ScreenShot
| Created | 2023.05.29 13:24 | Machine | s1_win7_x6401 |
| Filename | evhic3tm.9uob3.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 25 detected (AIDetectMalware, malicious, high confidence, GenericRXWA, Vnld, Attribute, HighConfidence, Kryptik, HTQK, score, FileRepMalware, Misc, Artemis, high, Static AI, Suspicious PE, Sabsik, Detected, BScope, TrojanPSW, RedLine, unsafe, Convagent, CLOUD, confidence) | ||
| md5 | 6df739288df7e77eea4f6fd867d76707 | ||
| sha256 | 2e1f5a1d453997675929763da14fe7e85a77bd51663c7bc378eadcf696bea4c5 | ||
| ssdeep | 12288:1VrsR5K9HXSLptdxOSGd4+C9UfzAddKwlyrq+tZ5mX6I:1VrsRlLHCSGd4+0UfzKsLT5mKI | ||
| imphash | 8153d38095a12d74aae1fefe22eee603 | ||
| impfuzzy | 48:O+ZWlSXedZ+fcM1t0YtjGLkbi2IrQ8WtI6/nBoiryEt6Rkv4z0QSvpKzZlyGwtJO:OmWlQCZ+fcM1t0GjOg6g+EZQ4Q | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424020 GetLocaleInfoW
0x424024 SetStdHandle
0x424028 WriteConsoleW
0x42402c GetConsoleOutputCP
0x424030 WriteConsoleA
0x424034 LoadLibraryA
0x424038 InitializeCriticalSectionAndSpinCount
0x42403c GetStringTypeW
0x424040 GetStringTypeA
0x424044 IsValidLocale
0x424048 EnumSystemLocalesA
0x42404c GetLocaleInfoA
0x424050 GetUserDefaultLCID
0x424054 IsValidCodePage
0x424058 GetOEMCP
0x42405c GetACP
0x424060 HeapSize
0x424064 CloseHandle
0x424068 CreateFileA
0x42406c ReadFile
0x424070 FlushFileBuffers
0x424074 GetConsoleMode
0x424078 GetConsoleCP
0x42407c GetSystemTimeAsFileTime
0x424080 GetCurrentProcessId
0x424084 GetTickCount
0x424088 QueryPerformanceCounter
0x42408c GetStartupInfoA
0x424090 GetFileType
0x424094 SetHandleCount
0x424098 FreeEnvironmentStringsW
0x42409c GetEnvironmentStrings
0x4240a0 FreeEnvironmentStringsA
0x4240a4 GetModuleFileNameA
0x4240a8 GetStdHandle
0x4240ac WriteFile
0x4240b0 ExitProcess
0x4240b4 HeapReAlloc
0x4240b8 VirtualAlloc
0x4240bc VirtualFree
0x4240c0 HeapCreate
0x4240c4 GetEnvironmentStringsW
0x4240c8 MultiByteToWideChar
0x4240cc GetModuleHandleA
0x4240d0 SetFilePointer
0x4240d4 GetProcAddress
0x4240d8 InterlockedIncrement
0x4240dc InterlockedDecrement
0x4240e0 WideCharToMultiByte
0x4240e4 Sleep
0x4240e8 InterlockedExchange
0x4240ec InitializeCriticalSection
0x4240f0 DeleteCriticalSection
0x4240f4 EnterCriticalSection
0x4240f8 LeaveCriticalSection
0x4240fc RtlUnwind
0x424100 TerminateProcess
0x424104 GetCurrentProcess
0x424108 UnhandledExceptionFilter
0x42410c SetUnhandledExceptionFilter
0x424110 IsDebuggerPresent
0x424114 RaiseException
0x424118 GetLastError
0x42411c HeapFree
0x424120 GetCommandLineA
0x424124 LCMapStringA
0x424128 LCMapStringW
0x42412c GetCPInfo
0x424130 GetModuleHandleW
0x424134 TlsGetValue
0x424138 TlsAlloc
0x42413c TlsSetValue
0x424140 TlsFree
