ScreenShot
| Created | 2023.10.11 07:56 | Machine | s1_win7_x6403 |
| Filename | updat1.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetectMalware, PinkSbot, malicious, Attribute, HighConfidence, high confidence, Kryptik, AGen, score, Vidar, TrojanX, Steam, high, Outbreak, Znyonm, Detected, Artemis, unsafe, Chgt, R002H0DJA23, CLOUD, Static AI, Suspicious PE, confidence, 100%) | ||
| md5 | 571ea8843de2bd01744f6caba0e202ea | ||
| sha256 | 3fb1232ce461020dbb7a33792d26379e8e1bf8e54290360d6979e0b97744b418 | ||
| ssdeep | 12288:8zlDL8b0kUwWavotiDgwmV2euPJ0p+jj43ex41a7epQEIR0OR6tMwxTln:mln8VUwWavoegVV50J0p+jj9xV70tM6r | ||
| imphash | df189310e344dd9b055fac63e1a0295e | ||
| impfuzzy | 24:f4zvSSmroQUErc+m0qt/lnDkJBli9ZvASZjMX5SrXhOovbOPZS:+bWrc+Ot2kPASCSrk3k | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14001e000 GetProcessHeap
0x14001e008 CreateFileA
0x14001e010 CloseHandle
0x14001e018 GetComputerNameA
0x14001e020 GetCurrentDirectoryA
0x14001e028 HeapWalk
0x14001e030 CreateActCtxA
0x14001e038 ActivateActCtx
0x14001e040 DeactivateActCtx
0x14001e048 GetTempPathA
0x14001e050 ReadFile
0x14001e058 LockFile
0x14001e060 UnlockFile
0x14001e068 SetFileAttributesA
0x14001e070 ReleaseActCtx
0x14001e078 SetFileTime
0x14001e080 CreateNamedPipeA
0x14001e088 WaitNamedPipeA
0x14001e090 ConnectNamedPipe
0x14001e098 DisconnectNamedPipe
0x14001e0a0 ExitProcess
0x14001e0a8 VirtualAlloc
0x14001e0b0 EnterCriticalSection
0x14001e0b8 LeaveCriticalSection
0x14001e0c0 DeleteCriticalSection
0x14001e0c8 RtlCaptureContext
0x14001e0d0 RtlLookupFunctionEntry
0x14001e0d8 RtlVirtualUnwind
0x14001e0e0 IsDebuggerPresent
0x14001e0e8 UnhandledExceptionFilter
0x14001e0f0 SetUnhandledExceptionFilter
0x14001e0f8 GetCurrentProcess
0x14001e100 TerminateProcess
0x14001e108 IsProcessorFeaturePresent
0x14001e110 HeapAlloc
0x14001e118 GetLastError
0x14001e120 HeapFree
0x14001e128 GetModuleHandleW
0x14001e130 GetProcAddress
0x14001e138 SetLastError
0x14001e140 InitializeCriticalSectionAndSpinCount
0x14001e148 TlsAlloc
0x14001e150 TlsGetValue
0x14001e158 TlsSetValue
0x14001e160 TlsFree
0x14001e168 GetSystemTimeAsFileTime
0x14001e170 FreeLibrary
0x14001e178 LoadLibraryExW
0x14001e180 LCMapStringW
0x14001e188 GetStdHandle
0x14001e190 GetFileType
0x14001e198 GetStartupInfoW
0x14001e1a0 MultiByteToWideChar
0x14001e1a8 WideCharToMultiByte
0x14001e1b0 GetCurrentThreadId
0x14001e1b8 GetACP
0x14001e1c0 GetStringTypeW
0x14001e1c8 RaiseException
0x14001e1d0 FlushFileBuffers
0x14001e1d8 WriteFile
0x14001e1e0 GetConsoleCP
0x14001e1e8 GetConsoleMode
0x14001e1f0 SetStdHandle
0x14001e1f8 GetCPInfo
0x14001e200 IsValidCodePage
0x14001e208 GetOEMCP
0x14001e210 GetModuleHandleExW
0x14001e218 SetFilePointerEx
0x14001e220 WriteConsoleW
0x14001e228 GetModuleFileNameW
0x14001e230 ReadConsoleW
0x14001e238 CreateFileW
