ScreenShot
| Created | 2023.05.03 10:01 | Machine | s1_win7_x6401 |
| Filename | build.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (Goback, malicious, high confidence, Hijacker, Save, confidence, 100%, TrojanPSW, a variant of WinGo, score, QQPass, QQRob, Ogil, Redcap, oditn, Sabsik, Casdet, Detected, Artemis, ai score=84, unsafe, Chgt, R03BH0CDU23) | ||
| md5 | 513eeefe11218aa5722526a3adc09193 | ||
| sha256 | 3b72820e9f87dd87c2a06f52d2666a8ab9e2332b2c5612d3cf56f96badbe1866 | ||
| ssdeep | 98304:GZn3j7cxNxTJWtIIznCRjf3Fd5xEF/4VHrd4MTEI:G5kxXTJWuIznCh3cuVHr | ||
| imphash | 57c9b357ae0cb2f414b0a5873e2f216d | ||
| impfuzzy | 96:nB0xlCFX7+C4S5O1eTucwOcX8gXj+JG46BRqt3R:nK3CN774S5lTmXxt46Bct3R | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | NPKI_Zero | File included NPKI | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x12354fc AddVectoredExceptionHandler
0x1235504 AreFileApisANSI
0x123550c CloseHandle
0x1235514 CreateEventA
0x123551c CreateFileA
0x1235524 CreateFileMappingA
0x123552c CreateFileMappingW
0x1235534 CreateFileW
0x123553c CreateIoCompletionPort
0x1235544 CreateMutexW
0x123554c CreateThread
0x1235554 CreateWaitableTimerA
0x123555c CreateWaitableTimerExW
0x1235564 DeleteCriticalSection
0x123556c DeleteFileA
0x1235574 DeleteFileW
0x123557c DuplicateHandle
0x1235584 EnterCriticalSection
0x123558c ExitProcess
0x1235594 FlushFileBuffers
0x123559c FlushViewOfFile
0x12355a4 FormatMessageA
0x12355ac FormatMessageW
0x12355b4 FreeEnvironmentStringsW
0x12355bc FreeLibrary
0x12355c4 GetConsoleMode
0x12355cc GetCurrentProcess
0x12355d4 GetCurrentProcessId
0x12355dc GetCurrentThreadId
0x12355e4 GetDiskFreeSpaceA
0x12355ec GetDiskFreeSpaceW
0x12355f4 GetEnvironmentStringsW
0x12355fc GetFileAttributesA
0x1235604 GetFileAttributesExW
0x123560c GetFileAttributesW
0x1235614 GetFileSize
0x123561c GetFullPathNameA
0x1235624 GetFullPathNameW
0x123562c GetLastError
0x1235634 GetProcAddress
0x123563c GetProcessAffinityMask
0x1235644 GetProcessHeap
0x123564c GetQueuedCompletionStatusEx
0x1235654 GetStartupInfoA
0x123565c GetStdHandle
0x1235664 GetSystemDirectoryA
0x123566c GetSystemInfo
0x1235674 GetSystemTime
0x123567c GetSystemTimeAsFileTime
0x1235684 GetTempPathA
0x123568c GetTempPathW
0x1235694 GetThreadContext
0x123569c GetTickCount
0x12356a4 GetVersionExA
0x12356ac GetVersionExW
0x12356b4 HeapAlloc
0x12356bc HeapCompact
0x12356c4 HeapCreate
0x12356cc HeapDestroy
0x12356d4 HeapFree
0x12356dc HeapReAlloc
0x12356e4 HeapSize
0x12356ec HeapValidate
0x12356f4 InitializeCriticalSection
0x12356fc LeaveCriticalSection
0x1235704 LoadLibraryA
0x123570c LoadLibraryW
0x1235714 LocalFree
0x123571c LockFile
0x1235724 LockFileEx
0x123572c MapViewOfFile
0x1235734 MultiByteToWideChar
0x123573c OutputDebugStringA
0x1235744 OutputDebugStringW
0x123574c PostQueuedCompletionStatus
0x1235754 QueryPerformanceCounter
0x123575c ReadFile
0x1235764 ResumeThread
0x123576c RtlAddFunctionTable
0x1235774 RtlCaptureContext
0x123577c RtlLookupFunctionEntry
