ScreenShot
| Created | 2023.10.02 08:59 | Machine | s1_win7_x6403 |
| Filename | rFXRoh.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 36 detected (AIDetectMalware, DInvoke, GenericKD, Artemis, malicious, confidence, 100%, ABRisk, TBMB, Attribute, HighConfidence, high confidence, score, Redcap, hpolj, GenKD, ai score=80, Wacatac, AsyncRAT, Znyonm, Detected, unsafe, Chgt, PossibleThreat) | ||
| md5 | 6cfc8a19911d2a4401c1c362587e83ce | ||
| sha256 | 6543c547b83be07c11742aebcba0264026667005c7d4b90ca9ee8da62ad06984 | ||
| ssdeep | 98304:01+qfbaSe1um0WohRcxAqV6EiTEEhG8VdjDEJgkKQ:nGWM0x7VdiAfj | ||
| imphash | e6efb84c997b145566619aa9dc9a7eef | ||
| impfuzzy | 96:qB0x8CxX7+CJS5pmeT1qHs4OxQ/0XiX1Pg3ZTJGQ6d61mcqtVS:qKiCJ77JS5dT1on0SFomQ6d+StVS | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| watch | Detects the presence of Wine emulator |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140a835fc AddAtomA
0x140a83604 AddVectoredExceptionHandler
0x140a8360c AreFileApisANSI
0x140a83614 CloseHandle
0x140a8361c CreateEventA
0x140a83624 CreateFileA
0x140a8362c CreateFileMappingA
0x140a83634 CreateFileMappingW
0x140a8363c CreateFileW
0x140a83644 CreateIoCompletionPort
0x140a8364c CreateMutexA
0x140a83654 CreateMutexW
0x140a8365c CreateSemaphoreA
0x140a83664 CreateThread
0x140a8366c CreateWaitableTimerA
0x140a83674 CreateWaitableTimerExW
0x140a8367c DeleteAtom
0x140a83684 DeleteCriticalSection
0x140a8368c DeleteFileA
0x140a83694 DeleteFileW
0x140a8369c DuplicateHandle
0x140a836a4 EnterCriticalSection
0x140a836ac ExitProcess
0x140a836b4 FindAtomA
0x140a836bc FlushFileBuffers
0x140a836c4 FlushViewOfFile
0x140a836cc FormatMessageA
0x140a836d4 FormatMessageW
0x140a836dc FreeEnvironmentStringsW
0x140a836e4 FreeLibrary
0x140a836ec GetAtomNameA
0x140a836f4 GetConsoleMode
0x140a836fc GetCurrentProcess
0x140a83704 GetCurrentProcessId
0x140a8370c GetCurrentThread
0x140a83714 GetCurrentThreadId
0x140a8371c GetDiskFreeSpaceA
0x140a83724 GetDiskFreeSpaceW
0x140a8372c GetEnvironmentStringsW
0x140a83734 GetFileAttributesA
0x140a8373c GetFileAttributesExW
0x140a83744 GetFileAttributesW
0x140a8374c GetFileSize
0x140a83754 GetFullPathNameA
0x140a8375c GetFullPathNameW
0x140a83764 GetHandleInformation
0x140a8376c GetLastError
0x140a83774 GetProcAddress
0x140a8377c GetProcessAffinityMask
0x140a83784 GetProcessHeap
0x140a8378c GetQueuedCompletionStatusEx
0x140a83794 GetStartupInfoA
0x140a8379c GetStdHandle
0x140a837a4 GetSystemDirectoryA
0x140a837ac GetSystemInfo
0x140a837b4 GetSystemTime
0x140a837bc GetSystemTimeAsFileTime
0x140a837c4 GetTempPathA
0x140a837cc GetTempPathW
0x140a837d4 GetThreadContext
0x140a837dc GetThreadPriority
0x140a837e4 GetTickCount
0x140a837ec GetVersionExA
0x140a837f4 GetVersionExW
0x140a837fc HeapAlloc
0x140a83804 HeapCompact
