ScreenShot
| Created | 2023.08.31 11:23 | Machine | s1_win7_x6401 |
| Filename | winlog.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 2 detected (AIDetectMalware, MALICIOUS) | ||
| md5 | 60255ef7d90a35361e5fe2f5d5514734 | ||
| sha256 | 611458b0884686eab54298c7e82e23daaad3a93482def2f42d8d259004e95774 | ||
| ssdeep | 49152:rlCm9habSnsmzuiuJtiks5bTJguq+Z0A19OO31Fb/n0EZOL/JGm/8sID0n1EY1eT:RrCliIid5nb/n5AM4mD01huEDmlvRrd | ||
| imphash | 245cf6cf55edeaf020a25dffa3807654 | ||
| impfuzzy | 96:cFnYJeCxMCyjpmoxHF42xQHPXiX1PgA7TJGQ666myqTVRR4pZH+mXRa4e:cFnYgCryjpsHPSFoVQ6NmTVnKH+mXRaV | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | Detects the presence of Wine emulator |
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x140d0f834 ChoosePixelFormat
0x140d0f83c CreateBitmap
0x140d0f844 CreateDCW
0x140d0f84c CreateDIBSection
0x140d0f854 DeleteDC
0x140d0f85c DeleteObject
0x140d0f864 DescribePixelFormat
0x140d0f86c GetDeviceCaps
0x140d0f874 GetDeviceGammaRamp
0x140d0f87c SetDeviceGammaRamp
0x140d0f884 SetPixelFormat
0x140d0f88c SwapBuffers
KERNEL32.dll
0x140d0f89c AddAtomA
0x140d0f8a4 AddVectoredExceptionHandler
0x140d0f8ac CloseHandle
0x140d0f8b4 CreateEventA
0x140d0f8bc CreateFileA
0x140d0f8c4 CreateIoCompletionPort
0x140d0f8cc CreateMutexA
0x140d0f8d4 CreateSemaphoreA
0x140d0f8dc CreateThread
0x140d0f8e4 CreateWaitableTimerA
0x140d0f8ec CreateWaitableTimerExW
0x140d0f8f4 DeleteAtom
0x140d0f8fc DeleteCriticalSection
0x140d0f904 DuplicateHandle
0x140d0f90c EnterCriticalSection
0x140d0f914 ExitProcess
0x140d0f91c FindAtomA
0x140d0f924 FormatMessageA
0x140d0f92c FreeEnvironmentStringsW
0x140d0f934 FreeLibrary
0x140d0f93c GetAtomNameA
0x140d0f944 GetConsoleMode
0x140d0f94c GetCurrentProcess
0x140d0f954 GetCurrentProcessId
0x140d0f95c GetCurrentThread
0x140d0f964 GetCurrentThreadId
0x140d0f96c GetEnvironmentStringsW
0x140d0f974 GetHandleInformation
0x140d0f97c GetLastError
0x140d0f984 GetModuleHandleW
0x140d0f98c GetProcAddress
0x140d0f994 GetProcessAffinityMask
0x140d0f99c GetQueuedCompletionStatusEx
0x140d0f9a4 GetStartupInfoA
0x140d0f9ac GetStdHandle
0x140d0f9b4 GetSystemDirectoryA
0x140d0f9bc GetSystemInfo
0x140d0f9c4 GetSystemTimeAsFileTime
0x140d0f9cc GetThreadContext
0x140d0f9d4 GetThreadPriority
0x140d0f9dc GetTickCount
0x140d0f9e4 GlobalAlloc
0x140d0f9ec GlobalFree
0x140d0f9f4 GlobalLock
0x140d0f9fc GlobalUnlock
0x140d0fa04 InitializeCriticalSection
