ScreenShot
| Created | 2023.09.18 16:41 | Machine | s1_win7_x6403 |
| Filename | 167.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 41 detected (AIDetectMalware, lZ4Q, Siggen21, Cerbu, Save, malicious, Attribute, HighConfidence, high confidence, Kryptik, HUQL, score, Stealerc, CrypterX, Obfuscated, moderate, Static AI, Suspicious PE, ai score=85, Convagent, Redline, ASAO, Detected, Artemis, unsafe, Generic@AI, RDML, 0fas+gO, IVHC1QidAER6uA, HUQJ, confidence, 100%) | ||
| md5 | f2cba0949d0354095822d6ba06b0d187 | ||
| sha256 | 7d81f8e1d9b0b0d61bd551eebc4a1998422663a20feb74e5e86ee8cd50679cf8 | ||
| ssdeep | 3072:VEI7fZWCg+xpEt7R61OBnUTQAVp+NUBJAt:hfECgQm7ReT9BJ | ||
| imphash | e7524ccca7833a80ac6449284f271ff0 | ||
| impfuzzy | 24:2kbG2SEPWiZz+fmarPPpkrkRIOov/FjAvfWHGV4vVFzkJj+uUvavvPIfkhbO5xXp:q1+Zq8EmQYFBu+A3m9ttfcIe7vc7UXg | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401010 ReadConsoleA
0x401014 InterlockedDecrement
0x401018 SetDefaultCommConfigW
0x40101c GetEnvironmentStringsW
0x401020 GetProfileStringW
0x401024 GetUserDefaultLCID
0x401028 SetConsoleScreenBufferSize
0x40102c AddConsoleAliasW
0x401030 SetVolumeMountPointW
0x401034 GetComputerNameW
0x401038 GetModuleHandleW
0x40103c GetCommConfig
0x401040 GetConsoleAliasesLengthA
0x401044 SetFileTime
0x401048 GetCommandLineA
0x40104c GetDriveTypeA
0x401050 GetEnvironmentStrings
0x401054 LoadLibraryW
0x401058 TerminateThread
0x40105c FatalAppExitW
0x401060 ReadConsoleInputA
0x401064 CopyFileW
0x401068 SetConsoleCP
0x40106c EnumSystemCodePagesA
0x401070 GetACP
0x401074 GetVolumePathNameA
0x401078 MoveFileExW
0x40107c CreateJobObjectA
0x401080 GetPrivateProfileIntW
0x401084 FindFirstFileA
0x401088 GetLastError
0x40108c GetCurrentDirectoryW
0x401090 SetLastError
0x401094 LoadLibraryA
0x401098 OpenMutexA
0x40109c GetProcessId
0x4010a0 LocalAlloc
0x4010a4 GetFileType
0x4010a8 GetNumberFormatW
0x4010ac RemoveDirectoryW
0x4010b0 FreeEnvironmentStringsW
0x4010b4 EnumResourceNamesA
0x4010b8 FindNextFileW
0x4010bc VirtualProtect
0x4010c0 GetCurrentDirectoryA
0x4010c4 EnumDateFormatsW
0x4010c8 GetShortPathNameW
0x4010cc OpenSemaphoreW
0x4010d0 FindFirstVolumeA
0x4010d4 FindAtomW
0x4010d8 GetWindowsDirectoryW
0x4010dc SetStdHandle
0x4010e0 WriteConsoleW
0x4010e4 GetConsoleAliasExesA
0x4010e8 FindFirstFileW
0x4010ec GetStartupInfoW
0x4010f0 GetCommandLineW
0x4010f4 CloseHandle
0x4010f8 CreateFileW
0x4010fc MoveFileA
0x401100 HeapFree
0x401104 HeapAlloc
0x401108 EncodePointer
0x40110c DecodePointer
0x401110 HeapSetInformation
0x401114 HeapCreate
0x401118 GetProcAddress
0x40111c ExitProcess
0x401120 WriteFile
0x401124 GetStdHandle
0x401128 GetModuleFileNameW
0x40112c UnhandledExceptionFilter
0x401130 SetUnhandledExceptionFilter
0x401134 IsDebuggerPresent
0x401138 TerminateProcess
0x40113c GetCurrentProcess
0x401140 Sleep
0x401144 HeapSize
0x401148 EnterCriticalSection
0x40114c LeaveCriticalSection
0x401150 SetHandleCount
0x401154 InitializeCriticalSectionAndSpinCount
0x401158 DeleteCriticalSection
0x40115c TlsAlloc
0x401160 TlsGetValue
0x401164 TlsSetValue
0x401168 TlsFree
0x40116c InterlockedIncrement
0x401170 GetCurrentThreadId
0x401174 QueryPerformanceCounter
0x401178 GetTickCount
0x40117c GetCurrentProcessId
0x401180 GetSystemTimeAsFileTime
0x401184 HeapReAlloc
0x401188 RtlUnwind
0x40118c GetCPInfo
0x401190 GetOEMCP
0x401194 IsValidCodePage
