ScreenShot
| Created | 2023.10.10 18:37 | Machine | s1_win7_x6401 |
| Filename | chrmap.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 33 detected (AIDetectMalware, GenericKD, Artemis, unsafe, Save, malicious, confidence, Attribute, HighConfidence, high confidence, score, REMCOS, YXDJCZ, BadFile, moderate, Static AI, Suspicious PE, Sysdupate, ai score=88, RemoteAccessTrojan, Generic@AI, RDML, X94bPc7crQv7j8eCRquiIA, PossibleThreat) | ||
| md5 | e02a020b9184bc97405f337e6463fb8b | ||
| sha256 | b89c5a9c7ae50cdd6825a645c72d8a7009c38f0372db4fe5224c7e2af8200be4 | ||
| ssdeep | 12288:EassGvch66hNN0XKCstHcOkh2Saw7biHondcOFcWnuo:EddMbwKllcPowMonlzu | ||
| imphash | d1d5c692ee20bbf9340f0575f4c087d4 | ||
| impfuzzy | 24:cHzxS9D/UJIteS1TXZKBnEQOLTwyWNwUcyWPWCaDocAJLmvABSa4uzAZhJCbjyBP:cT6U6teS1TAqVgNk7i+hYjABMLSQMA | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x404010 GetModuleFileNameW
0x404014 Thread32Next
0x404018 Thread32First
0x40401c CreateFileW
0x404020 SuspendThread
0x404024 GetSystemDirectoryW
0x404028 OpenProcess
0x40402c CreateToolhelp32Snapshot
0x404030 Sleep
0x404034 K32GetModuleBaseNameW
0x404038 LoadLibraryA
0x40403c lstrcatW
0x404040 GlobalAlloc
0x404044 GlobalFree
0x404048 CloseHandle
0x40404c K32GetModuleInformation
0x404050 GetProcAddress
0x404054 VirtualAllocEx
0x404058 VerSetConditionMask
0x40405c GetModuleHandleW
0x404060 FreeLibrary
0x404064 VerifyVersionInfoW
0x404068 K32EnumProcessModules
0x40406c CreateFileMappingW
0x404070 MapViewOfFile
0x404074 OpenThread
0x404078 UnhandledExceptionFilter
0x40407c SetUnhandledExceptionFilter
0x404080 TerminateProcess
0x404084 IsProcessorFeaturePresent
0x404088 QueryPerformanceCounter
0x40408c GetCurrentProcessId
0x404090 GetCurrentThreadId
0x404094 GetSystemTimeAsFileTime
0x404098 InitializeSListHead
0x40409c IsDebuggerPresent
0x4040a0 GetStartupInfoW
0x4040a4 LocalFree
0x4040a8 GetCurrentProcess
0x4040ac VirtualFree
0x4040b0 VirtualProtect
USER32.dll
0x4040c0 wsprintfW
ADVAPI32.dll
0x404000 QueryServiceStatusEx
0x404004 OpenServiceA
0x404008 OpenSCManagerA
OLEAUT32.dll
0x4040b8 VariantClear
VCRUNTIME140.dll
0x4040c8 _CxxThrowException
0x4040cc __current_exception
0x4040d0 memset
0x4040d4 _except_handler4_common
0x4040d8 __current_exception_context
0x4040dc memcpy
api-ms-win-crt-heap-l1-1-0.dll
0x4040e4 free
0x4040e8 _set_new_mode
api-ms-win-crt-runtime-l1-1-0.dll
0x404100 _cexit
0x404104 _c_exit
0x404108 _register_thread_local_exe_atexit_callback
0x40410c _get_wide_winmain_command_line
0x404110 _seh_filter_exe
0x404114 _initialize_wide_environment
0x404118 _configure_wide_argv
0x40411c _exit
0x404120 _initialize_onexit_table
0x404124 _register_onexit_function
0x404128 _crt_atexit
0x40412c _controlfp_s
0x404130 terminate
0x404134 exit
0x404138 _initterm_e
0x40413c _initterm
0x404140 _set_app_type
api-ms-win-crt-math-l1-1-0.dll
0x4040f8 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x404148 __p__commode
0x40414c _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x4040f0 _configthreadlocale
EAT(Export Address Table) is none
KERNEL32.dll
0x404010 GetModuleFileNameW
0x404014 Thread32Next
0x404018 Thread32First
0x40401c CreateFileW
0x404020 SuspendThread
0x404024 GetSystemDirectoryW
0x404028 OpenProcess
0x40402c CreateToolhelp32Snapshot
0x404030 Sleep
0x404034 K32GetModuleBaseNameW
0x404038 LoadLibraryA
0x40403c lstrcatW
0x404040 GlobalAlloc
0x404044 GlobalFree
0x404048 CloseHandle
0x40404c K32GetModuleInformation
0x404050 GetProcAddress
0x404054 VirtualAllocEx
0x404058 VerSetConditionMask
0x40405c GetModuleHandleW
0x404060 FreeLibrary
0x404064 VerifyVersionInfoW
0x404068 K32EnumProcessModules
0x40406c CreateFileMappingW
0x404070 MapViewOfFile
0x404074 OpenThread
0x404078 UnhandledExceptionFilter
0x40407c SetUnhandledExceptionFilter
0x404080 TerminateProcess
0x404084 IsProcessorFeaturePresent
0x404088 QueryPerformanceCounter
0x40408c GetCurrentProcessId
0x404090 GetCurrentThreadId
0x404094 GetSystemTimeAsFileTime
0x404098 InitializeSListHead
0x40409c IsDebuggerPresent
0x4040a0 GetStartupInfoW
0x4040a4 LocalFree
0x4040a8 GetCurrentProcess
0x4040ac VirtualFree
0x4040b0 VirtualProtect
USER32.dll
0x4040c0 wsprintfW
ADVAPI32.dll
0x404000 QueryServiceStatusEx
0x404004 OpenServiceA
0x404008 OpenSCManagerA
OLEAUT32.dll
0x4040b8 VariantClear
VCRUNTIME140.dll
0x4040c8 _CxxThrowException
0x4040cc __current_exception
0x4040d0 memset
0x4040d4 _except_handler4_common
0x4040d8 __current_exception_context
0x4040dc memcpy
api-ms-win-crt-heap-l1-1-0.dll
0x4040e4 free
0x4040e8 _set_new_mode
api-ms-win-crt-runtime-l1-1-0.dll
0x404100 _cexit
0x404104 _c_exit
0x404108 _register_thread_local_exe_atexit_callback
0x40410c _get_wide_winmain_command_line
0x404110 _seh_filter_exe
0x404114 _initialize_wide_environment
0x404118 _configure_wide_argv
0x40411c _exit
0x404120 _initialize_onexit_table
0x404124 _register_onexit_function
0x404128 _crt_atexit
0x40412c _controlfp_s
0x404130 terminate
0x404134 exit
0x404138 _initterm_e
0x40413c _initterm
0x404140 _set_app_type
api-ms-win-crt-math-l1-1-0.dll
0x4040f8 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x404148 __p__commode
0x40414c _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x4040f0 _configthreadlocale
EAT(Export Address Table) is none