ScreenShot
| Created | 2023.05.20 16:25 | Machine | s1_win7_x6403 |
| Filename | firefoxport.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 25 detected (AIDetectMalware, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, GJZM, CrypterX, Artemis, high, score, Sabsik, unsafe, Generic@AI, RDML, LBD+1LG, vphjyViUgSS7tg, ZexaE, tu2@aauE9Pei) | ||
| md5 | d55045e55d930facae1dda5cb8ef3cc1 | ||
| sha256 | e113281c669c7aa1e5a28d44ee632a1e12de4cb2ee63389c298d0ff12c6fcb87 | ||
| ssdeep | 6144:UICKgIRxhzqT3dlvFTgRJyKFvTSL4Tv7SNl0EiaivBzNHkI:wIRxQT3dldUxZTtT6bQD3 | ||
| imphash | c51c419e64d37d41f3d25e7f43aa37da | ||
| impfuzzy | 48:aqdZ+fcMMZt2Khc6RcVZtAyGwteD4uKQVt:amZ+fcMMZtthc2cvt3Y | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x420034 WriteConsoleA
0x420038 GetConsoleOutputCP
0x42003c GetLocaleInfoW
0x420040 WriteConsoleW
0x420044 SetStdHandle
0x420048 CreateFileA
0x42004c GetConsoleWindow
0x420050 GetEnvironmentStringsW
0x420054 GetModuleHandleA
0x420058 MultiByteToWideChar
0x42005c InitializeCriticalSectionAndSpinCount
0x420060 GetProcAddress
0x420064 InterlockedIncrement
0x420068 InterlockedDecrement
0x42006c WideCharToMultiByte
0x420070 Sleep
0x420074 InterlockedExchange
0x420078 InitializeCriticalSection
0x42007c DeleteCriticalSection
0x420080 EnterCriticalSection
0x420084 LeaveCriticalSection
0x420088 RtlUnwind
0x42008c RaiseException
0x420090 TerminateProcess
0x420094 GetCurrentProcess
0x420098 UnhandledExceptionFilter
0x42009c SetUnhandledExceptionFilter
0x4200a0 IsDebuggerPresent
0x4200a4 GetCommandLineA
0x4200a8 GetLastError
0x4200ac HeapFree
0x4200b0 GetCPInfo
0x4200b4 LCMapStringA
0x4200b8 LCMapStringW
0x4200bc HeapAlloc
0x4200c0 WriteFile
0x4200c4 GetStdHandle
0x4200c8 GetModuleFileNameA
0x4200cc GetModuleHandleW
0x4200d0 TlsGetValue
0x4200d4 TlsAlloc
0x4200d8 TlsSetValue
0x4200dc TlsFree
0x4200e0 SetLastError
0x4200e4 GetCurrentThreadId
0x4200e8 ExitProcess
0x4200ec FreeEnvironmentStringsA
0x4200f0 GetEnvironmentStrings
0x4200f4 FreeEnvironmentStringsW
0x4200f8 SetHandleCount
0x4200fc GetFileType
0x420100 GetStartupInfoA
0x420104 HeapCreate
0x420108 VirtualFree
0x42010c QueryPerformanceCounter
0x420110 GetTickCount
0x420114 GetCurrentProcessId
0x420118 GetSystemTimeAsFileTime
0x42011c VirtualAlloc
0x420120 HeapReAlloc
0x420124 GetConsoleCP
0x420128 GetConsoleMode
0x42012c FlushFileBuffers
0x420130 ReadFile
0x420134 SetFilePointer
0x420138 CloseHandle
0x42013c HeapSize
0x420140 GetACP
0x420144 GetOEMCP
0x420148 IsValidCodePage
0x42014c GetUserDefaultLCID
0x420150 GetLocaleInfoA
0x420154 EnumSystemLocalesA
0x420158 IsValidLocale
0x42015c GetStringTypeA
0x420160 GetStringTypeW
0x420164 LoadLibraryA
USER32.dll
0x42016c GetClassInfoA
0x420170 CallWindowProcA
0x420174 SetWindowLongA
0x420178 CheckDlgButton
0x42017c GetActiveWindow
0x420180 LoadCursorA
0x420184 MessageBoxA
