ScreenShot
| Created | 2023.09.10 17:06 | Machine | s1_win7_x6403 |
| Filename | Chrome.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 19 detected (AIDetectMalware, malicious, moderate confidence, Artemis, Neshta, FileInfector, confidence, score, Shlem, Static AI, Suspicious PE, Casdet, Detected, BatAVProcKill, susgen) | ||
| md5 | 43e176e16444079c82e2446f0870d1e1 | ||
| sha256 | 27fb95086df3f2a22f6e34a746bb1f15d882936e2f6dea770bfd76bb1fc0423e | ||
| ssdeep | 49152:eMn6jRfJ3c1m8Sg2rgNF2b1D6KiMWFUIiJ:Tu3cFLvFY | ||
| imphash | f0ea7b7844bbc5bfa9bb32efdcea957c | ||
| impfuzzy | 24:UbVjh9wO+VuT2oLtXOr6kwmDruMztxdEr6tP:GwO+VAXOmGx0oP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | Detects the presence of Wine emulator |
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x55c100 WriteFile
0x55c108 WriteConsoleW
0x55c110 WaitForMultipleObjects
0x55c118 WaitForSingleObject
0x55c120 VirtualQuery
0x55c128 VirtualFree
0x55c130 VirtualAlloc
0x55c138 TlsAlloc
0x55c140 SwitchToThread
0x55c148 SuspendThread
0x55c150 SetWaitableTimer
0x55c158 SetUnhandledExceptionFilter
0x55c160 SetProcessPriorityBoost
0x55c168 SetEvent
0x55c170 SetErrorMode
0x55c178 SetConsoleCtrlHandler
0x55c180 ResumeThread
0x55c188 PostQueuedCompletionStatus
0x55c190 LoadLibraryA
0x55c198 LoadLibraryW
0x55c1a0 SetThreadContext
0x55c1a8 GetThreadContext
0x55c1b0 GetSystemInfo
0x55c1b8 GetSystemDirectoryA
0x55c1c0 GetStdHandle
0x55c1c8 GetQueuedCompletionStatusEx
0x55c1d0 GetProcessAffinityMask
0x55c1d8 GetProcAddress
0x55c1e0 GetEnvironmentStringsW
0x55c1e8 GetConsoleMode
0x55c1f0 FreeEnvironmentStringsW
0x55c1f8 ExitProcess
0x55c200 DuplicateHandle
0x55c208 CreateWaitableTimerExW
0x55c210 CreateThread
0x55c218 CreateIoCompletionPort
0x55c220 CreateFileA
0x55c228 CreateEventA
0x55c230 CloseHandle
0x55c238 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x55c100 WriteFile
0x55c108 WriteConsoleW
0x55c110 WaitForMultipleObjects
0x55c118 WaitForSingleObject
0x55c120 VirtualQuery
0x55c128 VirtualFree
0x55c130 VirtualAlloc
0x55c138 TlsAlloc
0x55c140 SwitchToThread
0x55c148 SuspendThread
0x55c150 SetWaitableTimer
0x55c158 SetUnhandledExceptionFilter
0x55c160 SetProcessPriorityBoost
0x55c168 SetEvent
0x55c170 SetErrorMode
0x55c178 SetConsoleCtrlHandler
0x55c180 ResumeThread
0x55c188 PostQueuedCompletionStatus
0x55c190 LoadLibraryA
0x55c198 LoadLibraryW
0x55c1a0 SetThreadContext
0x55c1a8 GetThreadContext
0x55c1b0 GetSystemInfo
0x55c1b8 GetSystemDirectoryA
0x55c1c0 GetStdHandle
0x55c1c8 GetQueuedCompletionStatusEx
0x55c1d0 GetProcessAffinityMask
0x55c1d8 GetProcAddress
0x55c1e0 GetEnvironmentStringsW
0x55c1e8 GetConsoleMode
0x55c1f0 FreeEnvironmentStringsW
0x55c1f8 ExitProcess
0x55c200 DuplicateHandle
0x55c208 CreateWaitableTimerExW
0x55c210 CreateThread
0x55c218 CreateIoCompletionPort
0x55c220 CreateFileA
0x55c228 CreateEventA
0x55c230 CloseHandle
0x55c238 AddVectoredExceptionHandler
EAT(Export Address Table) is none