0x140d0fa0c IsDBCSLeadByteEx
0x140d0fa14 IsDebuggerPresent
0x140d0fa1c LeaveCriticalSection
0x140d0fa24 LoadLibraryA
0x140d0fa2c LoadLibraryW
0x140d0fa34 LocalFree
0x140d0fa3c MultiByteToWideChar
0x140d0fa44 OpenProcess
0x140d0fa4c OutputDebugStringA
0x140d0fa54 PostQueuedCompletionStatus
0x140d0fa5c QueryPerformanceCounter
0x140d0fa64 QueryPerformanceFrequency
0x140d0fa6c RaiseException
0x140d0fa74 ReleaseMutex
0x140d0fa7c ReleaseSemaphore
0x140d0fa84 RemoveVectoredExceptionHandler
0x140d0fa8c ResetEvent
0x140d0fa94 ResumeThread
0x140d0fa9c SetConsoleCtrlHandler
0x140d0faa4 SetErrorMode
0x140d0faac SetEvent
0x140d0fab4 SetLastError
0x140d0fabc SetProcessAffinityMask
0x140d0fac4 SetProcessPriorityBoost
0x140d0facc SetThreadContext
0x140d0fad4 SetThreadPriority
0x140d0fadc SetUnhandledExceptionFilter
0x140d0fae4 SetWaitableTimer
0x140d0faec Sleep
0x140d0faf4 SuspendThread
0x140d0fafc SwitchToThread
0x140d0fb04 TlsAlloc
0x140d0fb0c TlsFree
0x140d0fb14 TlsGetValue
0x140d0fb1c TlsSetValue
0x140d0fb24 TryEnterCriticalSection
0x140d0fb2c VirtualAlloc
0x140d0fb34 VirtualFree
0x140d0fb3c VirtualProtect
0x140d0fb44 VirtualQuery
0x140d0fb4c WaitForMultipleObjects
0x140d0fb54 WaitForSingleObject
0x140d0fb5c WideCharToMultiByte
0x140d0fb64 WriteConsoleW
0x140d0fb6c WriteFile
0x140d0fb74 __C_specific_handler
msvcrt.dll
0x140d0fb84 ___lc_codepage_func
0x140d0fb8c ___mb_cur_max_func
0x140d0fb94 __getmainargs
0x140d0fb9c __initenv
0x140d0fba4 __iob_func
0x140d0fbac __lconv_init
0x140d0fbb4 __set_app_type
0x140d0fbbc __setusermatherr
0x140d0fbc4 _acmdln
0x140d0fbcc _amsg_exit
0x140d0fbd4 _beginthread
0x140d0fbdc _beginthreadex
0x140d0fbe4 _cexit
0x140d0fbec _commode
0x140d0fbf4 _endthreadex
0x140d0fbfc _errno
0x140d0fc04 _fmode
0x140d0fc0c _initterm
0x140d0fc14 _lock
0x140d0fc1c _memccpy
0x140d0fc24 _onexit
0x140d0fc2c _setjmp
0x140d0fc34 _strdup
0x140d0fc3c _ultoa
0x140d0fc44 _unlock
0x140d0fc4c _wassert
0x140d0fc54 abort
0x140d0fc5c calloc
0x140d0fc64 exit
0x140d0fc6c fprintf
0x140d0fc74 fputc
0x140d0fc7c free
0x140d0fc84 fwrite
0x140d0fc8c getc
0x140d0fc94 islower
0x140d0fc9c isspace
0x140d0fca4 isupper
0x140d0fcac isxdigit
0x140d0fcb4 localeconv
0x140d0fcbc longjmp
0x140d0fcc4 malloc
0x140d0fccc memcpy
0x140d0fcd4 memmove
0x140d0fcdc memset
0x140d0fce4 printf
0x140d0fcec qsort
0x140d0fcf4 realloc
0x140d0fcfc signal
0x140d0fd04 strcmp
0x140d0fd0c strerror
0x140d0fd14 strlen
0x140d0fd1c strncmp