0x420188 wsprintfA
0x42018c GetDlgItemTextA
0x420190 ShowWindow
GDI32.dll
0x420014 GetStockObject
0x420018 DeleteObject
0x42001c SetBkMode
0x420020 SetTextColor
0x420024 CreateFontIndirectA
0x420028 SelectObject
0x42002c GetObjectA
COMDLG32.dll
0x420008 GetSaveFileNameA
0x42000c GetOpenFileNameA
ADVAPI32.dll
0x420000 RegDeleteKeyA
EAT(Export Address Table) is none
KERNEL32.dll
0x420034 WriteConsoleA
0x420038 GetConsoleOutputCP
0x42003c GetLocaleInfoW
0x420040 WriteConsoleW
0x420044 SetStdHandle
0x420048 CreateFileA
0x42004c GetConsoleWindow
0x420050 GetEnvironmentStringsW
0x420054 GetModuleHandleA
0x420058 MultiByteToWideChar
0x42005c InitializeCriticalSectionAndSpinCount
0x420060 GetProcAddress
0x420064 InterlockedIncrement
0x420068 InterlockedDecrement
0x42006c WideCharToMultiByte
0x420070 Sleep
0x420074 InterlockedExchange
0x420078 InitializeCriticalSection
0x42007c DeleteCriticalSection
0x420080 EnterCriticalSection
0x420084 LeaveCriticalSection
0x420088 RtlUnwind
0x42008c RaiseException
0x420090 TerminateProcess
0x420094 GetCurrentProcess
0x420098 UnhandledExceptionFilter
0x42009c SetUnhandledExceptionFilter
0x4200a0 IsDebuggerPresent
0x4200a4 GetCommandLineA
0x4200a8 GetLastError
0x4200ac HeapFree
0x4200b0 GetCPInfo
0x4200b4 LCMapStringA
0x4200b8 LCMapStringW
0x4200bc HeapAlloc
0x4200c0 WriteFile
0x4200c4 GetStdHandle
0x4200c8 GetModuleFileNameA
0x4200cc GetModuleHandleW
0x4200d0 TlsGetValue
0x4200d4 TlsAlloc
0x4200d8 TlsSetValue
0x4200dc TlsFree
0x4200e0 SetLastError
0x4200e4 GetCurrentThreadId
0x4200e8 ExitProcess
0x4200ec FreeEnvironmentStringsA
0x4200f0 GetEnvironmentStrings
0x4200f4 FreeEnvironmentStringsW
0x4200f8 SetHandleCount
0x4200fc GetFileType
0x420100 GetStartupInfoA
0x420104 HeapCreate
0x420108 VirtualFree
0x42010c QueryPerformanceCounter
0x420110 GetTickCount
0x420114 GetCurrentProcessId
0x420118 GetSystemTimeAsFileTime
0x42011c VirtualAlloc
0x420120 HeapReAlloc
0x420124 GetConsoleCP
0x420128 GetConsoleMode
0x42012c FlushFileBuffers
0x420130 ReadFile
0x420134 SetFilePointer
0x420138 CloseHandle
0x42013c HeapSize
0x420140 GetACP
0x420144 GetOEMCP
0x420148 IsValidCodePage
0x42014c GetUserDefaultLCID
0x420150 GetLocaleInfoA
0x420154 EnumSystemLocalesA
0x420158 IsValidLocale
0x42015c GetStringTypeA
0x420160 GetStringTypeW
0x420164 LoadLibraryA
USER32.dll
0x42016c GetClassInfoA
0x420170 CallWindowProcA
0x420174 SetWindowLongA
0x420178 CheckDlgButton
0x42017c GetActiveWindow
0x420180 LoadCursorA
0x420184 MessageBoxA
0x420188 wsprintfA
0x42018c GetDlgItemTextA
0x420190 ShowWindow
GDI32.dll
0x420014 GetStockObject
0x420018 DeleteObject
0x42001c SetBkMode
0x420020 SetTextColor
0x420024 CreateFontIndirectA
0x420028 SelectObject
0x42002c GetObjectA
COMDLG32.dll
0x420008 GetSaveFileNameA
0x42000c GetOpenFileNameA
ADVAPI32.dll
0x420000 RegDeleteKeyA
EAT(Export Address Table) is none