ScreenShot
| Created | 2023.10.10 07:43 | Machine | s1_win7_x6401 |
| Filename | udat1.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 21 detected (AIDetectMalware, Artemis, malicious, confidence, Attribute, HighConfidence, high confidence, score, VIDAR, YXDJIZ, BumbleBee, GenKryptik, Casdet, Static AI, Suspicious PE) | ||
| md5 | 243b6e0960e9d3b63d924ba0c2b8a6fd | ||
| sha256 | c37725f3d841f41890fc017839a9f3af2a84e76ca7b154276c59329b68c18cd8 | ||
| ssdeep | 6144:QmjZ2yJsYCT2MghUSa3vRLb5oBtDeBaYYEIO9A/xVxaS2ZbcD:NjQyJsYMVSa/RLb5oAYEV9AJVx | ||
| imphash | 435f3d9018e2df7009825fb0dc48bb14 | ||
| impfuzzy | 12:f4xJrux6aZGxOBDuXRZqRORm0qXJXPXJUzOnDkJoARl49ASLR1rX9jMbxA7bHtG:f4bru1vN4c+m0qtfnDkJBl49RjMlA3NG | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140021000 GetProcessHeap
0x140021008 CreateFileA
0x140021010 CloseHandle
0x140021018 GetComputerNameA
0x140021020 GetLastError
0x140021028 CreateThread
0x140021030 SuspendThread
0x140021038 OpenThread
0x140021040 GetFileAttributesA
0x140021048 GetCurrentThread
0x140021050 SetFileTime
0x140021058 ExitProcess
0x140021060 VirtualAlloc
0x140021068 GetCurrentProcess
0x140021070 DuplicateHandle
0x140021078 CreateMutexA
0x140021080 OpenMutexA
0x140021088 ReleaseMutex
0x140021090 GetSystemTime
0x140021098 EnterCriticalSection
0x1400210a0 LeaveCriticalSection
0x1400210a8 DeleteCriticalSection
0x1400210b0 RtlCaptureContext
0x1400210b8 RtlLookupFunctionEntry
0x1400210c0 RtlVirtualUnwind
0x1400210c8 IsDebuggerPresent
0x1400210d0 UnhandledExceptionFilter
0x1400210d8 SetUnhandledExceptionFilter
0x1400210e0 TerminateProcess
0x1400210e8 IsProcessorFeaturePresent
0x1400210f0 HeapAlloc
0x1400210f8 HeapFree
0x140021100 GetModuleHandleW
0x140021108 GetProcAddress
0x140021110 SetLastError
0x140021118 InitializeCriticalSectionAndSpinCount
0x140021120 TlsGetValue
0x140021128 TlsSetValue
0x140021130 FreeLibrary
0x140021138 LoadLibraryExW
0x140021140 LCMapStringW
0x140021148 MultiByteToWideChar
0x140021150 WideCharToMultiByte
0x140021158 GetACP
0x140021160 GetStringTypeW
0x140021168 FlushFileBuffers
0x140021170 WriteFile
0x140021178 GetConsoleCP
0x140021180 GetConsoleMode
0x140021188 SetStdHandle
0x140021190 GetCPInfo
0x140021198 IsValidCodePage
0x1400211a0 GetOEMCP
0x1400211a8 RaiseException
0x1400211b0 GetModuleHandleExW
0x1400211b8 SetFilePointerEx
0x1400211c0 WriteConsoleW
0x1400211c8 ReadFile
0x1400211d0 ReadConsoleW
0x1400211d8 CreateFileW
0x1400211e0 RtlUnwindEx
EAT(Export Address Table) is none
KERNEL32.dll
0x140021000 GetProcessHeap
0x140021008 CreateFileA
0x140021010 CloseHandle
0x140021018 GetComputerNameA
0x140021020 GetLastError
0x140021028 CreateThread
0x140021030 SuspendThread
0x140021038 OpenThread
0x140021040 GetFileAttributesA
0x140021048 GetCurrentThread
0x140021050 SetFileTime
0x140021058 ExitProcess
0x140021060 VirtualAlloc
0x140021068 GetCurrentProcess
0x140021070 DuplicateHandle
0x140021078 CreateMutexA
0x140021080 OpenMutexA
0x140021088 ReleaseMutex
0x140021090 GetSystemTime
0x140021098 EnterCriticalSection
0x1400210a0 LeaveCriticalSection
0x1400210a8 DeleteCriticalSection
0x1400210b0 RtlCaptureContext
0x1400210b8 RtlLookupFunctionEntry
0x1400210c0 RtlVirtualUnwind
0x1400210c8 IsDebuggerPresent
0x1400210d0 UnhandledExceptionFilter
0x1400210d8 SetUnhandledExceptionFilter
0x1400210e0 TerminateProcess
0x1400210e8 IsProcessorFeaturePresent
0x1400210f0 HeapAlloc
0x1400210f8 HeapFree
0x140021100 GetModuleHandleW
0x140021108 GetProcAddress
0x140021110 SetLastError
0x140021118 InitializeCriticalSectionAndSpinCount
0x140021120 TlsGetValue
0x140021128 TlsSetValue
0x140021130 FreeLibrary
0x140021138 LoadLibraryExW
0x140021140 LCMapStringW
0x140021148 MultiByteToWideChar
0x140021150 WideCharToMultiByte
0x140021158 GetACP
0x140021160 GetStringTypeW
0x140021168 FlushFileBuffers
0x140021170 WriteFile
0x140021178 GetConsoleCP
0x140021180 GetConsoleMode
0x140021188 SetStdHandle
0x140021190 GetCPInfo
0x140021198 IsValidCodePage
0x1400211a0 GetOEMCP
0x1400211a8 RaiseException
0x1400211b0 GetModuleHandleExW
0x1400211b8 SetFilePointerEx
0x1400211c0 WriteConsoleW
0x1400211c8 ReadFile
0x1400211d0 ReadConsoleW
0x1400211d8 CreateFileW
0x1400211e0 RtlUnwindEx
EAT(Export Address Table) is none