ScreenShot
| Created | 2023.05.02 16:43 | Machine | s1_win7_x6403 |
| Filename | zxz668%20%282%29.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 26 detected (AIDetectMalware, malicious, high confidence, Jaik, Kryptik, HTHW, Convagent, AdwareX, moderate, score, ai score=87, Sabsik, Detected, unsafe, Generic@AI, RDMK, cmRtazqDkYLD5NFXHSJPwduP8DtH, Coins, confidence) | ||
| md5 | 5812c5ec8f81f425d2bc75343e13358d | ||
| sha256 | a8a235ab55e16f8f8e31b70ae3ad1fb1e8ac29f705d0801fec83d1bb66c3c622 | ||
| ssdeep | 6144:8ga/FSEyeLXFFWxO9QvIdcDkoD7YEWPt4mj5Mgdz3DNOu6H8PI:8djyeuxbvucDkoD5WP/Dz3DNOu6H9 | ||
| imphash | ca51866544cc4f9b57ae23cd5e871b3d | ||
| impfuzzy | 48:lqdZ+fcMMZt2K83oRcVZRAyGwtJACeD4uKQVG:lmZ+fcMMZtt83wcvRTN | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424034 GetConsoleOutputCP
0x424038 WriteConsoleA
0x42403c WriteConsoleW
0x424040 LoadLibraryA
0x424044 GetStringTypeW
0x424048 SetStdHandle
0x42404c GetLocaleInfoW
0x424050 CreateFileA
0x424054 FreeConsole
0x424058 GetConsoleWindow
0x42405c GetModuleHandleA
0x424060 MultiByteToWideChar
0x424064 InitializeCriticalSectionAndSpinCount
0x424068 GetProcAddress
0x42406c InterlockedIncrement
0x424070 InterlockedDecrement
0x424074 WideCharToMultiByte
0x424078 Sleep
0x42407c InterlockedExchange
0x424080 InitializeCriticalSection
0x424084 DeleteCriticalSection
0x424088 EnterCriticalSection
0x42408c LeaveCriticalSection
0x424090 RtlUnwind
0x424094 RaiseException
0x424098 TerminateProcess
0x42409c GetCurrentProcess
0x4240a0 UnhandledExceptionFilter
0x4240a4 SetUnhandledExceptionFilter
0x4240a8 IsDebuggerPresent
0x4240ac GetCommandLineA
0x4240b0 GetLastError
0x4240b4 HeapFree
0x4240b8 GetCPInfo
0x4240bc LCMapStringA
0x4240c0 LCMapStringW
0x4240c4 GetModuleHandleW
0x4240c8 TlsGetValue
0x4240cc TlsAlloc
0x4240d0 TlsSetValue
0x4240d4 TlsFree
0x4240d8 SetLastError
0x4240dc GetCurrentThreadId
0x4240e0 HeapAlloc
0x4240e4 ExitProcess
0x4240e8 WriteFile
0x4240ec GetStdHandle
0x4240f0 GetModuleFileNameA
0x4240f4 FreeEnvironmentStringsA
0x4240f8 GetEnvironmentStrings
0x4240fc FreeEnvironmentStringsW
0x424100 GetEnvironmentStringsW
0x424104 SetHandleCount
0x424108 GetFileType
0x42410c GetStartupInfoA
0x424110 HeapCreate
0x424114 VirtualFree
0x424118 QueryPerformanceCounter
0x42411c GetTickCount
0x424120 GetCurrentProcessId
0x424124 GetSystemTimeAsFileTime
0x424128 VirtualAlloc
0x42412c HeapReAlloc
0x424130 GetConsoleCP
0x424134 GetConsoleMode
0x424138 FlushFileBuffers
0x42413c ReadFile
0x424140 SetFilePointer
0x424144 CloseHandle
0x424148 HeapSize
0x42414c GetACP
0x424150 GetOEMCP
0x424154 IsValidCodePage
0x424158 GetUserDefaultLCID
0x42415c GetLocaleInfoA
0x424160 EnumSystemLocalesA
0x424164 IsValidLocale
0x424168 GetStringTypeA
USER32.dll
0x424170 GetClassInfoA
0x424174 CallWindowProcA
0x424178 SetWindowLongA
0x42417c IsDlgButtonChecked
0x424180 SetWindowTextA
0x424184 CheckDlgButton
0x424188 GetActiveWindow
0x42418c LoadCursorA
