ScreenShot
| Created | 2023.07.30 09:00 | Machine | s1_win7_x6401 |
| Filename | 09LW5kZ-.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 49 detected (Common, Siggen21, Tedy, Save, Reflo, malicious, confidence, 100%, Eldorado, high confidence, GenKryptik, GIIA, score, Nekark, hlkng, AMADEY, YXDGXZ, Sivis, Static AI, Suspicious PE, Xmrig, Detected, R570073, Artemis, ai score=81, unsafe, Kryptik, tSjl4DNY5BP, Krypt, susgen) | ||
| md5 | b56676093945f3c0c4676803cf7e0d50 | ||
| sha256 | ce7a9a4a88a1a9f154bb4e0650864933d87fd75bef94ec000faf24f75d0a308f | ||
| ssdeep | 196608:8Q9EVu0I6h00r8jBYHob4t+6c7vdFjoRfkq3N6Zs83xH:80uu0LLYjA1uTpq3NDYH | ||
| imphash | d3be2dc19ba54f7225d7679c3f791cf7 | ||
| impfuzzy | 24:1fPJx+kTdF0tWJd1jIlMblRf5XG6qXZgJkomvlA/GbtcqcJvZJF:1fPL+kT6kSslJJG6qJgk1vm/GbuqcJLF | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1409f029c CloseHandle
0x1409f02a4 CreateSemaphoreW
0x1409f02ac DeleteCriticalSection
0x1409f02b4 EnterCriticalSection
0x1409f02bc GetCurrentThreadId
0x1409f02c4 GetLastError
0x1409f02cc GetStartupInfoA
0x1409f02d4 InitializeCriticalSection
0x1409f02dc IsDBCSLeadByteEx
0x1409f02e4 LeaveCriticalSection
0x1409f02ec MultiByteToWideChar
0x1409f02f4 RaiseException
0x1409f02fc ReleaseSemaphore
0x1409f0304 RtlCaptureContext
0x1409f030c RtlLookupFunctionEntry
0x1409f0314 RtlUnwindEx
0x1409f031c RtlVirtualUnwind
0x1409f0324 SetLastError
0x1409f032c SetUnhandledExceptionFilter
0x1409f0334 Sleep
0x1409f033c TlsAlloc
0x1409f0344 TlsFree
0x1409f034c TlsGetValue
0x1409f0354 TlsSetValue
0x1409f035c VirtualProtect
0x1409f0364 VirtualQuery
0x1409f036c WaitForSingleObject
0x1409f0374 WideCharToMultiByte
msvcrt.dll
0x1409f0384 __C_specific_handler
0x1409f038c ___lc_codepage_func
0x1409f0394 ___mb_cur_max_func
0x1409f039c __getmainargs
0x1409f03a4 __initenv
0x1409f03ac __iob_func
0x1409f03b4 __set_app_type
0x1409f03bc __setusermatherr
0x1409f03c4 _acmdln
0x1409f03cc _amsg_exit
0x1409f03d4 _cexit
0x1409f03dc _commode
0x1409f03e4 _errno
0x1409f03ec _fmode
0x1409f03f4 _initterm
0x1409f03fc _onexit
0x1409f0404 _wcsicmp
0x1409f040c _wcsnicmp
0x1409f0414 abort
0x1409f041c calloc
0x1409f0424 exit
0x1409f042c fprintf
0x1409f0434 fputc
0x1409f043c fputs
0x1409f0444 fputwc
0x1409f044c free
0x1409f0454 fwprintf
0x1409f045c fwrite
0x1409f0464 localeconv
0x1409f046c malloc
0x1409f0474 memcpy
0x1409f047c memset
0x1409f0484 realloc
0x1409f048c signal
0x1409f0494 strcat
0x1409f049c strcmp
0x1409f04a4 strerror
0x1409f04ac strlen
0x1409f04b4 strncmp
0x1409f04bc strstr
0x1409f04c4 vfprintf
0x1409f04cc wcscat
0x1409f04d4 wcscpy
0x1409f04dc wcslen
0x1409f04e4 wcsncmp
0x1409f04ec wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x1409f029c CloseHandle
0x1409f02a4 CreateSemaphoreW
0x1409f02ac DeleteCriticalSection
0x1409f02b4 EnterCriticalSection
0x1409f02bc GetCurrentThreadId
0x1409f02c4 GetLastError
0x1409f02cc GetStartupInfoA
0x1409f02d4 InitializeCriticalSection
0x1409f02dc IsDBCSLeadByteEx
0x1409f02e4 LeaveCriticalSection
0x1409f02ec MultiByteToWideChar
0x1409f02f4 RaiseException
0x1409f02fc ReleaseSemaphore
0x1409f0304 RtlCaptureContext
0x1409f030c RtlLookupFunctionEntry
0x1409f0314 RtlUnwindEx
0x1409f031c RtlVirtualUnwind
0x1409f0324 SetLastError
0x1409f032c SetUnhandledExceptionFilter
0x1409f0334 Sleep
0x1409f033c TlsAlloc
0x1409f0344 TlsFree
0x1409f034c TlsGetValue
0x1409f0354 TlsSetValue
0x1409f035c VirtualProtect
0x1409f0364 VirtualQuery
0x1409f036c WaitForSingleObject
0x1409f0374 WideCharToMultiByte
msvcrt.dll
0x1409f0384 __C_specific_handler
0x1409f038c ___lc_codepage_func
0x1409f0394 ___mb_cur_max_func
0x1409f039c __getmainargs
0x1409f03a4 __initenv
0x1409f03ac __iob_func
0x1409f03b4 __set_app_type
0x1409f03bc __setusermatherr
0x1409f03c4 _acmdln
0x1409f03cc _amsg_exit
0x1409f03d4 _cexit
0x1409f03dc _commode
0x1409f03e4 _errno
0x1409f03ec _fmode
0x1409f03f4 _initterm
0x1409f03fc _onexit
0x1409f0404 _wcsicmp
0x1409f040c _wcsnicmp
0x1409f0414 abort
0x1409f041c calloc
0x1409f0424 exit
0x1409f042c fprintf
0x1409f0434 fputc
0x1409f043c fputs
0x1409f0444 fputwc
0x1409f044c free
0x1409f0454 fwprintf
0x1409f045c fwrite
0x1409f0464 localeconv
0x1409f046c malloc
0x1409f0474 memcpy
0x1409f047c memset
0x1409f0484 realloc
0x1409f048c signal
0x1409f0494 strcat
0x1409f049c strcmp
0x1409f04a4 strerror
0x1409f04ac strlen
0x1409f04b4 strncmp
0x1409f04bc strstr
0x1409f04c4 vfprintf
0x1409f04cc wcscat
0x1409f04d4 wcscpy
0x1409f04dc wcslen
0x1409f04e4 wcsncmp
0x1409f04ec wcsstr
EAT(Export Address Table) is none