ScreenShot
| Created | 2023.07.25 19:46 | Machine | s1_win7_x6403 |
| Filename | build.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 52 detected (Common, Goback, GenericKD, GenericRXAA, Vojw, TrojanPSW, ABRisk, NMOI, Attribute, HighConfidence, malicious, high confidence, a variant of WinGo, score, QQPass, QQRob, Fdhl, Redcap, jxbbq, Siggen20, Artemis, Sabsik, Malware@#3lpisc371bkaa, Phish, Detected, ai score=83, unsafe, Chgt, R002H0CG923, CLASSIC, susgen, confidence, 100%) | ||
| md5 | e71ef2f3f2cd8205edd79c5befa2f36a | ||
| sha256 | 37a8c46406fd8de799256f18e2e9593c0350311e82e4a91ee0367702fba67e92 | ||
| ssdeep | 98304:iJZ9OH1lg6lIabm0Ud0TxEjt/4zHEFe9KDf:iHwHHg6lbad0WSzH4 | ||
| imphash | 57c9b357ae0cb2f414b0a5873e2f216d | ||
| impfuzzy | 96:nB0xlCFX7+C4S5O1eTucwOcX8gXj+JG46BRqt3R:nK3CN774S5lTmXxt46Bct3R | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x122f4fc AddVectoredExceptionHandler
0x122f504 AreFileApisANSI
0x122f50c CloseHandle
0x122f514 CreateEventA
0x122f51c CreateFileA
0x122f524 CreateFileMappingA
0x122f52c CreateFileMappingW
0x122f534 CreateFileW
0x122f53c CreateIoCompletionPort
0x122f544 CreateMutexW
0x122f54c CreateThread
0x122f554 CreateWaitableTimerA
0x122f55c CreateWaitableTimerExW
0x122f564 DeleteCriticalSection
0x122f56c DeleteFileA
0x122f574 DeleteFileW
0x122f57c DuplicateHandle
0x122f584 EnterCriticalSection
0x122f58c ExitProcess
0x122f594 FlushFileBuffers
0x122f59c FlushViewOfFile
0x122f5a4 FormatMessageA
0x122f5ac FormatMessageW
0x122f5b4 FreeEnvironmentStringsW
0x122f5bc FreeLibrary
0x122f5c4 GetConsoleMode
0x122f5cc GetCurrentProcess
0x122f5d4 GetCurrentProcessId
0x122f5dc GetCurrentThreadId
0x122f5e4 GetDiskFreeSpaceA
0x122f5ec GetDiskFreeSpaceW
0x122f5f4 GetEnvironmentStringsW
0x122f5fc GetFileAttributesA
0x122f604 GetFileAttributesExW
0x122f60c GetFileAttributesW
0x122f614 GetFileSize
0x122f61c GetFullPathNameA
0x122f624 GetFullPathNameW
0x122f62c GetLastError
0x122f634 GetProcAddress
0x122f63c GetProcessAffinityMask
0x122f644 GetProcessHeap
0x122f64c GetQueuedCompletionStatusEx
0x122f654 GetStartupInfoA
0x122f65c GetStdHandle
0x122f664 GetSystemDirectoryA
0x122f66c GetSystemInfo
0x122f674 GetSystemTime
0x122f67c GetSystemTimeAsFileTime
0x122f684 GetTempPathA
0x122f68c GetTempPathW
0x122f694 GetThreadContext
0x122f69c GetTickCount
0x122f6a4 GetVersionExA
0x122f6ac GetVersionExW
0x122f6b4 HeapAlloc
0x122f6bc HeapCompact
0x122f6c4 HeapCreate
0x122f6cc HeapDestroy
0x122f6d4 HeapFree
0x122f6dc HeapReAlloc
0x122f6e4 HeapSize
0x122f6ec HeapValidate
0x122f6f4 InitializeCriticalSection
0x122f6fc LeaveCriticalSection
0x122f704 LoadLibraryA
0x122f70c LoadLibraryW
0x122f714 LocalFree
0x122f71c LockFile
0x122f724 LockFileEx
0x122f72c MapViewOfFile
0x122f734 MultiByteToWideChar
0x122f73c OutputDebugStringA
0x122f744 OutputDebugStringW
0x122f74c PostQueuedCompletionStatus
0x122f754 QueryPerformanceCounter
0x122f75c ReadFile
0x122f764 ResumeThread
0x122f76c RtlAddFunctionTable
0x122f774 RtlCaptureContext
0x122f77c RtlLookupFunctionEntry
0x122f784 RtlVirtualUnwind
0x122f78c SetConsoleCtrlHandler
0x122f794 SetEndOfFile
0x122f79c SetErrorMode
0x122f7a4 SetEvent
0x122f7ac SetFilePointer
0x122f7b4 SetProcessPriorityBoost
0x122f7bc SetThreadContext
0x122f7c4 SetUnhandledExceptionFilter
0x122f7cc SetWaitableTimer
0x122f7d4 Sleep
0x122f7dc SuspendThread
0x122f7e4 SwitchToThread
0x122f7ec SystemTimeToFileTime
0x122f7f4 TerminateProcess
0x122f7fc TlsGetValue
0x122f804 TryEnterCriticalSection
0x122f80c UnhandledExceptionFilter
0x122f814 UnlockFile
0x122f81c UnlockFileEx
0x122f824 UnmapViewOfFile
0x122f82c VirtualAlloc
0x122f834 VirtualFree
0x122f83c VirtualProtect
0x122f844 VirtualQuery
0x122f84c WaitForMultipleObjects
0x122f854 WaitForSingleObject
0x122f85c WaitForSingleObjectEx
0x122f864 WideCharToMultiByte
0x122f86c WriteConsoleW
0x122f874 WriteFile
0x122f87c __C_specific_handler
msvcrt.dll
0x122f88c __getmainargs
0x122f894 __initenv
0x122f89c __iob_func
0x122f8a4 __lconv_init
0x122f8ac __set_app_type
0x122f8b4 __setusermatherr
0x122f8bc _acmdln
0x122f8c4 _amsg_exit
0x122f8cc _beginthread
0x122f8d4 _beginthreadex
0x122f8dc _cexit
0x122f8e4 _endthreadex
0x122f8ec _errno
0x122f8f4 _fmode
0x122f8fc _initterm
0x122f904 _localtime64
0x122f90c _onexit
0x122f914 abort
0x122f91c calloc
0x122f924 exit
0x122f92c fprintf
0x122f934 free
0x122f93c fwrite
0x122f944 malloc
0x122f94c memcmp
0x122f954 memcpy
0x122f95c memmove
0x122f964 memset
0x122f96c qsort
0x122f974 realloc
0x122f97c signal
0x122f984 strcmp
0x122f98c strcspn
0x122f994 strlen
0x122f99c strncmp
0x122f9a4 strrchr
0x122f9ac vfprintf
EAT(Export Address Table) Library
0x122cff0 _cgo_dummy_export
0x8cbe80 authorizerTrampoline
0x8cbba0 callbackTrampoline
0x8cbd60 commitHookTrampoline
0x8cbcc0 compareTrampoline
0x8cbc70 doneTrampoline
0x8cbf00 preUpdateHookTrampoline
0x8cbdc0 rollbackHookTrampoline
0x8cbc00 stepTrampoline
0x8cbe10 updateHookTrampoline
KERNEL32.dll
0x122f4fc AddVectoredExceptionHandler
0x122f504 AreFileApisANSI
0x122f50c CloseHandle
0x122f514 CreateEventA
0x122f51c CreateFileA
0x122f524 CreateFileMappingA
0x122f52c CreateFileMappingW
0x122f534 CreateFileW
0x122f53c CreateIoCompletionPort
0x122f544 CreateMutexW
0x122f54c CreateThread
0x122f554 CreateWaitableTimerA
0x122f55c CreateWaitableTimerExW
0x122f564 DeleteCriticalSection
0x122f56c DeleteFileA
0x122f574 DeleteFileW
0x122f57c DuplicateHandle
0x122f584 EnterCriticalSection
0x122f58c ExitProcess
0x122f594 FlushFileBuffers
0x122f59c FlushViewOfFile
0x122f5a4 FormatMessageA
0x122f5ac FormatMessageW
0x122f5b4 FreeEnvironmentStringsW
0x122f5bc FreeLibrary
0x122f5c4 GetConsoleMode
0x122f5cc GetCurrentProcess
0x122f5d4 GetCurrentProcessId
0x122f5dc GetCurrentThreadId
0x122f5e4 GetDiskFreeSpaceA
0x122f5ec GetDiskFreeSpaceW
0x122f5f4 GetEnvironmentStringsW
0x122f5fc GetFileAttributesA
0x122f604 GetFileAttributesExW
0x122f60c GetFileAttributesW
0x122f614 GetFileSize
0x122f61c GetFullPathNameA
0x122f624 GetFullPathNameW
0x122f62c GetLastError
0x122f634 GetProcAddress
0x122f63c GetProcessAffinityMask
0x122f644 GetProcessHeap
0x122f64c GetQueuedCompletionStatusEx
0x122f654 GetStartupInfoA
0x122f65c GetStdHandle
0x122f664 GetSystemDirectoryA
0x122f66c GetSystemInfo
0x122f674 GetSystemTime
0x122f67c GetSystemTimeAsFileTime
0x122f684 GetTempPathA
0x122f68c GetTempPathW
0x122f694 GetThreadContext
0x122f69c GetTickCount
0x122f6a4 GetVersionExA
0x122f6ac GetVersionExW
0x122f6b4 HeapAlloc
0x122f6bc HeapCompact
0x122f6c4 HeapCreate
0x122f6cc HeapDestroy
0x122f6d4 HeapFree
0x122f6dc HeapReAlloc
0x122f6e4 HeapSize
0x122f6ec HeapValidate
0x122f6f4 InitializeCriticalSection
0x122f6fc LeaveCriticalSection
0x122f704 LoadLibraryA
0x122f70c LoadLibraryW
0x122f714 LocalFree
0x122f71c LockFile
0x122f724 LockFileEx
0x122f72c MapViewOfFile
0x122f734 MultiByteToWideChar
0x122f73c OutputDebugStringA
0x122f744 OutputDebugStringW
0x122f74c PostQueuedCompletionStatus
0x122f754 QueryPerformanceCounter
0x122f75c ReadFile
0x122f764 ResumeThread
0x122f76c RtlAddFunctionTable
0x122f774 RtlCaptureContext
0x122f77c RtlLookupFunctionEntry
0x122f784 RtlVirtualUnwind
0x122f78c SetConsoleCtrlHandler
0x122f794 SetEndOfFile
0x122f79c SetErrorMode
0x122f7a4 SetEvent
0x122f7ac SetFilePointer
0x122f7b4 SetProcessPriorityBoost
0x122f7bc SetThreadContext
0x122f7c4 SetUnhandledExceptionFilter
0x122f7cc SetWaitableTimer
0x122f7d4 Sleep
0x122f7dc SuspendThread
0x122f7e4 SwitchToThread
0x122f7ec SystemTimeToFileTime
0x122f7f4 TerminateProcess
0x122f7fc TlsGetValue
0x122f804 TryEnterCriticalSection
0x122f80c UnhandledExceptionFilter
0x122f814 UnlockFile
0x122f81c UnlockFileEx
0x122f824 UnmapViewOfFile
0x122f82c VirtualAlloc
0x122f834 VirtualFree
0x122f83c VirtualProtect
0x122f844 VirtualQuery
0x122f84c WaitForMultipleObjects
0x122f854 WaitForSingleObject
0x122f85c WaitForSingleObjectEx
0x122f864 WideCharToMultiByte
0x122f86c WriteConsoleW
0x122f874 WriteFile
0x122f87c __C_specific_handler
msvcrt.dll
0x122f88c __getmainargs
0x122f894 __initenv
0x122f89c __iob_func
0x122f8a4 __lconv_init
0x122f8ac __set_app_type
0x122f8b4 __setusermatherr
0x122f8bc _acmdln
0x122f8c4 _amsg_exit
0x122f8cc _beginthread
0x122f8d4 _beginthreadex
0x122f8dc _cexit
0x122f8e4 _endthreadex
0x122f8ec _errno
0x122f8f4 _fmode
0x122f8fc _initterm
0x122f904 _localtime64
0x122f90c _onexit
0x122f914 abort
0x122f91c calloc
0x122f924 exit
0x122f92c fprintf
0x122f934 free
0x122f93c fwrite
0x122f944 malloc
0x122f94c memcmp
0x122f954 memcpy
0x122f95c memmove
0x122f964 memset
0x122f96c qsort
0x122f974 realloc
0x122f97c signal
0x122f984 strcmp
0x122f98c strcspn
0x122f994 strlen
0x122f99c strncmp
0x122f9a4 strrchr
0x122f9ac vfprintf
EAT(Export Address Table) Library
0x122cff0 _cgo_dummy_export
0x8cbe80 authorizerTrampoline
0x8cbba0 callbackTrampoline
0x8cbd60 commitHookTrampoline
0x8cbcc0 compareTrampoline
0x8cbc70 doneTrampoline
0x8cbf00 preUpdateHookTrampoline
0x8cbdc0 rollbackHookTrampoline
0x8cbc00 stepTrampoline
0x8cbe10 updateHookTrampoline