Report - soft.exe

Generic Malware Malicious Library UPX Malicious Packer PE File PE64 OS Processor Check
ScreenShot
Created 2023.10.11 13:43 Machine s1_win7_x6401
Filename soft.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score Not founds Behavior Score
1.4
ZERO API file : mailcious
VT API (file) 56 detected (PiamyTruqeP, Goback, tsoy, malicious, high confidence, GenericKD, IGENERIC, Artemis, Vko4, TrojanPSW, Genus, ABTrojan, NBLB, Attribute, HighConfidence, a variant of WinGo, score, Redcap, jycsmx, QQPass, QQRob, Qzfl, wrcxj, Siggen20, R03BC0XH923, ai score=86, Wacatac, Sabsik, Malware@#25r52vegcb9v6, Malgent, Detected, unsafe, Chgt, CLASSIC, susgen, confidence, 100%)
md5 4e8f34a4c631073808c74481f456e357
sha256 063419ad39803232344d8ce09ec417a9d99da6201daf92a8ba8f4c3787149784
ssdeep 98304:OPNKEDnvJIfs4MoeI0NWkEA/4X1BuTopsVey:OVJDvJI1MG0NQpX1Bs
imphash 57c9b357ae0cb2f414b0a5873e2f216d
impfuzzy 96:nB0xlCFX7+C4S5O1eTucwOcX8gXj+JG46BRqt3R:nK3CN774S5lTmXxt46Bct3R
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 56 AntiVirus engines on VirusTotal as malicious
info One or more processes crashed

