ScreenShot
| Created | 2023.10.02 09:39 | Machine | s1_win7_x6401 |
| Filename | WWW14_64.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (AIDetectMalware, Tedy, Siggen21, Artemis, RedLineStealer, Save, GenericKD, ABRisk, SDZG, Attribute, HighConfidence, malicious, high confidence, VMProtect, J suspicious, Scar, tqop, Znyonm, CLOUD, hzatx, REDLINE, YXDI3Z, score, ai score=87, Sabsik, Detected, unsafe, Chgt, Ximw, susgen, PWSX, confidence, 100%) | ||
| md5 | a7ee1f4bf11bdfab2327d098c6583af1 | ||
| sha256 | d74686c87f0777d1e8c4fcc18b40fe3ce97d6e531e23b6665037e5599b72aa32 | ||
| ssdeep | 196608:XdatXBkprOtdefgVeIXcIv/W5yYtjR1kJA3iaAim:NaVB2rOtTVew5/W5n1LkJA3i3 | ||
| imphash | 504d78790e3f8461b1aa5a2fc85391cb | ||
| impfuzzy | 24:CJTwxvmG14AJiQmXJai10DRZcp+4lvHZZZHgdwOovIufz0J9TtQzyIIlyvdH8mjg:Cad14ASXJ+Zcp++vZZZCTugt7PKq43a | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | DEP was bypassed by marking part of the stack executable by the process WWW14_64.exe |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1409d8000 GetModuleHandleA
USER32.dll
0x1409d8010 CharNextA
ADVAPI32.dll
0x1409d8020 RegCloseKey
SHELL32.dll
0x1409d8030 ShellExecuteA
ole32.dll
0x1409d8040 CoCreateInstance
kernel32.dll
0x1409d8050 GetSystemTimeAsFileTime
0x1409d8058 GetModuleHandleA
0x1409d8060 CreateEventA
0x1409d8068 GetModuleFileNameW
0x1409d8070 TerminateProcess
0x1409d8078 GetCurrentProcess
0x1409d8080 CreateToolhelp32Snapshot
0x1409d8088 Thread32First
0x1409d8090 GetCurrentProcessId
0x1409d8098 GetCurrentThreadId
0x1409d80a0 OpenThread
0x1409d80a8 Thread32Next
0x1409d80b0 CloseHandle
0x1409d80b8 SuspendThread
0x1409d80c0 ResumeThread
0x1409d80c8 WriteProcessMemory
0x1409d80d0 GetSystemInfo
0x1409d80d8 VirtualAlloc
0x1409d80e0 VirtualProtect
0x1409d80e8 VirtualFree
0x1409d80f0 GetProcessAffinityMask
0x1409d80f8 SetProcessAffinityMask
0x1409d8100 GetCurrentThread
0x1409d8108 SetThreadAffinityMask
0x1409d8110 Sleep
0x1409d8118 LoadLibraryA
0x1409d8120 FreeLibrary
0x1409d8128 GetTickCount
0x1409d8130 SystemTimeToFileTime
0x1409d8138 FileTimeToSystemTime
0x1409d8140 GlobalFree
0x1409d8148 LocalAlloc
0x1409d8150 LocalFree
0x1409d8158 GetProcAddress
0x1409d8160 ExitProcess
0x1409d8168 EnterCriticalSection
0x1409d8170 LeaveCriticalSection
0x1409d8178 InitializeCriticalSection
0x1409d8180 DeleteCriticalSection
0x1409d8188 GetModuleHandleW
0x1409d8190 LoadResource
0x1409d8198 MultiByteToWideChar
0x1409d81a0 FindResourceExW
0x1409d81a8 FindResourceExA
0x1409d81b0 WideCharToMultiByte
0x1409d81b8 GetThreadLocale
0x1409d81c0 GetUserDefaultLCID
0x1409d81c8 GetSystemDefaultLCID
