ScreenShot
| Created | 2023.09.02 18:53 | Machine | s1_win7_x6401 |
| Filename | axb.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetectMalware, Tedy, Cordimik, Attribute, HighConfidence, malicious, high confidence, Python, Gencirc, Disco, Wacatac, score, DropperX, unsafe, CLOUD, ai score=80) | ||
| md5 | 8f66a9149d62c7a6c8a5e1256c9343eb | ||
| sha256 | a49bd1b74a7a8a570032ba6aaf34044e260fefb2d4012a15f2a2b06abef21fe1 | ||
| ssdeep | 196608:3ueZVVizoTMt/XGusECmLeprgLB+S4DGdi5RqtcY3A6U3HlZGQZ4oPp:llizqMxCm6Gtdur5oSx3XGQX | ||
| imphash | d7baf81e124df171306667f9b54df97c | ||
| impfuzzy | 24:VqDTLOkbj00u+M9B402tMXsUJnc+plxeDo/CuYoEOovw9CvKzZHGMA:tkTM9GtMXsEc+pXmuYco1 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Creates executable files on the filesystem |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
SHELL32.dll
0x1400202b0 SHFileOperationW
imagehlp.dll
0x1400202c0 UnMapAndLoad
0x1400202c8 MapAndLoad
KERNEL32.dll
0x140020000 TlsFree
0x140020008 HeapReAlloc
0x140020010 HeapSize
0x140020018 SetFilePointerEx
0x140020020 CreateDirectoryW
0x140020028 ReadFile
0x140020030 SetConsoleCtrlHandler
0x140020038 GetCommandLineW
0x140020040 WriteFile
0x140020048 GetShortPathNameW
0x140020050 GetModuleFileNameW
0x140020058 GetProcessId
0x140020060 SetFilePointer
0x140020068 GetTempPathW
0x140020070 WaitForSingleObject
0x140020078 CreateFileW
0x140020080 GetLastError
0x140020088 CloseHandle
0x140020090 SetEnvironmentVariableA
0x140020098 GetCurrentProcessId
0x1400200a0 CreateProcessW
0x1400200a8 GetSystemTimeAsFileTime
0x1400200b0 FormatMessageA
0x1400200b8 GenerateConsoleCtrlEvent
0x1400200c0 GetExitCodeProcess
0x1400200c8 RtlCaptureContext
0x1400200d0 RtlLookupFunctionEntry
0x1400200d8 RtlVirtualUnwind
0x1400200e0 UnhandledExceptionFilter
0x1400200e8 SetUnhandledExceptionFilter
0x1400200f0 GetCurrentProcess
0x1400200f8 TerminateProcess
0x140020100 IsProcessorFeaturePresent
0x140020108 QueryPerformanceCounter
0x140020110 GetCurrentThreadId
0x140020118 InitializeSListHead
0x140020120 IsDebuggerPresent
0x140020128 GetStartupInfoW
0x140020130 GetModuleHandleW
0x140020138 GetFileSizeEx
0x140020140 RtlUnwindEx
0x140020148 SetLastError
0x140020150 EnterCriticalSection
0x140020158 LeaveCriticalSection
0x140020160 DeleteCriticalSection
0x140020168 InitializeCriticalSectionAndSpinCount
0x140020170 TlsAlloc
0x140020178 TlsGetValue
0x140020180 TlsSetValue
0x140020188 WriteConsoleW
0x140020190 FreeLibrary
0x140020198 GetProcAddress
0x1400201a0 LoadLibraryExW
0x1400201a8 EncodePointer
0x1400201b0 RaiseException
0x1400201b8 RtlPcToFileHeader
0x1400201c0 ExitProcess
0x1400201c8 GetModuleHandleExW
0x1400201d0 GetCommandLineA
0x1400201d8 GetStdHandle
0x1400201e0 HeapAlloc
0x1400201e8 MultiByteToWideChar
0x1400201f0 HeapFree
0x1400201f8 FlsAlloc
0x140020200 FlsGetValue
0x140020208 FlsSetValue
0x140020210 FlsFree
0x140020218 LCMapStringW
0x140020220 GetFileType
0x140020228 WideCharToMultiByte
0x140020230 FindClose