0x140d0fd24 strstr
0x140d0fd2c strtol
0x140d0fd34 strtoul
0x140d0fd3c tolower
0x140d0fd44 ungetc
0x140d0fd4c vfprintf
0x140d0fd54 wcscmp
0x140d0fd5c wcscpy
0x140d0fd64 wcslen
OPENGL32.dll
0x140d0fd74 wglGetProcAddress
SHELL32.dll
0x140d0fd84 DragAcceptFiles
0x140d0fd8c DragFinish
0x140d0fd94 DragQueryFileW
0x140d0fd9c DragQueryPoint
USER32.dll
0x140d0fdac AdjustWindowRectEx
0x140d0fdb4 BringWindowToTop
0x140d0fdbc ChangeDisplaySettingsExW
0x140d0fdc4 ClientToScreen
0x140d0fdcc ClipCursor
0x140d0fdd4 CloseClipboard
0x140d0fddc CopyIcon
0x140d0fde4 CreateIconIndirect
0x140d0fdec CreateWindowExW
0x140d0fdf4 DefWindowProcW
0x140d0fdfc DestroyIcon
0x140d0fe04 DestroyWindow
0x140d0fe0c DispatchMessageW
0x140d0fe14 EmptyClipboard
0x140d0fe1c EnumDisplayDevicesW
0x140d0fe24 EnumDisplaySettingsExW
0x140d0fe2c EnumDisplaySettingsW
0x140d0fe34 GetActiveWindow
0x140d0fe3c GetAsyncKeyState
0x140d0fe44 GetClassLongPtrW
0x140d0fe4c GetClientRect
0x140d0fe54 GetClipboardData
0x140d0fe5c GetCursorPos
0x140d0fe64 GetDC
0x140d0fe6c GetKeyNameTextW
0x140d0fe74 GetKeyState
0x140d0fe7c GetMessageTime
0x140d0fe84 GetPropW
0x140d0fe8c GetRawInputDeviceInfoA
0x140d0fe94 GetRawInputDeviceList
0x140d0fe9c GetSystemMetrics
0x140d0fea4 GetWindowLongW
0x140d0feac GetWindowRect
0x140d0feb4 IsIconic
0x140d0febc IsWindowVisible
0x140d0fec4 IsZoomed
0x140d0fecc LoadCursorW
0x140d0fed4 LoadImageW
0x140d0fedc MoveWindow
0x140d0fee4 MsgWaitForMultipleObjects
0x140d0feec OpenClipboard
0x140d0fef4 PeekMessageW
0x140d0fefc PostMessageW
0x140d0ff04 PtInRect
0x140d0ff0c RegisterClassExW
0x140d0ff14 RegisterDeviceNotificationW
0x140d0ff1c ReleaseCapture
0x140d0ff24 ReleaseDC
0x140d0ff2c RemovePropW
0x140d0ff34 ScreenToClient
0x140d0ff3c SendMessageW
0x140d0ff44 SetCapture
0x140d0ff4c SetClipboardData
0x140d0ff54 SetCursor
0x140d0ff5c SetCursorPos
0x140d0ff64 SetFocus
0x140d0ff6c SetForegroundWindow
0x140d0ff74 SetPropW
0x140d0ff7c SetRect
0x140d0ff84 SetWindowLongW
0x140d0ff8c SetWindowPos
0x140d0ff94 SetWindowTextW
0x140d0ff9c ShowWindow
0x140d0ffa4 SystemParametersInfoW
0x140d0ffac TrackMouseEvent
0x140d0ffb4 TranslateMessage
0x140d0ffbc UnregisterClassW
0x140d0ffc4 WaitMessage
0x140d0ffcc WindowFromPoint
EAT(Export Address Table) Library
0x140d0ce00 _cgo_dummy_export
0x1403a9c30 glowDebugCallback_glcore33
0x1403b6550 goCharCB
0x1403b65a0 goCharModsCB
0x1403b6420 goCursorEnterCB
0x1403b63b0 goCursorPosCB