0x1235784 RtlVirtualUnwind
0x123578c SetConsoleCtrlHandler
0x1235794 SetEndOfFile
0x123579c SetErrorMode
0x12357a4 SetEvent
0x12357ac SetFilePointer
0x12357b4 SetProcessPriorityBoost
0x12357bc SetThreadContext
0x12357c4 SetUnhandledExceptionFilter
0x12357cc SetWaitableTimer
0x12357d4 Sleep
0x12357dc SuspendThread
0x12357e4 SwitchToThread
0x12357ec SystemTimeToFileTime
0x12357f4 TerminateProcess
0x12357fc TlsGetValue
0x1235804 TryEnterCriticalSection
0x123580c UnhandledExceptionFilter
0x1235814 UnlockFile
0x123581c UnlockFileEx
0x1235824 UnmapViewOfFile
0x123582c VirtualAlloc
0x1235834 VirtualFree
0x123583c VirtualProtect
0x1235844 VirtualQuery
0x123584c WaitForMultipleObjects
0x1235854 WaitForSingleObject
0x123585c WaitForSingleObjectEx
0x1235864 WideCharToMultiByte
0x123586c WriteConsoleW
0x1235874 WriteFile
0x123587c __C_specific_handler
msvcrt.dll
0x123588c __getmainargs
0x1235894 __initenv
0x123589c __iob_func
0x12358a4 __lconv_init
0x12358ac __set_app_type
0x12358b4 __setusermatherr
0x12358bc _acmdln
0x12358c4 _amsg_exit
0x12358cc _beginthread
0x12358d4 _beginthreadex
0x12358dc _cexit
0x12358e4 _endthreadex
0x12358ec _errno
0x12358f4 _fmode
0x12358fc _initterm
0x1235904 _localtime64
0x123590c _onexit
0x1235914 abort
0x123591c calloc
0x1235924 exit
0x123592c fprintf
0x1235934 free
0x123593c fwrite
0x1235944 malloc
0x123594c memcmp
0x1235954 memcpy
0x123595c memmove
0x1235964 memset
0x123596c qsort
0x1235974 realloc
0x123597c signal
0x1235984 strcmp
0x123598c strcspn
0x1235994 strlen
0x123599c strncmp
0x12359a4 strrchr
0x12359ac vfprintf
EAT(Export Address Table) Library
0x1232ff0 _cgo_dummy_export
0x8cf780 authorizerTrampoline
0x8cf4a0 callbackTrampoline
0x8cf660 commitHookTrampoline
0x8cf5c0 compareTrampoline
0x8cf570 doneTrampoline
0x8cf800 preUpdateHookTrampoline
0x8cf6c0 rollbackHookTrampoline
0x8cf500 stepTrampoline
0x8cf710 updateHookTrampoline
KERNEL32.dll
0x12354fc AddVectoredExceptionHandler
0x1235504 AreFileApisANSI
0x123550c CloseHandle
0x1235514 CreateEventA
0x123551c CreateFileA
0x1235524 CreateFileMappingA
0x123552c CreateFileMappingW
0x1235534 CreateFileW
0x123553c CreateIoCompletionPort
0x1235544 CreateMutexW
0x123554c CreateThread
0x1235554 CreateWaitableTimerA
0x123555c CreateWaitableTimerExW
0x1235564 DeleteCriticalSection
0x123556c DeleteFileA
0x1235574 DeleteFileW
0x123557c DuplicateHandle
0x1235584 EnterCriticalSection
0x123558c ExitProcess
0x1235594 FlushFileBuffers
0x123559c FlushViewOfFile
0x12355a4 FormatMessageA
0x12355ac FormatMessageW
0x12355b4 FreeEnvironmentStringsW
0x12355bc FreeLibrary
0x12355c4 GetConsoleMode
0x12355cc GetCurrentProcess
0x12355d4 GetCurrentProcessId
0x12355dc GetCurrentThreadId
0x12355e4 GetDiskFreeSpaceA
0x12355ec GetDiskFreeSpaceW
0x12355f4 GetEnvironmentStringsW
0x12355fc GetFileAttributesA
0x1235604 GetFileAttributesExW
0x123560c GetFileAttributesW
0x1235614 GetFileSize
0x123561c GetFullPathNameA
0x1235624 GetFullPathNameW
0x123562c GetLastError
