ScreenShot
Created | 2023.09.14 19:26 | Machine | s1_win7_x6403 |
Filename | newlife.exe | ||
Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 24 detected (AIDetectMalware, malicious, high confidence, Artemis, unsafe, Vu85, Attribute, HighConfidence, PWSX, Gencirc, Outbreak, Vigorf, RedLine, Chgt, X1sJOVJibMU, confidence) | ||
md5 | 69c0ce8858c37ee1e29fbeb4d0acc928 | ||
sha256 | 58334b23c64f5926faf1201c6875c2b44d60fa9ba85fba7ebc15f1ccabd0f803 | ||
ssdeep | 6144:CV+4tt25MIRakGNhYPu2p3QrhVaTpo5iL:U25MIkkGNwPWr7a2y | ||
imphash | 8a8dbe6ecfacdaceac22d14c24917858 | ||
impfuzzy | 48:mBxcpVO3tdS1CBgPpX5ZGorNwTSPvtwUA:acpVO3tdS1CBgPpXD3rNwePvtwZ |
Network IP location
Signature (10cnts)
Level | Description |
---|---|
danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
watch | Communicates with host for which no DNS query was performed |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Checks adapter addresses which can be used to detect virtual network interfaces |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | Checks amount of memory in system |
info | Checks if process is being debugged by a debugger |
info | Collects information to fingerprint the system (MachineGuid |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | ASPack_Zero | ASPack packed file | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE64 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140021000 SizeofResource
0x140021008 LocalAlloc
0x140021010 LockResource
0x140021018 LoadResource
0x140021020 FindResourceW
0x140021028 WriteConsoleW
0x140021030 CreateFileW
0x140021038 HeapSize
0x140021040 SetStdHandle
0x140021048 GetProcessHeap
0x140021050 FreeEnvironmentStringsW
0x140021058 GetEnvironmentStringsW
0x140021060 GetCommandLineW
0x140021068 GetCommandLineA
0x140021070 GetOEMCP
0x140021078 GetACP
0x140021080 IsValidCodePage
0x140021088 FindNextFileW
0x140021090 FindFirstFileExW
0x140021098 EncodePointer
0x1400210a0 DecodePointer
0x1400210a8 LocalFree
0x1400210b0 EnterCriticalSection
0x1400210b8 LeaveCriticalSection
0x1400210c0 InitializeCriticalSectionEx
0x1400210c8 DeleteCriticalSection
0x1400210d0 MultiByteToWideChar
0x1400210d8 WideCharToMultiByte
0x1400210e0 LCMapStringEx
0x1400210e8 GetStringTypeW
0x1400210f0 GetCPInfo
0x1400210f8 GetLastError
0x140021100 RtlCaptureContext
0x140021108 RtlLookupFunctionEntry
0x140021110 RtlVirtualUnwind
0x140021118 UnhandledExceptionFilter
0x140021120 SetUnhandledExceptionFilter
0x140021128 GetCurrentProcess
0x140021130 TerminateProcess
0x140021138 IsProcessorFeaturePresent
0x140021140 IsDebuggerPresent
0x140021148 GetStartupInfoW
0x140021150 GetModuleHandleW
0x140021158 QueryPerformanceCounter
0x140021160 GetCurrentProcessId
0x140021168 GetCurrentThreadId
0x140021170 GetSystemTimeAsFileTime
0x140021178 InitializeSListHead
0x140021180 RtlUnwindEx
0x140021188 RtlPcToFileHeader
0x140021190 RaiseException
0x140021198 SetLastError
0x1400211a0 InitializeCriticalSectionAndSpinCount
0x1400211a8 TlsAlloc
0x1400211b0 TlsGetValue
0x1400211b8 TlsSetValue
0x1400211c0 TlsFree
0x1400211c8 FreeLibrary
0x1400211d0 GetProcAddress
0x1400211d8 LoadLibraryExW
0x1400211e0 ExitProcess
0x1400211e8 GetModuleHandleExW
0x1400211f0 GetModuleFileNameW
0x1400211f8 GetStdHandle
0x140021200 WriteFile
0x140021208 HeapAlloc
0x140021210 HeapFree
0x140021218 FlsAlloc
0x140021220 FlsGetValue
0x140021228 FlsSetValue
0x140021230 FlsFree
0x140021238 LCMapStringW
0x140021240 GetLocaleInfoW
0x140021248 IsValidLocale
0x140021250 GetUserDefaultLCID
0x140021258 EnumSystemLocalesW