0x140a8380c HeapCreate
0x140a83814 HeapDestroy
0x140a8381c HeapFree
0x140a83824 HeapReAlloc
0x140a8382c HeapSize
0x140a83834 HeapValidate
0x140a8383c InitializeCriticalSection
0x140a83844 IsDBCSLeadByteEx
0x140a8384c IsDebuggerPresent
0x140a83854 LeaveCriticalSection
0x140a8385c LoadLibraryA
0x140a83864 LoadLibraryW
0x140a8386c LocalFree
0x140a83874 LockFile
0x140a8387c LockFileEx
0x140a83884 MapViewOfFile
0x140a8388c MultiByteToWideChar
0x140a83894 OpenProcess
0x140a8389c OutputDebugStringA
0x140a838a4 OutputDebugStringW
0x140a838ac PostQueuedCompletionStatus
0x140a838b4 QueryPerformanceCounter
0x140a838bc QueryPerformanceFrequency
0x140a838c4 RaiseException
0x140a838cc ReadFile
0x140a838d4 ReleaseMutex
0x140a838dc ReleaseSemaphore
0x140a838e4 RemoveVectoredExceptionHandler
0x140a838ec ResetEvent
0x140a838f4 ResumeThread
0x140a838fc SetConsoleCtrlHandler
0x140a83904 SetEndOfFile
0x140a8390c SetErrorMode
0x140a83914 SetEvent
0x140a8391c SetFilePointer
0x140a83924 SetLastError
0x140a8392c SetProcessAffinityMask
0x140a83934 SetProcessPriorityBoost
0x140a8393c SetThreadContext
0x140a83944 SetThreadPriority
0x140a8394c SetUnhandledExceptionFilter
0x140a83954 SetWaitableTimer
0x140a8395c Sleep
0x140a83964 SuspendThread
0x140a8396c SwitchToThread
0x140a83974 SystemTimeToFileTime
0x140a8397c TlsAlloc
0x140a83984 TlsGetValue
0x140a8398c TlsSetValue
0x140a83994 TryEnterCriticalSection
0x140a8399c UnlockFile
0x140a839a4 UnlockFileEx
0x140a839ac UnmapViewOfFile
0x140a839b4 VirtualAlloc
0x140a839bc VirtualFree
0x140a839c4 VirtualProtect
0x140a839cc VirtualQuery
0x140a839d4 WaitForMultipleObjects
0x140a839dc WaitForSingleObject
0x140a839e4 WaitForSingleObjectEx
0x140a839ec WideCharToMultiByte
0x140a839f4 WriteConsoleW
0x140a839fc WriteFile
0x140a83a04 __C_specific_handler
msvcrt.dll
0x140a83a14 ___lc_codepage_func
0x140a83a1c ___mb_cur_max_func
0x140a83a24 __getmainargs
0x140a83a2c __initenv
0x140a83a34 __iob_func
0x140a83a3c __lconv_init
0x140a83a44 __set_app_type
0x140a83a4c __setusermatherr
0x140a83a54 _acmdln
0x140a83a5c _amsg_exit
0x140a83a64 _beginthread
0x140a83a6c _beginthreadex
0x140a83a74 _cexit
0x140a83a7c _commode
0x140a83a84 _endthreadex
0x140a83a8c _errno
0x140a83a94 _fmode
0x140a83a9c _initterm
0x140a83aa4 _localtime64
0x140a83aac _lock
0x140a83ab4 _memccpy
0x140a83abc _onexit
0x140a83ac4 _setjmp
0x140a83acc _strdup
0x140a83ad4 _ultoa
0x140a83adc _unlock
0x140a83ae4 abort
0x140a83aec calloc
0x140a83af4 exit
0x140a83afc fprintf
0x140a83b04 fputc
0x140a83b0c free
0x140a83b14 fwrite
0x140a83b1c localeconv
0x140a83b24 longjmp
0x140a83b2c malloc
0x140a83b34 memcmp
0x140a83b3c memcpy
0x140a83b44 memmove
0x140a83b4c memset
0x140a83b54 printf
0x140a83b5c qsort
0x140a83b64 realloc
0x140a83b6c signal
0x140a83b74 strcmp
0x140a83b7c strcspn
0x140a83b84 strerror
