ScreenShot
| Created | 2023.10.07 16:21 | Machine | s1_win7_x6401 |
| Filename | deluxe_crypted1234.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 50 detected (AIDetectMalware, malicious, high confidence, Jaik, Generic PWS, unsafe, Kryptik, Vl7q, confidence, 100%, GenusT, DSMX, Attribute, HighConfidence, GenKryptik, GOMJ, score, PWSX, Gencirc, Nekark, mlkjj, RedLineNET, SMOKELOADER, YXDJEZ, ABRisk, TJCR, Sabsik, Detected, ai score=82, Chgt, Bs50Wdws6UC, susgen, ETFD, ZexaF, 3yY@aSxqzFf) | ||
| md5 | b8303120c1bf50b01dbc9f8d6fea45d8 | ||
| sha256 | c1ae35cd9be8a69a397e7b1e24229847a71bf7ff80bf4021429ee9804bf02652 | ||
| ssdeep | 12288:qIKpM6POHEEF081OMTAy/Ubf1eAUNtBI9e4fmSuBJuQpgcOmWHNtU6:qIKjPOHEEF081OMlEfUPBIpuBYHw6 | ||
| imphash | ca718aa01950a102e0143611fc1a58b8 | ||
| impfuzzy | 24:Fm99scpVxgZCrjS1jt2GzplJBl3eDoLoEOovbOZFuFZMvtGMAHTq+lEZHu95:K9scpV6CrjS1jt2GzPpXc3fuFZGl0 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x4da000 RegDisablePredefinedCacheEx
KERNEL32.dll
0x4da030 FormatMessageA
0x4da034 WideCharToMultiByte
0x4da038 MultiByteToWideChar
0x4da03c GetStringTypeW
0x4da040 EnterCriticalSection
0x4da044 LeaveCriticalSection
0x4da048 InitializeCriticalSectionEx
0x4da04c DeleteCriticalSection
0x4da050 LocalFree
0x4da054 GetLocaleInfoEx
0x4da058 EncodePointer
0x4da05c DecodePointer
0x4da060 LCMapStringEx
0x4da064 CompareStringEx
0x4da068 GetCPInfo
0x4da06c IsProcessorFeaturePresent
0x4da070 QueryPerformanceCounter
0x4da074 GetCurrentProcessId
0x4da078 GetCurrentThreadId
0x4da07c GetSystemTimeAsFileTime
0x4da080 InitializeSListHead
0x4da084 IsDebuggerPresent
0x4da088 UnhandledExceptionFilter
0x4da08c SetUnhandledExceptionFilter
0x4da090 GetStartupInfoW
0x4da094 GetModuleHandleW
0x4da098 GetCurrentProcess
0x4da09c TerminateProcess
0x4da0a0 CreateFileW
0x4da0a4 RaiseException
0x4da0a8 RtlUnwind
0x4da0ac InterlockedPushEntrySList
0x4da0b0 InterlockedFlushSList
0x4da0b4 GetLastError
0x4da0b8 SetLastError
0x4da0bc InitializeCriticalSectionAndSpinCount
0x4da0c0 TlsAlloc
0x4da0c4 TlsGetValue
0x4da0c8 TlsSetValue
0x4da0cc TlsFree
0x4da0d0 FreeLibrary
0x4da0d4 GetProcAddress
0x4da0d8 LoadLibraryExW
0x4da0dc GetStdHandle
0x4da0e0 WriteFile
0x4da0e4 GetModuleFileNameW
0x4da0e8 ExitProcess
0x4da0ec GetModuleHandleExW
0x4da0f0 GetCommandLineA
0x4da0f4 GetCommandLineW
0x4da0f8 GetCurrentThread
0x4da0fc HeapFree
0x4da100 HeapAlloc
0x4da104 GetDateFormatW
0x4da108 GetTimeFormatW
0x4da10c CompareStringW
0x4da110 LCMapStringW
0x4da114 GetLocaleInfoW
0x4da118 IsValidLocale
0x4da11c GetUserDefaultLCID
0x4da120 EnumSystemLocalesW
0x4da124 GetFileType
0x4da128 GetFileSizeEx
0x4da12c SetFilePointerEx
0x4da130 CloseHandle
0x4da134 FlushFileBuffers
0x4da138 GetConsoleOutputCP
0x4da13c GetConsoleMode
0x4da140 ReadFile
0x4da144 HeapReAlloc
