ScreenShot
| Created | 2023.06.18 12:15 | Machine | s1_win7_x6403 |
| Filename | game.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 24 detected (AIDetectMalware, ZexaF, gq2@a0wYGAli, Kryptik, Eldorado, Attribute, HighConfidence, malicious, high confidence, HTUE, score, Convagent, TrojanX, high, Static AI, Suspicious PE, Wacatac, Detected, unsafe, ftKgNsH23pM, susgen, confidence) | ||
| md5 | 888983f654ddc26dbba28df2ccef74c0 | ||
| sha256 | 710aebd23320cdd55674103599460ba481709c9c4e5cfe2feee998f9bce5f12c | ||
| ssdeep | 1536:s0Os+/XC/fkz6NKn7AIk4VW17r5+y+EZGdnAWXxk0L/CXt7SyyPxu:s0v+/S0qQ+7rIynjWnL/CXt0xu | ||
| imphash | 8b20c0aa1a6b70c064e1b0a2222ddac4 | ||
| impfuzzy | 24:1DotejUMjOovg/J3JKnktsQFQ8RyvDkRT4QfalWKGLtr/Lm:aMCHhts3DgcQfaIKGLtO | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | Disables Windows Security features |
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to disable Windows Auto Updates |
| watch | Attempts to stop active services |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41000c lstrlenW
0x410010 VirtualProtect
0x410014 GetProcAddress
0x410018 LoadLibraryA
0x41001c VirtualAlloc
0x410020 CreateThread
0x410024 WaitForSingleObject
0x410028 GetModuleHandleA
0x41002c Sleep
0x410030 RtlUnwind
0x410034 RaiseException
0x410038 GetCommandLineA
0x41003c GetModuleHandleW
0x410040 TlsGetValue
0x410044 TlsAlloc
0x410048 TlsSetValue
0x41004c TlsFree
0x410050 InterlockedIncrement
0x410054 SetLastError
0x410058 GetCurrentThreadId
0x41005c GetLastError
0x410060 InterlockedDecrement
0x410064 HeapFree
0x410068 HeapAlloc
0x41006c TerminateProcess
0x410070 GetCurrentProcess
0x410074 UnhandledExceptionFilter
0x410078 SetUnhandledExceptionFilter
0x41007c IsDebuggerPresent
0x410080 ExitProcess
0x410084 WriteFile
0x410088 GetStdHandle
0x41008c GetModuleFileNameA
0x410090 FreeEnvironmentStringsA
0x410094 GetEnvironmentStrings
0x410098 FreeEnvironmentStringsW
0x41009c WideCharToMultiByte
0x4100a0 GetEnvironmentStringsW
0x4100a4 SetHandleCount
0x4100a8 GetFileType
0x4100ac GetStartupInfoA
0x4100b0 DeleteCriticalSection
0x4100b4 HeapCreate
0x4100b8 VirtualFree
0x4100bc QueryPerformanceCounter
0x4100c0 GetTickCount
0x4100c4 GetCurrentProcessId
0x4100c8 GetSystemTimeAsFileTime
0x4100cc GetCPInfo
0x4100d0 GetACP
0x4100d4 GetOEMCP
0x4100d8 IsValidCodePage
0x4100dc LeaveCriticalSection
0x4100e0 EnterCriticalSection
0x4100e4 HeapReAlloc
0x4100e8 HeapSize
0x4100ec InitializeCriticalSectionAndSpinCount
0x4100f0 LCMapStringA
0x4100f4 MultiByteToWideChar
0x4100f8 LCMapStringW
0x4100fc GetStringTypeA
0x410100 GetStringTypeW
0x410104 GetLocaleInfoA
USER32.dll
0x41010c DragDetect
0x410110 GetWindowRect
0x410114 SetCapture
0x410118 SetRect
COMDLG32.dll
0x410000 GetSaveFileNameA
0x410004 GetOpenFileNameA
EAT(Export Address Table) is none
KERNEL32.dll
0x41000c lstrlenW
0x410010 VirtualProtect
0x410014 GetProcAddress
0x410018 LoadLibraryA
0x41001c VirtualAlloc
0x410020 CreateThread
0x410024 WaitForSingleObject
0x410028 GetModuleHandleA
0x41002c Sleep
0x410030 RtlUnwind
0x410034 RaiseException
0x410038 GetCommandLineA
0x41003c GetModuleHandleW
0x410040 TlsGetValue
0x410044 TlsAlloc
0x410048 TlsSetValue
0x41004c TlsFree
0x410050 InterlockedIncrement
0x410054 SetLastError
0x410058 GetCurrentThreadId
0x41005c GetLastError
0x410060 InterlockedDecrement
0x410064 HeapFree
0x410068 HeapAlloc
0x41006c TerminateProcess
0x410070 GetCurrentProcess
0x410074 UnhandledExceptionFilter
0x410078 SetUnhandledExceptionFilter
0x41007c IsDebuggerPresent
0x410080 ExitProcess
0x410084 WriteFile
0x410088 GetStdHandle
0x41008c GetModuleFileNameA
0x410090 FreeEnvironmentStringsA
0x410094 GetEnvironmentStrings
0x410098 FreeEnvironmentStringsW
0x41009c WideCharToMultiByte
0x4100a0 GetEnvironmentStringsW
0x4100a4 SetHandleCount
0x4100a8 GetFileType
0x4100ac GetStartupInfoA
0x4100b0 DeleteCriticalSection
0x4100b4 HeapCreate
0x4100b8 VirtualFree
0x4100bc QueryPerformanceCounter
0x4100c0 GetTickCount
0x4100c4 GetCurrentProcessId
0x4100c8 GetSystemTimeAsFileTime
0x4100cc GetCPInfo
0x4100d0 GetACP
0x4100d4 GetOEMCP
0x4100d8 IsValidCodePage
0x4100dc LeaveCriticalSection
0x4100e0 EnterCriticalSection
0x4100e4 HeapReAlloc
0x4100e8 HeapSize
0x4100ec InitializeCriticalSectionAndSpinCount
0x4100f0 LCMapStringA
0x4100f4 MultiByteToWideChar
0x4100f8 LCMapStringW
0x4100fc GetStringTypeA
0x410100 GetStringTypeW
0x410104 GetLocaleInfoA
USER32.dll
0x41010c DragDetect
0x410110 GetWindowRect
0x410114 SetCapture
0x410118 SetRect
COMDLG32.dll
0x410000 GetSaveFileNameA
0x410004 GetOpenFileNameA
EAT(Export Address Table) is none