ScreenShot
| Created | 2023.05.17 07:13 | Machine | s1_win7_x6403 |
| Filename | MavrodiBlack.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 47 detected (AIDetectMalware, Zusy, Generic PWS, Vmgo, GenusT, DHPD, Eldorado, Attribute, HighConfidence, malicious, high confidence, Kryptik, HSEV, BackdoorX, FalseSign, Udkl, Steal, Nekark, pqgcn, moderate, score, Detected, ai score=85, Sabsik, RedLineStealer, R578284, unsafe, Genetic, R002H0CEE23, Ojq6eX0sX8N, confidence) | ||
| md5 | 22b25918bfdd12b1b6646cf6cdf1e867 | ||
| sha256 | 8be6deb199d15344938cca068b14d9af482d69b0e864c42bc0f11690dd8cf1f7 | ||
| ssdeep | 6144:seIJOgbSk6haa3G7YWoWTAqkUgE0YRa8ts:shOgShtusWsvE7e | ||
| imphash | 46c74cf13312d6259105eaa206ede1b5 | ||
| impfuzzy | 48:MQdZ+fcMvZt2K83oRcqZtAyGwteD4uKQBA:MIZ+fcMvZtt83wcSt3L | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x423028 SetStdHandle
0x42302c WriteConsoleW
0x423030 WriteConsoleA
0x423034 InitializeCriticalSectionAndSpinCount
0x423038 GetLocaleInfoW
0x42303c CreateFileA
0x423040 FreeConsole
0x423044 GetModuleHandleA
0x423048 MultiByteToWideChar
0x42304c GetConsoleOutputCP
0x423050 GetProcAddress
0x423054 InterlockedIncrement
0x423058 InterlockedDecrement
0x42305c WideCharToMultiByte
0x423060 Sleep
0x423064 InterlockedExchange
0x423068 InitializeCriticalSection
0x42306c DeleteCriticalSection
0x423070 EnterCriticalSection
0x423074 LeaveCriticalSection
0x423078 RtlUnwind
0x42307c GetSystemTimeAsFileTime
0x423080 RaiseException
0x423084 TerminateProcess
0x423088 GetCurrentProcess
0x42308c UnhandledExceptionFilter
0x423090 SetUnhandledExceptionFilter
0x423094 IsDebuggerPresent
0x423098 GetCommandLineA
0x42309c GetLastError
0x4230a0 HeapFree
0x4230a4 GetCPInfo
0x4230a8 LCMapStringA
0x4230ac LCMapStringW
0x4230b0 GetModuleHandleW
0x4230b4 TlsGetValue
0x4230b8 TlsAlloc
0x4230bc TlsSetValue
0x4230c0 TlsFree
0x4230c4 SetLastError
0x4230c8 GetCurrentThreadId
0x4230cc HeapAlloc
0x4230d0 ExitProcess
0x4230d4 WriteFile
0x4230d8 GetStdHandle
0x4230dc GetModuleFileNameA
0x4230e0 FreeEnvironmentStringsA
0x4230e4 GetEnvironmentStrings
0x4230e8 FreeEnvironmentStringsW
0x4230ec GetEnvironmentStringsW
0x4230f0 SetHandleCount
0x4230f4 GetFileType
0x4230f8 GetStartupInfoA
0x4230fc HeapCreate
0x423100 VirtualFree
0x423104 QueryPerformanceCounter
0x423108 GetTickCount
0x42310c GetCurrentProcessId
0x423110 VirtualAlloc
0x423114 HeapReAlloc
0x423118 GetConsoleCP
0x42311c GetConsoleMode
0x423120 FlushFileBuffers
0x423124 ReadFile
0x423128 SetFilePointer
0x42312c CloseHandle
0x423130 HeapSize
0x423134 GetACP
0x423138 GetOEMCP
0x42313c IsValidCodePage
0x423140 GetUserDefaultLCID
0x423144 GetLocaleInfoA
0x423148 EnumSystemLocalesA
0x42314c IsValidLocale
0x423150 GetStringTypeA
0x423154 GetStringTypeW
0x423158 LoadLibraryA
USER32.dll
0x423160 GetClassInfoA
