ScreenShot
| Created | 2023.06.30 17:48 | Machine | s1_win7_x6403 |
| Filename | f429fjd4uf84u.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 54 detected (AIDetectMalware, Siggen20, Lazy, Vz33, malicious, confidence, 100%, ZexaF, @x0@aSP@gnei, Genus, ABRisk, BGYY, high confidence, AEVE, score, xasiui, jtsmkc, Tzfl, AGEN, R053C0DL722, ehzd, ai score=100, Sabsik, Malware@#2b6dazopn49ai, Detected, Artemis, unsafe, RnkBend, Generic@AI, RDML, KKOHn6EXsYEAW8csHR1JWw, susgen, PossibleThreat) | ||
| md5 | aaead1169523638d40ca4d884e3d787a | ||
| sha256 | 09c92f58d9b11db5d9a7e984cb3270bcc6db79ea153dea86788eccaaa561d50c | ||
| ssdeep | 196608:LZLecymZqT+XX9Atk+7TDhlXRZvYdtEA6OSwK:Nhyzy9AtpRZv2R6Oy | ||
| imphash | 73ac0e44533c04a24b4267feb74f23de | ||
| impfuzzy | 24:V0D7uLtMX7MdlJeDc+pl39LoBUSOovbO3iv2GMM:eutMX7Mic+ppJX30b | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x415000 LoadLibraryA
0x415004 GetProcAddress
0x415008 GetCurrentProcessId
0x41500c GetEnvironmentStringsW
0x415010 WriteConsoleW
0x415014 UnhandledExceptionFilter
0x415018 SetUnhandledExceptionFilter
0x41501c GetCurrentProcess
0x415020 TerminateProcess
0x415024 IsProcessorFeaturePresent
0x415028 QueryPerformanceCounter
0x41502c GetCurrentThreadId
0x415030 GetSystemTimeAsFileTime
0x415034 InitializeSListHead
0x415038 IsDebuggerPresent
0x41503c GetStartupInfoW
0x415040 GetModuleHandleW
0x415044 RtlUnwind
0x415048 RaiseException
0x41504c GetLastError
0x415050 SetLastError
0x415054 EncodePointer
0x415058 EnterCriticalSection
0x41505c LeaveCriticalSection
0x415060 DeleteCriticalSection
0x415064 InitializeCriticalSectionAndSpinCount
0x415068 TlsAlloc
0x41506c TlsGetValue
0x415070 TlsSetValue
0x415074 TlsFree
0x415078 FreeLibrary
0x41507c LoadLibraryExW
0x415080 GetStdHandle
0x415084 WriteFile
0x415088 GetModuleFileNameW
0x41508c ExitProcess
0x415090 GetModuleHandleExW
0x415094 HeapAlloc
0x415098 HeapFree
0x41509c FindClose
0x4150a0 FindFirstFileExW
0x4150a4 FindNextFileW
0x4150a8 IsValidCodePage
0x4150ac GetACP
0x4150b0 GetOEMCP
0x4150b4 GetCPInfo
0x4150b8 GetCommandLineA
0x4150bc GetCommandLineW
0x4150c0 MultiByteToWideChar
0x4150c4 WideCharToMultiByte
0x4150c8 FreeEnvironmentStringsW
0x4150cc SetStdHandle
0x4150d0 GetFileType
0x4150d4 GetStringTypeW
0x4150d8 LCMapStringW
0x4150dc GetProcessHeap
0x4150e0 HeapSize
0x4150e4 HeapReAlloc
0x4150e8 FlushFileBuffers
0x4150ec GetConsoleOutputCP
0x4150f0 GetConsoleMode
0x4150f4 SetFilePointerEx
0x4150f8 CreateFileW
0x4150fc CloseHandle
0x415100 DecodePointer
EAT(Export Address Table) is none
KERNEL32.dll
0x415000 LoadLibraryA
0x415004 GetProcAddress
0x415008 GetCurrentProcessId
0x41500c GetEnvironmentStringsW
0x415010 WriteConsoleW
0x415014 UnhandledExceptionFilter
0x415018 SetUnhandledExceptionFilter
0x41501c GetCurrentProcess
0x415020 TerminateProcess
0x415024 IsProcessorFeaturePresent
0x415028 QueryPerformanceCounter
0x41502c GetCurrentThreadId
0x415030 GetSystemTimeAsFileTime
0x415034 InitializeSListHead
0x415038 IsDebuggerPresent
0x41503c GetStartupInfoW
0x415040 GetModuleHandleW
0x415044 RtlUnwind
0x415048 RaiseException
0x41504c GetLastError
0x415050 SetLastError
0x415054 EncodePointer
0x415058 EnterCriticalSection
0x41505c LeaveCriticalSection
0x415060 DeleteCriticalSection
0x415064 InitializeCriticalSectionAndSpinCount
0x415068 TlsAlloc
0x41506c TlsGetValue
0x415070 TlsSetValue
0x415074 TlsFree
0x415078 FreeLibrary
0x41507c LoadLibraryExW
0x415080 GetStdHandle
0x415084 WriteFile
0x415088 GetModuleFileNameW
0x41508c ExitProcess
0x415090 GetModuleHandleExW
0x415094 HeapAlloc
0x415098 HeapFree
0x41509c FindClose
0x4150a0 FindFirstFileExW
0x4150a4 FindNextFileW
0x4150a8 IsValidCodePage
0x4150ac GetACP
0x4150b0 GetOEMCP
0x4150b4 GetCPInfo
0x4150b8 GetCommandLineA
0x4150bc GetCommandLineW
0x4150c0 MultiByteToWideChar
0x4150c4 WideCharToMultiByte
0x4150c8 FreeEnvironmentStringsW
0x4150cc SetStdHandle
0x4150d0 GetFileType
0x4150d4 GetStringTypeW
0x4150d8 LCMapStringW
0x4150dc GetProcessHeap
0x4150e0 HeapSize
0x4150e4 HeapReAlloc
0x4150e8 FlushFileBuffers
0x4150ec GetConsoleOutputCP
0x4150f0 GetConsoleMode
0x4150f4 SetFilePointerEx
0x4150f8 CreateFileW
0x4150fc CloseHandle
0x415100 DecodePointer
EAT(Export Address Table) is none