ScreenShot
| Created | 2023.09.21 09:35 | Machine | s1_win7_x6402 |
| Filename | Bitter.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 24 detected (AIDetectMalware, malicious, high confidence, Save, Attribute, HighConfidence, score, AGEN, Static AI, Suspicious PE, Wacatac, Kryptik, Znyonm, Artemis, Chgt, Generic@AI, RDML, DfqXJYUM4VTRGnz5RVelwA, HCYC, ZexaF, 5y0@aSdPyrai, confidence, 100%) | ||
| md5 | 17fa8319d0f676b0a4e69d629e3b46a3 | ||
| sha256 | 7e2fd37d4bb8cc4166498114d887a99f84122f6990cbfc2fe7047c8d41e866da | ||
| ssdeep | 6144:TNz+5SS9e1jf5dRV5mH8kzRAv/cAOzA1toyJWlKT6yVRVUKxAPIzWxMTYgK11jW6:TNip9e1jf5p5Usv/c26KxAPISkkW5cC | ||
| imphash | ccc0dba82ee571a2525935dd8b932dc3 | ||
| impfuzzy | 24:mk0DrumJAu9QH9dkTj/MUFvgZfvFJBlDstPQspdFcIOovbO5c18VV4:mky7J2mxgZfvxitPQspHK3Zw | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42600c SetEndOfFile
0x426010 WriteConsoleW
0x426014 WideCharToMultiByte
0x426018 ExitProcess
0x42601c DeleteCriticalSection
0x426020 GetProcAddress
0x426024 HeapAlloc
0x426028 FreeConsole
0x42602c RaiseException
0x426030 CloseHandle
0x426034 CreateFileW
0x426038 HeapReAlloc
0x42603c SetEvent
0x426040 GetLastError
0x426044 HeapSize
0x426048 lstrlenA
0x42604c LeaveCriticalSection
0x426050 VirtualAlloc
0x426054 GetProcessHeap
0x426058 SetStdHandle
0x42605c SetEnvironmentVariableW
0x426060 FreeEnvironmentStringsW
0x426064 GetEnvironmentStringsW
0x426068 GetOEMCP
0x42606c GetACP
0x426070 IsValidCodePage
0x426074 FindNextFileW
0x426078 EnterCriticalSection
0x42607c HeapFree
0x426080 CompareStringW
0x426084 GetStartupInfoW
0x426088 FindFirstFileExW
0x42608c FindClose
0x426090 ReadConsoleW
0x426094 SetFilePointerEx
0x426098 GetFileSizeEx
0x42609c ReadFile
0x4260a0 GetConsoleMode
0x4260a4 GetConsoleCP
0x4260a8 FlushFileBuffers
0x4260ac GetFileType
0x4260b0 EnumSystemLocalesW
0x4260b4 GetUserDefaultLCID
0x4260b8 GetCurrentProcess
0x4260bc SwitchToThread
0x4260c0 GetCurrentThread
0x4260c4 GetCurrentThreadId
0x4260c8 QueryPerformanceCounter
0x4260cc SetLastError
0x4260d0 InitializeCriticalSectionAndSpinCount
0x4260d4 TlsAlloc
0x4260d8 TlsGetValue
0x4260dc TlsSetValue
0x4260e0 TlsFree
0x4260e4 GetSystemTimeAsFileTime
0x4260e8 GetModuleHandleW
0x4260ec EncodePointer
0x4260f0 DecodePointer
0x4260f4 MultiByteToWideChar
0x4260f8 LCMapStringW
0x4260fc GetLocaleInfoW
0x426100 GetStringTypeW
0x426104 GetCPInfo
0x426108 UnhandledExceptionFilter
0x42610c SetUnhandledExceptionFilter
0x426110 TerminateProcess
0x426114 IsProcessorFeaturePresent
0x426118 GetCurrentProcessId
0x42611c InitializeSListHead
0x426120 IsDebuggerPresent
0x426124 GetThreadTimes
0x426128 FreeLibrary
0x42612c GetModuleFileNameW
0x426130 LoadLibraryExW
0x426134 RtlUnwind
0x426138 GetModuleHandleExW
0x42613c GetStdHandle
0x426140 WriteFile
0x426144 GetCommandLineA
0x426148 GetCommandLineW
0x42614c IsValidLocale
ADVAPI32.dll
0x426000 OpenEventLogA
0x426004 GetUserNameA
ntdll.dll
0x426154 NtUnmapViewOfSection
EAT(Export Address Table) is none
KERNEL32.dll
0x42600c SetEndOfFile
0x426010 WriteConsoleW
0x426014 WideCharToMultiByte
0x426018 ExitProcess
0x42601c DeleteCriticalSection
0x426020 GetProcAddress
0x426024 HeapAlloc
0x426028 FreeConsole
0x42602c RaiseException
0x426030 CloseHandle
0x426034 CreateFileW
0x426038 HeapReAlloc
0x42603c SetEvent
0x426040 GetLastError
0x426044 HeapSize
0x426048 lstrlenA
0x42604c LeaveCriticalSection
0x426050 VirtualAlloc
0x426054 GetProcessHeap
0x426058 SetStdHandle
0x42605c SetEnvironmentVariableW
0x426060 FreeEnvironmentStringsW
0x426064 GetEnvironmentStringsW
0x426068 GetOEMCP
0x42606c GetACP
0x426070 IsValidCodePage
0x426074 FindNextFileW
0x426078 EnterCriticalSection
0x42607c HeapFree
0x426080 CompareStringW
0x426084 GetStartupInfoW
0x426088 FindFirstFileExW
0x42608c FindClose
0x426090 ReadConsoleW
0x426094 SetFilePointerEx
0x426098 GetFileSizeEx
0x42609c ReadFile
0x4260a0 GetConsoleMode
0x4260a4 GetConsoleCP
0x4260a8 FlushFileBuffers
0x4260ac GetFileType
0x4260b0 EnumSystemLocalesW
0x4260b4 GetUserDefaultLCID
0x4260b8 GetCurrentProcess
0x4260bc SwitchToThread
0x4260c0 GetCurrentThread
0x4260c4 GetCurrentThreadId
0x4260c8 QueryPerformanceCounter
0x4260cc SetLastError
0x4260d0 InitializeCriticalSectionAndSpinCount
0x4260d4 TlsAlloc
0x4260d8 TlsGetValue
0x4260dc TlsSetValue
0x4260e0 TlsFree
0x4260e4 GetSystemTimeAsFileTime
0x4260e8 GetModuleHandleW
0x4260ec EncodePointer
0x4260f0 DecodePointer
0x4260f4 MultiByteToWideChar
0x4260f8 LCMapStringW
0x4260fc GetLocaleInfoW
0x426100 GetStringTypeW
0x426104 GetCPInfo
0x426108 UnhandledExceptionFilter
0x42610c SetUnhandledExceptionFilter
0x426110 TerminateProcess
0x426114 IsProcessorFeaturePresent
0x426118 GetCurrentProcessId
0x42611c InitializeSListHead
0x426120 IsDebuggerPresent
0x426124 GetThreadTimes
0x426128 FreeLibrary
0x42612c GetModuleFileNameW
0x426130 LoadLibraryExW
0x426134 RtlUnwind
0x426138 GetModuleHandleExW
0x42613c GetStdHandle
0x426140 WriteFile
0x426144 GetCommandLineA
0x426148 GetCommandLineW
0x42614c IsValidLocale
ADVAPI32.dll
0x426000 OpenEventLogA
0x426004 GetUserNameA
ntdll.dll
0x426154 NtUnmapViewOfSection
EAT(Export Address Table) is none