0x423164 CallWindowProcA
0x423168 SetWindowLongA
0x42316c CheckDlgButton
0x423170 GetActiveWindow
0x423174 LoadCursorA
0x423178 MessageBoxA
0x42317c wsprintfA
0x423180 GetDlgItemTextA
GDI32.dll
0x423014 SetTextColor
0x423018 CreateFontIndirectA
0x42301c SelectObject
0x423020 SetBkMode
COMDLG32.dll
0x423008 GetSaveFileNameA
0x42300c GetOpenFileNameA
ADVAPI32.dll
0x423000 RegDeleteKeyA
EAT(Export Address Table) is none
KERNEL32.dll
0x423028 SetStdHandle
0x42302c WriteConsoleW
0x423030 WriteConsoleA
0x423034 InitializeCriticalSectionAndSpinCount
0x423038 GetLocaleInfoW
0x42303c CreateFileA
0x423040 FreeConsole
0x423044 GetModuleHandleA
0x423048 MultiByteToWideChar
0x42304c GetConsoleOutputCP
0x423050 GetProcAddress
0x423054 InterlockedIncrement
0x423058 InterlockedDecrement
0x42305c WideCharToMultiByte
0x423060 Sleep
0x423064 InterlockedExchange
0x423068 InitializeCriticalSection
0x42306c DeleteCriticalSection
0x423070 EnterCriticalSection
0x423074 LeaveCriticalSection
0x423078 RtlUnwind
0x42307c GetSystemTimeAsFileTime
0x423080 RaiseException
0x423084 TerminateProcess
0x423088 GetCurrentProcess
0x42308c UnhandledExceptionFilter
0x423090 SetUnhandledExceptionFilter
0x423094 IsDebuggerPresent
0x423098 GetCommandLineA
0x42309c GetLastError
0x4230a0 HeapFree
0x4230a4 GetCPInfo
0x4230a8 LCMapStringA
0x4230ac LCMapStringW
0x4230b0 GetModuleHandleW
0x4230b4 TlsGetValue
0x4230b8 TlsAlloc
0x4230bc TlsSetValue
0x4230c0 TlsFree
0x4230c4 SetLastError
0x4230c8 GetCurrentThreadId
0x4230cc HeapAlloc
0x4230d0 ExitProcess
0x4230d4 WriteFile
0x4230d8 GetStdHandle
0x4230dc GetModuleFileNameA
0x4230e0 FreeEnvironmentStringsA
0x4230e4 GetEnvironmentStrings
0x4230e8 FreeEnvironmentStringsW
0x4230ec GetEnvironmentStringsW
0x4230f0 SetHandleCount
0x4230f4 GetFileType
0x4230f8 GetStartupInfoA
0x4230fc HeapCreate
0x423100 VirtualFree
0x423104 QueryPerformanceCounter
0x423108 GetTickCount
0x42310c GetCurrentProcessId
0x423110 VirtualAlloc
0x423114 HeapReAlloc
0x423118 GetConsoleCP
0x42311c GetConsoleMode
0x423120 FlushFileBuffers
0x423124 ReadFile
0x423128 SetFilePointer
0x42312c CloseHandle
0x423130 HeapSize
0x423134 GetACP
0x423138 GetOEMCP
0x42313c IsValidCodePage
0x423140 GetUserDefaultLCID
0x423144 GetLocaleInfoA
0x423148 EnumSystemLocalesA
0x42314c IsValidLocale
0x423150 GetStringTypeA
0x423154 GetStringTypeW
0x423158 LoadLibraryA
USER32.dll
0x423160 GetClassInfoA
0x423164 CallWindowProcA
0x423168 SetWindowLongA
0x42316c CheckDlgButton
0x423170 GetActiveWindow
0x423174 LoadCursorA
0x423178 MessageBoxA
0x42317c wsprintfA
0x423180 GetDlgItemTextA
GDI32.dll
0x423014 SetTextColor
0x423018 CreateFontIndirectA
0x42301c SelectObject
0x423020 SetBkMode
COMDLG32.dll
0x423008 GetSaveFileNameA
0x42300c GetOpenFileNameA
ADVAPI32.dll
0x423000 RegDeleteKeyA
EAT(Export Address Table) is none