0x1409d81d0 EnumResourceNamesA
0x1409d81d8 EnumResourceNamesW
0x1409d81e0 EnumResourceLanguagesA
0x1409d81e8 EnumResourceLanguagesW
0x1409d81f0 EnumResourceTypesA
0x1409d81f8 EnumResourceTypesW
0x1409d8200 CreateFileW
0x1409d8208 LoadLibraryW
0x1409d8210 GetLastError
0x1409d8218 FlushFileBuffers
0x1409d8220 WriteConsoleW
0x1409d8228 SetStdHandle
0x1409d8230 HeapReAlloc
0x1409d8238 FlsSetValue
0x1409d8240 GetCommandLineA
0x1409d8248 RaiseException
0x1409d8250 RtlPcToFileHeader
0x1409d8258 HeapFree
0x1409d8260 GetCPInfo
0x1409d8268 GetACP
0x1409d8270 GetOEMCP
0x1409d8278 IsValidCodePage
0x1409d8280 EncodePointer
0x1409d8288 FlsGetValue
0x1409d8290 FlsFree
0x1409d8298 SetLastError
0x1409d82a0 FlsAlloc
0x1409d82a8 UnhandledExceptionFilter
0x1409d82b0 SetUnhandledExceptionFilter
0x1409d82b8 IsDebuggerPresent
0x1409d82c0 RtlVirtualUnwind
0x1409d82c8 RtlLookupFunctionEntry
0x1409d82d0 RtlCaptureContext
0x1409d82d8 DecodePointer
0x1409d82e0 HeapAlloc
0x1409d82e8 RtlUnwindEx
0x1409d82f0 LCMapStringW
0x1409d82f8 GetStringTypeW
0x1409d8300 SetHandleCount
0x1409d8308 GetStdHandle
0x1409d8310 InitializeCriticalSectionAndSpinCount
0x1409d8318 GetFileType
0x1409d8320 GetStartupInfoW
0x1409d8328 GetModuleFileNameA
0x1409d8330 FreeEnvironmentStringsW
0x1409d8338 GetEnvironmentStringsW
0x1409d8340 HeapSetInformation
0x1409d8348 GetVersion
0x1409d8350 HeapCreate
0x1409d8358 HeapDestroy
0x1409d8360 QueryPerformanceCounter
0x1409d8368 HeapSize
0x1409d8370 WriteFile
0x1409d8378 SetFilePointer
0x1409d8380 GetConsoleCP
0x1409d8388 GetConsoleMode
USER32.dll
0x1409d8398 CharUpperBuffW
kernel32.dll
0x1409d83a8 LocalAlloc
0x1409d83b0 LocalFree
0x1409d83b8 GetModuleFileNameW
0x1409d83c0 ExitProcess
0x1409d83c8 LoadLibraryA
0x1409d83d0 GetModuleHandleA
0x1409d83d8 GetProcAddress
EAT(Export Address Table) is none
kernel32.dll
0x1409d8000 GetModuleHandleA
USER32.dll
0x1409d8010 CharNextA
ADVAPI32.dll
0x1409d8020 RegCloseKey
SHELL32.dll
0x1409d8030 ShellExecuteA
ole32.dll
0x1409d8040 CoCreateInstance
kernel32.dll
0x1409d8050 GetSystemTimeAsFileTime
0x1409d8058 GetModuleHandleA
0x1409d8060 CreateEventA
0x1409d8068 GetModuleFileNameW
0x1409d8070 TerminateProcess
0x1409d8078 GetCurrentProcess
0x1409d8080 CreateToolhelp32Snapshot
0x1409d8088 Thread32First
0x1409d8090 GetCurrentProcessId
0x1409d8098 GetCurrentThreadId
0x1409d80a0 OpenThread
0x1409d80a8 Thread32Next
0x1409d80b0 CloseHandle
0x1409d80b8 SuspendThread
0x1409d80c0 ResumeThread
0x1409d80c8 WriteProcessMemory
0x1409d80d0 GetSystemInfo
0x1409d80d8 VirtualAlloc
0x1409d80e0 VirtualProtect
0x1409d80e8 VirtualFree
0x1409d80f0 GetProcessAffinityMask
