ScreenShot
| Created | 2023.04.22 08:54 | Machine | s1_win7_x6403 |
| Filename | 123.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 39 detected (AIDetect, malware2, malicious, high confidence, Razy, Agin, confidence, 100%, ZexaF, bqW@ayTDf5n, Attribute, HighConfidence, score, SpywareX, Ijgl, AGEN, Artemis, moderate, ai score=82, Doina, unsafe, GdSda, Generic@AI, RDML, 89aHFN4pWtotzBeRbBxezg, Outbreak) | ||
| md5 | bd1f19c4defecdd38c2c366e24154ebb | ||
| sha256 | 12a202ebe5065c2c94f449ee39d0549b82366a01f99169cae3ebd3946b3c6940 | ||
| ssdeep | 384:qXRb1oPR8JdN5wo6GBde64p9eKtlvQI/Ygr3q7MVbgORPpbamJZpTJXVbHny5PCp:qEuJTuovOvT/Ygr3q7MVsOnbbBrF | ||
| imphash | 921d9a757fb15409a156912270d87397 | ||
| impfuzzy | 12:WbmKARluJuwRGZGZpLjALZhWqRdBRL4yCARA0KjzoA2fW:WbQl0ukCw8ZdnL4yRA3zF0W | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x407010 WaitForMultipleObjects
0x407014 GetUserDefaultUILanguage
0x407018 InitializeCriticalSectionAndSpinCount
0x40701c CreateMutexA
0x407020 Sleep
0x407024 GetLastError
0x407028 GetSystemInfo
0x40702c CreateThread
0x407030 DeleteCriticalSection
0x407034 ExitProcess
0x407038 GetModuleFileNameW
0x40703c MultiByteToWideChar
0x407040 IsDBCSLeadByte
0x407044 HeapAlloc
0x407048 GetProcessHeap
0x40704c WideCharToMultiByte
0x407050 GetCurrentProcess
0x407054 VirtualAlloc
0x407058 GetFileAttributesW
0x40705c GetModuleHandleA
0x407060 LoadLibraryA
0x407064 IsWow64Process
0x407068 LeaveCriticalSection
0x40706c HeapFree
0x407070 EnterCriticalSection
USER32.dll
0x407078 GetDC
0x40707c EnumDisplayDevicesA
0x407080 GetKeyboardLayoutList
0x407084 GetCursorPos
0x407088 GetSystemMetrics
0x40708c ReleaseDC
ADVAPI32.dll
0x407000 GetCurrentHwProfileA
CRYPT32.dll
0x407008 CryptProtectData
EAT(Export Address Table) is none
KERNEL32.dll
0x407010 WaitForMultipleObjects
0x407014 GetUserDefaultUILanguage
0x407018 InitializeCriticalSectionAndSpinCount
0x40701c CreateMutexA
0x407020 Sleep
0x407024 GetLastError
0x407028 GetSystemInfo
0x40702c CreateThread
0x407030 DeleteCriticalSection
0x407034 ExitProcess
0x407038 GetModuleFileNameW
0x40703c MultiByteToWideChar
0x407040 IsDBCSLeadByte
0x407044 HeapAlloc
0x407048 GetProcessHeap
0x40704c WideCharToMultiByte
0x407050 GetCurrentProcess
0x407054 VirtualAlloc
0x407058 GetFileAttributesW
0x40705c GetModuleHandleA
0x407060 LoadLibraryA
0x407064 IsWow64Process
0x407068 LeaveCriticalSection
0x40706c HeapFree
0x407070 EnterCriticalSection
USER32.dll
0x407078 GetDC
0x40707c EnumDisplayDevicesA
0x407080 GetKeyboardLayoutList
0x407084 GetCursorPos
0x407088 GetSystemMetrics
0x40708c ReleaseDC
ADVAPI32.dll
0x407000 GetCurrentHwProfileA
CRYPT32.dll
0x407008 CryptProtectData
EAT(Export Address Table) is none