ScreenShot
| Created | 2023.04.24 08:52 | Machine | s1_win7_x6401 |
| Filename | 4k4wuzs.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 38 detected (AIDetect, malware1, malicious, high confidence, Lazy, Save, confidence, Attribute, HighConfidence, Kryptik, HSKS, score, high, Static AI, Suspicious PE, ai score=83, DCRAT, Detected, Artemis, unsafe, Generic@AI, RDML, Cln1ZSgonoQjkoX8O, qjww, susgen, ZexaF, mvW@a8mpZn) | ||
| md5 | 4073ba4d8574f29731ea77058377abca | ||
| sha256 | 4467c997fb13fd4fd937244301b0c987bb1658d8010c4858972e619c93722534 | ||
| ssdeep | 12288:0x6rmr3ODZllaC2Xe6TD/bhH9JesrTof37nqQM7Njd6uuQ:0D3RLvPJesnwLn0NdH | ||
| imphash | 413b6efe7d89e1a301d730acb8023173 | ||
| impfuzzy | 24:SGfFQDkcpVWZttlS15GhlJBl3ELoEOovbO3kFZMv5GMAkEZHu9n:SwFbcpVettlS15GnpSc30FZG1 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x429138 DdeQueryNextServer
0x42913c InflateRect
0x429140 IsWindow
KERNEL32.dll
0x429000 GetProcAddress
0x429004 CreateFileW
0x429008 HeapSize
0x42900c GetProcessHeap
0x429010 GetProcessInformation
0x429014 GetModuleHandleW
0x429018 FreeConsole
0x42901c WideCharToMultiByte
0x429020 MultiByteToWideChar
0x429024 GetStringTypeW
0x429028 EnterCriticalSection
0x42902c LeaveCriticalSection
0x429030 InitializeCriticalSectionEx
0x429034 DeleteCriticalSection
0x429038 EncodePointer
0x42903c DecodePointer
0x429040 LCMapStringEx
0x429044 GetCPInfo
0x429048 IsProcessorFeaturePresent
0x42904c UnhandledExceptionFilter
0x429050 SetUnhandledExceptionFilter
0x429054 GetCurrentProcess
0x429058 TerminateProcess
0x42905c QueryPerformanceCounter
0x429060 GetCurrentProcessId
0x429064 GetCurrentThreadId
0x429068 GetSystemTimeAsFileTime
0x42906c InitializeSListHead
0x429070 IsDebuggerPresent
0x429074 GetStartupInfoW
0x429078 SetStdHandle
0x42907c RaiseException
0x429080 RtlUnwind
0x429084 GetLastError
0x429088 SetLastError
0x42908c InitializeCriticalSectionAndSpinCount
0x429090 TlsAlloc
0x429094 TlsGetValue
0x429098 TlsSetValue
0x42909c TlsFree
0x4290a0 FreeLibrary
0x4290a4 WriteConsoleW
0x4290a8 LoadLibraryExW
0x4290ac GetStdHandle
0x4290b0 WriteFile
0x4290b4 GetModuleFileNameW
0x4290b8 ExitProcess
0x4290bc GetModuleHandleExW
0x4290c0 GetCommandLineA
0x4290c4 GetCommandLineW
0x4290c8 HeapAlloc
0x4290cc HeapFree
0x4290d0 CompareStringW
0x4290d4 LCMapStringW
0x4290d8 GetLocaleInfoW
0x4290dc IsValidLocale
0x4290e0 GetUserDefaultLCID
0x4290e4 EnumSystemLocalesW
0x4290e8 GetFileType
0x4290ec CloseHandle
0x4290f0 FlushFileBuffers
0x4290f4 GetConsoleOutputCP
0x4290f8 GetConsoleMode
0x4290fc ReadFile
0x429100 GetFileSizeEx
0x429104 SetFilePointerEx
0x429108 ReadConsoleW
0x42910c HeapReAlloc
0x429110 FindClose
0x429114 FindFirstFileExW
0x429118 FindNextFileW
0x42911c IsValidCodePage
0x429120 GetACP
0x429124 GetOEMCP
0x429128 GetEnvironmentStringsW
0x42912c FreeEnvironmentStringsW
0x429130 SetEnvironmentVariableW
EAT(Export Address Table) is none
USER32.dll
0x429138 DdeQueryNextServer
0x42913c InflateRect
0x429140 IsWindow
KERNEL32.dll
0x429000 GetProcAddress
0x429004 CreateFileW
0x429008 HeapSize
0x42900c GetProcessHeap
0x429010 GetProcessInformation
0x429014 GetModuleHandleW
0x429018 FreeConsole
0x42901c WideCharToMultiByte
0x429020 MultiByteToWideChar
0x429024 GetStringTypeW
0x429028 EnterCriticalSection
0x42902c LeaveCriticalSection
0x429030 InitializeCriticalSectionEx
0x429034 DeleteCriticalSection
0x429038 EncodePointer
0x42903c DecodePointer
0x429040 LCMapStringEx
0x429044 GetCPInfo
0x429048 IsProcessorFeaturePresent
0x42904c UnhandledExceptionFilter
0x429050 SetUnhandledExceptionFilter
0x429054 GetCurrentProcess
0x429058 TerminateProcess
0x42905c QueryPerformanceCounter
0x429060 GetCurrentProcessId
0x429064 GetCurrentThreadId
0x429068 GetSystemTimeAsFileTime
0x42906c InitializeSListHead
0x429070 IsDebuggerPresent
0x429074 GetStartupInfoW
0x429078 SetStdHandle
0x42907c RaiseException
0x429080 RtlUnwind
0x429084 GetLastError
0x429088 SetLastError
0x42908c InitializeCriticalSectionAndSpinCount
0x429090 TlsAlloc
0x429094 TlsGetValue
0x429098 TlsSetValue
0x42909c TlsFree
0x4290a0 FreeLibrary
0x4290a4 WriteConsoleW
0x4290a8 LoadLibraryExW
0x4290ac GetStdHandle
0x4290b0 WriteFile
0x4290b4 GetModuleFileNameW
0x4290b8 ExitProcess
0x4290bc GetModuleHandleExW
0x4290c0 GetCommandLineA
0x4290c4 GetCommandLineW
0x4290c8 HeapAlloc
0x4290cc HeapFree
0x4290d0 CompareStringW
0x4290d4 LCMapStringW
0x4290d8 GetLocaleInfoW
0x4290dc IsValidLocale
0x4290e0 GetUserDefaultLCID
0x4290e4 EnumSystemLocalesW
0x4290e8 GetFileType
0x4290ec CloseHandle
0x4290f0 FlushFileBuffers
0x4290f4 GetConsoleOutputCP
0x4290f8 GetConsoleMode
0x4290fc ReadFile
0x429100 GetFileSizeEx
0x429104 SetFilePointerEx
0x429108 ReadConsoleW
0x42910c HeapReAlloc
0x429110 FindClose
0x429114 FindFirstFileExW
0x429118 FindNextFileW
0x42911c IsValidCodePage
0x429120 GetACP
0x429124 GetOEMCP
0x429128 GetEnvironmentStringsW
0x42912c FreeEnvironmentStringsW
0x429130 SetEnvironmentVariableW
EAT(Export Address Table) is none