ScreenShot
| Created | 2023.05.23 17:25 | Machine | s1_win7_x6403 |
| Filename | ChatGPT-4.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (Lazy, TrojanPWS, Artemis, PasswordStealer, Python, TrojanPSW, FBStealer, Attribute, HighConfidence, malicious, moderate confidence, a variant of Python, AGen, QQPass, QQRob, Hajl, Redcap, vddve, SMOKELOADER, YXDETZ, score, Cordimik, ai score=85, Sabsik, Phonzy, unsafe, Chgt, CLOUD, confidence, 100%) | ||
| md5 | dce55bbdd6eed9c8208b7e2581566ff0 | ||
| sha256 | 83f79186ecc1c4c5b6be07d6f6f96670b08f285ee74934802bab8317dc0fc370 | ||
| ssdeep | 196608:iI+pewbRUslbsbjadzxIWinWodiWajZKZqNZw1w:oLbbsCxIWyd4jZKZ8 | ||
| imphash | 3b1f2acaf99643ae95db5789c844503d | ||
| impfuzzy | 24:QsXRTLOcjFhCqu+M9v02tyXbUJnc+plkeDo/CuYoEOovw9RPvR4ZHu9oGMc:QsXAQM97tyXbEc+p2muYctnt | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| watch | Drops a binary and executes it |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (16cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | ASPack_Zero | ASPack packed file | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHELL32.dll
0x1400212c0 SHFileOperationW
0x1400212c8 SHGetFolderPathW
KERNEL32.dll
0x140021000 TlsAlloc
0x140021008 HeapReAlloc
0x140021010 CreateDirectoryW
0x140021018 SetConsoleCtrlHandler
0x140021020 GetCommandLineW
0x140021028 WriteFile
0x140021030 TerminateProcess
0x140021038 GetModuleFileNameW
0x140021040 GetTempPathW
0x140021048 FindResourceA
0x140021050 WaitForSingleObject
0x140021058 CreateFileW
0x140021060 GetFileAttributesW
0x140021068 Sleep
0x140021070 GetLastError
0x140021078 LockResource
0x140021080 CloseHandle
0x140021088 LoadResource
0x140021090 SetEnvironmentVariableA
0x140021098 GetCurrentProcessId
0x1400210a0 CreateProcessW
0x1400210a8 GetSystemTimeAsFileTime
0x1400210b0 FormatMessageA
0x1400210b8 GetExitCodeProcess
0x1400210c0 RtlCaptureContext
0x1400210c8 RtlLookupFunctionEntry
0x1400210d0 RtlVirtualUnwind
0x1400210d8 UnhandledExceptionFilter
0x1400210e0 SetUnhandledExceptionFilter
0x1400210e8 GetCurrentProcess
0x1400210f0 IsProcessorFeaturePresent
0x1400210f8 QueryPerformanceCounter
0x140021100 GetCurrentThreadId
0x140021108 InitializeSListHead
0x140021110 IsDebuggerPresent
0x140021118 GetStartupInfoW
0x140021120 GetModuleHandleW
0x140021128 HeapSize
0x140021130 RtlUnwindEx
0x140021138 SetLastError
0x140021140 EnterCriticalSection
0x140021148 LeaveCriticalSection
0x140021150 DeleteCriticalSection
0x140021158 InitializeCriticalSectionAndSpinCount
0x140021160 WriteConsoleW
0x140021168 TlsGetValue
0x140021170 TlsSetValue
0x140021178 TlsFree
0x140021180 FreeLibrary
0x140021188 GetProcAddress
0x140021190 LoadLibraryExW
0x140021198 EncodePointer
0x1400211a0 RaiseException
0x1400211a8 RtlPcToFileHeader
0x1400211b0 ExitProcess
0x1400211b8 GetModuleHandleExW
0x1400211c0 GetCommandLineA
0x1400211c8 GetStdHandle
0x1400211d0 HeapAlloc
0x1400211d8 MultiByteToWideChar
0x1400211e0 HeapFree
0x1400211e8 FlsAlloc
0x1400211f0 FlsGetValue
0x1400211f8 FlsSetValue
0x140021200 FlsFree
0x140021208 CompareStringW
0x140021210 LCMapStringW
0x140021218 GetFileType
