ScreenShot
| Created | 2023.06.15 14:44 | Machine | s1_win7_x6402 |
| Filename | main.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 11 detected (Attribute, HighConfidence, a variant of WinGo, ClipBanker, Malicious, score, FileRepMalware, Misc, unsafe) | ||
| md5 | 5c2176e209f257ce5f965f5b6c50af96 | ||
| sha256 | cf58ff751bc10914fca398a2f609114dd24005ac2307435de084488bed63a0a1 | ||
| ssdeep | 98304:A3giFx5CdI+CcEhqkmT9LCZz0Vh6l8us3trJ:YH21YYkuVjh6l8u0tF | ||
| imphash | f0ea7b7844bbc5bfa9bb32efdcea957c | ||
| impfuzzy | 24:UbVjh9wO+VuT2oLtXOr6kwmDruMztxdEr6tP:GwO+VAXOmGx0oP | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 11 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x8e3340 WriteFile
0x8e3348 WriteConsoleW
0x8e3350 WaitForMultipleObjects
0x8e3358 WaitForSingleObject
0x8e3360 VirtualQuery
0x8e3368 VirtualFree
0x8e3370 VirtualAlloc
0x8e3378 TlsAlloc
0x8e3380 SwitchToThread
0x8e3388 SuspendThread
0x8e3390 SetWaitableTimer
0x8e3398 SetUnhandledExceptionFilter
0x8e33a0 SetProcessPriorityBoost
0x8e33a8 SetEvent
0x8e33b0 SetErrorMode
0x8e33b8 SetConsoleCtrlHandler
0x8e33c0 ResumeThread
0x8e33c8 PostQueuedCompletionStatus
0x8e33d0 LoadLibraryA
0x8e33d8 LoadLibraryW
0x8e33e0 SetThreadContext
0x8e33e8 GetThreadContext
0x8e33f0 GetSystemInfo
0x8e33f8 GetSystemDirectoryA
0x8e3400 GetStdHandle
0x8e3408 GetQueuedCompletionStatusEx
0x8e3410 GetProcessAffinityMask
0x8e3418 GetProcAddress
0x8e3420 GetEnvironmentStringsW
0x8e3428 GetConsoleMode
0x8e3430 FreeEnvironmentStringsW
0x8e3438 ExitProcess
0x8e3440 DuplicateHandle
0x8e3448 CreateWaitableTimerExW
0x8e3450 CreateThread
0x8e3458 CreateIoCompletionPort
0x8e3460 CreateFileA
0x8e3468 CreateEventA
0x8e3470 CloseHandle
0x8e3478 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x8e3340 WriteFile
0x8e3348 WriteConsoleW
0x8e3350 WaitForMultipleObjects
0x8e3358 WaitForSingleObject
0x8e3360 VirtualQuery
0x8e3368 VirtualFree
0x8e3370 VirtualAlloc
0x8e3378 TlsAlloc
0x8e3380 SwitchToThread
0x8e3388 SuspendThread
0x8e3390 SetWaitableTimer
0x8e3398 SetUnhandledExceptionFilter
0x8e33a0 SetProcessPriorityBoost
0x8e33a8 SetEvent
0x8e33b0 SetErrorMode
0x8e33b8 SetConsoleCtrlHandler
0x8e33c0 ResumeThread
0x8e33c8 PostQueuedCompletionStatus
0x8e33d0 LoadLibraryA
0x8e33d8 LoadLibraryW
0x8e33e0 SetThreadContext
0x8e33e8 GetThreadContext
0x8e33f0 GetSystemInfo
0x8e33f8 GetSystemDirectoryA
0x8e3400 GetStdHandle
0x8e3408 GetQueuedCompletionStatusEx
0x8e3410 GetProcessAffinityMask
0x8e3418 GetProcAddress
0x8e3420 GetEnvironmentStringsW
0x8e3428 GetConsoleMode
0x8e3430 FreeEnvironmentStringsW
0x8e3438 ExitProcess
0x8e3440 DuplicateHandle
0x8e3448 CreateWaitableTimerExW
0x8e3450 CreateThread
0x8e3458 CreateIoCompletionPort
0x8e3460 CreateFileA
0x8e3468 CreateEventA
0x8e3470 CloseHandle
0x8e3478 AddVectoredExceptionHandler
EAT(Export Address Table) is none