ScreenShot
| Created | 2023.07.18 07:23 | Machine | s1_win7_x6403 |
| Filename | repack.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 44 detected (Common, malicious, high confidence, Siggen20, GenericKD, unsafe, ClipBanker, Save, TrojanBanker, ABRisk, OAJG, Attribute, HighConfidence, a variant of Generik, IIAYTZH, Yimw, hriip, R002C0XFF23, Static AI, Suspicious PE, Wacatac, score, ai score=83, susgen, PossibleThreat, Chgt, confidence, 100%) | ||
| md5 | d072480d939a819969bab643d14dbab8 | ||
| sha256 | d8557a8feb4555c4daa426b0c26881712b4be22610caf924079a454150611736 | ||
| ssdeep | 49152:o/uuVcm6Irb/TqvO90d7HjmAFd4A64nsfJiFCyESgyyRzUxD1TR9nm4JjaX:q64EV | ||
| imphash | f0ea7b7844bbc5bfa9bb32efdcea957c | ||
| impfuzzy | 24:UbVjh9wO+VuT2oLtXOr6kwmDruMztxdEr6tP:GwO+VAXOmGx0oP | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| watch | Detects the presence of Wine emulator |
| watch | Installs itself for autorun at Windows startup |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x5731a0 WriteFile
0x5731a8 WriteConsoleW
0x5731b0 WaitForMultipleObjects
0x5731b8 WaitForSingleObject
0x5731c0 VirtualQuery
0x5731c8 VirtualFree
0x5731d0 VirtualAlloc
0x5731d8 TlsAlloc
0x5731e0 SwitchToThread
0x5731e8 SuspendThread
0x5731f0 SetWaitableTimer
0x5731f8 SetUnhandledExceptionFilter
0x573200 SetProcessPriorityBoost
0x573208 SetEvent
0x573210 SetErrorMode
0x573218 SetConsoleCtrlHandler
0x573220 ResumeThread
0x573228 PostQueuedCompletionStatus
0x573230 LoadLibraryA
0x573238 LoadLibraryW
0x573240 SetThreadContext
0x573248 GetThreadContext
0x573250 GetSystemInfo
0x573258 GetSystemDirectoryA
0x573260 GetStdHandle
0x573268 GetQueuedCompletionStatusEx
0x573270 GetProcessAffinityMask
0x573278 GetProcAddress
0x573280 GetEnvironmentStringsW
0x573288 GetConsoleMode
0x573290 FreeEnvironmentStringsW
0x573298 ExitProcess
0x5732a0 DuplicateHandle
0x5732a8 CreateWaitableTimerExW
0x5732b0 CreateThread
0x5732b8 CreateIoCompletionPort
0x5732c0 CreateFileA
0x5732c8 CreateEventA
0x5732d0 CloseHandle
0x5732d8 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x5731a0 WriteFile
0x5731a8 WriteConsoleW
0x5731b0 WaitForMultipleObjects
0x5731b8 WaitForSingleObject
0x5731c0 VirtualQuery
0x5731c8 VirtualFree
0x5731d0 VirtualAlloc
0x5731d8 TlsAlloc
0x5731e0 SwitchToThread
0x5731e8 SuspendThread
0x5731f0 SetWaitableTimer
0x5731f8 SetUnhandledExceptionFilter
0x573200 SetProcessPriorityBoost
0x573208 SetEvent
0x573210 SetErrorMode
0x573218 SetConsoleCtrlHandler
0x573220 ResumeThread
0x573228 PostQueuedCompletionStatus
0x573230 LoadLibraryA
0x573238 LoadLibraryW
0x573240 SetThreadContext
0x573248 GetThreadContext
0x573250 GetSystemInfo
0x573258 GetSystemDirectoryA
0x573260 GetStdHandle
0x573268 GetQueuedCompletionStatusEx
0x573270 GetProcessAffinityMask
0x573278 GetProcAddress
0x573280 GetEnvironmentStringsW
0x573288 GetConsoleMode
0x573290 FreeEnvironmentStringsW
0x573298 ExitProcess
0x5732a0 DuplicateHandle
0x5732a8 CreateWaitableTimerExW
0x5732b0 CreateThread
0x5732b8 CreateIoCompletionPort
0x5732c0 CreateFileA
0x5732c8 CreateEventA
0x5732d0 CloseHandle
0x5732d8 AddVectoredExceptionHandler
EAT(Export Address Table) is none