0x140a83b8c strlen
0x140a83b94 strncmp
0x140a83b9c strrchr
0x140a83ba4 vfprintf
0x140a83bac wcslen
EAT(Export Address Table) Library
0x140a80d20 _cgo_dummy_export
0x1403ff950 authorizerTrampoline
0x1403ff670 callbackTrampoline
0x1403ff830 commitHookTrampoline
0x1403ff790 compareTrampoline
0x1403ff740 doneTrampoline
0x1403ff9d0 preUpdateHookTrampoline
0x1403ff890 rollbackHookTrampoline
0x1403ff6d0 stepTrampoline
0x1403ff8e0 updateHookTrampoline
KERNEL32.dll
0x140a835fc AddAtomA
0x140a83604 AddVectoredExceptionHandler
0x140a8360c AreFileApisANSI
0x140a83614 CloseHandle
0x140a8361c CreateEventA
0x140a83624 CreateFileA
0x140a8362c CreateFileMappingA
0x140a83634 CreateFileMappingW
0x140a8363c CreateFileW
0x140a83644 CreateIoCompletionPort
0x140a8364c CreateMutexA
0x140a83654 CreateMutexW
0x140a8365c CreateSemaphoreA
0x140a83664 CreateThread
0x140a8366c CreateWaitableTimerA
0x140a83674 CreateWaitableTimerExW
0x140a8367c DeleteAtom
0x140a83684 DeleteCriticalSection
0x140a8368c DeleteFileA
0x140a83694 DeleteFileW
0x140a8369c DuplicateHandle
0x140a836a4 EnterCriticalSection
0x140a836ac ExitProcess
0x140a836b4 FindAtomA
0x140a836bc FlushFileBuffers
0x140a836c4 FlushViewOfFile
0x140a836cc FormatMessageA
0x140a836d4 FormatMessageW
0x140a836dc FreeEnvironmentStringsW
0x140a836e4 FreeLibrary
0x140a836ec GetAtomNameA
0x140a836f4 GetConsoleMode
0x140a836fc GetCurrentProcess
0x140a83704 GetCurrentProcessId
0x140a8370c GetCurrentThread
0x140a83714 GetCurrentThreadId
0x140a8371c GetDiskFreeSpaceA
0x140a83724 GetDiskFreeSpaceW
0x140a8372c GetEnvironmentStringsW
0x140a83734 GetFileAttributesA
0x140a8373c GetFileAttributesExW
0x140a83744 GetFileAttributesW
0x140a8374c GetFileSize
0x140a83754 GetFullPathNameA
0x140a8375c GetFullPathNameW
0x140a83764 GetHandleInformation
0x140a8376c GetLastError
0x140a83774 GetProcAddress
0x140a8377c GetProcessAffinityMask
0x140a83784 GetProcessHeap
0x140a8378c GetQueuedCompletionStatusEx
0x140a83794 GetStartupInfoA
0x140a8379c GetStdHandle
0x140a837a4 GetSystemDirectoryA
0x140a837ac GetSystemInfo
0x140a837b4 GetSystemTime
0x140a837bc GetSystemTimeAsFileTime
0x140a837c4 GetTempPathA
0x140a837cc GetTempPathW
0x140a837d4 GetThreadContext
0x140a837dc GetThreadPriority
0x140a837e4 GetTickCount
0x140a837ec GetVersionExA
0x140a837f4 GetVersionExW
0x140a837fc HeapAlloc
0x140a83804 HeapCompact
0x140a8380c HeapCreate
0x140a83814 HeapDestroy
0x140a8381c HeapFree
0x140a83824 HeapReAlloc
0x140a8382c HeapSize
0x140a83834 HeapValidate
0x140a8383c InitializeCriticalSection
0x140a83844 IsDBCSLeadByteEx
0x140a8384c IsDebuggerPresent
0x140a83854 LeaveCriticalSection
0x140a8385c LoadLibraryA
0x140a83864 LoadLibraryW
0x140a8386c LocalFree
0x140a83874 LockFile
0x140a8387c LockFileEx
0x140a83884 MapViewOfFile
0x140a8388c MultiByteToWideChar
0x140a83894 OpenProcess