0x14001e240 HeapSize
0x14001e248 HeapReAlloc
0x14001e250 QueryPerformanceCounter
0x14001e258 GetCurrentProcessId
0x14001e260 InitializeSListHead
0x14001e268 RtlUnwindEx
0x14001e270 FindClose
0x14001e278 FindFirstFileExW
0x14001e280 FindNextFileW
0x14001e288 GetCommandLineA
0x14001e290 GetCommandLineW
0x14001e298 GetEnvironmentStringsW
0x14001e2a0 FreeEnvironmentStringsW
EAT(Export Address Table) is none
KERNEL32.dll
0x14001e000 GetProcessHeap
0x14001e008 CreateFileA
0x14001e010 CloseHandle
0x14001e018 GetComputerNameA
0x14001e020 GetCurrentDirectoryA
0x14001e028 HeapWalk
0x14001e030 CreateActCtxA
0x14001e038 ActivateActCtx
0x14001e040 DeactivateActCtx
0x14001e048 GetTempPathA
0x14001e050 ReadFile
0x14001e058 LockFile
0x14001e060 UnlockFile
0x14001e068 SetFileAttributesA
0x14001e070 ReleaseActCtx
0x14001e078 SetFileTime
0x14001e080 CreateNamedPipeA
0x14001e088 WaitNamedPipeA
0x14001e090 ConnectNamedPipe
0x14001e098 DisconnectNamedPipe
0x14001e0a0 ExitProcess
0x14001e0a8 VirtualAlloc
0x14001e0b0 EnterCriticalSection
0x14001e0b8 LeaveCriticalSection
0x14001e0c0 DeleteCriticalSection
0x14001e0c8 RtlCaptureContext
0x14001e0d0 RtlLookupFunctionEntry
0x14001e0d8 RtlVirtualUnwind
0x14001e0e0 IsDebuggerPresent
0x14001e0e8 UnhandledExceptionFilter
0x14001e0f0 SetUnhandledExceptionFilter
0x14001e0f8 GetCurrentProcess
0x14001e100 TerminateProcess
0x14001e108 IsProcessorFeaturePresent
0x14001e110 HeapAlloc
0x14001e118 GetLastError
0x14001e120 HeapFree
0x14001e128 GetModuleHandleW
0x14001e130 GetProcAddress
0x14001e138 SetLastError
0x14001e140 InitializeCriticalSectionAndSpinCount
0x14001e148 TlsAlloc
0x14001e150 TlsGetValue
0x14001e158 TlsSetValue
0x14001e160 TlsFree
0x14001e168 GetSystemTimeAsFileTime
0x14001e170 FreeLibrary
0x14001e178 LoadLibraryExW
0x14001e180 LCMapStringW
0x14001e188 GetStdHandle
0x14001e190 GetFileType
0x14001e198 GetStartupInfoW
0x14001e1a0 MultiByteToWideChar
0x14001e1a8 WideCharToMultiByte
0x14001e1b0 GetCurrentThreadId
0x14001e1b8 GetACP
0x14001e1c0 GetStringTypeW
0x14001e1c8 RaiseException
0x14001e1d0 FlushFileBuffers
0x14001e1d8 WriteFile
0x14001e1e0 GetConsoleCP
0x14001e1e8 GetConsoleMode
0x14001e1f0 SetStdHandle
0x14001e1f8 GetCPInfo
0x14001e200 IsValidCodePage
0x14001e208 GetOEMCP
0x14001e210 GetModuleHandleExW
0x14001e218 SetFilePointerEx
0x14001e220 WriteConsoleW
0x14001e228 GetModuleFileNameW
0x14001e230 ReadConsoleW
0x14001e238 CreateFileW
0x14001e240 HeapSize
0x14001e248 HeapReAlloc
0x14001e250 QueryPerformanceCounter
0x14001e258 GetCurrentProcessId
0x14001e260 InitializeSListHead
0x14001e268 RtlUnwindEx
0x14001e270 FindClose
0x14001e278 FindFirstFileExW
0x14001e280 FindNextFileW
0x14001e288 GetCommandLineA
0x14001e290 GetCommandLineW
0x14001e298 GetEnvironmentStringsW
0x14001e2a0 FreeEnvironmentStringsW
EAT(Export Address Table) is none