ScreenShot
| Created | 2023.10.07 14:57 | Machine | s1_win7_x6403 |
| Filename | asca1ex123111.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 39 detected (AIDetectMalware, malicious, high confidence, GenericKD, RedLineStealer, Save, None, confidence, 100%, Attribute, HighConfidence, score, ccmw, SMOKELOADER, YXDJFZ, high, ai score=81, Sabsik, Casdet, Detected, Artemis, unsafe, Probably Heur, ExeHeaderL, Generic@AI, RDML, LJNq04NusD+EbgUoBTSNRA, Static AI, Malicious PE, PossibleThreat, PALLASNET) | ||
| md5 | afeaa39b474fbc97ab20f75b90b340c1 | ||
| sha256 | ad809b651757ec30585845eb9acdc5c335c8b36244397c8c1a23b1bf35a9648e | ||
| ssdeep | 12288:1kUoRUzA/vZoMecqF2ksaSwRobhNnfwBlZRvB7Kpve2Jg0YBmgMyl361+5XFWQFB:1NSJQmy36yHU9q9l | ||
| imphash | e121900965ff81d31b67b3da5bec1a40 | ||
| impfuzzy | 24:CNDoWj34BlqOovS2cfOdgFQ8Ryv4/J3IjT4+jluJK:XQcfOdHeMc+jsJK | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40b008 Sleep
0x40b00c CreateThread
0x40b010 lstrlenW
0x40b014 VirtualProtect
0x40b018 GetProcAddress
0x40b01c LoadLibraryA
0x40b020 VirtualAlloc
0x40b024 WaitForSingleObject
0x40b028 LoadResource
0x40b02c SizeofResource
0x40b030 FindResourceW
0x40b034 GetModuleHandleW
0x40b038 GetModuleHandleA
0x40b03c FreeConsole
0x40b040 LockResource
0x40b044 OpenJobObjectA
0x40b048 GetLastError
0x40b04c HeapFree
0x40b050 HeapAlloc
0x40b054 GetCommandLineA
0x40b058 HeapCreate
0x40b05c VirtualFree
0x40b060 DeleteCriticalSection
0x40b064 LeaveCriticalSection
0x40b068 EnterCriticalSection
0x40b06c HeapReAlloc
0x40b070 ExitProcess
0x40b074 WriteFile
0x40b078 GetStdHandle
0x40b07c GetModuleFileNameA
0x40b080 SetUnhandledExceptionFilter
0x40b084 FreeEnvironmentStringsA
0x40b088 GetEnvironmentStrings
0x40b08c FreeEnvironmentStringsW
0x40b090 WideCharToMultiByte
0x40b094 GetEnvironmentStringsW
0x40b098 SetHandleCount
0x40b09c GetFileType
0x40b0a0 GetStartupInfoA
0x40b0a4 TlsGetValue
0x40b0a8 TlsAlloc
0x40b0ac TlsSetValue
0x40b0b0 TlsFree
0x40b0b4 InterlockedIncrement
0x40b0b8 SetLastError
0x40b0bc GetCurrentThreadId
0x40b0c0 InterlockedDecrement
0x40b0c4 QueryPerformanceCounter
0x40b0c8 GetTickCount
0x40b0cc GetCurrentProcessId
0x40b0d0 GetSystemTimeAsFileTime
0x40b0d4 TerminateProcess
0x40b0d8 GetCurrentProcess
0x40b0dc UnhandledExceptionFilter
0x40b0e0 IsDebuggerPresent
0x40b0e4 InitializeCriticalSectionAndSpinCount
0x40b0e8 RtlUnwind
0x40b0ec GetCPInfo
0x40b0f0 GetACP
0x40b0f4 GetOEMCP
0x40b0f8 IsValidCodePage
0x40b0fc HeapSize
0x40b100 GetLocaleInfoA
0x40b104 LCMapStringA
0x40b108 MultiByteToWideChar
0x40b10c LCMapStringW
0x40b110 GetStringTypeA
0x40b114 GetStringTypeW
GDI32.dll
0x40b000 CreateDCA
EAT(Export Address Table) is none
KERNEL32.dll
0x40b008 Sleep
0x40b00c CreateThread
0x40b010 lstrlenW
0x40b014 VirtualProtect
0x40b018 GetProcAddress
0x40b01c LoadLibraryA
0x40b020 VirtualAlloc
0x40b024 WaitForSingleObject
0x40b028 LoadResource
0x40b02c SizeofResource
0x40b030 FindResourceW
0x40b034 GetModuleHandleW
0x40b038 GetModuleHandleA
0x40b03c FreeConsole
0x40b040 LockResource
0x40b044 OpenJobObjectA
0x40b048 GetLastError
0x40b04c HeapFree
0x40b050 HeapAlloc
0x40b054 GetCommandLineA
0x40b058 HeapCreate
0x40b05c VirtualFree
0x40b060 DeleteCriticalSection
0x40b064 LeaveCriticalSection
0x40b068 EnterCriticalSection
0x40b06c HeapReAlloc
0x40b070 ExitProcess
0x40b074 WriteFile
0x40b078 GetStdHandle
0x40b07c GetModuleFileNameA
0x40b080 SetUnhandledExceptionFilter
0x40b084 FreeEnvironmentStringsA
0x40b088 GetEnvironmentStrings
0x40b08c FreeEnvironmentStringsW
0x40b090 WideCharToMultiByte
0x40b094 GetEnvironmentStringsW
0x40b098 SetHandleCount
0x40b09c GetFileType
0x40b0a0 GetStartupInfoA
0x40b0a4 TlsGetValue
0x40b0a8 TlsAlloc
0x40b0ac TlsSetValue
0x40b0b0 TlsFree
0x40b0b4 InterlockedIncrement
0x40b0b8 SetLastError
0x40b0bc GetCurrentThreadId
0x40b0c0 InterlockedDecrement
0x40b0c4 QueryPerformanceCounter
0x40b0c8 GetTickCount
0x40b0cc GetCurrentProcessId
0x40b0d0 GetSystemTimeAsFileTime
0x40b0d4 TerminateProcess
0x40b0d8 GetCurrentProcess
0x40b0dc UnhandledExceptionFilter
0x40b0e0 IsDebuggerPresent
0x40b0e4 InitializeCriticalSectionAndSpinCount
0x40b0e8 RtlUnwind
0x40b0ec GetCPInfo
0x40b0f0 GetACP
0x40b0f4 GetOEMCP
0x40b0f8 IsValidCodePage
0x40b0fc HeapSize
0x40b100 GetLocaleInfoA
0x40b104 LCMapStringA
0x40b108 MultiByteToWideChar
0x40b10c LCMapStringW
0x40b110 GetStringTypeA
0x40b114 GetStringTypeW
GDI32.dll
0x40b000 CreateDCA
EAT(Export Address Table) is none