ScreenShot
| Created | 2023.08.26 21:23 | Machine | s1_win7_x6403 |
| Filename | 55555.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 25 detected (AIDetectMalware, malicious, high confidence, Lazy, Artemis, DropperX, ai score=89, Wacapew, score, Leonem, unsafe, R023H09HO23, susgen, PossibleThreat, confidence) | ||
| md5 | 70d02e692f264a782f5c6142d4804caa | ||
| sha256 | 86ccacfe301ddffaf528117a28685039023fe84f413e31774f1d4663c45a7957 | ||
| ssdeep | 12288:AL/3R9jW4jFKmOpO4ZIh2kygPE4q7nV45lipybeKBujPaU7wyagMMhcK8h8Jrn:+3zjWOYK7yB5Vyli8ZBu+U7JaVHqh | ||
| imphash | b62cce0d334b2b0ed01259bc4d8865fd | ||
| impfuzzy | 24:uFDh9ncpVWjD02teXwgGmlJBlmroeqaZMv1GMAbOdpOovbOPZw1:ubpcpVwHteXwgGMExZGMOO3e1 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Creates executable files on the filesystem |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140026000 IsDebuggerPresent
0x140026008 CloseHandle
0x140026010 GetCurrentProcess
0x140026018 GetCurrentProcessId
0x140026020 GetModuleHandleW
0x140026028 GetProcAddress
0x140026030 VirtualProtect
0x140026038 FreeLibrary
0x140026040 LoadLibraryA
0x140026048 SetEndOfFile
0x140026050 EnterCriticalSection
0x140026058 LeaveCriticalSection
0x140026060 InitializeCriticalSectionEx
0x140026068 DeleteCriticalSection
0x140026070 EncodePointer
0x140026078 DecodePointer
0x140026080 MultiByteToWideChar
0x140026088 WideCharToMultiByte
0x140026090 LCMapStringEx
0x140026098 GetStringTypeW
0x1400260a0 GetCPInfo
0x1400260a8 RtlCaptureContext
0x1400260b0 RtlLookupFunctionEntry
0x1400260b8 RtlVirtualUnwind
0x1400260c0 UnhandledExceptionFilter
0x1400260c8 SetUnhandledExceptionFilter
0x1400260d0 TerminateProcess
0x1400260d8 IsProcessorFeaturePresent
0x1400260e0 QueryPerformanceCounter
0x1400260e8 GetCurrentThreadId
0x1400260f0 GetSystemTimeAsFileTime
0x1400260f8 InitializeSListHead
0x140026100 GetStartupInfoW
0x140026108 RtlPcToFileHeader
0x140026110 RaiseException
0x140026118 RtlUnwindEx
0x140026120 GetLastError
0x140026128 SetLastError
0x140026130 InitializeCriticalSectionAndSpinCount
0x140026138 TlsAlloc
0x140026140 TlsGetValue
0x140026148 TlsSetValue
0x140026150 TlsFree
0x140026158 LoadLibraryExW
0x140026160 ExitProcess
0x140026168 GetModuleHandleExW
0x140026170 GetStdHandle
0x140026178 WriteFile
0x140026180 GetModuleFileNameW
0x140026188 HeapFree
0x140026190 HeapAlloc
0x140026198 FlsAlloc
0x1400261a0 FlsGetValue
0x1400261a8 FlsSetValue
0x1400261b0 FlsFree
0x1400261b8 LCMapStringW
0x1400261c0 GetLocaleInfoW
0x1400261c8 IsValidLocale
0x1400261d0 GetUserDefaultLCID
0x1400261d8 EnumSystemLocalesW
0x1400261e0 GetFileType
0x1400261e8 FlushFileBuffers
0x1400261f0 GetConsoleOutputCP
0x1400261f8 GetConsoleMode
0x140026200 ReadFile
0x140026208 GetFileSizeEx
0x140026210 SetFilePointerEx
0x140026218 ReadConsoleW
0x140026220 DeleteFileW
0x140026228 HeapReAlloc
0x140026230 FindClose
