ScreenShot
| Created | 2023.05.26 17:48 | Machine | s1_win7_x6401 |
| Filename | word.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 21 detected (AIDetectMalware, malicious, moderate confidence, score, Artemis, unsafe, confidence, Kryptik, HTOY, FileRepMalware, Misc, Generic@AI, RDML, g3Xxf5xqs9+RjDPXfc15fQ, Infected, Sabsik, ZexaF, Ju0@aOywtvfj) | ||
| md5 | b9a5e05efb6100a069525b12b0d5bbab | ||
| sha256 | 00b48fd2f3a0fc00fc857c2570b77c0b57ed0022e3615d072431099ae1cf8712 | ||
| ssdeep | 6144:o41xtuP+LxY4MUABaw2WdMAOEVOV1IHjRXOIOcSqBrB8YB38DamXGRKP6l8ms:D1xMP+LxY7KgdMJTOl5nyPSHs | ||
| imphash | d07e313f1b57a8ea9d8ad620c61bfe3c | ||
| impfuzzy | 24:rdW1VDscWqv+liZDLtvS1CbJh9ro2ZMv1jMAIpOovbOPM:ryVwcDmktvS1CDZpZGR30 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x420000 DecodePointer
0x420004 RaiseException
0x420008 GetLastError
0x42000c HeapAlloc
0x420010 HeapReAlloc
0x420014 HeapFree
0x420018 HeapSize
0x42001c GetProcessHeap
0x420020 InitializeCriticalSectionEx
0x420024 DeleteCriticalSection
0x420028 VirtualProtect
0x42002c WriteConsoleW
0x420030 CreateFileW
0x420034 SetStdHandle
0x420038 FreeEnvironmentStringsW
0x42003c EnterCriticalSection
0x420040 LeaveCriticalSection
0x420044 EncodePointer
0x420048 MultiByteToWideChar
0x42004c WideCharToMultiByte
0x420050 LCMapStringEx
0x420054 GetStringTypeW
0x420058 GetCPInfo
0x42005c IsDebuggerPresent
0x420060 OutputDebugStringW
0x420064 CloseHandle
0x420068 InitializeCriticalSectionAndSpinCount
0x42006c CreateEventW
0x420070 GetModuleHandleW
0x420074 GetProcAddress
0x420078 IsProcessorFeaturePresent
0x42007c UnhandledExceptionFilter
0x420080 SetUnhandledExceptionFilter
0x420084 GetStartupInfoW
0x420088 GetCurrentProcess
0x42008c TerminateProcess
0x420090 QueryPerformanceCounter
0x420094 GetCurrentProcessId
0x420098 GetCurrentThreadId
0x42009c GetSystemTimeAsFileTime
0x4200a0 InitializeSListHead
0x4200a4 RtlUnwind
0x4200a8 SetLastError
0x4200ac TlsAlloc
0x4200b0 TlsGetValue
0x4200b4 TlsSetValue
0x4200b8 TlsFree
0x4200bc FreeLibrary
0x4200c0 LoadLibraryExW
0x4200c4 ExitProcess
0x4200c8 GetModuleHandleExW
0x4200cc GetModuleFileNameW
0x4200d0 GetStdHandle
0x4200d4 WriteFile
0x4200d8 LCMapStringW
0x4200dc GetLocaleInfoW
0x4200e0 IsValidLocale
0x4200e4 GetUserDefaultLCID
0x4200e8 EnumSystemLocalesW
0x4200ec GetFileType
0x4200f0 FlushFileBuffers
0x4200f4 GetConsoleCP
0x4200f8 GetConsoleMode
0x4200fc ReadFile
0x420100 GetFileSizeEx
0x420104 SetFilePointerEx
0x420108 ReadConsoleW
0x42010c FindClose
0x420110 FindFirstFileExW
0x420114 FindNextFileW
0x420118 IsValidCodePage
0x42011c GetACP
0x420120 GetOEMCP
0x420124 GetCommandLineA
0x420128 GetCommandLineW
0x42012c GetEnvironmentStringsW
0x420130 SetEndOfFile
ole32.dll
0x420138 CoTaskMemAlloc
EAT(Export Address Table) is none
KERNEL32.dll
0x420000 DecodePointer
0x420004 RaiseException
0x420008 GetLastError
0x42000c HeapAlloc
0x420010 HeapReAlloc
0x420014 HeapFree
0x420018 HeapSize
0x42001c GetProcessHeap
0x420020 InitializeCriticalSectionEx
0x420024 DeleteCriticalSection
0x420028 VirtualProtect
0x42002c WriteConsoleW
0x420030 CreateFileW
0x420034 SetStdHandle
0x420038 FreeEnvironmentStringsW
0x42003c EnterCriticalSection
0x420040 LeaveCriticalSection
0x420044 EncodePointer
0x420048 MultiByteToWideChar
0x42004c WideCharToMultiByte
0x420050 LCMapStringEx
0x420054 GetStringTypeW
0x420058 GetCPInfo
0x42005c IsDebuggerPresent
0x420060 OutputDebugStringW
0x420064 CloseHandle
0x420068 InitializeCriticalSectionAndSpinCount
0x42006c CreateEventW
0x420070 GetModuleHandleW
0x420074 GetProcAddress
0x420078 IsProcessorFeaturePresent
0x42007c UnhandledExceptionFilter
0x420080 SetUnhandledExceptionFilter
0x420084 GetStartupInfoW
0x420088 GetCurrentProcess
0x42008c TerminateProcess
0x420090 QueryPerformanceCounter
0x420094 GetCurrentProcessId
0x420098 GetCurrentThreadId
0x42009c GetSystemTimeAsFileTime
0x4200a0 InitializeSListHead
0x4200a4 RtlUnwind
0x4200a8 SetLastError
0x4200ac TlsAlloc
0x4200b0 TlsGetValue
0x4200b4 TlsSetValue
0x4200b8 TlsFree
0x4200bc FreeLibrary
0x4200c0 LoadLibraryExW
0x4200c4 ExitProcess
0x4200c8 GetModuleHandleExW
0x4200cc GetModuleFileNameW
0x4200d0 GetStdHandle
0x4200d4 WriteFile
0x4200d8 LCMapStringW
0x4200dc GetLocaleInfoW
0x4200e0 IsValidLocale
0x4200e4 GetUserDefaultLCID
0x4200e8 EnumSystemLocalesW
0x4200ec GetFileType
0x4200f0 FlushFileBuffers
0x4200f4 GetConsoleCP
0x4200f8 GetConsoleMode
0x4200fc ReadFile
0x420100 GetFileSizeEx
0x420104 SetFilePointerEx
0x420108 ReadConsoleW
0x42010c FindClose
0x420110 FindFirstFileExW
0x420114 FindNextFileW
0x420118 IsValidCodePage
0x42011c GetACP
0x420120 GetOEMCP
0x420124 GetCommandLineA
0x420128 GetCommandLineW
0x42012c GetEnvironmentStringsW
0x420130 SetEndOfFile
ole32.dll
0x420138 CoTaskMemAlloc
EAT(Export Address Table) is none