ScreenShot
| Created | 2023.10.04 10:25 | Machine | s1_win7_x6403 |
| Filename | trafico.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetectMalware, malicious, high confidence, Save, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, score, ccmw, high, Sabsik, Detected, unsafe, Probably Heur, ExeHeaderL, Generic@AI, RDML, mndro9wo+vI0vlD0lC4FEg, Static AI, Malicious PE) | ||
| md5 | 99b3984c3d9b1c505bb6d2624d4a350f | ||
| sha256 | 746ca4cb2903e1e57f230a74f09ce845acee787ccc629974939bb4c97f2278c6 | ||
| ssdeep | 6144:lSozk1KQkXHfCz35J82OO5YNG8FA6pn7jFb5kNko6/ldpRxJg9pPIwohvaTO4:lDk8j2OO5YT6ifFb5kS+W4 | ||
| imphash | f707ada0aac189999ec6eb4a5a71dfbc | ||
| impfuzzy | 24:CNDorjjY3TgAhOovnKQFQ8RyvDh/J3ISlRT4Rffjl2wSqA:PEK3DjhcRffjMwSB | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40b008 Sleep
0x40b00c CreateThread
0x40b010 lstrlenW
0x40b014 VirtualProtect
0x40b018 GetProcAddress
0x40b01c LoadLibraryA
0x40b020 VirtualAlloc
0x40b024 LockResource
0x40b028 WaitForSingleObject
0x40b02c SizeofResource
0x40b030 FindResourceW
0x40b034 GetModuleHandleW
0x40b038 GetLastError
0x40b03c CreateMutexA
0x40b040 GetModuleHandleA
0x40b044 GlobalFindAtomA
0x40b048 FreeConsole
0x40b04c LoadResource
0x40b050 CreateHardLinkA
0x40b054 GetCommandLineA
0x40b058 SetUnhandledExceptionFilter
0x40b05c ExitProcess
0x40b060 WriteFile
0x40b064 GetStdHandle
0x40b068 GetModuleFileNameA
0x40b06c FreeEnvironmentStringsA
0x40b070 GetEnvironmentStrings
0x40b074 FreeEnvironmentStringsW
0x40b078 WideCharToMultiByte
0x40b07c GetEnvironmentStringsW
0x40b080 SetHandleCount
0x40b084 GetFileType
0x40b088 GetStartupInfoA
0x40b08c DeleteCriticalSection
0x40b090 TlsGetValue
0x40b094 TlsAlloc
0x40b098 TlsSetValue
0x40b09c TlsFree
0x40b0a0 InterlockedIncrement
0x40b0a4 SetLastError
0x40b0a8 GetCurrentThreadId
0x40b0ac InterlockedDecrement
0x40b0b0 HeapCreate
0x40b0b4 VirtualFree
0x40b0b8 HeapFree
0x40b0bc QueryPerformanceCounter
0x40b0c0 GetTickCount
0x40b0c4 GetCurrentProcessId
0x40b0c8 GetSystemTimeAsFileTime
0x40b0cc LeaveCriticalSection
0x40b0d0 EnterCriticalSection
0x40b0d4 TerminateProcess
0x40b0d8 GetCurrentProcess
0x40b0dc UnhandledExceptionFilter
0x40b0e0 IsDebuggerPresent
0x40b0e4 InitializeCriticalSectionAndSpinCount
0x40b0e8 GetCPInfo
0x40b0ec GetACP
0x40b0f0 GetOEMCP
0x40b0f4 IsValidCodePage
0x40b0f8 HeapAlloc
0x40b0fc HeapReAlloc
0x40b100 RtlUnwind
0x40b104 HeapSize
0x40b108 GetLocaleInfoA
0x40b10c LCMapStringA
0x40b110 MultiByteToWideChar
0x40b114 LCMapStringW
0x40b118 GetStringTypeA
0x40b11c GetStringTypeW
ADVAPI32.dll
0x40b000 RegDeleteKeyA
EAT(Export Address Table) is none
KERNEL32.dll
0x40b008 Sleep
0x40b00c CreateThread
0x40b010 lstrlenW
0x40b014 VirtualProtect
0x40b018 GetProcAddress
0x40b01c LoadLibraryA
0x40b020 VirtualAlloc
0x40b024 LockResource
0x40b028 WaitForSingleObject
0x40b02c SizeofResource
0x40b030 FindResourceW
0x40b034 GetModuleHandleW
0x40b038 GetLastError
0x40b03c CreateMutexA
0x40b040 GetModuleHandleA
0x40b044 GlobalFindAtomA
0x40b048 FreeConsole
0x40b04c LoadResource
0x40b050 CreateHardLinkA
0x40b054 GetCommandLineA
0x40b058 SetUnhandledExceptionFilter
0x40b05c ExitProcess
0x40b060 WriteFile
0x40b064 GetStdHandle
0x40b068 GetModuleFileNameA
0x40b06c FreeEnvironmentStringsA
0x40b070 GetEnvironmentStrings
0x40b074 FreeEnvironmentStringsW
0x40b078 WideCharToMultiByte
0x40b07c GetEnvironmentStringsW
0x40b080 SetHandleCount
0x40b084 GetFileType
0x40b088 GetStartupInfoA
0x40b08c DeleteCriticalSection
0x40b090 TlsGetValue
0x40b094 TlsAlloc
0x40b098 TlsSetValue
0x40b09c TlsFree
0x40b0a0 InterlockedIncrement
0x40b0a4 SetLastError
0x40b0a8 GetCurrentThreadId
0x40b0ac InterlockedDecrement
0x40b0b0 HeapCreate
0x40b0b4 VirtualFree
0x40b0b8 HeapFree
0x40b0bc QueryPerformanceCounter
0x40b0c0 GetTickCount
0x40b0c4 GetCurrentProcessId
0x40b0c8 GetSystemTimeAsFileTime
0x40b0cc LeaveCriticalSection
0x40b0d0 EnterCriticalSection
0x40b0d4 TerminateProcess
0x40b0d8 GetCurrentProcess
0x40b0dc UnhandledExceptionFilter
0x40b0e0 IsDebuggerPresent
0x40b0e4 InitializeCriticalSectionAndSpinCount
0x40b0e8 GetCPInfo
0x40b0ec GetACP
0x40b0f0 GetOEMCP
0x40b0f4 IsValidCodePage
0x40b0f8 HeapAlloc
0x40b0fc HeapReAlloc
0x40b100 RtlUnwind
0x40b104 HeapSize
0x40b108 GetLocaleInfoA
0x40b10c LCMapStringA
0x40b110 MultiByteToWideChar
0x40b114 LCMapStringW
0x40b118 GetStringTypeA
0x40b11c GetStringTypeW
ADVAPI32.dll
0x40b000 RegDeleteKeyA
EAT(Export Address Table) is none