ScreenShot
| Created | 2023.10.09 12:57 | Machine | s1_win7_x6401 |
| Filename | browser.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 52 detected (Common, BroPass, tshB, malicious, high confidence, Siggen3, GenericKD, BrowserPassview, V9qa, HackBrowser, ABRisk, EEFJ, a variant of WinGo, Bulz, jsvisv, Gencirc, slapx, R002C0PJV22, GenericRXUL, CredSteal, WinGo, GenKD, Detected, Malware@#3t6ndobci61jx, score, R577549, TrojanPSW, ai score=100, unsafe, Chgt, susgen, confidence, 100%) | ||
| md5 | c86277ab02da0abcf91b0109a0bc28ea | ||
| sha256 | 9ae7cd82ce55a9059368c404e376eb4110a6b0c30ac9e670bdd045470daba59e | ||
| ssdeep | 49152:C4iuJ747uhrb/TdvO90d7HjmAFd4A64nsfJaIt3ki1yRtFWnTr44OTKBY1TmGpmc:K7umIRWINmCqG7D16OnUxfT6q5 | ||
| imphash | 57c9b357ae0cb2f414b0a5873e2f216d | ||
| impfuzzy | 96:nB0xlCFX7+C4S5O1eTucwOcX8gXj+JG46BRqt3R:nK3CN774S5lTmXxt46Bct3R | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xc1a4fc AddVectoredExceptionHandler
0xc1a504 AreFileApisANSI
0xc1a50c CloseHandle
0xc1a514 CreateEventA
0xc1a51c CreateFileA
0xc1a524 CreateFileMappingA
0xc1a52c CreateFileMappingW
0xc1a534 CreateFileW
0xc1a53c CreateIoCompletionPort
0xc1a544 CreateMutexW
0xc1a54c CreateThread
0xc1a554 CreateWaitableTimerA
0xc1a55c CreateWaitableTimerExW
0xc1a564 DeleteCriticalSection
0xc1a56c DeleteFileA
0xc1a574 DeleteFileW
0xc1a57c DuplicateHandle
0xc1a584 EnterCriticalSection
0xc1a58c ExitProcess
0xc1a594 FlushFileBuffers
0xc1a59c FlushViewOfFile
0xc1a5a4 FormatMessageA
0xc1a5ac FormatMessageW
0xc1a5b4 FreeEnvironmentStringsW
0xc1a5bc FreeLibrary
0xc1a5c4 GetConsoleMode
0xc1a5cc GetCurrentProcess
0xc1a5d4 GetCurrentProcessId
0xc1a5dc GetCurrentThreadId
0xc1a5e4 GetDiskFreeSpaceA
0xc1a5ec GetDiskFreeSpaceW
0xc1a5f4 GetEnvironmentStringsW
0xc1a5fc GetFileAttributesA
0xc1a604 GetFileAttributesExW
0xc1a60c GetFileAttributesW
0xc1a614 GetFileSize
0xc1a61c GetFullPathNameA
0xc1a624 GetFullPathNameW
0xc1a62c GetLastError
0xc1a634 GetProcAddress
0xc1a63c GetProcessAffinityMask
0xc1a644 GetProcessHeap
0xc1a64c GetQueuedCompletionStatusEx
0xc1a654 GetStartupInfoA
0xc1a65c GetStdHandle
0xc1a664 GetSystemDirectoryA
0xc1a66c GetSystemInfo
0xc1a674 GetSystemTime
0xc1a67c GetSystemTimeAsFileTime
0xc1a684 GetTempPathA
0xc1a68c GetTempPathW
0xc1a694 GetThreadContext
0xc1a69c GetTickCount
0xc1a6a4 GetVersionExA
0xc1a6ac GetVersionExW
0xc1a6b4 HeapAlloc
0xc1a6bc HeapCompact
0xc1a6c4 HeapCreate
0xc1a6cc HeapDestroy
0xc1a6d4 HeapFree
0xc1a6dc HeapReAlloc
0xc1a6e4 HeapSize
0xc1a6ec HeapValidate
0xc1a6f4 InitializeCriticalSection
0xc1a6fc LeaveCriticalSection
0xc1a704 LoadLibraryA
0xc1a70c LoadLibraryW
0xc1a714 LocalFree
0xc1a71c LockFile
0xc1a724 LockFileEx
0xc1a72c MapViewOfFile
0xc1a734 MultiByteToWideChar
0xc1a73c OutputDebugStringA
0xc1a744 OutputDebugStringW
0xc1a74c PostQueuedCompletionStatus
0xc1a754 QueryPerformanceCounter
0xc1a75c ReadFile
0xc1a764 ResumeThread
