ScreenShot
| Created | 2023.07.28 17:39 | Machine | s1_win7_x6403 |
| Filename | videoLan.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 41 detected (Common, malicious, high confidence, Barys, unsafe, score, GenKryptik, Eldorado, Attribute, HighConfidence, GIIA, Tedy, Reflo, jxokdc, Siggen21, R002C0XGM23, Static AI, Suspicious PE, Wacatac, Detected, R570614, ai score=83, Gencirc, Krypt, Chgt, confidence, 100%) | ||
| md5 | 62472c78b3ab085422418e49dd2aa11c | ||
| sha256 | ef256556b6749f441874b9d86e2c35c693fdc6d358ce2bb58bb2ba2e2cd939d5 | ||
| ssdeep | 98304:wvwPndUBiFUg37BdTNJsl1cHZMjcXW7afr02BlDXFqv+nxRZWP/iSMgCW7owLCyy:wIPndf9uBGLfgWxR8XEguyk6QIOb | ||
| imphash | f7505c167603909b7180406402fef19e | ||
| impfuzzy | 24:1fPJx+kTdF0tWJd1jIlMblRf5XG6qXZgJkomvlA/Gbtcqc6ZJF:1fPL+kT6kSslJJG6qJgk1vm/GbuqcoF | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1405b928c CloseHandle
0x1405b9294 CreateSemaphoreW
0x1405b929c DeleteCriticalSection
0x1405b92a4 EnterCriticalSection
0x1405b92ac GetCurrentThreadId
0x1405b92b4 GetLastError
0x1405b92bc GetStartupInfoA
0x1405b92c4 InitializeCriticalSection
0x1405b92cc IsDBCSLeadByteEx
0x1405b92d4 LeaveCriticalSection
0x1405b92dc MultiByteToWideChar
0x1405b92e4 RaiseException
0x1405b92ec ReleaseSemaphore
0x1405b92f4 RtlCaptureContext
0x1405b92fc RtlLookupFunctionEntry
0x1405b9304 RtlUnwindEx
0x1405b930c RtlVirtualUnwind
0x1405b9314 SetLastError
0x1405b931c SetUnhandledExceptionFilter
0x1405b9324 Sleep
0x1405b932c TlsAlloc
0x1405b9334 TlsFree
0x1405b933c TlsGetValue
0x1405b9344 TlsSetValue
0x1405b934c VirtualProtect
0x1405b9354 VirtualQuery
0x1405b935c WaitForSingleObject
0x1405b9364 WideCharToMultiByte
msvcrt.dll
0x1405b9374 __C_specific_handler
0x1405b937c ___lc_codepage_func
0x1405b9384 ___mb_cur_max_func
0x1405b938c __getmainargs
0x1405b9394 __initenv
0x1405b939c __iob_func
0x1405b93a4 __set_app_type
0x1405b93ac __setusermatherr
0x1405b93b4 _acmdln
0x1405b93bc _amsg_exit
0x1405b93c4 _cexit
0x1405b93cc _commode
0x1405b93d4 _errno
0x1405b93dc _fmode
0x1405b93e4 _initterm
0x1405b93ec _onexit
0x1405b93f4 _wcsicmp
0x1405b93fc _wcsnicmp
0x1405b9404 abort
0x1405b940c calloc
0x1405b9414 exit
0x1405b941c fprintf
0x1405b9424 fputc
0x1405b942c fputs
0x1405b9434 fputwc
0x1405b943c free
0x1405b9444 fwprintf
0x1405b944c fwrite
0x1405b9454 localeconv
0x1405b945c malloc
0x1405b9464 memcpy
0x1405b946c memset
0x1405b9474 realloc
0x1405b947c signal
0x1405b9484 strcmp
0x1405b948c strerror
0x1405b9494 strlen
0x1405b949c strncmp
0x1405b94a4 vfprintf
0x1405b94ac wcscat
0x1405b94b4 wcscpy
0x1405b94bc wcslen
0x1405b94c4 wcsncmp
0x1405b94cc wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x1405b928c CloseHandle
0x1405b9294 CreateSemaphoreW
0x1405b929c DeleteCriticalSection
0x1405b92a4 EnterCriticalSection
0x1405b92ac GetCurrentThreadId
0x1405b92b4 GetLastError
0x1405b92bc GetStartupInfoA
0x1405b92c4 InitializeCriticalSection
0x1405b92cc IsDBCSLeadByteEx
0x1405b92d4 LeaveCriticalSection
0x1405b92dc MultiByteToWideChar
0x1405b92e4 RaiseException
0x1405b92ec ReleaseSemaphore
0x1405b92f4 RtlCaptureContext
0x1405b92fc RtlLookupFunctionEntry
0x1405b9304 RtlUnwindEx
0x1405b930c RtlVirtualUnwind
0x1405b9314 SetLastError
0x1405b931c SetUnhandledExceptionFilter
0x1405b9324 Sleep
0x1405b932c TlsAlloc
0x1405b9334 TlsFree
0x1405b933c TlsGetValue
0x1405b9344 TlsSetValue
0x1405b934c VirtualProtect
0x1405b9354 VirtualQuery
0x1405b935c WaitForSingleObject
0x1405b9364 WideCharToMultiByte
msvcrt.dll
0x1405b9374 __C_specific_handler
0x1405b937c ___lc_codepage_func
0x1405b9384 ___mb_cur_max_func
0x1405b938c __getmainargs
0x1405b9394 __initenv
0x1405b939c __iob_func
0x1405b93a4 __set_app_type
0x1405b93ac __setusermatherr
0x1405b93b4 _acmdln
0x1405b93bc _amsg_exit
0x1405b93c4 _cexit
0x1405b93cc _commode
0x1405b93d4 _errno
0x1405b93dc _fmode
0x1405b93e4 _initterm
0x1405b93ec _onexit
0x1405b93f4 _wcsicmp
0x1405b93fc _wcsnicmp
0x1405b9404 abort
0x1405b940c calloc
0x1405b9414 exit
0x1405b941c fprintf
0x1405b9424 fputc
0x1405b942c fputs
0x1405b9434 fputwc
0x1405b943c free
0x1405b9444 fwprintf
0x1405b944c fwrite
0x1405b9454 localeconv
0x1405b945c malloc
0x1405b9464 memcpy
0x1405b946c memset
0x1405b9474 realloc
0x1405b947c signal
0x1405b9484 strcmp
0x1405b948c strerror
0x1405b9494 strlen
0x1405b949c strncmp
0x1405b94a4 vfprintf
0x1405b94ac wcscat
0x1405b94b4 wcscpy
0x1405b94bc wcslen
0x1405b94c4 wcsncmp
0x1405b94cc wcsstr
EAT(Export Address Table) is none