Rules (7cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x122f4fc AddVectoredExceptionHandler
 0x122f504 AreFileApisANSI
 0x122f50c CloseHandle
 0x122f514 CreateEventA
 0x122f51c CreateFileA
 0x122f524 CreateFileMappingA
 0x122f52c CreateFileMappingW
 0x122f534 CreateFileW
 0x122f53c CreateIoCompletionPort
 0x122f544 CreateMutexW
 0x122f54c CreateThread
 0x122f554 CreateWaitableTimerA
 0x122f55c CreateWaitableTimerExW
 0x122f564 DeleteCriticalSection
 0x122f56c DeleteFileA
 0x122f574 DeleteFileW
 0x122f57c DuplicateHandle
 0x122f584 EnterCriticalSection
 0x122f58c ExitProcess
 0x122f594 FlushFileBuffers
 0x122f59c FlushViewOfFile
 0x122f5a4 FormatMessageA
 0x122f5ac FormatMessageW
 0x122f5b4 FreeEnvironmentStringsW
 0x122f5bc FreeLibrary
 0x122f5c4 GetConsoleMode
 0x122f5cc GetCurrentProcess
 0x122f5d4 GetCurrentProcessId
 0x122f5dc GetCurrentThreadId
 0x122f5e4 GetDiskFreeSpaceA
 0x122f5ec GetDiskFreeSpaceW
 0x122f5f4 GetEnvironmentStringsW
 0x122f5fc GetFileAttributesA
 0x122f604 GetFileAttributesExW
 0x122f60c GetFileAttributesW
 0x122f614 GetFileSize
 0x122f61c GetFullPathNameA
 0x122f624 GetFullPathNameW
 0x122f62c GetLastError
 0x122f634 GetProcAddress
 0x122f63c GetProcessAffinityMask
 0x122f644 GetProcessHeap
 0x122f64c GetQueuedCompletionStatusEx
 0x122f654 GetStartupInfoA
 0x122f65c GetStdHandle
 0x122f664 GetSystemDirectoryA
 0x122f66c GetSystemInfo
 0x122f674 GetSystemTime
 0x122f67c GetSystemTimeAsFileTime
 0x122f684 GetTempPathA
 0x122f68c GetTempPathW
 0x122f694 GetThreadContext
 0x122f69c GetTickCount
 0x122f6a4 GetVersionExA
 0x122f6ac GetVersionExW
 0x122f6b4 HeapAlloc
 0x122f6bc HeapCompact
 0x122f6c4 HeapCreate
 0x122f6cc HeapDestroy
 0x122f6d4 HeapFree
 0x122f6dc HeapReAlloc
 0x122f6e4 HeapSize
 0x122f6ec HeapValidate
 0x122f6f4 InitializeCriticalSection
 0x122f6fc LeaveCriticalSection
 0x122f704 LoadLibraryA
 0x122f70c LoadLibraryW
 0x122f714 LocalFree
 0x122f71c LockFile
 0x122f724 LockFileEx
 0x122f72c MapViewOfFile
 0x122f734 MultiByteToWideChar
 0x122f73c OutputDebugStringA
 0x122f744 OutputDebugStringW
 0x122f74c PostQueuedCompletionStatus
 0x122f754 QueryPerformanceCounter
 0x122f75c ReadFile
 0x122f764 ResumeThread
 0x122f76c RtlAddFunctionTable
 0x122f774 RtlCaptureContext
 0x122f77c RtlLookupFunctionEntry
 0x122f784 RtlVirtualUnwind
 0x122f78c SetConsoleCtrlHandler
 0x122f794 SetEndOfFile
 0x122f79c SetErrorMode
 0x122f7a4 SetEvent
 0x122f7ac SetFilePointer
 0x122f7b4 SetProcessPriorityBoost
 0x122f7bc SetThreadContext
 0x122f7c4 SetUnhandledExceptionFilter
 0x122f7cc SetWaitableTimer
 0x122f7d4 Sleep
 0x122f7dc SuspendThread
 0x122f7e4 SwitchToThread
 0x122f7ec SystemTimeToFileTime
 0x122f7f4 TerminateProcess
 0x122f7fc TlsGetValue
 0x122f804 TryEnterCriticalSection
 0x122f80c UnhandledExceptionFilter
 0x122f814 UnlockFile
 0x122f81c UnlockFileEx
 0x122f824 UnmapViewOfFile
 0x122f82c VirtualAlloc
 0x122f834 VirtualFree
 0x122f83c VirtualProtect
 0x122f844 VirtualQuery
 0x122f84c WaitForMultipleObjects
 0x122f854 WaitForSingleObject
 0x122f85c WaitForSingleObjectEx
 0x122f864 WideCharToMultiByte
 0x122f86c WriteConsoleW
 0x122f874 WriteFile
 0x122f87c __C_specific_handler
msvcrt.dll
 0x122f88c __getmainargs
 0x122f894 __initenv
 0x122f89c __iob_func
 0x122f8a4 __lconv_init
 0x122f8ac __set_app_type
 0x122f8b4 __setusermatherr
 0x122f8bc _acmdln
 0x122f8c4 _amsg_exit
 0x122f8cc _beginthread
 0x122f8d4 _beginthreadex
 0x122f8dc _cexit
 0x122f8e4 _endthreadex
 0x122f8ec _errno
 0x122f8f4 _fmode
 0x122f8fc _initterm
 0x122f904 _localtime64
 0x122f90c _onexit
 0x122f914 abort
 0x122f91c calloc
 0x122f924 exit
 0x122f92c fprintf
 0x122f934 free
 0x122f93c fwrite
 0x122f944 malloc
 0x122f94c memcmp
 0x122f954 memcpy
 0x122f95c memmove
 0x122f964 memset
 0x122f96c qsort
 0x122f974 realloc
 0x122f97c signal
 0x122f984 strcmp
 0x122f98c strcspn
 0x122f994 strlen
 0x122f99c strncmp
 0x122f9a4 strrchr
 0x122f9ac vfprintf

EAT(Export Address Table) Library

0x122cff0 _cgo_dummy_export
0x8cbe80 authorizerTrampoline
0x8cbba0 callbackTrampoline
0x8cbd60 commitHookTrampoline
0x8cbcc0 compareTrampoline
0x8cbc70 doneTrampoline
0x8cbf00 preUpdateHookTrampoline
0x8cbdc0 rollbackHookTrampoline
0x8cbc00 stepTrampoline
0x8cbe10 updateHookTrampoline


Similarity measure (PE file only) - Checking for service failure