0xc1a76c RtlAddFunctionTable
0xc1a774 RtlCaptureContext
0xc1a77c RtlLookupFunctionEntry
0xc1a784 RtlVirtualUnwind
0xc1a78c SetConsoleCtrlHandler
0xc1a794 SetEndOfFile
0xc1a79c SetErrorMode
0xc1a7a4 SetEvent
0xc1a7ac SetFilePointer
0xc1a7b4 SetProcessPriorityBoost
0xc1a7bc SetThreadContext
0xc1a7c4 SetUnhandledExceptionFilter
0xc1a7cc SetWaitableTimer
0xc1a7d4 Sleep
0xc1a7dc SuspendThread
0xc1a7e4 SwitchToThread
0xc1a7ec SystemTimeToFileTime
0xc1a7f4 TerminateProcess
0xc1a7fc TlsGetValue
0xc1a804 TryEnterCriticalSection
0xc1a80c UnhandledExceptionFilter
0xc1a814 UnlockFile
0xc1a81c UnlockFileEx
0xc1a824 UnmapViewOfFile
0xc1a82c VirtualAlloc
0xc1a834 VirtualFree
0xc1a83c VirtualProtect
0xc1a844 VirtualQuery
0xc1a84c WaitForMultipleObjects
0xc1a854 WaitForSingleObject
0xc1a85c WaitForSingleObjectEx
0xc1a864 WideCharToMultiByte
0xc1a86c WriteConsoleW
0xc1a874 WriteFile
0xc1a87c __C_specific_handler
msvcrt.dll
0xc1a88c __getmainargs
0xc1a894 __initenv
0xc1a89c __iob_func
0xc1a8a4 __lconv_init
0xc1a8ac __set_app_type
0xc1a8b4 __setusermatherr
0xc1a8bc _acmdln
0xc1a8c4 _amsg_exit
0xc1a8cc _beginthread
0xc1a8d4 _beginthreadex
0xc1a8dc _cexit
0xc1a8e4 _endthreadex
0xc1a8ec _errno
0xc1a8f4 _fmode
0xc1a8fc _initterm
0xc1a904 _localtime64
0xc1a90c _onexit
0xc1a914 abort
0xc1a91c calloc
0xc1a924 exit
0xc1a92c fprintf
0xc1a934 free
0xc1a93c fwrite
0xc1a944 malloc
0xc1a94c memcmp
0xc1a954 memcpy
0xc1a95c memmove
0xc1a964 memset
0xc1a96c qsort
0xc1a974 realloc
0xc1a97c signal
0xc1a984 strcmp
0xc1a98c strcspn
0xc1a994 strlen
0xc1a99c strncmp
0xc1a9a4 strrchr
0xc1a9ac vfprintf
EAT(Export Address Table) Library
0xc18690 _cgo_dummy_export
0x72ddaa authorizerTrampoline
0x72da10 callbackTrampoline
0x72dc33 commitHookTrampoline
0x72db7a compareTrampoline
0x72db1f doneTrampoline
0x72de6b preUpdateHookTrampoline
0x72dc9c rollbackHookTrampoline
0x72da99 stepTrampoline
0x72dcf7 updateHookTrampoline
KERNEL32.dll
0xc1a4fc AddVectoredExceptionHandler
0xc1a504 AreFileApisANSI
0xc1a50c CloseHandle
0xc1a514 CreateEventA
0xc1a51c CreateFileA
0xc1a524 CreateFileMappingA
0xc1a52c CreateFileMappingW
0xc1a534 CreateFileW
0xc1a53c CreateIoCompletionPort
0xc1a544 CreateMutexW
0xc1a54c CreateThread
0xc1a554 CreateWaitableTimerA
0xc1a55c CreateWaitableTimerExW
0xc1a564 DeleteCriticalSection
0xc1a56c DeleteFileA
0xc1a574 DeleteFileW
0xc1a57c DuplicateHandle
0xc1a584 EnterCriticalSection
0xc1a58c ExitProcess
0xc1a594 FlushFileBuffers
0xc1a59c FlushViewOfFile
0xc1a5a4 FormatMessageA
0xc1a5ac FormatMessageW
0xc1a5b4 FreeEnvironmentStringsW
0xc1a5bc FreeLibrary
0xc1a5c4 GetConsoleMode
0xc1a5cc GetCurrentProcess
0xc1a5d4 GetCurrentProcessId
0xc1a5dc GetCurrentThreadId
0xc1a5e4 GetDiskFreeSpaceA
0xc1a5ec GetDiskFreeSpaceW
0xc1a5f4 GetEnvironmentStringsW
0xc1a5fc GetFileAttributesA
0xc1a604 GetFileAttributesExW
0xc1a60c GetFileAttributesW
0xc1a614 GetFileSize
0xc1a61c GetFullPathNameA