0x140021260 GetFileType
0x140021268 CloseHandle
0x140021270 FlushFileBuffers
0x140021278 GetConsoleOutputCP
0x140021280 GetConsoleMode
0x140021288 ReadFile
0x140021290 GetFileSizeEx
0x140021298 SetFilePointerEx
0x1400212a0 ReadConsoleW
0x1400212a8 HeapReAlloc
0x1400212b0 FindClose
0x1400212b8 RtlUnwind
ole32.dll
0x140021328 CoInitializeEx
OLEAUT32.dll
0x1400212c8 VariantInit
0x1400212d0 VariantCopy
0x1400212d8 SafeArrayUnaccessData
0x1400212e0 SafeArrayCreateVector
0x1400212e8 SafeArrayAccessData
0x1400212f0 VariantChangeType
0x1400212f8 VariantClear
0x140021300 GetErrorInfo
0x140021308 SafeArrayCreate
mscoree.dll
0x140021318 CLRCreateInstance
EAT(Export Address Table) is none
KERNEL32.dll
0x140021000 SizeofResource
0x140021008 LocalAlloc
0x140021010 LockResource
0x140021018 LoadResource
0x140021020 FindResourceW
0x140021028 WriteConsoleW
0x140021030 CreateFileW
0x140021038 HeapSize
0x140021040 SetStdHandle
0x140021048 GetProcessHeap
0x140021050 FreeEnvironmentStringsW
0x140021058 GetEnvironmentStringsW
0x140021060 GetCommandLineW
0x140021068 GetCommandLineA
0x140021070 GetOEMCP
0x140021078 GetACP
0x140021080 IsValidCodePage
0x140021088 FindNextFileW
0x140021090 FindFirstFileExW
0x140021098 EncodePointer
0x1400210a0 DecodePointer
0x1400210a8 LocalFree
0x1400210b0 EnterCriticalSection
0x1400210b8 LeaveCriticalSection
0x1400210c0 InitializeCriticalSectionEx
0x1400210c8 DeleteCriticalSection
0x1400210d0 MultiByteToWideChar
0x1400210d8 WideCharToMultiByte
0x1400210e0 LCMapStringEx
0x1400210e8 GetStringTypeW
0x1400210f0 GetCPInfo
0x1400210f8 GetLastError
0x140021100 RtlCaptureContext
0x140021108 RtlLookupFunctionEntry
0x140021110 RtlVirtualUnwind
0x140021118 UnhandledExceptionFilter
0x140021120 SetUnhandledExceptionFilter
0x140021128 GetCurrentProcess
0x140021130 TerminateProcess
0x140021138 IsProcessorFeaturePresent
0x140021140 IsDebuggerPresent
0x140021148 GetStartupInfoW
0x140021150 GetModuleHandleW
0x140021158 QueryPerformanceCounter
0x140021160 GetCurrentProcessId
0x140021168 GetCurrentThreadId
0x140021170 GetSystemTimeAsFileTime
0x140021178 InitializeSListHead
0x140021180 RtlUnwindEx
0x140021188 RtlPcToFileHeader
0x140021190 RaiseException
0x140021198 SetLastError
0x1400211a0 InitializeCriticalSectionAndSpinCount
0x1400211a8 TlsAlloc
0x1400211b0 TlsGetValue
0x1400211b8 TlsSetValue
0x1400211c0 TlsFree
0x1400211c8 FreeLibrary
0x1400211d0 GetProcAddress
0x1400211d8 LoadLibraryExW
0x1400211e0 ExitProcess
0x1400211e8 GetModuleHandleExW
0x1400211f0 GetModuleFileNameW
0x1400211f8 GetStdHandle
0x140021200 WriteFile
0x140021208 HeapAlloc
0x140021210 HeapFree
0x140021218 FlsAlloc
0x140021220 FlsGetValue
0x140021228 FlsSetValue
0x140021230 FlsFree
0x140021238 LCMapStringW
0x140021240 GetLocaleInfoW
0x140021248 IsValidLocale
0x140021250 GetUserDefaultLCID
0x140021258 EnumSystemLocalesW
0x140021260 GetFileType
0x140021268 CloseHandle
0x140021270 FlushFileBuffers
0x140021278 GetConsoleOutputCP
0x140021280 GetConsoleMode
0x140021288 ReadFile
0x140021290 GetFileSizeEx
0x140021298 SetFilePointerEx
0x1400212a0 ReadConsoleW
0x1400212a8 HeapReAlloc
0x1400212b0 FindClose
0x1400212b8 RtlUnwind
ole32.dll
0x140021328 CoInitializeEx
OLEAUT32.dll
0x1400212c8 VariantInit
0x1400212d0 VariantCopy
0x1400212d8 SafeArrayUnaccessData
0x1400212e0 SafeArrayCreateVector
0x1400212e8 SafeArrayAccessData
0x1400212f0 VariantChangeType
0x1400212f8 VariantClear
0x140021300 GetErrorInfo
0x140021308 SafeArrayCreate
mscoree.dll
0x140021318 CLRCreateInstance
EAT(Export Address Table) is none