ScreenShot
| Created | 2023.07.22 21:46 | Machine | s1_win7_x6403 |
| Filename | asas.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 39 detected (Donut, tsnU, Tedy, Vooy, Kryptik, Attribute, HighConfidence, malicious, high confidence, score, Gencirc, Infected, Shelm, ai score=82, Wacatac, Detected, GenericRXAA, unsafe, R014H0CGM23, HackTool, Meterpreter, YYnVYocbihB, Outbreak, susgen, confidence, 100%) | ||
| md5 | 103746e75cc79da6379bc879dd58b17a | ||
| sha256 | 18ff5c6d7aed24f4bfe05429a1e37df23de7a4e096e2667bf387b9ed392a5121 | ||
| ssdeep | 3072:5Jva8TO6HM4cRRk0fn3zpOuF7+Qr7skOY6Z1ueyqUTiDd+vvYLgsfF8bYThAK2AG:yLXntt1RK1ueJUeU0QYTCGDpWxdCrzW | ||
| imphash | 341ef3eec107cf8949a849080b1bfce0 | ||
| impfuzzy | 24:PUvurGDMv2tANS1N0aT5LTwiyWNwyWPWdYgMUKMOJUgqJLzAAocAT/29hBihbJCx:rst4S1NTdNNg49uAH11Iy+pBMQSLMA | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140004000 SizeofResource
0x140004008 GetCurrentProcess
0x140004010 FreeResource
0x140004018 LockResource
0x140004020 LoadLibraryW
0x140004028 LoadResource
0x140004030 FindResourceW
0x140004038 FreeLibrary
0x140004040 GetConsoleWindow
0x140004048 VirtualProtect
0x140004050 CreateFileA
0x140004058 CloseHandle
0x140004060 K32GetModuleInformation
0x140004068 GetProcAddress
0x140004070 CreateFileMappingW
0x140004078 MapViewOfFile
0x140004080 RtlLookupFunctionEntry
0x140004088 RtlVirtualUnwind
0x140004090 UnhandledExceptionFilter
0x140004098 SetUnhandledExceptionFilter
0x1400040a0 TerminateProcess
0x1400040a8 IsProcessorFeaturePresent
0x1400040b0 IsDebuggerPresent
0x1400040b8 GetModuleHandleW
0x1400040c0 RtlCaptureContext
0x1400040c8 QueryPerformanceCounter
0x1400040d0 GetCurrentProcessId
0x1400040d8 GetCurrentThreadId
0x1400040e0 GetSystemTimeAsFileTime
0x1400040e8 InitializeSListHead
USER32.dll
0x140004118 ShowWindow
MSVCP140.dll
0x1400040f8 ?_Xinvalid_argument@std@@YAXPEBD@Z
0x140004100 ?_Xout_of_range@std@@YAXPEBD@Z
0x140004108 ?_Xlength_error@std@@YAXPEBD@Z
VCRUNTIME140_1.dll
0x140004180 __CxxFrameHandler4
VCRUNTIME140.dll
0x140004128 _CxxThrowException
0x140004130 memcpy
0x140004138 __current_exception
0x140004140 __current_exception_context
0x140004148 memchr
0x140004150 __C_specific_handler
0x140004158 memmove
0x140004160 __std_exception_destroy
0x140004168 memset
0x140004170 __std_exception_copy
api-ms-win-crt-string-l1-1-0.dll
0x1400042a8 isalnum
api-ms-win-crt-runtime-l1-1-0.dll
0x1400041e8 _register_thread_local_exe_atexit_callback
0x1400041f0 _exit
0x1400041f8 _initterm_e
0x140004200 _c_exit
0x140004208 _get_initial_narrow_environment
0x140004210 _invalid_parameter_noinfo_noreturn
0x140004218 __p___argv
0x140004220 __p___argc
0x140004228 exit
0x140004230 _initterm
0x140004238 _crt_atexit
0x140004240 _register_onexit_function
0x140004248 _initialize_narrow_environment
0x140004250 _configure_narrow_argv
0x140004258 _set_app_type
0x140004260 _seh_filter_exe
0x140004268 _cexit
0x140004270 terminate
0x140004278 _errno
