ScreenShot
| Created | 2023.09.06 17:03 | Machine | s1_win7_x6403 |
| Filename | file2.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 10 detected (AIDetectMalware, Artemis, Attribute, HighConfidence, RedLine, Synder, MALICIOUS) | ||
| md5 | d2b7f7a2b18d3b88f01e08dd0ca0b0db | ||
| sha256 | 8937e2d6ef5b91a15cf3aa99706737230f5403edb91d26c408b0b3a848383ca1 | ||
| ssdeep | 98304:IKqngqire7IsaEsLmlLg+ukffLQE34FCCZmkV4vo72MDK:UgHEbKkffLp34FCCZmkV4c | ||
| imphash | 85cddd6092e65c1a58dd1e6e9ab9fc63 | ||
| impfuzzy | 48:qJrKxMCy9cmVKeFR+2F42xQHpdXiX1PJOmSplTJGfYJ861k1vcqTjz:qJexMCyamXRHF42xQHPXiX1Pgb7TJGQA | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | Detects the presence of Wine emulator |
| watch | File has been identified by 10 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14091745c AddAtomA
0x140917464 AddVectoredExceptionHandler
0x14091746c CloseHandle
0x140917474 CreateEventA
0x14091747c CreateFileA
0x140917484 CreateIoCompletionPort
0x14091748c CreateMutexA
0x140917494 CreateSemaphoreA
0x14091749c CreateThread
0x1409174a4 CreateWaitableTimerExW
0x1409174ac DeleteAtom
0x1409174b4 DeleteCriticalSection
0x1409174bc DuplicateHandle
0x1409174c4 EnterCriticalSection
0x1409174cc ExitProcess
0x1409174d4 FindAtomA
0x1409174dc FormatMessageA
0x1409174e4 FreeEnvironmentStringsW
0x1409174ec GetAtomNameA
0x1409174f4 GetConsoleMode
0x1409174fc GetCurrentProcess
0x140917504 GetCurrentProcessId
0x14091750c GetCurrentThread
0x140917514 GetCurrentThreadId
0x14091751c GetEnvironmentStringsW
0x140917524 GetHandleInformation
0x14091752c GetLastError
0x140917534 GetProcAddress
0x14091753c GetProcessAffinityMask
0x140917544 GetQueuedCompletionStatusEx
0x14091754c GetStartupInfoA
0x140917554 GetStdHandle
0x14091755c GetSystemDirectoryA
0x140917564 GetSystemInfo
0x14091756c GetSystemTimeAsFileTime
0x140917574 GetThreadContext
0x14091757c GetThreadPriority
0x140917584 GetTickCount
0x14091758c InitializeCriticalSection
0x140917594 IsDBCSLeadByteEx
0x14091759c IsDebuggerPresent
0x1409175a4 LeaveCriticalSection
0x1409175ac LoadLibraryA
0x1409175b4 LoadLibraryW
0x1409175bc LocalFree
0x1409175c4 MultiByteToWideChar
0x1409175cc OpenProcess
0x1409175d4 OutputDebugStringA
0x1409175dc PostQueuedCompletionStatus
0x1409175e4 QueryPerformanceCounter
0x1409175ec QueryPerformanceFrequency
0x1409175f4 RaiseException
0x1409175fc ReleaseMutex
0x140917604 ReleaseSemaphore
0x14091760c RemoveVectoredExceptionHandler
0x140917614 ResetEvent
0x14091761c ResumeThread
0x140917624 SetConsoleCtrlHandler
0x14091762c SetErrorMode
0x140917634 SetEvent
0x14091763c SetLastError
0x140917644 SetProcessAffinityMask
0x14091764c SetProcessPriorityBoost
0x140917654 SetThreadContext
0x14091765c SetThreadPriority
0x140917664 SetUnhandledExceptionFilter
0x14091766c SetWaitableTimer
0x140917674 Sleep
0x14091767c SuspendThread
0x140917684 SwitchToThread
0x14091768c TlsAlloc
0x140917694 TlsGetValue
0x14091769c TlsSetValue
0x1409176a4 TryEnterCriticalSection
0x1409176ac VirtualAlloc
0x1409176b4 VirtualFree
0x1409176bc VirtualProtect
0x1409176c4 VirtualQuery
0x1409176cc WaitForMultipleObjects
0x1409176d4 WaitForSingleObject
0x1409176dc WideCharToMultiByte
0x1409176e4 WriteConsoleW
0x1409176ec WriteFile
0x1409176f4 __C_specific_handler
msvcrt.dll
0x140917704 ___lc_codepage_func
0x14091770c ___mb_cur_max_func
0x140917714 __getmainargs
0x14091771c __initenv
0x140917724 __iob_func
0x14091772c __lconv_init
0x140917734 __set_app_type
0x14091773c __setusermatherr
0x140917744 _acmdln
0x14091774c _amsg_exit
0x140917754 _beginthread
0x14091775c _beginthreadex
0x140917764 _cexit
0x14091776c _commode
0x140917774 _endthreadex
0x14091777c _errno
0x140917784 _fmode
0x14091778c _initterm
0x140917794 _lock
0x14091779c _memccpy
0x1409177a4 _onexit
0x1409177ac _setjmp
0x1409177b4 _strdup
0x1409177bc _ultoa
0x1409177c4 _unlock
0x1409177cc abort
0x1409177d4 calloc
0x1409177dc exit
0x1409177e4 fprintf