0x1403b6600 goDropCB
0x1403b62a0 goErrorCB
0x1403b6780 goFramebufferSizeCB
0x1403b6300 goJoystickCB
0x1403b64e0 goKeyCB
0x1403b6670 goMonitorCB
0x1403b6350 goMouseButtonCB
0x1403b6470 goScrollCB
0x1403b67e0 goWindowCloseCB
0x1403b6880 goWindowFocusCB
0x1403b68d0 goWindowIconifyCB
0x1403b66c0 goWindowPosCB
0x1403b6830 goWindowRefreshCB
0x1403b6720 goWindowSizeCB
GDI32.dll
0x140d0f834 ChoosePixelFormat
0x140d0f83c CreateBitmap
0x140d0f844 CreateDCW
0x140d0f84c CreateDIBSection
0x140d0f854 DeleteDC
0x140d0f85c DeleteObject
0x140d0f864 DescribePixelFormat
0x140d0f86c GetDeviceCaps
0x140d0f874 GetDeviceGammaRamp
0x140d0f87c SetDeviceGammaRamp
0x140d0f884 SetPixelFormat
0x140d0f88c SwapBuffers
KERNEL32.dll
0x140d0f89c AddAtomA
0x140d0f8a4 AddVectoredExceptionHandler
0x140d0f8ac CloseHandle
0x140d0f8b4 CreateEventA
0x140d0f8bc CreateFileA
0x140d0f8c4 CreateIoCompletionPort
0x140d0f8cc CreateMutexA
0x140d0f8d4 CreateSemaphoreA
0x140d0f8dc CreateThread
0x140d0f8e4 CreateWaitableTimerA
0x140d0f8ec CreateWaitableTimerExW
0x140d0f8f4 DeleteAtom
0x140d0f8fc DeleteCriticalSection
0x140d0f904 DuplicateHandle
0x140d0f90c EnterCriticalSection
0x140d0f914 ExitProcess
0x140d0f91c FindAtomA
0x140d0f924 FormatMessageA
0x140d0f92c FreeEnvironmentStringsW
0x140d0f934 FreeLibrary
0x140d0f93c GetAtomNameA
0x140d0f944 GetConsoleMode
0x140d0f94c GetCurrentProcess
0x140d0f954 GetCurrentProcessId
0x140d0f95c GetCurrentThread
0x140d0f964 GetCurrentThreadId
0x140d0f96c GetEnvironmentStringsW
0x140d0f974 GetHandleInformation
0x140d0f97c GetLastError
0x140d0f984 GetModuleHandleW
0x140d0f98c GetProcAddress
0x140d0f994 GetProcessAffinityMask
0x140d0f99c GetQueuedCompletionStatusEx
0x140d0f9a4 GetStartupInfoA
0x140d0f9ac GetStdHandle
0x140d0f9b4 GetSystemDirectoryA
0x140d0f9bc GetSystemInfo
0x140d0f9c4 GetSystemTimeAsFileTime
0x140d0f9cc GetThreadContext
0x140d0f9d4 GetThreadPriority
0x140d0f9dc GetTickCount
0x140d0f9e4 GlobalAlloc
0x140d0f9ec GlobalFree
0x140d0f9f4 GlobalLock
0x140d0f9fc GlobalUnlock
0x140d0fa04 InitializeCriticalSection
0x140d0fa0c IsDBCSLeadByteEx
0x140d0fa14 IsDebuggerPresent
0x140d0fa1c LeaveCriticalSection
0x140d0fa24 LoadLibraryA
0x140d0fa2c LoadLibraryW
0x140d0fa34 LocalFree
0x140d0fa3c MultiByteToWideChar
0x140d0fa44 OpenProcess
0x140d0fa4c OutputDebugStringA
0x140d0fa54 PostQueuedCompletionStatus
0x140d0fa5c QueryPerformanceCounter
0x140d0fa64 QueryPerformanceFrequency