0x401198 WideCharToMultiByte
0x40119c IsProcessorFeaturePresent
0x4011a0 GetConsoleCP
0x4011a4 GetConsoleMode
0x4011a8 FlushFileBuffers
0x4011ac LCMapStringW
0x4011b0 MultiByteToWideChar
0x4011b4 GetStringTypeW
0x4011b8 SetFilePointer
USER32.dll
0x4011c8 CharUpperW
GDI32.dll
0x401000 SelectPalette
0x401004 GetTextFaceW
0x401008 GetCharWidthA
SHELL32.dll
0x4011c0 DragFinish
WINHTTP.dll
0x4011d0 WinHttpGetProxyForUrl
EAT(Export Address Table) is none
KERNEL32.dll
0x401010 ReadConsoleA
0x401014 InterlockedDecrement
0x401018 SetDefaultCommConfigW
0x40101c GetEnvironmentStringsW
0x401020 GetProfileStringW
0x401024 GetUserDefaultLCID
0x401028 SetConsoleScreenBufferSize
0x40102c AddConsoleAliasW
0x401030 SetVolumeMountPointW
0x401034 GetComputerNameW
0x401038 GetModuleHandleW
0x40103c GetCommConfig
0x401040 GetConsoleAliasesLengthA
0x401044 SetFileTime
0x401048 GetCommandLineA
0x40104c GetDriveTypeA
0x401050 GetEnvironmentStrings
0x401054 LoadLibraryW
0x401058 TerminateThread
0x40105c FatalAppExitW
0x401060 ReadConsoleInputA
0x401064 CopyFileW
0x401068 SetConsoleCP
0x40106c EnumSystemCodePagesA
0x401070 GetACP
0x401074 GetVolumePathNameA
0x401078 MoveFileExW
0x40107c CreateJobObjectA
0x401080 GetPrivateProfileIntW
0x401084 FindFirstFileA
0x401088 GetLastError
0x40108c GetCurrentDirectoryW
0x401090 SetLastError
0x401094 LoadLibraryA
0x401098 OpenMutexA
0x40109c GetProcessId
0x4010a0 LocalAlloc
0x4010a4 GetFileType
0x4010a8 GetNumberFormatW
0x4010ac RemoveDirectoryW
0x4010b0 FreeEnvironmentStringsW
0x4010b4 EnumResourceNamesA
0x4010b8 FindNextFileW
0x4010bc VirtualProtect
0x4010c0 GetCurrentDirectoryA
0x4010c4 EnumDateFormatsW
0x4010c8 GetShortPathNameW
0x4010cc OpenSemaphoreW
0x4010d0 FindFirstVolumeA
0x4010d4 FindAtomW
0x4010d8 GetWindowsDirectoryW
0x4010dc SetStdHandle
0x4010e0 WriteConsoleW
0x4010e4 GetConsoleAliasExesA
0x4010e8 FindFirstFileW
0x4010ec GetStartupInfoW
0x4010f0 GetCommandLineW
0x4010f4 CloseHandle
0x4010f8 CreateFileW
0x4010fc MoveFileA
0x401100 HeapFree
0x401104 HeapAlloc
0x401108 EncodePointer
0x40110c DecodePointer
0x401110 HeapSetInformation
0x401114 HeapCreate
0x401118 GetProcAddress
0x40111c ExitProcess
0x401120 WriteFile
0x401124 GetStdHandle
0x401128 GetModuleFileNameW
0x40112c UnhandledExceptionFilter
0x401130 SetUnhandledExceptionFilter
0x401134 IsDebuggerPresent
0x401138 TerminateProcess
0x40113c GetCurrentProcess
0x401140 Sleep
0x401144 HeapSize
0x401148 EnterCriticalSection
0x40114c LeaveCriticalSection
0x401150 SetHandleCount
0x401154 InitializeCriticalSectionAndSpinCount
0x401158 DeleteCriticalSection
0x40115c TlsAlloc
0x401160 TlsGetValue
0x401164 TlsSetValue
0x401168 TlsFree
0x40116c InterlockedIncrement
0x401170 GetCurrentThreadId
0x401174 QueryPerformanceCounter
0x401178 GetTickCount
0x40117c GetCurrentProcessId
0x401180 GetSystemTimeAsFileTime
0x401184 HeapReAlloc
0x401188 RtlUnwind
0x40118c GetCPInfo
0x401190 GetOEMCP
0x401194 IsValidCodePage
0x401198 WideCharToMultiByte
0x40119c IsProcessorFeaturePresent
0x4011a0 GetConsoleCP
0x4011a4 GetConsoleMode
0x4011a8 FlushFileBuffers
0x4011ac LCMapStringW
0x4011b0 MultiByteToWideChar
0x4011b4 GetStringTypeW
0x4011b8 SetFilePointer
USER32.dll
0x4011c8 CharUpperW
GDI32.dll
0x401000 SelectPalette
0x401004 GetTextFaceW
0x401008 GetCharWidthA
SHELL32.dll
0x4011c0 DragFinish
WINHTTP.dll
0x4011d0 WinHttpGetProxyForUrl
EAT(Export Address Table) is none