvcrt.dll
0x123288c __getmainargs
0x1232894 __initenv
0x123289c __iob_func
0x12328a4 __lconv_init
0x12328ac __set_app_type
0x12328b4 __setusermatherr
0x12328bc _acmdln
0x12328c4 _amsg_exit
0x12328cc _beginthread
0x12328d4 _beginthreadex
0x12328dc _cexit
0x12328e4 _endthreadex
0x12328ec _errno
0x12328f4 _fmode
0x12328fc _initterm
0x1232904 _localtime64
0x123290c _onexit
0x1232914 abort
0x123291c calloc
0x1232924 exit
0x123292c fprintf
0x1232934 free
0x123293c fwrite
0x1232944 malloc
0x123294c memcmp
0x1232954 memcpy
0x123295c memmove
0x1232964 memset
0x123296c qsort
0x1232974 realloc
0x123297c signal
0x1232984 strcmp
0x123298c strcspn
0x1232994 strlen
0x123299c strncmp
0x12329a4 strrchr
0x12329ac vfprintf
EAT(Export Address Table) Library
0x1230fd0 _cgo_dummy_export
0x8ce760 authorizerTrampoline
0x8ce480 callbackTrampoline
0x8ce640 commitHookTrampoline
0x8ce5a0 compareTrampoline
0x8ce550 doneTrampoline
0x8ce7e0 preUpdateHookTrampoline
0x8ce6a0 rollbackHookTrampoline
0x8ce4e0 stepTrampoline
0x8ce6f0 updateHookTrampoline