0x140026238 FindFirstFileExW
0x140026240 FindNextFileW
0x140026248 IsValidCodePage
0x140026250 GetACP
0x140026258 GetOEMCP
0x140026260 GetCommandLineA
0x140026268 GetCommandLineW
0x140026270 GetEnvironmentStringsW
0x140026278 FreeEnvironmentStringsW
0x140026280 SetStdHandle
0x140026288 GetProcessHeap
0x140026290 CreateFileW
0x140026298 HeapSize
0x1400262a0 WriteConsoleW
0x1400262a8 RtlUnwind
EAT(Export Address Table) is none
KERNEL32.dll
0x140026000 IsDebuggerPresent
0x140026008 CloseHandle
0x140026010 GetCurrentProcess
0x140026018 GetCurrentProcessId
0x140026020 GetModuleHandleW
0x140026028 GetProcAddress
0x140026030 VirtualProtect
0x140026038 FreeLibrary
0x140026040 LoadLibraryA
0x140026048 SetEndOfFile
0x140026050 EnterCriticalSection
0x140026058 LeaveCriticalSection
0x140026060 InitializeCriticalSectionEx
0x140026068 DeleteCriticalSection
0x140026070 EncodePointer
0x140026078 DecodePointer
0x140026080 MultiByteToWideChar
0x140026088 WideCharToMultiByte
0x140026090 LCMapStringEx
0x140026098 GetStringTypeW
0x1400260a0 GetCPInfo
0x1400260a8 RtlCaptureContext
0x1400260b0 RtlLookupFunctionEntry
0x1400260b8 RtlVirtualUnwind
0x1400260c0 UnhandledExceptionFilter
0x1400260c8 SetUnhandledExceptionFilter
0x1400260d0 TerminateProcess
0x1400260d8 IsProcessorFeaturePresent
0x1400260e0 QueryPerformanceCounter
0x1400260e8 GetCurrentThreadId
0x1400260f0 GetSystemTimeAsFileTime
0x1400260f8 InitializeSListHead
0x140026100 GetStartupInfoW
0x140026108 RtlPcToFileHeader
0x140026110 RaiseException
0x140026118 RtlUnwindEx
0x140026120 GetLastError
0x140026128 SetLastError
0x140026130 InitializeCriticalSectionAndSpinCount
0x140026138 TlsAlloc
0x140026140 TlsGetValue
0x140026148 TlsSetValue
0x140026150 TlsFree
0x140026158 LoadLibraryExW
0x140026160 ExitProcess
0x140026168 GetModuleHandleExW
0x140026170 GetStdHandle
0x140026178 WriteFile
0x140026180 GetModuleFileNameW
0x140026188 HeapFree
0x140026190 HeapAlloc
0x140026198 FlsAlloc
0x1400261a0 FlsGetValue
0x1400261a8 FlsSetValue
0x1400261b0 FlsFree
0x1400261b8 LCMapStringW
0x1400261c0 GetLocaleInfoW
0x1400261c8 IsValidLocale
0x1400261d0 GetUserDefaultLCID
0x1400261d8 EnumSystemLocalesW
0x1400261e0 GetFileType
0x1400261e8 FlushFileBuffers
0x1400261f0 GetConsoleOutputCP
0x1400261f8 GetConsoleMode
0x140026200 ReadFile
0x140026208 GetFileSizeEx
0x140026210 SetFilePointerEx
0x140026218 ReadConsoleW
0x140026220 DeleteFileW
0x140026228 HeapReAlloc
0x140026230 FindClose
0x140026238 FindFirstFileExW
0x140026240 FindNextFileW
0x140026248 IsValidCodePage
0x140026250 GetACP
0x140026258 GetOEMCP
0x140026260 GetCommandLineA
0x140026268 GetCommandLineW
0x140026270 GetEnvironmentStringsW
0x140026278 FreeEnvironmentStringsW
0x140026280 SetStdHandle
0x140026288 GetProcessHeap
0x140026290 CreateFileW
0x140026298 HeapSize
0x1400262a0 WriteConsoleW
0x1400262a8 RtlUnwind
EAT(Export Address Table) is none