0x424190 MessageBoxA
0x424194 wsprintfA
0x424198 GetDlgItemTextA
0x42419c GetWindowRect
GDI32.dll
0x424014 GetStockObject
0x424018 DeleteObject
0x42401c SetBkMode
0x424020 SetTextColor
0x424024 CreateFontIndirectA
0x424028 SelectObject
0x42402c GetObjectA
COMDLG32.dll
0x424008 GetSaveFileNameA
0x42400c GetOpenFileNameA
ADVAPI32.dll
0x424000 RegDeleteKeyA
EAT(Export Address Table) is none
KERNEL32.dll
0x424034 GetConsoleOutputCP
0x424038 WriteConsoleA
0x42403c WriteConsoleW
0x424040 LoadLibraryA
0x424044 GetStringTypeW
0x424048 SetStdHandle
0x42404c GetLocaleInfoW
0x424050 CreateFileA
0x424054 FreeConsole
0x424058 GetConsoleWindow
0x42405c GetModuleHandleA
0x424060 MultiByteToWideChar
0x424064 InitializeCriticalSectionAndSpinCount
0x424068 GetProcAddress
0x42406c InterlockedIncrement
0x424070 InterlockedDecrement
0x424074 WideCharToMultiByte
0x424078 Sleep
0x42407c InterlockedExchange
0x424080 InitializeCriticalSection
0x424084 DeleteCriticalSection
0x424088 EnterCriticalSection
0x42408c LeaveCriticalSection
0x424090 RtlUnwind
0x424094 RaiseException
0x424098 TerminateProcess
0x42409c GetCurrentProcess
0x4240a0 UnhandledExceptionFilter
0x4240a4 SetUnhandledExceptionFilter
0x4240a8 IsDebuggerPresent
0x4240ac GetCommandLineA
0x4240b0 GetLastError
0x4240b4 HeapFree
0x4240b8 GetCPInfo
0x4240bc LCMapStringA
0x4240c0 LCMapStringW
0x4240c4 GetModuleHandleW
0x4240c8 TlsGetValue
0x4240cc TlsAlloc
0x4240d0 TlsSetValue
0x4240d4 TlsFree
0x4240d8 SetLastError
0x4240dc GetCurrentThreadId
0x4240e0 HeapAlloc
0x4240e4 ExitProcess
0x4240e8 WriteFile
0x4240ec GetStdHandle
0x4240f0 GetModuleFileNameA
0x4240f4 FreeEnvironmentStringsA
0x4240f8 GetEnvironmentStrings
0x4240fc FreeEnvironmentStringsW
0x424100 GetEnvironmentStringsW
0x424104 SetHandleCount
0x424108 GetFileType
0x42410c GetStartupInfoA
0x424110 HeapCreate
0x424114 VirtualFree
0x424118 QueryPerformanceCounter
0x42411c GetTickCount
0x424120 GetCurrentProcessId
0x424124 GetSystemTimeAsFileTime
0x424128 VirtualAlloc
0x42412c HeapReAlloc
0x424130 GetConsoleCP
0x424134 GetConsoleMode
0x424138 FlushFileBuffers
0x42413c ReadFile
0x424140 SetFilePointer
0x424144 CloseHandle
0x424148 HeapSize
0x42414c GetACP
0x424150 GetOEMCP
0x424154 IsValidCodePage
0x424158 GetUserDefaultLCID
0x42415c GetLocaleInfoA
0x424160 EnumSystemLocalesA
0x424164 IsValidLocale
0x424168 GetStringTypeA
USER32.dll
0x424170 GetClassInfoA
0x424174 CallWindowProcA
0x424178 SetWindowLongA
0x42417c IsDlgButtonChecked
0x424180 SetWindowTextA
0x424184 CheckDlgButton
0x424188 GetActiveWindow
0x42418c LoadCursorA
0x424190 MessageBoxA
0x424194 wsprintfA
0x424198 GetDlgItemTextA
0x42419c GetWindowRect
GDI32.dll
0x424014 GetStockObject
0x424018 DeleteObject
0x42401c SetBkMode
0x424020 SetTextColor
0x424024 CreateFontIndirectA
0x424028 SelectObject
0x42402c GetObjectA
COMDLG32.dll
0x424008 GetSaveFileNameA
0x42400c GetOpenFileNameA
ADVAPI32.dll
0x424000 RegDeleteKeyA
EAT(Export Address Table) is none