0x424144 SetLastError
0x424148 GetCurrentThreadId
0x42414c HeapAlloc
USER32.dll
0x424154 GetWindowRect
0x424158 IsMenu
0x42415c GetSubMenu
0x424160 SetDlgItemInt
0x424164 GetWindowPlacement
0x424168 CharLowerBuffA
0x42416c EnableMenuItem
0x424170 CheckMenuRadioItem
0x424174 GetSysColor
0x424178 KillTimer
0x42417c DestroyIcon
0x424180 DestroyWindow
0x424184 PostQuitMessage
0x424188 GetClientRect
0x42418c MoveWindow
0x424190 GetSystemMenu
0x424194 SetTimer
0x424198 SetWindowPlacement
0x42419c InsertMenuItemA
0x4241a0 GetMenu
0x4241a4 CheckMenuItem
0x4241a8 SetMenuItemInfoA
0x4241ac SetActiveWindow
0x4241b0 DefDlgProcA
0x4241b4 RegisterClassA
0x4241b8 EndDialog
0x4241bc SetDlgItemTextA
0x4241c0 EnumClipboardFormats
0x4241c4 GetClipboardData
0x4241c8 CloseClipboard
0x4241cc GetClassInfoA
0x4241d0 CallWindowProcA
0x4241d4 SetWindowLongA
0x4241d8 IsDlgButtonChecked
0x4241dc SetWindowTextA
0x4241e0 CheckDlgButton
0x4241e4 GetActiveWindow
0x4241e8 LoadCursorA
0x4241ec MessageBoxA
0x4241f0 wsprintfA
0x4241f4 GetDlgItemTextA
0x4241f8 SendMessageA
0x4241fc GetCursorPos
0x424200 TrackPopupMenu
0x424204 ClientToScreen
0x424208 DestroyMenu
0x42420c CreatePopupMenu
0x424210 AppendMenuA
0x424214 SendDlgItemMessageA
0x424218 GetDlgItem
GDI32.dll
0x424000 GetStockObject
0x424004 DeleteObject
0x424008 SetBkMode
0x42400c SetTextColor
0x424010 CreateFontIndirectA
0x424014 SelectObject
0x424018 GetObjectA
kernel32.dll
0x49ea84 UpdateSemaphore
0x49ea88 AllocateClass
0x49ea8c AllocateClass
user32.dll
0x49ea94 DestroyThread
0x49ea98 DeleteHandle
0x49ea9c ReadMemory
0x49eaa0 GetMessage
0x49eaa4 RegisterHandle
0x49eaa8 UpdateCursor
advapi32.dll
0x49eab0 WriteBitmap
0x49eab4 GetEvent
0x49eab8 TerminateHandle
0x49eabc EnumerateEvent
EAT(Export Address Table) is none
KERNEL32.dll
0x424020 GetLocaleInfoW
0x424024 SetStdHandle
0x424028 WriteConsoleW
0x42402c GetConsoleOutputCP
0x424030 WriteConsoleA
0x424034 LoadLibraryA
0x424038 InitializeCriticalSectionAndSpinCount
0x42403c GetStringTypeW
0x424040 GetStringTypeA
0x424044 IsValidLocale
0x424048 EnumSystemLocalesA
0x42404c GetLocaleInfoA
0x424050 GetUserDefaultLCID
0x424054 IsValidCodePage
0x424058 GetOEMCP
0x42405c GetACP
0x424060 HeapSize
0x424064 CloseHandle
0x424068 CreateFileA
0x42406c ReadFile
0x424070 FlushFileBuffers
0x424074 GetConsoleMode
0x424078 GetConsoleCP
0x42407c GetSystemTimeAsFileTime
0x424080 GetCurrentProcessId
0x424084 GetTickCount
0x424088 QueryPerformanceCounter
0x42408c GetStartupInfoA
0x424090 GetFileType
0x424094 SetHandleCount
0x424098 FreeEnvironmentStringsW
0x42409c GetEnvironmentStrings
0x4240a0 FreeEnvironmentStringsA
0x4240a4 GetModuleFileNameA
0x4240a8 GetStdHandle
0x4240ac WriteFile