0x140004280 _initialize_onexit_table
api-ms-win-crt-convert-l1-1-0.dll
0x140004190 strtol
api-ms-win-crt-heap-l1-1-0.dll
0x1400041a0 free
0x1400041a8 _callnewh
0x1400041b0 _set_new_mode
0x1400041b8 malloc
api-ms-win-crt-math-l1-1-0.dll
0x1400041d8 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140004290 _set_fmode
0x140004298 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1400041c8 _configthreadlocale
EAT(Export Address Table) is none
KERNEL32.dll
0x140004000 SizeofResource
0x140004008 GetCurrentProcess
0x140004010 FreeResource
0x140004018 LockResource
0x140004020 LoadLibraryW
0x140004028 LoadResource
0x140004030 FindResourceW
0x140004038 FreeLibrary
0x140004040 GetConsoleWindow
0x140004048 VirtualProtect
0x140004050 CreateFileA
0x140004058 CloseHandle
0x140004060 K32GetModuleInformation
0x140004068 GetProcAddress
0x140004070 CreateFileMappingW
0x140004078 MapViewOfFile
0x140004080 RtlLookupFunctionEntry
0x140004088 RtlVirtualUnwind
0x140004090 UnhandledExceptionFilter
0x140004098 SetUnhandledExceptionFilter
0x1400040a0 TerminateProcess
0x1400040a8 IsProcessorFeaturePresent
0x1400040b0 IsDebuggerPresent
0x1400040b8 GetModuleHandleW
0x1400040c0 RtlCaptureContext
0x1400040c8 QueryPerformanceCounter
0x1400040d0 GetCurrentProcessId
0x1400040d8 GetCurrentThreadId
0x1400040e0 GetSystemTimeAsFileTime
0x1400040e8 InitializeSListHead
USER32.dll
0x140004118 ShowWindow
MSVCP140.dll
0x1400040f8 ?_Xinvalid_argument@std@@YAXPEBD@Z
0x140004100 ?_Xout_of_range@std@@YAXPEBD@Z
0x140004108 ?_Xlength_error@std@@YAXPEBD@Z
VCRUNTIME140_1.dll
0x140004180 __CxxFrameHandler4
VCRUNTIME140.dll
0x140004128 _CxxThrowException
0x140004130 memcpy
0x140004138 __current_exception
0x140004140 __current_exception_context
0x140004148 memchr
0x140004150 __C_specific_handler
0x140004158 memmove
0x140004160 __std_exception_destroy
0x140004168 memset
0x140004170 __std_exception_copy
api-ms-win-crt-string-l1-1-0.dll
0x1400042a8 isalnum
api-ms-win-crt-runtime-l1-1-0.dll
0x1400041e8 _register_thread_local_exe_atexit_callback
0x1400041f0 _exit
0x1400041f8 _initterm_e
0x140004200 _c_exit
0x140004208 _get_initial_narrow_environment
0x140004210 _invalid_parameter_noinfo_noreturn
0x140004218 __p___argv
0x140004220 __p___argc
0x140004228 exit
0x140004230 _initterm
0x140004238 _crt_atexit
0x140004240 _register_onexit_function
0x140004248 _initialize_narrow_environment
0x140004250 _configure_narrow_argv
0x140004258 _set_app_type
0x140004260 _seh_filter_exe
0x140004268 _cexit
0x140004270 terminate
0x140004278 _errno
0x140004280 _initialize_onexit_table
api-ms-win-crt-convert-l1-1-0.dll
0x140004190 strtol
api-ms-win-crt-heap-l1-1-0.dll
0x1400041a0 free
0x1400041a8 _callnewh
0x1400041b0 _set_new_mode
0x1400041b8 malloc
api-ms-win-crt-math-l1-1-0.dll
0x1400041d8 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140004290 _set_fmode
0x140004298 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1400041c8 _configthreadlocale
EAT(Export Address Table) is none