ScreenShot
| Created | 2023.07.10 08:06 | Machine | s1_win7_x6401 |
| Filename | echo-4662-2DF5.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 25fca21c810a8ffabf4fdf3b1755c73c | ||
| sha256 | 2eecf5e7f48a7d84c212695f157295d060963470e4e0afab14eb2e491ae0f1d6 | ||
| ssdeep | 98304:S3JV0DgpleTM787SmtJ84kCDqRW/0Grx4vPuvD9luwUilCHHitpQeUhE2j3HTDrH:CfRyJruSxdO1A5IXL5BpSehSE6uKw5 | ||
| imphash | 96ae6d4dd839b1b25a5bfb040d0c3dc4 | ||
| impfuzzy | 3:sUx2AEaoM/GDAJC9b8W5KdErKXgGaAumDDKWXLxBOTXz5NAHWbBbEiOAODt0ojn:nE72RMqGKGgDLZKWXfqDTLbBhvODt00 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | DEP was bypassed by marking part of the stack executable by the process echo-4662-2DF5.exe |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | themida_packer | themida packer | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1415a0180 GetModuleHandleA
ADVAPI32.dll
0x1415a0190 CloseServiceHandle
GDI32.dll
0x1415a01a0 ChoosePixelFormat
msvcrt.dll
0x1415a01b0 ___lc_codepage_func
OPENGL32.dll
0x1415a01c0 wglGetProcAddress
SHELL32.dll
0x1415a01d0 DragAcceptFiles
USER32.dll
0x1415a01e0 AdjustWindowRectEx
EAT(Export Address Table) Library
0x140d441c0 _cgo_dummy_export
0x14051eb10 glowDebugCallback_glcore32
0x140509c40 goCharCB
0x140509c90 goCharModsCB
0x140509b10 goCursorEnterCB
0x140509aa0 goCursorPosCB
0x140509cf0 goDropCB
0x140509990 goErrorCB
0x140509e70 goFramebufferSizeCB
0x1405099f0 goJoystickCB
0x140509bd0 goKeyCB
0x14041be30 goMarkdownImageCallback
0x140509d60 goMonitorCB
0x140509a40 goMouseButtonCB
0x140509b60 goScrollCB
0x140509ed0 goWindowCloseCB
0x14050a060 goWindowContentScaleCB
0x140509fc0 goWindowFocusCB
0x14050a010 goWindowIconifyCB
0x140509f20 goWindowMaximizeCB
0x140509db0 goWindowPosCB
0x140509f70 goWindowRefreshCB
0x140509e10 goWindowSizeCB
0x14041bcb0 iggAssert
0x14041bdd0 iggInputTextCallback
0x14041bd20 iggIoGetClipboardText
0x14041bd80 iggIoSetClipboardText
kernel32.dll
0x1415a0180 GetModuleHandleA
ADVAPI32.dll
0x1415a0190 CloseServiceHandle
GDI32.dll
0x1415a01a0 ChoosePixelFormat
msvcrt.dll
0x1415a01b0 ___lc_codepage_func
OPENGL32.dll
0x1415a01c0 wglGetProcAddress
SHELL32.dll
0x1415a01d0 DragAcceptFiles
USER32.dll
0x1415a01e0 AdjustWindowRectEx
EAT(Export Address Table) Library
0x140d441c0 _cgo_dummy_export
0x14051eb10 glowDebugCallback_glcore32
0x140509c40 goCharCB
0x140509c90 goCharModsCB
0x140509b10 goCursorEnterCB
0x140509aa0 goCursorPosCB
0x140509cf0 goDropCB
0x140509990 goErrorCB
0x140509e70 goFramebufferSizeCB
0x1405099f0 goJoystickCB
0x140509bd0 goKeyCB
0x14041be30 goMarkdownImageCallback
0x140509d60 goMonitorCB
0x140509a40 goMouseButtonCB
0x140509b60 goScrollCB
0x140509ed0 goWindowCloseCB
0x14050a060 goWindowContentScaleCB
0x140509fc0 goWindowFocusCB
0x14050a010 goWindowIconifyCB
0x140509f20 goWindowMaximizeCB
0x140509db0 goWindowPosCB
0x140509f70 goWindowRefreshCB
0x140509e10 goWindowSizeCB
0x14041bcb0 iggAssert
0x14041bdd0 iggInputTextCallback
0x14041bd20 iggIoGetClipboardText
0x14041bd80 iggIoSetClipboardText