ScreenShot
| Created | 2023.07.14 17:08 | Machine | s1_win7_x6402 |
| Filename | Inv_LCC_Scan_4.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 17 detected (malicious, high confidence, Artemis, confidence, 100%, Attribute, HighConfidence, score, BotX, IcedId, enzyp, high, Static AI, Suspicious PE, Tnega, unsafe) | ||
| md5 | 01f50ef4b9419013f3a3967d7ed734cf | ||
| sha256 | d7394ece4ab3dc614805ceab5e5686e0e401cf992b2770e4cc2bada501243281 | ||
| ssdeep | 24576:mKCS1UmzJqqToGm7dHxi+7wHePbpb9ocj:mKCe1YdHxi+c+p | ||
| imphash | c39052992f948249dbbd41cc36bb9262 | ||
| impfuzzy | 24:ZdS+N4ivJwK0qtvnDdJhc+Ll49ZXjMOjuG:pJwytdc+L25qG | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14000d000 GetProcessHeap
0x14000d008 CreateFileA
0x14000d010 CloseHandle
0x14000d018 GetLastError
0x14000d020 HeapWalk
0x14000d028 CreateActCtxA
0x14000d030 ActivateActCtx
0x14000d038 DeactivateActCtx
0x14000d040 FindFirstFileA
0x14000d048 FindNextFileA
0x14000d050 FindClose
0x14000d058 GetWindowsDirectoryA
0x14000d060 ReadFile
0x14000d068 CreateFileMappingA
0x14000d070 CreateNamedPipeA
0x14000d078 PeekNamedPipe
0x14000d080 ExitProcess
0x14000d088 VirtualAlloc
0x14000d090 RtlCaptureContext
0x14000d098 RtlLookupFunctionEntry
0x14000d0a0 RtlVirtualUnwind
0x14000d0a8 IsDebuggerPresent
0x14000d0b0 UnhandledExceptionFilter
0x14000d0b8 SetUnhandledExceptionFilter
0x14000d0c0 GetCurrentProcess
0x14000d0c8 TerminateProcess
0x14000d0d0 IsProcessorFeaturePresent
0x14000d0d8 WriteConsoleW
0x14000d0e0 HeapFree
0x14000d0e8 GetModuleHandleW
0x14000d0f0 GetProcAddress
0x14000d0f8 HeapAlloc
0x14000d100 MultiByteToWideChar
0x14000d108 WideCharToMultiByte
0x14000d110 SetLastError
0x14000d118 GetACP
0x14000d120 EnterCriticalSection
0x14000d128 LeaveCriticalSection
0x14000d130 DeleteCriticalSection
0x14000d138 GetStringTypeW
0x14000d140 CreateFileW
0x14000d148 GetCPInfo
0x14000d150 InitializeCriticalSectionAndSpinCount
0x14000d158 TlsGetValue
0x14000d160 TlsSetValue
0x14000d168 FreeLibrary
0x14000d170 LoadLibraryExW
0x14000d178 LCMapStringW
0x14000d180 IsValidCodePage
0x14000d188 GetOEMCP
0x14000d190 SetStdHandle
0x14000d198 GetModuleHandleExW
0x14000d1a0 WriteFile
0x14000d1a8 GetConsoleCP
0x14000d1b0 GetConsoleMode
0x14000d1b8 SetFilePointerEx
0x14000d1c0 FlushFileBuffers
0x14000d1c8 RaiseException
0x14000d1d0 HeapSize
0x14000d1d8 HeapReAlloc
0x14000d1e0 CreateEventW
0x14000d1e8 RtlUnwindEx
EAT(Export Address Table) is none
KERNEL32.dll
0x14000d000 GetProcessHeap
0x14000d008 CreateFileA
0x14000d010 CloseHandle
0x14000d018 GetLastError
0x14000d020 HeapWalk
0x14000d028 CreateActCtxA
0x14000d030 ActivateActCtx
0x14000d038 DeactivateActCtx
0x14000d040 FindFirstFileA
0x14000d048 FindNextFileA
0x14000d050 FindClose
0x14000d058 GetWindowsDirectoryA
0x14000d060 ReadFile
0x14000d068 CreateFileMappingA
0x14000d070 CreateNamedPipeA
0x14000d078 PeekNamedPipe
0x14000d080 ExitProcess
0x14000d088 VirtualAlloc
0x14000d090 RtlCaptureContext
0x14000d098 RtlLookupFunctionEntry
0x14000d0a0 RtlVirtualUnwind
0x14000d0a8 IsDebuggerPresent
0x14000d0b0 UnhandledExceptionFilter
0x14000d0b8 SetUnhandledExceptionFilter
0x14000d0c0 GetCurrentProcess
0x14000d0c8 TerminateProcess
0x14000d0d0 IsProcessorFeaturePresent
0x14000d0d8 WriteConsoleW
0x14000d0e0 HeapFree
0x14000d0e8 GetModuleHandleW
0x14000d0f0 GetProcAddress
0x14000d0f8 HeapAlloc
0x14000d100 MultiByteToWideChar
0x14000d108 WideCharToMultiByte
0x14000d110 SetLastError
0x14000d118 GetACP
0x14000d120 EnterCriticalSection
0x14000d128 LeaveCriticalSection
0x14000d130 DeleteCriticalSection
0x14000d138 GetStringTypeW
0x14000d140 CreateFileW
0x14000d148 GetCPInfo
0x14000d150 InitializeCriticalSectionAndSpinCount
0x14000d158 TlsGetValue
0x14000d160 TlsSetValue
0x14000d168 FreeLibrary
0x14000d170 LoadLibraryExW
0x14000d178 LCMapStringW
0x14000d180 IsValidCodePage
0x14000d188 GetOEMCP
0x14000d190 SetStdHandle
0x14000d198 GetModuleHandleExW
0x14000d1a0 WriteFile
0x14000d1a8 GetConsoleCP
0x14000d1b0 GetConsoleMode
0x14000d1b8 SetFilePointerEx
0x14000d1c0 FlushFileBuffers
0x14000d1c8 RaiseException
0x14000d1d0 HeapSize
0x14000d1d8 HeapReAlloc
0x14000d1e0 CreateEventW
0x14000d1e8 RtlUnwindEx
EAT(Export Address Table) is none