0x140a8389c OutputDebugStringA
0x140a838a4 OutputDebugStringW
0x140a838ac PostQueuedCompletionStatus
0x140a838b4 QueryPerformanceCounter
0x140a838bc QueryPerformanceFrequency
0x140a838c4 RaiseException
0x140a838cc ReadFile
0x140a838d4 ReleaseMutex
0x140a838dc ReleaseSemaphore
0x140a838e4 RemoveVectoredExceptionHandler
0x140a838ec ResetEvent
0x140a838f4 ResumeThread
0x140a838fc SetConsoleCtrlHandler
0x140a83904 SetEndOfFile
0x140a8390c SetErrorMode
0x140a83914 SetEvent
0x140a8391c SetFilePointer
0x140a83924 SetLastError
0x140a8392c SetProcessAffinityMask
0x140a83934 SetProcessPriorityBoost
0x140a8393c SetThreadContext
0x140a83944 SetThreadPriority
0x140a8394c SetUnhandledExceptionFilter
0x140a83954 SetWaitableTimer
0x140a8395c Sleep
0x140a83964 SuspendThread
0x140a8396c SwitchToThread
0x140a83974 SystemTimeToFileTime
0x140a8397c TlsAlloc
0x140a83984 TlsGetValue
0x140a8398c TlsSetValue
0x140a83994 TryEnterCriticalSection
0x140a8399c UnlockFile
0x140a839a4 UnlockFileEx
0x140a839ac UnmapViewOfFile
0x140a839b4 VirtualAlloc
0x140a839bc VirtualFree
0x140a839c4 VirtualProtect
0x140a839cc VirtualQuery
0x140a839d4 WaitForMultipleObjects
0x140a839dc WaitForSingleObject
0x140a839e4 WaitForSingleObjectEx
0x140a839ec WideCharToMultiByte
0x140a839f4 WriteConsoleW
0x140a839fc WriteFile
0x140a83a04 __C_specific_handler
msvcrt.dll
0x140a83a14 ___lc_codepage_func
0x140a83a1c ___mb_cur_max_func
0x140a83a24 __getmainargs
0x140a83a2c __initenv
0x140a83a34 __iob_func
0x140a83a3c __lconv_init
0x140a83a44 __set_app_type
0x140a83a4c __setusermatherr
0x140a83a54 _acmdln
0x140a83a5c _amsg_exit
0x140a83a64 _beginthread
0x140a83a6c _beginthreadex
0x140a83a74 _cexit
0x140a83a7c _commode
0x140a83a84 _endthreadex
0x140a83a8c _errno
0x140a83a94 _fmode
0x140a83a9c _initterm
0x140a83aa4 _localtime64
0x140a83aac _lock
0x140a83ab4 _memccpy
0x140a83abc _onexit
0x140a83ac4 _setjmp
0x140a83acc _strdup
0x140a83ad4 _ultoa
0x140a83adc _unlock
0x140a83ae4 abort
0x140a83aec calloc
0x140a83af4 exit
0x140a83afc fprintf
0x140a83b04 fputc
0x140a83b0c free
0x140a83b14 fwrite
0x140a83b1c localeconv
0x140a83b24 longjmp
0x140a83b2c malloc
0x140a83b34 memcmp
0x140a83b3c memcpy
0x140a83b44 memmove
0x140a83b4c memset
0x140a83b54 printf
0x140a83b5c qsort
0x140a83b64 realloc
0x140a83b6c signal
0x140a83b74 strcmp
0x140a83b7c strcspn
0x140a83b84 strerror
0x140a83b8c strlen
0x140a83b94 strncmp
0x140a83b9c strrchr
0x140a83ba4 vfprintf
0x140a83bac wcslen
EAT(Export Address Table) Library
0x140a80d20 _cgo_dummy_export
0x1403ff950 authorizerTrampoline
0x1403ff670 callbackTrampoline
0x1403ff830 commitHookTrampoline
0x1403ff790 compareTrampoline
0x1403ff740 doneTrampoline
0x1403ff9d0 preUpdateHookTrampoline
0x1403ff890 rollbackHookTrampoline
0x1403ff6d0 stepTrampoline
0x1403ff8e0 updateHookTrampoline