0x1409177ec fputc
0x1409177f4 free
0x1409177fc fwrite
0x140917804 localeconv
0x14091780c longjmp
0x140917814 malloc
0x14091781c memcpy
0x140917824 memmove
0x14091782c memset
0x140917834 printf
0x14091783c realloc
0x140917844 signal
0x14091784c strerror
0x140917854 strlen
0x14091785c strncmp
0x140917864 vfprintf
0x14091786c wcslen
EAT(Export Address Table) Library
0x140914320 _cgo_dummy_export
KERNEL32.dll
0x14091745c AddAtomA
0x140917464 AddVectoredExceptionHandler
0x14091746c CloseHandle
0x140917474 CreateEventA
0x14091747c CreateFileA
0x140917484 CreateIoCompletionPort
0x14091748c CreateMutexA
0x140917494 CreateSemaphoreA
0x14091749c CreateThread
0x1409174a4 CreateWaitableTimerExW
0x1409174ac DeleteAtom
0x1409174b4 DeleteCriticalSection
0x1409174bc DuplicateHandle
0x1409174c4 EnterCriticalSection
0x1409174cc ExitProcess
0x1409174d4 FindAtomA
0x1409174dc FormatMessageA
0x1409174e4 FreeEnvironmentStringsW
0x1409174ec GetAtomNameA
0x1409174f4 GetConsoleMode
0x1409174fc GetCurrentProcess
0x140917504 GetCurrentProcessId
0x14091750c GetCurrentThread
0x140917514 GetCurrentThreadId
0x14091751c GetEnvironmentStringsW
0x140917524 GetHandleInformation
0x14091752c GetLastError
0x140917534 GetProcAddress
0x14091753c GetProcessAffinityMask
0x140917544 GetQueuedCompletionStatusEx
0x14091754c GetStartupInfoA
0x140917554 GetStdHandle
0x14091755c GetSystemDirectoryA
0x140917564 GetSystemInfo
0x14091756c GetSystemTimeAsFileTime
0x140917574 GetThreadContext
0x14091757c GetThreadPriority
0x140917584 GetTickCount
0x14091758c InitializeCriticalSection
0x140917594 IsDBCSLeadByteEx
0x14091759c IsDebuggerPresent
0x1409175a4 LeaveCriticalSection
0x1409175ac LoadLibraryA
0x1409175b4 LoadLibraryW
0x1409175bc LocalFree
0x1409175c4 MultiByteToWideChar
0x1409175cc OpenProcess
0x1409175d4 OutputDebugStringA
0x1409175dc PostQueuedCompletionStatus
0x1409175e4 QueryPerformanceCounter
0x1409175ec QueryPerformanceFrequency
0x1409175f4 RaiseException
0x1409175fc ReleaseMutex
0x140917604 ReleaseSemaphore
0x14091760c RemoveVectoredExceptionHandler
0x140917614 ResetEvent
0x14091761c ResumeThread
0x140917624 SetConsoleCtrlHandler
0x14091762c SetErrorMode
0x140917634 SetEvent
0x14091763c SetLastError
0x140917644 SetProcessAffinityMask
0x14091764c SetProcessPriorityBoost
0x140917654 SetThreadContext
0x14091765c SetThreadPriority
0x140917664 SetUnhandledExceptionFilter
0x14091766c SetWaitableTimer
0x140917674 Sleep
0x14091767c SuspendThread
0x140917684 SwitchToThread
0x14091768c TlsAlloc
0x140917694 TlsGetValue
0x14091769c TlsSetValue
0x1409176a4 TryEnterCriticalSection
0x1409176ac VirtualAlloc
0x1409176b4 VirtualFree
0x1409176bc VirtualProtect
0x1409176c4 VirtualQuery
0x1409176cc WaitForMultipleObjects
0x1409176d4 WaitForSingleObject
0x1409176dc WideCharToMultiByte
0x1409176e4 WriteConsoleW
0x1409176ec WriteFile
0x1409176f4 __C_specific_handler
msvcrt.dll
0x140917704 ___lc_codepage_func
0x14091770c ___mb_cur_max_func
0x140917714 __getmainargs
0x14091771c __initenv
0x140917724 __iob_func
0x14091772c __lconv_init
0x140917734 __set_app_type
0x14091773c __setusermatherr
0x140917744 _acmdln
0x14091774c _amsg_exit
0x140917754 _beginthread
0x14091775c _beginthreadex
0x140917764 _cexit
0x14091776c _commode
0x140917774 _endthreadex
0x14091777c _errno
0x140917784 _fmode
0x14091778c _initterm
0x140917794 _lock
0x14091779c _memccpy
0x1409177a4 _onexit
0x1409177ac _setjmp
0x1409177b4 _strdup
0x1409177bc _ultoa
0x1409177c4 _unlock
0x1409177cc abort
0x1409177d4 calloc
0x1409177dc exit
0x1409177e4 fprintf
0x1409177ec fputc
0x1409177f4 free
0x1409177fc fwrite
0x140917804 localeconv
0x14091780c longjmp
0x140917814 malloc
0x14091781c memcpy
0x140917824 memmove
0x14091782c memset
0x140917834 printf
0x14091783c realloc
0x140917844 signal
0x14091784c strerror
0x140917854 strlen
0x14091785c strncmp
0x140917864 vfprintf
0x14091786c wcslen
EAT(Export Address Table) Library
0x140914320 _cgo_dummy_export