ScreenShot
| Created | 2023.08.25 09:36 | Machine | s1_win7_x6401 |
| Filename | a.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 13 detected (AIDetectMalware, malicious, Attribute, HighConfidence, high confidence, score, EPACK, Gen2, BlackLotus, Krypt, Static AI, Suspicious PE, susgen, confidence, 100%) | ||
| md5 | 009a6a218685242e3525785807bfb86d | ||
| sha256 | 14855a24a8cb106e17384e66642522690d5603b77dc9b98769198898d36ccc3a | ||
| ssdeep | 49152:3LzuaR9Zp3CBHgMNoYRhRQfrf5n9sBFJT5VuSdtBZV4zqWrHgDF08OaBJOVhR7N8:NR9WBHgM6Ybq96bAk000PaQCfolwxk+ | ||
| imphash | 84364258335aa120aa66630a9ee645bf | ||
| impfuzzy | 12:YRJRJJoARZqRVPXJHqV0MHHGf5XGXKiEG6eGJwk6lm/GaJqhiZJn:8fjBcVK0MGf5XGf6Zykom/GCqgZJn | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14057c190 DeleteCriticalSection
0x14057c198 EnterCriticalSection
0x14057c1a0 GetLastError
0x14057c1a8 InitializeCriticalSection
0x14057c1b0 LeaveCriticalSection
0x14057c1b8 SetUnhandledExceptionFilter
0x14057c1c0 Sleep
0x14057c1c8 TlsGetValue
0x14057c1d0 VirtualProtect
0x14057c1d8 VirtualQuery
msvcrt.dll
0x14057c1e8 __C_specific_handler
0x14057c1f0 __getmainargs
0x14057c1f8 __initenv
0x14057c200 __iob_func
0x14057c208 __set_app_type
0x14057c210 __setusermatherr
0x14057c218 _amsg_exit
0x14057c220 _cexit
0x14057c228 _commode
0x14057c230 _fmode
0x14057c238 _initterm
0x14057c240 _onexit
0x14057c248 abort
0x14057c250 calloc
0x14057c258 exit
0x14057c260 fprintf
0x14057c268 fputs
0x14057c270 free
0x14057c278 malloc
0x14057c280 signal
0x14057c288 strlen
0x14057c290 strncmp
0x14057c298 vfprintf
0x14057c2a0 wcscat
0x14057c2a8 wcscpy
0x14057c2b0 wcslen
0x14057c2b8 wcsncmp
0x14057c2c0 wcsstr
0x14057c2c8 _wcsnicmp
0x14057c2d0 _wcsicmp
EAT(Export Address Table) is none
KERNEL32.dll
0x14057c190 DeleteCriticalSection
0x14057c198 EnterCriticalSection
0x14057c1a0 GetLastError
0x14057c1a8 InitializeCriticalSection
0x14057c1b0 LeaveCriticalSection
0x14057c1b8 SetUnhandledExceptionFilter
0x14057c1c0 Sleep
0x14057c1c8 TlsGetValue
0x14057c1d0 VirtualProtect
0x14057c1d8 VirtualQuery
msvcrt.dll
0x14057c1e8 __C_specific_handler
0x14057c1f0 __getmainargs
0x14057c1f8 __initenv
0x14057c200 __iob_func
0x14057c208 __set_app_type
0x14057c210 __setusermatherr
0x14057c218 _amsg_exit
0x14057c220 _cexit
0x14057c228 _commode
0x14057c230 _fmode
0x14057c238 _initterm
0x14057c240 _onexit
0x14057c248 abort
0x14057c250 calloc
0x14057c258 exit
0x14057c260 fprintf
0x14057c268 fputs
0x14057c270 free
0x14057c278 malloc
0x14057c280 signal
0x14057c288 strlen
0x14057c290 strncmp
0x14057c298 vfprintf
0x14057c2a0 wcscat
0x14057c2a8 wcscpy
0x14057c2b0 wcslen
0x14057c2b8 wcsncmp
0x14057c2c0 wcsstr
0x14057c2c8 _wcsnicmp
0x14057c2d0 _wcsicmp
EAT(Export Address Table) is none