0x140021220 FindClose
0x140021228 FindFirstFileExW
0x140021230 FindNextFileW
0x140021238 IsValidCodePage
0x140021240 GetACP
0x140021248 GetOEMCP
0x140021250 GetCPInfo
0x140021258 WideCharToMultiByte
0x140021260 GetEnvironmentStringsW
0x140021268 FreeEnvironmentStringsW
0x140021270 SetEnvironmentVariableW
0x140021278 SetStdHandle
0x140021280 GetStringTypeW
0x140021288 GetProcessHeap
0x140021290 FlushFileBuffers
0x140021298 GetConsoleOutputCP
0x1400212a0 GetConsoleMode
0x1400212a8 GetFileSizeEx
0x1400212b0 SetFilePointerEx
EAT(Export Address Table) is none
SHELL32.dll
0x1400212c0 SHFileOperationW
0x1400212c8 SHGetFolderPathW
KERNEL32.dll
0x140021000 TlsAlloc
0x140021008 HeapReAlloc
0x140021010 CreateDirectoryW
0x140021018 SetConsoleCtrlHandler
0x140021020 GetCommandLineW
0x140021028 WriteFile
0x140021030 TerminateProcess
0x140021038 GetModuleFileNameW
0x140021040 GetTempPathW
0x140021048 FindResourceA
0x140021050 WaitForSingleObject
0x140021058 CreateFileW
0x140021060 GetFileAttributesW
0x140021068 Sleep
0x140021070 GetLastError
0x140021078 LockResource
0x140021080 CloseHandle
0x140021088 LoadResource
0x140021090 SetEnvironmentVariableA
0x140021098 GetCurrentProcessId
0x1400210a0 CreateProcessW
0x1400210a8 GetSystemTimeAsFileTime
0x1400210b0 FormatMessageA
0x1400210b8 GetExitCodeProcess
0x1400210c0 RtlCaptureContext
0x1400210c8 RtlLookupFunctionEntry
0x1400210d0 RtlVirtualUnwind
0x1400210d8 UnhandledExceptionFilter
0x1400210e0 SetUnhandledExceptionFilter
0x1400210e8 GetCurrentProcess
0x1400210f0 IsProcessorFeaturePresent
0x1400210f8 QueryPerformanceCounter
0x140021100 GetCurrentThreadId
0x140021108 InitializeSListHead
0x140021110 IsDebuggerPresent
0x140021118 GetStartupInfoW
0x140021120 GetModuleHandleW
0x140021128 HeapSize
0x140021130 RtlUnwindEx
0x140021138 SetLastError
0x140021140 EnterCriticalSection
0x140021148 LeaveCriticalSection
0x140021150 DeleteCriticalSection
0x140021158 InitializeCriticalSectionAndSpinCount
0x140021160 WriteConsoleW
0x140021168 TlsGetValue
0x140021170 TlsSetValue
0x140021178 TlsFree
0x140021180 FreeLibrary
0x140021188 GetProcAddress
0x140021190 LoadLibraryExW
0x140021198 EncodePointer
0x1400211a0 RaiseException
0x1400211a8 RtlPcToFileHeader
0x1400211b0 ExitProcess
0x1400211b8 GetModuleHandleExW
0x1400211c0 GetCommandLineA
0x1400211c8 GetStdHandle
0x1400211d0 HeapAlloc
0x1400211d8 MultiByteToWideChar
0x1400211e0 HeapFree
0x1400211e8 FlsAlloc
0x1400211f0 FlsGetValue
0x1400211f8 FlsSetValue
0x140021200 FlsFree
0x140021208 CompareStringW
0x140021210 LCMapStringW
0x140021218 GetFileType
0x140021220 FindClose
0x140021228 FindFirstFileExW
0x140021230 FindNextFileW
0x140021238 IsValidCodePage
0x140021240 GetACP
0x140021248 GetOEMCP
0x140021250 GetCPInfo
0x140021258 WideCharToMultiByte
0x140021260 GetEnvironmentStringsW
0x140021268 FreeEnvironmentStringsW
0x140021270 SetEnvironmentVariableW
0x140021278 SetStdHandle
0x140021280 GetStringTypeW
0x140021288 GetProcessHeap
0x140021290 FlushFileBuffers
0x140021298 GetConsoleOutputCP
0x1400212a0 GetConsoleMode
0x1400212a8 GetFileSizeEx
0x1400212b0 SetFilePointerEx
EAT(Export Address Table) is none