0x4da148 SetConsoleCtrlHandler
0x4da14c GetTimeZoneInformation
0x4da150 OutputDebugStringW
0x4da154 FindClose
0x4da158 FindFirstFileExW
0x4da15c FindNextFileW
0x4da160 IsValidCodePage
0x4da164 GetACP
0x4da168 GetOEMCP
0x4da16c GetEnvironmentStringsW
0x4da170 FreeEnvironmentStringsW
0x4da174 SetEnvironmentVariableW
0x4da178 SetStdHandle
0x4da17c GetProcessHeap
0x4da180 ReadConsoleW
0x4da184 HeapSize
0x4da188 WriteConsoleW
EAT(Export Address Table) is none
ADVAPI32.dll
0x4da000 RegDisablePredefinedCacheEx
KERNEL32.dll
0x4da030 FormatMessageA
0x4da034 WideCharToMultiByte
0x4da038 MultiByteToWideChar
0x4da03c GetStringTypeW
0x4da040 EnterCriticalSection
0x4da044 LeaveCriticalSection
0x4da048 InitializeCriticalSectionEx
0x4da04c DeleteCriticalSection
0x4da050 LocalFree
0x4da054 GetLocaleInfoEx
0x4da058 EncodePointer
0x4da05c DecodePointer
0x4da060 LCMapStringEx
0x4da064 CompareStringEx
0x4da068 GetCPInfo
0x4da06c IsProcessorFeaturePresent
0x4da070 QueryPerformanceCounter
0x4da074 GetCurrentProcessId
0x4da078 GetCurrentThreadId
0x4da07c GetSystemTimeAsFileTime
0x4da080 InitializeSListHead
0x4da084 IsDebuggerPresent
0x4da088 UnhandledExceptionFilter
0x4da08c SetUnhandledExceptionFilter
0x4da090 GetStartupInfoW
0x4da094 GetModuleHandleW
0x4da098 GetCurrentProcess
0x4da09c TerminateProcess
0x4da0a0 CreateFileW
0x4da0a4 RaiseException
0x4da0a8 RtlUnwind
0x4da0ac InterlockedPushEntrySList
0x4da0b0 InterlockedFlushSList
0x4da0b4 GetLastError
0x4da0b8 SetLastError
0x4da0bc InitializeCriticalSectionAndSpinCount
0x4da0c0 TlsAlloc
0x4da0c4 TlsGetValue
0x4da0c8 TlsSetValue
0x4da0cc TlsFree
0x4da0d0 FreeLibrary
0x4da0d4 GetProcAddress
0x4da0d8 LoadLibraryExW
0x4da0dc GetStdHandle
0x4da0e0 WriteFile
0x4da0e4 GetModuleFileNameW
0x4da0e8 ExitProcess
0x4da0ec GetModuleHandleExW
0x4da0f0 GetCommandLineA
0x4da0f4 GetCommandLineW
0x4da0f8 GetCurrentThread
0x4da0fc HeapFree
0x4da100 HeapAlloc
0x4da104 GetDateFormatW
0x4da108 GetTimeFormatW
0x4da10c CompareStringW
0x4da110 LCMapStringW
0x4da114 GetLocaleInfoW
0x4da118 IsValidLocale
0x4da11c GetUserDefaultLCID
0x4da120 EnumSystemLocalesW
0x4da124 GetFileType
0x4da128 GetFileSizeEx
0x4da12c SetFilePointerEx
0x4da130 CloseHandle
0x4da134 FlushFileBuffers
0x4da138 GetConsoleOutputCP
0x4da13c GetConsoleMode
0x4da140 ReadFile
0x4da144 HeapReAlloc
0x4da148 SetConsoleCtrlHandler
0x4da14c GetTimeZoneInformation
0x4da150 OutputDebugStringW
0x4da154 FindClose
0x4da158 FindFirstFileExW
0x4da15c FindNextFileW
0x4da160 IsValidCodePage
0x4da164 GetACP
0x4da168 GetOEMCP
0x4da16c GetEnvironmentStringsW
0x4da170 FreeEnvironmentStringsW
0x4da174 SetEnvironmentVariableW
0x4da178 SetStdHandle
0x4da17c GetProcessHeap
0x4da180 ReadConsoleW
0x4da184 HeapSize
0x4da188 WriteConsoleW
EAT(Export Address Table) is none