ScreenShot
| Created | 2023.07.23 09:54 | Machine | s1_win7_x6401 |
| Filename | safevpn20.11342.2k.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 37 detected (malicious, moderate confidence, Artemis, unsafe, PyCrypter, Filecoder, multiple detections, score, FileRepMalware, PyCryptCfg, JSON, CLASSIC, AGEN, Python, R002C0DGM23, ai score=88, Leonem, RansomGen, Ckjl) | ||
| md5 | 6bafba4a43173045136e95abe78666e8 | ||
| sha256 | 922b4ec35337016f806c0d8d2b9ee75ce4f5db550f1fe1021b8836d13cbaf379 | ||
| ssdeep | 786432:YqGlsyofwykqk/ql57FQ24HPgIbsorr4YJcyT0RG:nG2oyk7ylfQJPTICbJm | ||
| imphash | 809ea02d92fea89353f33279290e8c9f | ||
| impfuzzy | 24:SkgwraDaODu9Wu9T/2Lp9UOjMs02tMS1hUJnc+pl3rOovb0HlvUTNUTlONoEqMou:VgZks9KktMS1hEc+pparHNUT0ONfiS1b | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (23cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Suspicious_Obfuscation_Script_2 | Suspicious obfuscation script (e.g. executable files) | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | bmp_file_format | bmp file format | binaries (download) |
| info | icon_file_format | icon file format | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x140022310 MessageBoxW
0x140022318 MessageBoxA
KERNEL32.dll
0x140022010 HeapReAlloc
0x140022018 GetLastError
0x140022020 SetDllDirectoryW
0x140022028 GetModuleFileNameW
0x140022030 GetProcAddress
0x140022038 GetCommandLineW
0x140022040 GetEnvironmentVariableW
0x140022048 SetEnvironmentVariableW
0x140022050 ExpandEnvironmentStringsW
0x140022058 GetTempPathW
0x140022060 SetEndOfFile
0x140022068 Sleep
0x140022070 GetExitCodeProcess
0x140022078 CreateProcessW
0x140022080 GetStartupInfoW
0x140022088 LoadLibraryExW
0x140022090 CreateDirectoryW
0x140022098 GetShortPathNameW
0x1400220a0 FormatMessageW
0x1400220a8 LoadLibraryA
0x1400220b0 MultiByteToWideChar
0x1400220b8 WideCharToMultiByte
0x1400220c0 WaitForSingleObject
0x1400220c8 CreateFileW
0x1400220d0 HeapSize
0x1400220d8 GetTimeZoneInformation
0x1400220e0 RtlCaptureContext
0x1400220e8 RtlLookupFunctionEntry
0x1400220f0 RtlVirtualUnwind
0x1400220f8 UnhandledExceptionFilter
0x140022100 SetUnhandledExceptionFilter
0x140022108 GetCurrentProcess
0x140022110 TerminateProcess
0x140022118 IsProcessorFeaturePresent
0x140022120 QueryPerformanceCounter
0x140022128 GetCurrentProcessId
0x140022130 GetCurrentThreadId
0x140022138 GetSystemTimeAsFileTime
0x140022140 InitializeSListHead
0x140022148 IsDebuggerPresent
0x140022150 GetModuleHandleW
0x140022158 RtlUnwindEx
0x140022160 SetLastError
0x140022168 EnterCriticalSection
0x140022170 LeaveCriticalSection
0x140022178 DeleteCriticalSection
0x140022180 InitializeCriticalSectionAndSpinCount
0x140022188 TlsAlloc
0x140022190 TlsGetValue
0x140022198 TlsSetValue
0x1400221a0 TlsFree
0x1400221a8 FreeLibrary
0x1400221b0 GetCommandLineA
0x1400221b8 ReadFile
0x1400221c0 RaiseException
0x1400221c8 GetDriveTypeW
0x1400221d0 GetFileType
0x1400221d8 CloseHandle
0x1400221e0 PeekNamedPipe
0x1400221e8 SystemTimeToTzSpecificLocalTime
0x1400221f0 FileTimeToSystemTime
0x1400221f8 GetFullPathNameW
0x140022200 GetFullPathNameA
0x140022208 RemoveDirectoryW
0x140022210 FindClose
0x140022218 FindFirstFileExW
0x140022220 FindNextFileW
0x140022228 SetStdHandle
0x140022230 SetConsoleCtrlHandler
0x140022238 DeleteFileW
0x140022240 GetStdHandle
0x140022248 WriteFile
0x140022250 ExitProcess
0x140022258 GetModuleHandleExW
0x140022260 GetACP
0x140022268 HeapFree
0x140022270 HeapAlloc
0x140022278 GetConsoleMode
0x140022280 ReadConsoleW
0x140022288 SetFilePointerEx