0x140d0fa6c RaiseException
0x140d0fa74 ReleaseMutex
0x140d0fa7c ReleaseSemaphore
0x140d0fa84 RemoveVectoredExceptionHandler
0x140d0fa8c ResetEvent
0x140d0fa94 ResumeThread
0x140d0fa9c SetConsoleCtrlHandler
0x140d0faa4 SetErrorMode
0x140d0faac SetEvent
0x140d0fab4 SetLastError
0x140d0fabc SetProcessAffinityMask
0x140d0fac4 SetProcessPriorityBoost
0x140d0facc SetThreadContext
0x140d0fad4 SetThreadPriority
0x140d0fadc SetUnhandledExceptionFilter
0x140d0fae4 SetWaitableTimer
0x140d0faec Sleep
0x140d0faf4 SuspendThread
0x140d0fafc SwitchToThread
0x140d0fb04 TlsAlloc
0x140d0fb0c TlsFree
0x140d0fb14 TlsGetValue
0x140d0fb1c TlsSetValue
0x140d0fb24 TryEnterCriticalSection
0x140d0fb2c VirtualAlloc
0x140d0fb34 VirtualFree
0x140d0fb3c VirtualProtect
0x140d0fb44 VirtualQuery
0x140d0fb4c WaitForMultipleObjects
0x140d0fb54 WaitForSingleObject
0x140d0fb5c WideCharToMultiByte
0x140d0fb64 WriteConsoleW
0x140d0fb6c WriteFile
0x140d0fb74 __C_specific_handler
msvcrt.dll
0x140d0fb84 ___lc_codepage_func
0x140d0fb8c ___mb_cur_max_func
0x140d0fb94 __getmainargs
0x140d0fb9c __initenv
0x140d0fba4 __iob_func
0x140d0fbac __lconv_init
0x140d0fbb4 __set_app_type
0x140d0fbbc __setusermatherr
0x140d0fbc4 _acmdln
0x140d0fbcc _amsg_exit
0x140d0fbd4 _beginthread
0x140d0fbdc _beginthreadex
0x140d0fbe4 _cexit
0x140d0fbec _commode
0x140d0fbf4 _endthreadex
0x140d0fbfc _errno
0x140d0fc04 _fmode
0x140d0fc0c _initterm
0x140d0fc14 _lock
0x140d0fc1c _memccpy
0x140d0fc24 _onexit
0x140d0fc2c _setjmp
0x140d0fc34 _strdup
0x140d0fc3c _ultoa
0x140d0fc44 _unlock
0x140d0fc4c _wassert
0x140d0fc54 abort
0x140d0fc5c calloc
0x140d0fc64 exit
0x140d0fc6c fprintf
0x140d0fc74 fputc
0x140d0fc7c free
0x140d0fc84 fwrite
0x140d0fc8c getc
0x140d0fc94 islower
0x140d0fc9c isspace
0x140d0fca4 isupper
0x140d0fcac isxdigit
0x140d0fcb4 localeconv
0x140d0fcbc longjmp
0x140d0fcc4 malloc
0x140d0fccc memcpy
0x140d0fcd4 memmove
0x140d0fcdc memset
0x140d0fce4 printf
0x140d0fcec qsort
0x140d0fcf4 realloc
0x140d0fcfc signal
0x140d0fd04 strcmp
0x140d0fd0c strerror
0x140d0fd14 strlen
0x140d0fd1c strncmp
0x140d0fd24 strstr
0x140d0fd2c strtol
0x140d0fd34 strtoul
0x140d0fd3c tolower
0x140d0fd44 ungetc
0x140d0fd4c vfprintf
0x140d0fd54 wcscmp
0x140d0fd5c wcscpy
0x140d0fd64 wcslen
OPENGL32.dll
0x140d0fd74 wglGetProcAddress
SHELL32.dll
0x140d0fd84 DragAcceptFiles
0x140d0fd8c DragFinish
0x140d0fd94 DragQueryFileW
0x140d0fd9c DragQueryPoint
USER32.dll
