Report - 001.exe

Malicious Library PE64 PE File
ScreenShot
Created 2023.04.16 16:16 Machine s1_win7_x6403
Filename 001.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
2
Behavior Score
2.0
ZERO API file : malware
VT API (file) 43 detected (malicious, high confidence, Packed2, score, Artemis, unsafe, Kryptik, Vb9l, confidence, 100%, Attribute, HighConfidence, GenKryptik, GIPY, GenericKD, CrypterX, Bwnw, high, GenKD, Sabsik, Woreflint, Detected, ai score=82, R002H0ADD23, ucTz4Hz0PsR)
md5 5079a574e95863dcac4206efca348b15
sha256 ea394dc75f1ba9b5ccceef2a76d70917fe4f5d232fee6defff20282ad53cb6e4
ssdeep 49152:4vBmnYuT3UWvuaMoZh9rMVtnibdEFtxv969XMEReFE4l3:ImnfjDuaMobo7vIReOQ
imphash 0e94a0a6be63b43bb4f845b28580c999
impfuzzy 48:FKXktT7uOEXuDXxfkJ/KAS5/zFnB6Uy+EGs09SYSvjKXE:FKXktT7uOEYXxf0s/u
  Network IP location

Signature (4cnts)

Level Description
danger File has been identified by 43 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks if process is being debugged by a debugger
info One or more processes crashed

Rules (3cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x140001000 GetCurrentProcess
 0x140001008 VirtualFree
 0x140001010 GetModuleFileNameW
 0x140001018 GetCurrentProcessId
 0x140001020 HeapReAlloc
 0x140001028 LCMapStringW
 0x140001030 WideCharToMultiByte
 0x140001038 LCMapStringA
 0x140001040 GetStringTypeW
 0x140001048 MultiByteToWideChar
 0x140001050 GetStringTypeA
 0x140001058 GetLocaleInfoA
 0x140001060 InitializeCriticalSectionAndSpinCount
 0x140001068 LoadLibraryA
 0x140001070 HeapSize
 0x140001078 IsValidCodePage
 0x140001080 GetStartupInfoW
 0x140001088 TerminateProcess
 0x140001090 UnhandledExceptionFilter
 0x140001098 SetUnhandledExceptionFilter
 0x1400010a0 IsDebuggerPresent
 0x1400010a8 RtlVirtualUnwind
 0x1400010b0 RtlLookupFunctionEntry
 0x1400010b8 RtlCaptureContext
 0x1400010c0 EncodePointer
 0x1400010c8 DecodePointer
 0x1400010d0 FlsGetValue
 0x1400010d8 FlsSetValue
 0x1400010e0 FlsFree
 0x1400010e8 SetLastError
 0x1400010f0 GetCurrentThreadId
 0x1400010f8 GetLastError
 0x140001100 FlsAlloc
 0x140001108 HeapFree
 0x140001110 HeapAlloc
 0x140001118 RaiseException
 0x140001120 RtlPcToFileHeader
 0x140001128 GetModuleHandleW
 0x140001130 Sleep
 0x140001138 GetProcAddress
 0x140001140 ExitProcess
 0x140001148 WriteFile
 0x140001150 GetStdHandle
 0x140001158 GetModuleFileNameA
 0x140001160 RtlUnwindEx
 0x140001168 FreeEnvironmentStringsW
 0x140001170 GetEnvironmentStringsW
 0x140001178 GetCommandLineW
 0x140001180 SetHandleCount
 0x140001188 GetFileType
 0x140001190 GetStartupInfoA
 0x140001198 DeleteCriticalSection
 0x1400011a0 HeapSetInformation
 0x1400011a8 HeapCreate
 0x1400011b0 QueryPerformanceCounter
 0x1400011b8 GetTickCount
 0x1400011c0 GetSystemTimeAsFileTime
 0x1400011c8 LeaveCriticalSection
 0x1400011d0 EnterCriticalSection
 0x1400011d8 GetCPInfo
 0x1400011e0 GetACP
 0x1400011e8 GetOEMCP
USER32.dll
 0x1400011f8 DispatchMessageW
 0x140001200 DefWindowProcW
 0x140001208 EndPaint
 0x140001210 DestroyWindow
 0x140001218 TranslateAcceleratorW
 0x140001220 GetMessageW
 0x140001228 PostQuitMessage
 0x140001230 DialogBoxParamW
 0x140001238 LoadCursorW
 0x140001240 BeginPaint
 0x140001248 TranslateMessage
 0x140001250 LoadAcceleratorsW
 0x140001258 RegisterClassExW
 0x140001260 LoadIconW
 0x140001268 EndDialog
 0x140001270 LoadStringW
 0x140001278 ShowWindow
 0x140001280 CreateWindowExW
 0x140001288 UpdateWindow

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure