ScreenShot
| Created | 2023.07.27 10:30 | Machine | s1_win7_x6401 |
| Filename | main.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 20 detected (malicious, moderate confidence, score, Attribute, HighConfidence, RiskTool, BitCoinMiner, opbm, Hacktool, CLOUD, GenericKD, RUSTYSTEALER, YXDGZZ, Generic Reputation PUA, BZWP41, Casdet, Artemis, ai score=81, confidence) | ||
| md5 | d367dbc08b40198ffa3ccb0653345007 | ||
| sha256 | 85c01f298abee33fdb0f73b855765aef190aca021e89ddcb0ba3887989ecefd3 | ||
| ssdeep | 49152:iSK1y8MYZR/WXnbKRBKiaKKkkVWEjBKMpSo8nfN0:UM1ODyWEjBKWCfN0 | ||
| imphash | ffb8ac336fad56417c421e8d5adcf9ff | ||
| impfuzzy | 96:gW6GrXEyoIITxt9WPL7iH6U14W4CNn9yKMjMOK:gWHrx9IxWiHsWHyKMjMOK | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x14013b000 RegOpenKeyExW
0x14013b008 SystemFunction036
0x14013b010 RegCloseKey
0x14013b018 RegQueryValueExW
KERNEL32.dll
0x14013b028 AcquireSRWLockExclusive
0x14013b030 ReleaseSRWLockExclusive
0x14013b038 CloseHandle
0x14013b040 GlobalLock
0x14013b048 GlobalSize
0x14013b050 GetLastError
0x14013b058 GlobalUnlock
0x14013b060 GlobalAlloc
0x14013b068 GlobalFree
0x14013b070 Sleep
0x14013b078 MoveFileExW
0x14013b080 AddVectoredExceptionHandler
0x14013b088 SetThreadStackGuarantee
0x14013b090 HeapAlloc
0x14013b098 GetProcessHeap
0x14013b0a0 HeapFree
0x14013b0a8 HeapReAlloc
0x14013b0b0 SwitchToThread
0x14013b0b8 SetLastError
0x14013b0c0 GetFinalPathNameByHandleW
0x14013b0c8 TryAcquireSRWLockExclusive
0x14013b0d0 GetQueuedCompletionStatusEx
0x14013b0d8 CreateIoCompletionPort
0x14013b0e0 SetFileCompletionNotificationModes
0x14013b0e8 GetModuleHandleA
0x14013b0f0 GetProcAddress
0x14013b0f8 SetHandleInformation
0x14013b100 GetCurrentThread
0x14013b108 GetStdHandle
0x14013b110 GetConsoleMode
0x14013b118 WaitForSingleObject
0x14013b120 MultiByteToWideChar
0x14013b128 WriteConsoleW
0x14013b130 WaitForSingleObjectEx
0x14013b138 LoadLibraryA
0x14013b140 CreateMutexA
0x14013b148 GetCurrentProcess
0x14013b150 ReleaseMutex
0x14013b158 GetEnvironmentVariableW
0x14013b160 RtlLookupFunctionEntry
0x14013b168 GetModuleHandleW
0x14013b170 FormatMessageW
0x14013b178 GetTempPathW
0x14013b180 GetModuleFileNameW
0x14013b188 CreateFileW
0x14013b190 GetFullPathNameW
0x14013b198 GetEnvironmentStringsW
0x14013b1a0 FreeEnvironmentStringsW
0x14013b1a8 CompareStringOrdinal
0x14013b1b0 GetSystemDirectoryW
0x14013b1b8 GetWindowsDirectoryW
0x14013b1c0 CreateProcessW
0x14013b1c8 GetFileAttributesW
0x14013b1d0 DuplicateHandle
0x14013b1d8 GetCurrentProcessId
0x14013b1e0 CreateNamedPipeW
0x14013b1e8 CreateThread
0x14013b1f0 ReadFileEx
0x14013b1f8 SleepEx
0x14013b200 WriteFileEx
0x14013b208 WaitForMultipleObjects
0x14013b210 GetOverlappedResult
0x14013b218 GetExitCodeProcess
0x14013b220 CreateEventW
0x14013b228 CancelIo
0x14013b230 ReadFile
0x14013b238 ExitProcess
0x14013b240 QueryPerformanceCounter
0x14013b248 QueryPerformanceFrequency
0x14013b250 GetCurrentDirectoryW
0x14013b258 RtlCaptureContext
0x14013b260 AcquireSRWLockShared
0x14013b268 ReleaseSRWLockShared
0x14013b270 PostQueuedCompletionStatus
0x14013b278 GetSystemInfo
0x14013b280 SetUnhandledExceptionFilter
0x14013b288 UnhandledExceptionFilter
0x14013b290 IsDebuggerPresent
0x14013b298 RtlVirtualUnwind
0x14013b2a0 InitializeSListHead
0x14013b2a8 GetSystemTimeAsFileTime
0x14013b2b0 GetCurrentThreadId
0x14013b2b8 IsProcessorFeaturePresent
ntdll.dll
0x14013b540 NtWriteFile
0x14013b548 NtCreateFile
0x14013b550 NtDeviceIoControlFile
0x14013b558 RtlNtStatusToDosError
0x14013b560 NtReadFile
0x14013b568 NtCancelIoFileEx
USER32.dll
0x14013b2c8 OpenClipboard
0x14013b2d0 CloseClipboard
0x14013b2d8 GetClipboardData
0x14013b2e0 SetClipboardData
0x14013b2e8 EmptyClipboard
WS2_32.dll
0x14013b340 setsockopt
0x14013b348 getaddrinfo
0x14013b350 freeaddrinfo
0x14013b358 WSAStartup
0x14013b360 WSACleanup
0x14013b368 recv
0x14013b370 send
0x14013b378 getpeername
0x14013b380 ind
0x14013b388 getsockname
0x14013b390 WSAIoctl
0x14013b398 closesocket
0x14013b3a0 WSASocketW
0x14013b3a8 ioctlsocket
0x14013b3b0 connect
0x14013b3b8 getsockopt
0x14013b3c0 shutdown
0x14013b3c8 WSASend
0x14013b3d0 WSAGetLastError
secur32.dll
0x14013b578 ApplyControlToken
0x14013b580 QueryContextAttributesW
0x14013b588 FreeContextBuffer
0x14013b590 InitializeSecurityContextW
0x14013b598 AcceptSecurityContext
0x14013b5a0 EncryptMessage
0x14013b5a8 FreeCredentialsHandle
0x14013b5b0 DeleteSecurityContext
0x14013b5b8 AcquireCredentialsHandleA
0x14013b5c0 DecryptMessage
crypt32.dll
0x14013b4e0 CertFreeCertificateContext
0x14013b4e8 CertDuplicateStore
0x14013b4f0 CertFreeCertificateChain
0x14013b4f8 CertVerifyCertificateChainPolicy
0x14013b500 CertCloseStore
0x14013b508 CertAddCertificateContextToStore
0x14013b510 CertEnumCertificatesInStore
0x14013b518 CertDuplicateCertificateChain
0x14013b520 CertDuplicateCertificateContext
0x14013b528 CertGetCertificateChain
0x14013b530 CertOpenStore
crypt.dll
0x14013b4d0 BCryptGenRandom
VCRUNTIME140.dll
0x14013b2f8 __current_exception_context
0x14013b300 __current_exception
0x14013b308 __C_specific_handler
0x14013b310 memcmp
0x14013b318 memmove
0x14013b320 __CxxFrameHandler3
0x14013b328 memcpy
0x14013b330 memset
api-ms-win-crt-math-l1-1-0.dll
0x14013b408 pow
0x14013b410 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x14013b420 _initialize_onexit_table
0x14013b428 _register_onexit_function
0x14013b430 _crt_atexit
0x14013b438 _register_thread_local_exe_atexit_callback
0x14013b440 _cexit
0x14013b448 __p___argv
0x14013b450 __p___argc
0x14013b458 _exit
0x14013b460 exit
0x14013b468 _initterm_e
0x14013b470 _initterm
0x14013b478 _get_initial_narrow_environment
0x14013b480 _c_exit
0x14013b488 _seh_filter_exe
0x14013b490 _set_app_type
0x14013b498 terminate
0x14013b4a0 _configure_narrow_argv
0x14013b4a8 _initialize_narrow_environment
api-ms-win-crt-stdio-l1-1-0.dll
0x14013b4b8 _set_fmode
0x14013b4c0 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x14013b3f8 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x14013b3e0 free
0x14013b3e8 _set_new_mode
EAT(Export Address Table) is none
ADVAPI32.dll
0x14013b000 RegOpenKeyExW
0x14013b008 SystemFunction036
0x14013b010 RegCloseKey
0x14013b018 RegQueryValueExW
KERNEL32.dll
0x14013b028 AcquireSRWLockExclusive
0x14013b030 ReleaseSRWLockExclusive
0x14013b038 CloseHandle
0x14013b040 GlobalLock
0x14013b048 GlobalSize
0x14013b050 GetLastError
0x14013b058 GlobalUnlock
0x14013b060 GlobalAlloc
0x14013b068 GlobalFree
0x14013b070 Sleep
0x14013b078 MoveFileExW
0x14013b080 AddVectoredExceptionHandler
0x14013b088 SetThreadStackGuarantee
0x14013b090 HeapAlloc
0x14013b098 GetProcessHeap
0x14013b0a0 HeapFree
0x14013b0a8 HeapReAlloc
0x14013b0b0 SwitchToThread
0x14013b0b8 SetLastError
0x14013b0c0 GetFinalPathNameByHandleW
0x14013b0c8 TryAcquireSRWLockExclusive
0x14013b0d0 GetQueuedCompletionStatusEx
0x14013b0d8 CreateIoCompletionPort
0x14013b0e0 SetFileCompletionNotificationModes
0x14013b0e8 GetModuleHandleA
0x14013b0f0 GetProcAddress
0x14013b0f8 SetHandleInformation
0x14013b100 GetCurrentThread
0x14013b108 GetStdHandle
0x14013b110 GetConsoleMode
0x14013b118 WaitForSingleObject
0x14013b120 MultiByteToWideChar
0x14013b128 WriteConsoleW
0x14013b130 WaitForSingleObjectEx
0x14013b138 LoadLibraryA
0x14013b140 CreateMutexA
0x14013b148 GetCurrentProcess
0x14013b150 ReleaseMutex
0x14013b158 GetEnvironmentVariableW
0x14013b160 RtlLookupFunctionEntry
0x14013b168 GetModuleHandleW
0x14013b170 FormatMessageW
0x14013b178 GetTempPathW
0x14013b180 GetModuleFileNameW
0x14013b188 CreateFileW
0x14013b190 GetFullPathNameW
0x14013b198 GetEnvironmentStringsW
0x14013b1a0 FreeEnvironmentStringsW
0x14013b1a8 CompareStringOrdinal
0x14013b1b0 GetSystemDirectoryW
0x14013b1b8 GetWindowsDirectoryW
0x14013b1c0 CreateProcessW
0x14013b1c8 GetFileAttributesW
0x14013b1d0 DuplicateHandle
0x14013b1d8 GetCurrentProcessId
0x14013b1e0 CreateNamedPipeW
0x14013b1e8 CreateThread
0x14013b1f0 ReadFileEx
0x14013b1f8 SleepEx
0x14013b200 WriteFileEx
0x14013b208 WaitForMultipleObjects
0x14013b210 GetOverlappedResult
0x14013b218 GetExitCodeProcess
0x14013b220 CreateEventW
0x14013b228 CancelIo
0x14013b230 ReadFile
0x14013b238 ExitProcess
0x14013b240 QueryPerformanceCounter
0x14013b248 QueryPerformanceFrequency
0x14013b250 GetCurrentDirectoryW
0x14013b258 RtlCaptureContext
0x14013b260 AcquireSRWLockShared
0x14013b268 ReleaseSRWLockShared
0x14013b270 PostQueuedCompletionStatus
0x14013b278 GetSystemInfo
0x14013b280 SetUnhandledExceptionFilter
0x14013b288 UnhandledExceptionFilter
0x14013b290 IsDebuggerPresent
0x14013b298 RtlVirtualUnwind
0x14013b2a0 InitializeSListHead
0x14013b2a8 GetSystemTimeAsFileTime
0x14013b2b0 GetCurrentThreadId
0x14013b2b8 IsProcessorFeaturePresent
ntdll.dll
0x14013b540 NtWriteFile
0x14013b548 NtCreateFile
0x14013b550 NtDeviceIoControlFile
0x14013b558 RtlNtStatusToDosError
0x14013b560 NtReadFile
0x14013b568 NtCancelIoFileEx
USER32.dll
0x14013b2c8 OpenClipboard
0x14013b2d0 CloseClipboard
0x14013b2d8 GetClipboardData
0x14013b2e0 SetClipboardData
0x14013b2e8 EmptyClipboard
WS2_32.dll
0x14013b340 setsockopt
0x14013b348 getaddrinfo
0x14013b350 freeaddrinfo
0x14013b358 WSAStartup
0x14013b360 WSACleanup
0x14013b368 recv
0x14013b370 send
0x14013b378 getpeername
0x14013b380 ind
0x14013b388 getsockname
0x14013b390 WSAIoctl
0x14013b398 closesocket
0x14013b3a0 WSASocketW
0x14013b3a8 ioctlsocket
0x14013b3b0 connect
0x14013b3b8 getsockopt
0x14013b3c0 shutdown
0x14013b3c8 WSASend
0x14013b3d0 WSAGetLastError
secur32.dll
0x14013b578 ApplyControlToken
0x14013b580 QueryContextAttributesW
0x14013b588 FreeContextBuffer
0x14013b590 InitializeSecurityContextW
0x14013b598 AcceptSecurityContext
0x14013b5a0 EncryptMessage
0x14013b5a8 FreeCredentialsHandle
0x14013b5b0 DeleteSecurityContext
0x14013b5b8 AcquireCredentialsHandleA
0x14013b5c0 DecryptMessage
crypt32.dll
0x14013b4e0 CertFreeCertificateContext
0x14013b4e8 CertDuplicateStore
0x14013b4f0 CertFreeCertificateChain
0x14013b4f8 CertVerifyCertificateChainPolicy
0x14013b500 CertCloseStore
0x14013b508 CertAddCertificateContextToStore
0x14013b510 CertEnumCertificatesInStore
0x14013b518 CertDuplicateCertificateChain
0x14013b520 CertDuplicateCertificateContext
0x14013b528 CertGetCertificateChain
0x14013b530 CertOpenStore
crypt.dll
0x14013b4d0 BCryptGenRandom
VCRUNTIME140.dll
0x14013b2f8 __current_exception_context
0x14013b300 __current_exception
0x14013b308 __C_specific_handler
0x14013b310 memcmp
0x14013b318 memmove
0x14013b320 __CxxFrameHandler3
0x14013b328 memcpy
0x14013b330 memset
api-ms-win-crt-math-l1-1-0.dll
0x14013b408 pow
0x14013b410 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x14013b420 _initialize_onexit_table
0x14013b428 _register_onexit_function
0x14013b430 _crt_atexit
0x14013b438 _register_thread_local_exe_atexit_callback
0x14013b440 _cexit
0x14013b448 __p___argv
0x14013b450 __p___argc
0x14013b458 _exit
0x14013b460 exit
0x14013b468 _initterm_e
0x14013b470 _initterm
0x14013b478 _get_initial_narrow_environment
0x14013b480 _c_exit
0x14013b488 _seh_filter_exe
0x14013b490 _set_app_type
0x14013b498 terminate
0x14013b4a0 _configure_narrow_argv
0x14013b4a8 _initialize_narrow_environment
api-ms-win-crt-stdio-l1-1-0.dll
0x14013b4b8 _set_fmode
0x14013b4c0 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x14013b3f8 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x14013b3e0 free
0x14013b3e8 _set_new_mode
EAT(Export Address Table) is none