0x4240b0 ExitProcess
0x4240b4 HeapReAlloc
0x4240b8 VirtualAlloc
0x4240bc VirtualFree
0x4240c0 HeapCreate
0x4240c4 GetEnvironmentStringsW
0x4240c8 MultiByteToWideChar
0x4240cc GetModuleHandleA
0x4240d0 SetFilePointer
0x4240d4 GetProcAddress
0x4240d8 InterlockedIncrement
0x4240dc InterlockedDecrement
0x4240e0 WideCharToMultiByte
0x4240e4 Sleep
0x4240e8 InterlockedExchange
0x4240ec InitializeCriticalSection
0x4240f0 DeleteCriticalSection
0x4240f4 EnterCriticalSection
0x4240f8 LeaveCriticalSection
0x4240fc RtlUnwind
0x424100 TerminateProcess
0x424104 GetCurrentProcess
0x424108 UnhandledExceptionFilter
0x42410c SetUnhandledExceptionFilter
0x424110 IsDebuggerPresent
0x424114 RaiseException
0x424118 GetLastError
0x42411c HeapFree
0x424120 GetCommandLineA
0x424124 LCMapStringA
0x424128 LCMapStringW
0x42412c GetCPInfo
0x424130 GetModuleHandleW
0x424134 TlsGetValue
0x424138 TlsAlloc
0x42413c TlsSetValue
0x424140 TlsFree
0x424144 SetLastError
0x424148 GetCurrentThreadId
0x42414c HeapAlloc
USER32.dll
0x424154 GetWindowRect
0x424158 IsMenu
0x42415c GetSubMenu
0x424160 SetDlgItemInt
0x424164 GetWindowPlacement
0x424168 CharLowerBuffA
0x42416c EnableMenuItem
0x424170 CheckMenuRadioItem
0x424174 GetSysColor
0x424178 KillTimer
0x42417c DestroyIcon
0x424180 DestroyWindow
0x424184 PostQuitMessage
0x424188 GetClientRect
0x42418c MoveWindow
0x424190 GetSystemMenu
0x424194 SetTimer
0x424198 SetWindowPlacement
0x42419c InsertMenuItemA
0x4241a0 GetMenu
0x4241a4 CheckMenuItem
0x4241a8 SetMenuItemInfoA
0x4241ac SetActiveWindow
0x4241b0 DefDlgProcA
0x4241b4 RegisterClassA
0x4241b8 EndDialog
0x4241bc SetDlgItemTextA
0x4241c0 EnumClipboardFormats
0x4241c4 GetClipboardData
0x4241c8 CloseClipboard
0x4241cc GetClassInfoA
0x4241d0 CallWindowProcA
0x4241d4 SetWindowLongA
0x4241d8 IsDlgButtonChecked
0x4241dc SetWindowTextA
0x4241e0 CheckDlgButton
0x4241e4 GetActiveWindow
0x4241e8 LoadCursorA
0x4241ec MessageBoxA
0x4241f0 wsprintfA
0x4241f4 GetDlgItemTextA
0x4241f8 SendMessageA
0x4241fc GetCursorPos
0x424200 TrackPopupMenu
0x424204 ClientToScreen
0x424208 DestroyMenu
0x42420c CreatePopupMenu
0x424210 AppendMenuA
0x424214 SendDlgItemMessageA
0x424218 GetDlgItem
GDI32.dll
0x424000 GetStockObject
0x424004 DeleteObject
0x424008 SetBkMode
0x42400c SetTextColor
0x424010 CreateFontIndirectA
0x424014 SelectObject
0x424018 GetObjectA
kernel32.dll
0x49ea84 UpdateSemaphore
0x49ea88 AllocateClass
0x49ea8c AllocateClass
user32.dll
0x49ea94 DestroyThread
0x49ea98 DeleteHandle
0x49ea9c ReadMemory
0x49eaa0 GetMessage
0x49eaa4 RegisterHandle
0x49eaa8 UpdateCursor
advapi32.dll
0x49eab0 WriteBitmap
0x49eab4 GetEvent
0x49eab8 TerminateHandle
0x49eabc EnumerateEvent
EAT(Export Address Table) is none