0x1409d80f8 SetProcessAffinityMask
0x1409d8100 GetCurrentThread
0x1409d8108 SetThreadAffinityMask
0x1409d8110 Sleep
0x1409d8118 LoadLibraryA
0x1409d8120 FreeLibrary
0x1409d8128 GetTickCount
0x1409d8130 SystemTimeToFileTime
0x1409d8138 FileTimeToSystemTime
0x1409d8140 GlobalFree
0x1409d8148 LocalAlloc
0x1409d8150 LocalFree
0x1409d8158 GetProcAddress
0x1409d8160 ExitProcess
0x1409d8168 EnterCriticalSection
0x1409d8170 LeaveCriticalSection
0x1409d8178 InitializeCriticalSection
0x1409d8180 DeleteCriticalSection
0x1409d8188 GetModuleHandleW
0x1409d8190 LoadResource
0x1409d8198 MultiByteToWideChar
0x1409d81a0 FindResourceExW
0x1409d81a8 FindResourceExA
0x1409d81b0 WideCharToMultiByte
0x1409d81b8 GetThreadLocale
0x1409d81c0 GetUserDefaultLCID
0x1409d81c8 GetSystemDefaultLCID
0x1409d81d0 EnumResourceNamesA
0x1409d81d8 EnumResourceNamesW
0x1409d81e0 EnumResourceLanguagesA
0x1409d81e8 EnumResourceLanguagesW
0x1409d81f0 EnumResourceTypesA
0x1409d81f8 EnumResourceTypesW
0x1409d8200 CreateFileW
0x1409d8208 LoadLibraryW
0x1409d8210 GetLastError
0x1409d8218 FlushFileBuffers
0x1409d8220 WriteConsoleW
0x1409d8228 SetStdHandle
0x1409d8230 HeapReAlloc
0x1409d8238 FlsSetValue
0x1409d8240 GetCommandLineA
0x1409d8248 RaiseException
0x1409d8250 RtlPcToFileHeader
0x1409d8258 HeapFree
0x1409d8260 GetCPInfo
0x1409d8268 GetACP
0x1409d8270 GetOEMCP
0x1409d8278 IsValidCodePage
0x1409d8280 EncodePointer
0x1409d8288 FlsGetValue
0x1409d8290 FlsFree
0x1409d8298 SetLastError
0x1409d82a0 FlsAlloc
0x1409d82a8 UnhandledExceptionFilter
0x1409d82b0 SetUnhandledExceptionFilter
0x1409d82b8 IsDebuggerPresent
0x1409d82c0 RtlVirtualUnwind
0x1409d82c8 RtlLookupFunctionEntry
0x1409d82d0 RtlCaptureContext
0x1409d82d8 DecodePointer
0x1409d82e0 HeapAlloc
0x1409d82e8 RtlUnwindEx
0x1409d82f0 LCMapStringW
0x1409d82f8 GetStringTypeW
0x1409d8300 SetHandleCount
0x1409d8308 GetStdHandle
0x1409d8310 InitializeCriticalSectionAndSpinCount
0x1409d8318 GetFileType
0x1409d8320 GetStartupInfoW
0x1409d8328 GetModuleFileNameA
0x1409d8330 FreeEnvironmentStringsW
0x1409d8338 GetEnvironmentStringsW
0x1409d8340 HeapSetInformation
0x1409d8348 GetVersion
0x1409d8350 HeapCreate
0x1409d8358 HeapDestroy
0x1409d8360 QueryPerformanceCounter
0x1409d8368 HeapSize
0x1409d8370 WriteFile
0x1409d8378 SetFilePointer
0x1409d8380 GetConsoleCP
0x1409d8388 GetConsoleMode
USER32.dll
0x1409d8398 CharUpperBuffW
kernel32.dll
0x1409d83a8 LocalAlloc
0x1409d83b0 LocalFree
0x1409d83b8 GetModuleFileNameW
0x1409d83c0 ExitProcess
0x1409d83c8 LoadLibraryA
0x1409d83d0 GetModuleHandleA
0x1409d83d8 GetProcAddress
EAT(Export Address Table) is none