ScreenShot
| Created | 2023.08.17 18:22 | Machine | s1_win7_x6401 |
| Filename | update.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 24 detected (Malicious, score, Kryptik, Save, moderate confidence, a variant of WinGo, Obfuscated, B suspicious, AGEN, CXrep, MalGo, Static AI, Suspicious PE, ai score=88, susgen, confidence) | ||
| md5 | 392495c31f590a0a04b0c0f1cb0e06a9 | ||
| sha256 | 98a675d90eba03e1ebe08348e4e305cc72b5797f42ef28718078b9dbca9d3c88 | ||
| ssdeep | 49152:so/Qw6Xe8Jrb/TuvO90dL3BmAFd4A64nsfJyIIGJARjieXB9xEolpZj3HExygIS0:PBG0xf46EBzdBqK | ||
| imphash | 9cbefe68f395e67356e2a5d8d1b285c0 | ||
| impfuzzy | 24:UbVjhNwO+VuT2oLtXOr6kwmDruMztxdEr6tP:KwO+VAXOmGx0oP | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects the presence of Wine emulator |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x92a700 WriteFile
0x92a708 WriteConsoleW
0x92a710 WaitForMultipleObjects
0x92a718 WaitForSingleObject
0x92a720 VirtualQuery
0x92a728 VirtualFree
0x92a730 VirtualAlloc
0x92a738 SwitchToThread
0x92a740 SuspendThread
0x92a748 SetWaitableTimer
0x92a750 SetUnhandledExceptionFilter
0x92a758 SetProcessPriorityBoost
0x92a760 SetEvent
0x92a768 SetErrorMode
0x92a770 SetConsoleCtrlHandler
0x92a778 ResumeThread
0x92a780 PostQueuedCompletionStatus
0x92a788 LoadLibraryA
0x92a790 LoadLibraryW
0x92a798 SetThreadContext
0x92a7a0 GetThreadContext
0x92a7a8 GetSystemInfo
0x92a7b0 GetSystemDirectoryA
0x92a7b8 GetStdHandle
0x92a7c0 GetQueuedCompletionStatusEx
0x92a7c8 GetProcessAffinityMask
0x92a7d0 GetProcAddress
0x92a7d8 GetEnvironmentStringsW
0x92a7e0 GetConsoleMode
0x92a7e8 FreeEnvironmentStringsW
0x92a7f0 ExitProcess
0x92a7f8 DuplicateHandle
0x92a800 CreateWaitableTimerExW
0x92a808 CreateThread
0x92a810 CreateIoCompletionPort
0x92a818 CreateFileA
0x92a820 CreateEventA
0x92a828 CloseHandle
0x92a830 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x92a700 WriteFile
0x92a708 WriteConsoleW
0x92a710 WaitForMultipleObjects
0x92a718 WaitForSingleObject
0x92a720 VirtualQuery
0x92a728 VirtualFree
0x92a730 VirtualAlloc
0x92a738 SwitchToThread
0x92a740 SuspendThread
0x92a748 SetWaitableTimer
0x92a750 SetUnhandledExceptionFilter
0x92a758 SetProcessPriorityBoost
0x92a760 SetEvent
0x92a768 SetErrorMode
0x92a770 SetConsoleCtrlHandler
0x92a778 ResumeThread
0x92a780 PostQueuedCompletionStatus
0x92a788 LoadLibraryA
0x92a790 LoadLibraryW
0x92a798 SetThreadContext
0x92a7a0 GetThreadContext
0x92a7a8 GetSystemInfo
0x92a7b0 GetSystemDirectoryA
0x92a7b8 GetStdHandle
0x92a7c0 GetQueuedCompletionStatusEx
0x92a7c8 GetProcessAffinityMask
0x92a7d0 GetProcAddress
0x92a7d8 GetEnvironmentStringsW
0x92a7e0 GetConsoleMode
0x92a7e8 FreeEnvironmentStringsW
0x92a7f0 ExitProcess
0x92a7f8 DuplicateHandle
0x92a800 CreateWaitableTimerExW
0x92a808 CreateThread
0x92a810 CreateIoCompletionPort
0x92a818 CreateFileA
0x92a820 CreateEventA
0x92a828 CloseHandle
0x92a830 AddVectoredExceptionHandler
EAT(Export Address Table) is none