0x140022290 GetConsoleCP
0x140022298 CompareStringW
0x1400222a0 LCMapStringW
0x1400222a8 GetCurrentDirectoryW
0x1400222b0 FlushFileBuffers
0x1400222b8 SetEnvironmentVariableA
0x1400222c0 GetFileAttributesExW
0x1400222c8 IsValidCodePage
0x1400222d0 GetOEMCP
0x1400222d8 GetCPInfo
0x1400222e0 GetEnvironmentStringsW
0x1400222e8 FreeEnvironmentStringsW
0x1400222f0 GetStringTypeW
0x1400222f8 GetProcessHeap
0x140022300 WriteConsoleW
ADVAPI32.dll
0x140022000 ConvertStringSecurityDescriptorToSecurityDescriptorW
WS2_32.dll
0x140022328 ntohl
EAT(Export Address Table) is none
USER32.dll
0x140022310 MessageBoxW
0x140022318 MessageBoxA
KERNEL32.dll
0x140022010 HeapReAlloc
0x140022018 GetLastError
0x140022020 SetDllDirectoryW
0x140022028 GetModuleFileNameW
0x140022030 GetProcAddress
0x140022038 GetCommandLineW
0x140022040 GetEnvironmentVariableW
0x140022048 SetEnvironmentVariableW
0x140022050 ExpandEnvironmentStringsW
0x140022058 GetTempPathW
0x140022060 SetEndOfFile
0x140022068 Sleep
0x140022070 GetExitCodeProcess
0x140022078 CreateProcessW
0x140022080 GetStartupInfoW
0x140022088 LoadLibraryExW
0x140022090 CreateDirectoryW
0x140022098 GetShortPathNameW
0x1400220a0 FormatMessageW
0x1400220a8 LoadLibraryA
0x1400220b0 MultiByteToWideChar
0x1400220b8 WideCharToMultiByte
0x1400220c0 WaitForSingleObject
0x1400220c8 CreateFileW
0x1400220d0 HeapSize
0x1400220d8 GetTimeZoneInformation
0x1400220e0 RtlCaptureContext
0x1400220e8 RtlLookupFunctionEntry
0x1400220f0 RtlVirtualUnwind
0x1400220f8 UnhandledExceptionFilter
0x140022100 SetUnhandledExceptionFilter
0x140022108 GetCurrentProcess
0x140022110 TerminateProcess
0x140022118 IsProcessorFeaturePresent
0x140022120 QueryPerformanceCounter
0x140022128 GetCurrentProcessId
0x140022130 GetCurrentThreadId
0x140022138 GetSystemTimeAsFileTime
0x140022140 InitializeSListHead
0x140022148 IsDebuggerPresent
0x140022150 GetModuleHandleW
0x140022158 RtlUnwindEx
0x140022160 SetLastError
0x140022168 EnterCriticalSection
0x140022170 LeaveCriticalSection
0x140022178 DeleteCriticalSection
0x140022180 InitializeCriticalSectionAndSpinCount
0x140022188 TlsAlloc
0x140022190 TlsGetValue
0x140022198 TlsSetValue
0x1400221a0 TlsFree
0x1400221a8 FreeLibrary
0x1400221b0 GetCommandLineA
0x1400221b8 ReadFile
0x1400221c0 RaiseException
0x1400221c8 GetDriveTypeW
0x1400221d0 GetFileType
0x1400221d8 CloseHandle
0x1400221e0 PeekNamedPipe
0x1400221e8 SystemTimeToTzSpecificLocalTime
0x1400221f0 FileTimeToSystemTime
0x1400221f8 GetFullPathNameW
0x140022200 GetFullPathNameA
0x140022208 RemoveDirectoryW
0x140022210 FindClose
0x140022218 FindFirstFileExW
0x140022220 FindNextFileW
0x140022228 SetStdHandle
0x140022230 SetConsoleCtrlHandler
0x140022238 DeleteFileW
0x140022240 GetStdHandle
0x140022248 WriteFile
0x140022250 ExitProcess
0x140022258 GetModuleHandleExW
0x140022260 GetACP
0x140022268 HeapFree
0x140022270 HeapAlloc
0x140022278 GetConsoleMode
0x140022280 ReadConsoleW
0x140022288 SetFilePointerEx
0x140022290 GetConsoleCP
0x140022298 CompareStringW
0x1400222a0 LCMapStringW
0x1400222a8 GetCurrentDirectoryW
0x1400222b0 FlushFileBuffers
0x1400222b8 SetEnvironmentVariableA
0x1400222c0 GetFileAttributesExW
0x1400222c8 IsValidCodePage
0x1400222d0 GetOEMCP
0x1400222d8 GetCPInfo
0x1400222e0 GetEnvironmentStringsW
0x1400222e8 FreeEnvironmentStringsW
0x1400222f0 GetStringTypeW
0x1400222f8 GetProcessHeap
0x140022300 WriteConsoleW
ADVAPI32.dll
0x140022000 ConvertStringSecurityDescriptorToSecurityDescriptorW
WS2_32.dll
0x140022328 ntohl
EAT(Export Address Table) is none