0x1235634 GetProcAddress
0x123563c GetProcessAffinityMask
0x1235644 GetProcessHeap
0x123564c GetQueuedCompletionStatusEx
0x1235654 GetStartupInfoA
0x123565c GetStdHandle
0x1235664 GetSystemDirectoryA
0x123566c GetSystemInfo
0x1235674 GetSystemTime
0x123567c GetSystemTimeAsFileTime
0x1235684 GetTempPathA
0x123568c GetTempPathW
0x1235694 GetThreadContext
0x123569c GetTickCount
0x12356a4 GetVersionExA
0x12356ac GetVersionExW
0x12356b4 HeapAlloc
0x12356bc HeapCompact
0x12356c4 HeapCreate
0x12356cc HeapDestroy
0x12356d4 HeapFree
0x12356dc HeapReAlloc
0x12356e4 HeapSize
0x12356ec HeapValidate
0x12356f4 InitializeCriticalSection
0x12356fc LeaveCriticalSection
0x1235704 LoadLibraryA
0x123570c LoadLibraryW
0x1235714 LocalFree
0x123571c LockFile
0x1235724 LockFileEx
0x123572c MapViewOfFile
0x1235734 MultiByteToWideChar
0x123573c OutputDebugStringA
0x1235744 OutputDebugStringW
0x123574c PostQueuedCompletionStatus
0x1235754 QueryPerformanceCounter
0x123575c ReadFile
0x1235764 ResumeThread
0x123576c RtlAddFunctionTable
0x1235774 RtlCaptureContext
0x123577c RtlLookupFunctionEntry
0x1235784 RtlVirtualUnwind
0x123578c SetConsoleCtrlHandler
0x1235794 SetEndOfFile
0x123579c SetErrorMode
0x12357a4 SetEvent
0x12357ac SetFilePointer
0x12357b4 SetProcessPriorityBoost
0x12357bc SetThreadContext
0x12357c4 SetUnhandledExceptionFilter
0x12357cc SetWaitableTimer
0x12357d4 Sleep
0x12357dc SuspendThread
0x12357e4 SwitchToThread
0x12357ec SystemTimeToFileTime
0x12357f4 TerminateProcess
0x12357fc TlsGetValue
0x1235804 TryEnterCriticalSection
0x123580c UnhandledExceptionFilter
0x1235814 UnlockFile
0x123581c UnlockFileEx
0x1235824 UnmapViewOfFile
0x123582c VirtualAlloc
0x1235834 VirtualFree
0x123583c VirtualProtect
0x1235844 VirtualQuery
0x123584c WaitForMultipleObjects
0x1235854 WaitForSingleObject
0x123585c WaitForSingleObjectEx
0x1235864 WideCharToMultiByte
0x123586c WriteConsoleW
0x1235874 WriteFile
0x123587c __C_specific_handler
msvcrt.dll
0x123588c __getmainargs
0x1235894 __initenv
0x123589c __iob_func
0x12358a4 __lconv_init
0x12358ac __set_app_type
0x12358b4 __setusermatherr
0x12358bc _acmdln
0x12358c4 _amsg_exit
0x12358cc _beginthread
0x12358d4 _beginthreadex
0x12358dc _cexit
0x12358e4 _endthreadex
0x12358ec _errno
0x12358f4 _fmode
0x12358fc _initterm
0x1235904 _localtime64
0x123590c _onexit
0x1235914 abort
0x123591c calloc
0x1235924 exit
0x123592c fprintf
0x1235934 free
0x123593c fwrite
0x1235944 malloc
0x123594c memcmp
0x1235954 memcpy
0x123595c memmove
0x1235964 memset
0x123596c qsort
0x1235974 realloc
0x123597c signal
0x1235984 strcmp
0x123598c strcspn
0x1235994 strlen
0x123599c strncmp
0x12359a4 strrchr
0x12359ac vfprintf
EAT(Export Address Table) Library
0x1232ff0 _cgo_dummy_export
0x8cf780 authorizerTrampoline
0x8cf4a0 callbackTrampoline
0x8cf660 commitHookTrampoline
0x8cf5c0 compareTrampoline
0x8cf570 doneTrampoline
0x8cf800 preUpdateHookTrampoline
0x8cf6c0 rollbackHookTrampoline
0x8cf500 stepTrampoline
0x8cf710 updateHookTrampoline