0xc1a624 GetFullPathNameW
0xc1a62c GetLastError
0xc1a634 GetProcAddress
0xc1a63c GetProcessAffinityMask
0xc1a644 GetProcessHeap
0xc1a64c GetQueuedCompletionStatusEx
0xc1a654 GetStartupInfoA
0xc1a65c GetStdHandle
0xc1a664 GetSystemDirectoryA
0xc1a66c GetSystemInfo
0xc1a674 GetSystemTime
0xc1a67c GetSystemTimeAsFileTime
0xc1a684 GetTempPathA
0xc1a68c GetTempPathW
0xc1a694 GetThreadContext
0xc1a69c GetTickCount
0xc1a6a4 GetVersionExA
0xc1a6ac GetVersionExW
0xc1a6b4 HeapAlloc
0xc1a6bc HeapCompact
0xc1a6c4 HeapCreate
0xc1a6cc HeapDestroy
0xc1a6d4 HeapFree
0xc1a6dc HeapReAlloc
0xc1a6e4 HeapSize
0xc1a6ec HeapValidate
0xc1a6f4 InitializeCriticalSection
0xc1a6fc LeaveCriticalSection
0xc1a704 LoadLibraryA
0xc1a70c LoadLibraryW
0xc1a714 LocalFree
0xc1a71c LockFile
0xc1a724 LockFileEx
0xc1a72c MapViewOfFile
0xc1a734 MultiByteToWideChar
0xc1a73c OutputDebugStringA
0xc1a744 OutputDebugStringW
0xc1a74c PostQueuedCompletionStatus
0xc1a754 QueryPerformanceCounter
0xc1a75c ReadFile
0xc1a764 ResumeThread
0xc1a76c RtlAddFunctionTable
0xc1a774 RtlCaptureContext
0xc1a77c RtlLookupFunctionEntry
0xc1a784 RtlVirtualUnwind
0xc1a78c SetConsoleCtrlHandler
0xc1a794 SetEndOfFile
0xc1a79c SetErrorMode
0xc1a7a4 SetEvent
0xc1a7ac SetFilePointer
0xc1a7b4 SetProcessPriorityBoost
0xc1a7bc SetThreadContext
0xc1a7c4 SetUnhandledExceptionFilter
0xc1a7cc SetWaitableTimer
0xc1a7d4 Sleep
0xc1a7dc SuspendThread
0xc1a7e4 SwitchToThread
0xc1a7ec SystemTimeToFileTime
0xc1a7f4 TerminateProcess
0xc1a7fc TlsGetValue
0xc1a804 TryEnterCriticalSection
0xc1a80c UnhandledExceptionFilter
0xc1a814 UnlockFile
0xc1a81c UnlockFileEx
0xc1a824 UnmapViewOfFile
0xc1a82c VirtualAlloc
0xc1a834 VirtualFree
0xc1a83c VirtualProtect
0xc1a844 VirtualQuery
0xc1a84c WaitForMultipleObjects
0xc1a854 WaitForSingleObject
0xc1a85c WaitForSingleObjectEx
0xc1a864 WideCharToMultiByte
0xc1a86c WriteConsoleW
0xc1a874 WriteFile
0xc1a87c __C_specific_handler
msvcrt.dll
0xc1a88c __getmainargs
0xc1a894 __initenv
0xc1a89c __iob_func
0xc1a8a4 __lconv_init
0xc1a8ac __set_app_type
0xc1a8b4 __setusermatherr
0xc1a8bc _acmdln
0xc1a8c4 _amsg_exit
0xc1a8cc _beginthread
0xc1a8d4 _beginthreadex
0xc1a8dc _cexit
0xc1a8e4 _endthreadex
0xc1a8ec _errno
0xc1a8f4 _fmode
0xc1a8fc _initterm
0xc1a904 _localtime64
0xc1a90c _onexit
0xc1a914 abort
0xc1a91c calloc
0xc1a924 exit
0xc1a92c fprintf
0xc1a934 free
0xc1a93c fwrite
0xc1a944 malloc
0xc1a94c memcmp
0xc1a954 memcpy
0xc1a95c memmove
0xc1a964 memset
0xc1a96c qsort
0xc1a974 realloc
0xc1a97c signal
0xc1a984 strcmp
0xc1a98c strcspn
0xc1a994 strlen
0xc1a99c strncmp
0xc1a9a4 strrchr
0xc1a9ac vfprintf
EAT(Export Address Table) Library
0xc18690 _cgo_dummy_export
0x72ddaa authorizerTrampoline
0x72da10 callbackTrampoline
0x72dc33 commitHookTrampoline
0x72db7a compareTrampoline
0x72db1f doneTrampoline
0x72de6b preUpdateHookTrampoline
0x72dc9c rollbackHookTrampoline
0x72da99 stepTrampoline
0x72dcf7 updateHookTrampoline