0x140020238 FindFirstFileExW
0x140020240 FindNextFileW
0x140020248 IsValidCodePage
0x140020250 GetACP
0x140020258 GetOEMCP
0x140020260 GetCPInfo
0x140020268 GetEnvironmentStringsW
0x140020270 FreeEnvironmentStringsW
0x140020278 SetStdHandle
0x140020280 GetStringTypeW
0x140020288 GetProcessHeap
0x140020290 FlushFileBuffers
0x140020298 GetConsoleOutputCP
0x1400202a0 GetConsoleMode
EAT(Export Address Table) is none
SHELL32.dll
0x1400202b0 SHFileOperationW
imagehlp.dll
0x1400202c0 UnMapAndLoad
0x1400202c8 MapAndLoad
KERNEL32.dll
0x140020000 TlsFree
0x140020008 HeapReAlloc
0x140020010 HeapSize
0x140020018 SetFilePointerEx
0x140020020 CreateDirectoryW
0x140020028 ReadFile
0x140020030 SetConsoleCtrlHandler
0x140020038 GetCommandLineW
0x140020040 WriteFile
0x140020048 GetShortPathNameW
0x140020050 GetModuleFileNameW
0x140020058 GetProcessId
0x140020060 SetFilePointer
0x140020068 GetTempPathW
0x140020070 WaitForSingleObject
0x140020078 CreateFileW
0x140020080 GetLastError
0x140020088 CloseHandle
0x140020090 SetEnvironmentVariableA
0x140020098 GetCurrentProcessId
0x1400200a0 CreateProcessW
0x1400200a8 GetSystemTimeAsFileTime
0x1400200b0 FormatMessageA
0x1400200b8 GenerateConsoleCtrlEvent
0x1400200c0 GetExitCodeProcess
0x1400200c8 RtlCaptureContext
0x1400200d0 RtlLookupFunctionEntry
0x1400200d8 RtlVirtualUnwind
0x1400200e0 UnhandledExceptionFilter
0x1400200e8 SetUnhandledExceptionFilter
0x1400200f0 GetCurrentProcess
0x1400200f8 TerminateProcess
0x140020100 IsProcessorFeaturePresent
0x140020108 QueryPerformanceCounter
0x140020110 GetCurrentThreadId
0x140020118 InitializeSListHead
0x140020120 IsDebuggerPresent
0x140020128 GetStartupInfoW
0x140020130 GetModuleHandleW
0x140020138 GetFileSizeEx
0x140020140 RtlUnwindEx
0x140020148 SetLastError
0x140020150 EnterCriticalSection
0x140020158 LeaveCriticalSection
0x140020160 DeleteCriticalSection
0x140020168 InitializeCriticalSectionAndSpinCount
0x140020170 TlsAlloc
0x140020178 TlsGetValue
0x140020180 TlsSetValue
0x140020188 WriteConsoleW
0x140020190 FreeLibrary
0x140020198 GetProcAddress
0x1400201a0 LoadLibraryExW
0x1400201a8 EncodePointer
0x1400201b0 RaiseException
0x1400201b8 RtlPcToFileHeader
0x1400201c0 ExitProcess
0x1400201c8 GetModuleHandleExW
0x1400201d0 GetCommandLineA
0x1400201d8 GetStdHandle
0x1400201e0 HeapAlloc
0x1400201e8 MultiByteToWideChar
0x1400201f0 HeapFree
0x1400201f8 FlsAlloc
0x140020200 FlsGetValue
0x140020208 FlsSetValue
0x140020210 FlsFree
0x140020218 LCMapStringW
0x140020220 GetFileType
0x140020228 WideCharToMultiByte
0x140020230 FindClose
0x140020238 FindFirstFileExW
0x140020240 FindNextFileW
0x140020248 IsValidCodePage
0x140020250 GetACP
0x140020258 GetOEMCP
0x140020260 GetCPInfo
0x140020268 GetEnvironmentStringsW
0x140020270 FreeEnvironmentStringsW
0x140020278 SetStdHandle
0x140020280 GetStringTypeW
0x140020288 GetProcessHeap
0x140020290 FlushFileBuffers
0x140020298 GetConsoleOutputCP
0x1400202a0 GetConsoleMode
EAT(Export Address Table) is none