0x140d0fdac AdjustWindowRectEx
0x140d0fdb4 BringWindowToTop
0x140d0fdbc ChangeDisplaySettingsExW
0x140d0fdc4 ClientToScreen
0x140d0fdcc ClipCursor
0x140d0fdd4 CloseClipboard
0x140d0fddc CopyIcon
0x140d0fde4 CreateIconIndirect
0x140d0fdec CreateWindowExW
0x140d0fdf4 DefWindowProcW
0x140d0fdfc DestroyIcon
0x140d0fe04 DestroyWindow
0x140d0fe0c DispatchMessageW
0x140d0fe14 EmptyClipboard
0x140d0fe1c EnumDisplayDevicesW
0x140d0fe24 EnumDisplaySettingsExW
0x140d0fe2c EnumDisplaySettingsW
0x140d0fe34 GetActiveWindow
0x140d0fe3c GetAsyncKeyState
0x140d0fe44 GetClassLongPtrW
0x140d0fe4c GetClientRect
0x140d0fe54 GetClipboardData
0x140d0fe5c GetCursorPos
0x140d0fe64 GetDC
0x140d0fe6c GetKeyNameTextW
0x140d0fe74 GetKeyState
0x140d0fe7c GetMessageTime
0x140d0fe84 GetPropW
0x140d0fe8c GetRawInputDeviceInfoA
0x140d0fe94 GetRawInputDeviceList
0x140d0fe9c GetSystemMetrics
0x140d0fea4 GetWindowLongW
0x140d0feac GetWindowRect
0x140d0feb4 IsIconic
0x140d0febc IsWindowVisible
0x140d0fec4 IsZoomed
0x140d0fecc LoadCursorW
0x140d0fed4 LoadImageW
0x140d0fedc MoveWindow
0x140d0fee4 MsgWaitForMultipleObjects
0x140d0feec OpenClipboard
0x140d0fef4 PeekMessageW
0x140d0fefc PostMessageW
0x140d0ff04 PtInRect
0x140d0ff0c RegisterClassExW
0x140d0ff14 RegisterDeviceNotificationW
0x140d0ff1c ReleaseCapture
0x140d0ff24 ReleaseDC
0x140d0ff2c RemovePropW
0x140d0ff34 ScreenToClient
0x140d0ff3c SendMessageW
0x140d0ff44 SetCapture
0x140d0ff4c SetClipboardData
0x140d0ff54 SetCursor
0x140d0ff5c SetCursorPos
0x140d0ff64 SetFocus
0x140d0ff6c SetForegroundWindow
0x140d0ff74 SetPropW
0x140d0ff7c SetRect
0x140d0ff84 SetWindowLongW
0x140d0ff8c SetWindowPos
0x140d0ff94 SetWindowTextW
0x140d0ff9c ShowWindow
0x140d0ffa4 SystemParametersInfoW
0x140d0ffac TrackMouseEvent
0x140d0ffb4 TranslateMessage
0x140d0ffbc UnregisterClassW
0x140d0ffc4 WaitMessage
0x140d0ffcc WindowFromPoint
EAT(Export Address Table) Library
0x140d0ce00 _cgo_dummy_export
0x1403a9c30 glowDebugCallback_glcore33
0x1403b6550 goCharCB
0x1403b65a0 goCharModsCB
0x1403b6420 goCursorEnterCB
0x1403b63b0 goCursorPosCB
0x1403b6600 goDropCB
0x1403b62a0 goErrorCB
0x1403b6780 goFramebufferSizeCB
0x1403b6300 goJoystickCB
0x1403b64e0 goKeyCB
0x1403b6670 goMonitorCB
0x1403b6350 goMouseButtonCB
0x1403b6470 goScrollCB
0x1403b67e0 goWindowCloseCB
0x1403b6880 goWindowFocusCB
0x1403b68d0 goWindowIconifyCB
0x1403b66c0 goWindowPosCB
0x1403b6830 goWindowRefreshCB
0x1403b6720 goWindowSizeCB