ScreenShot
| Created | 2023.04.16 16:40 | Machine | s1_win7_x6401 |
| Filename | pushmid.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 50 detected (Reline, Inject4, GDLY, GenericRXVO, RedLineStealer, Kryptik, V32d, TrojanPSW, Eldorado, Attribute, HighConfidence, malicious, high confidence, HSZU, score, CrypterX, FalseSign, Ewnw, Nekark, wnmgp, R002C0DDF23, high, Outbreak, 11AU12L, Redline, Detected, R562351, BScope, ai score=80, unsafe, Genetic, Ih39svw0scR, Static AI, Suspicious PE, susgen, HSEV) | ||
| md5 | 9fede67b91a08de8cb9b0ee0cd6fed9a | ||
| sha256 | edaa2ce71663089d28ee9d99b2b3fb466d06a57ff9621e547fe972996ed12112 | ||
| ssdeep | 12288:cUoT7b68SvOA3AP1oMAYsHlfjRa8kHy4BdPHoj0Fj5nbizIpHt+nXc:XoT7b6XvhAto9YsHJRa8EVPA4bizIHtD | ||
| imphash | 0cab0170722ba12b99e4419aa79e51bd | ||
| impfuzzy | 24:GDJMjOovg/J3JKnktLQFQ8RyvDkRT4Qf4plWHLm:6MCHhtL3DgcQfAIC | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41600c MultiByteToWideChar
0x416010 GetModuleHandleA
0x416014 FreeConsole
0x416018 GetFileInformationByHandle
0x41601c GetProcAddress
0x416020 AddAtomW
0x416024 GetCurrentThread
0x416028 DeleteAtom
0x41602c RtlUnwind
0x416030 RaiseException
0x416034 GetCommandLineA
0x416038 GetModuleHandleW
0x41603c TlsGetValue
0x416040 TlsAlloc
0x416044 TlsSetValue
0x416048 TlsFree
0x41604c InterlockedIncrement
0x416050 SetLastError
0x416054 GetCurrentThreadId
0x416058 GetLastError
0x41605c InterlockedDecrement
0x416060 HeapFree
0x416064 HeapAlloc
0x416068 TerminateProcess
0x41606c GetCurrentProcess
0x416070 UnhandledExceptionFilter
0x416074 SetUnhandledExceptionFilter
0x416078 IsDebuggerPresent
0x41607c Sleep
0x416080 ExitProcess
0x416084 WriteFile
0x416088 GetStdHandle
0x41608c GetModuleFileNameA
0x416090 FreeEnvironmentStringsA
0x416094 GetEnvironmentStrings
0x416098 FreeEnvironmentStringsW
0x41609c WideCharToMultiByte
0x4160a0 GetEnvironmentStringsW
0x4160a4 SetHandleCount
0x4160a8 GetFileType
0x4160ac GetStartupInfoA
0x4160b0 DeleteCriticalSection
0x4160b4 HeapCreate
0x4160b8 VirtualFree
0x4160bc QueryPerformanceCounter
0x4160c0 GetTickCount
0x4160c4 GetCurrentProcessId
0x4160c8 GetSystemTimeAsFileTime
0x4160cc GetCPInfo
0x4160d0 GetACP
0x4160d4 GetOEMCP
0x4160d8 IsValidCodePage
0x4160dc LeaveCriticalSection
0x4160e0 EnterCriticalSection
0x4160e4 VirtualAlloc
0x4160e8 HeapReAlloc
0x4160ec HeapSize
0x4160f0 LoadLibraryA
0x4160f4 InitializeCriticalSectionAndSpinCount
0x4160f8 LCMapStringA
0x4160fc LCMapStringW
0x416100 GetStringTypeA
0x416104 GetStringTypeW
0x416108 GetLocaleInfoA
COMDLG32.dll
0x416000 GetSaveFileNameA
0x416004 GetOpenFileNameA
EAT(Export Address Table) is none
KERNEL32.dll
0x41600c MultiByteToWideChar
0x416010 GetModuleHandleA
0x416014 FreeConsole
0x416018 GetFileInformationByHandle
0x41601c GetProcAddress
0x416020 AddAtomW
0x416024 GetCurrentThread
0x416028 DeleteAtom
0x41602c RtlUnwind
0x416030 RaiseException
0x416034 GetCommandLineA
0x416038 GetModuleHandleW
0x41603c TlsGetValue
0x416040 TlsAlloc
0x416044 TlsSetValue
0x416048 TlsFree
0x41604c InterlockedIncrement
0x416050 SetLastError
0x416054 GetCurrentThreadId
0x416058 GetLastError
0x41605c InterlockedDecrement
0x416060 HeapFree
0x416064 HeapAlloc
0x416068 TerminateProcess
0x41606c GetCurrentProcess
0x416070 UnhandledExceptionFilter
0x416074 SetUnhandledExceptionFilter
0x416078 IsDebuggerPresent
0x41607c Sleep
0x416080 ExitProcess
0x416084 WriteFile
0x416088 GetStdHandle
0x41608c GetModuleFileNameA
0x416090 FreeEnvironmentStringsA
0x416094 GetEnvironmentStrings
0x416098 FreeEnvironmentStringsW
0x41609c WideCharToMultiByte
0x4160a0 GetEnvironmentStringsW
0x4160a4 SetHandleCount
0x4160a8 GetFileType
0x4160ac GetStartupInfoA
0x4160b0 DeleteCriticalSection
0x4160b4 HeapCreate
0x4160b8 VirtualFree
0x4160bc QueryPerformanceCounter
0x4160c0 GetTickCount
0x4160c4 GetCurrentProcessId
0x4160c8 GetSystemTimeAsFileTime
0x4160cc GetCPInfo
0x4160d0 GetACP
0x4160d4 GetOEMCP
0x4160d8 IsValidCodePage
0x4160dc LeaveCriticalSection
0x4160e0 EnterCriticalSection
0x4160e4 VirtualAlloc
0x4160e8 HeapReAlloc
0x4160ec HeapSize
0x4160f0 LoadLibraryA
0x4160f4 InitializeCriticalSectionAndSpinCount
0x4160f8 LCMapStringA
0x4160fc LCMapStringW
0x416100 GetStringTypeA
0x416104 GetStringTypeW
0x416108 GetLocaleInfoA
COMDLG32.dll
0x416000 GetSaveFileNameA
0x416004 GetOpenFileNameA
EAT(Export Address Table) is none