ScreenShot
| Created | 2023.10.19 08:00 | Machine | s1_win7_x6403 |
| Filename | ch.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetectMalware, Mokes, GenericKD, Cerbu, Kryptik, Vg4h, GenKryptik, Attribute, HighConfidence, malicious, high confidence, GPDE, score, exbu, PWSX, RedLineSteal, bhmbt, Inject4, TRICKBOT, Static AI, Malicious PE, Eldorado, ai score=85, RedLine, Casdet, Detected, GenericRXWJ, unsafe, Chgt, Generic@AI, RDML, pfib4RTD, NXqpS, rl4ps7w, susgen, HUTD, ZexaF, HqW@a4dcZPc, confidence, 100%) | ||
| md5 | 443ebfe5300c79fd559324c757aab369 | ||
| sha256 | adcc241adbfaa85f052b73bf45e5332d33ccd734456eddcf3111196423434c8f | ||
| ssdeep | 12288:HWStITaxODYdhtBI5iapJOcpfRPH3nxjy:HdtbOMPuiapJOmfRPH3t | ||
| imphash | 4f0cdfd3e1be2bc790b5aa9061b7d52c | ||
| impfuzzy | 24:GNcpVJ+jQDqte4GhlJBl39RPLOovbOIHFZMv1GMAkEZHu9J:GNcpVJI9te4Gnp363gFZGb | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424000 FreeConsole
0x424004 CloseHandle
0x424008 GetCurrentThreadId
0x42400c EnterCriticalSection
0x424010 LeaveCriticalSection
0x424014 InitializeCriticalSectionEx
0x424018 DeleteCriticalSection
0x42401c QueryPerformanceCounter
0x424020 EncodePointer
0x424024 DecodePointer
0x424028 MultiByteToWideChar
0x42402c WideCharToMultiByte
0x424030 LCMapStringEx
0x424034 GetSystemTimeAsFileTime
0x424038 GetModuleHandleW
0x42403c GetProcAddress
0x424040 GetStringTypeW
0x424044 GetCPInfo
0x424048 IsProcessorFeaturePresent
0x42404c UnhandledExceptionFilter
0x424050 SetUnhandledExceptionFilter
0x424054 GetCurrentProcess
0x424058 TerminateProcess
0x42405c GetCurrentProcessId
0x424060 InitializeSListHead
0x424064 IsDebuggerPresent
0x424068 GetStartupInfoW
0x42406c CreateFileW
0x424070 RaiseException
0x424074 RtlUnwind
0x424078 GetLastError
0x42407c SetLastError
0x424080 InitializeCriticalSectionAndSpinCount
0x424084 TlsAlloc
0x424088 TlsGetValue
0x42408c TlsSetValue
0x424090 TlsFree
0x424094 FreeLibrary
0x424098 LoadLibraryExW
0x42409c GetModuleHandleExW
0x4240a0 GetStdHandle
0x4240a4 WriteFile
0x4240a8 GetModuleFileNameW
0x4240ac ExitProcess
0x4240b0 GetCommandLineA
0x4240b4 GetCommandLineW
0x4240b8 HeapFree
0x4240bc HeapAlloc
0x4240c0 CompareStringW
0x4240c4 LCMapStringW
0x4240c8 GetLocaleInfoW
0x4240cc IsValidLocale
0x4240d0 GetUserDefaultLCID
0x4240d4 EnumSystemLocalesW
0x4240d8 GetFileType
0x4240dc FlushFileBuffers
0x4240e0 GetConsoleOutputCP
0x4240e4 GetConsoleMode
0x4240e8 ReadFile
0x4240ec GetFileSizeEx
0x4240f0 SetFilePointerEx
0x4240f4 ReadConsoleW
0x4240f8 HeapReAlloc
0x4240fc FindClose
0x424100 FindFirstFileExW
0x424104 FindNextFileW
0x424108 IsValidCodePage
0x42410c GetACP
0x424110 GetOEMCP
0x424114 GetEnvironmentStringsW
0x424118 FreeEnvironmentStringsW
0x42411c SetEnvironmentVariableW
0x424120 SetStdHandle
0x424124 GetProcessHeap
0x424128 HeapSize
0x42412c WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x424000 FreeConsole
0x424004 CloseHandle
0x424008 GetCurrentThreadId
0x42400c EnterCriticalSection
0x424010 LeaveCriticalSection
0x424014 InitializeCriticalSectionEx
0x424018 DeleteCriticalSection
0x42401c QueryPerformanceCounter
0x424020 EncodePointer
0x424024 DecodePointer
0x424028 MultiByteToWideChar
0x42402c WideCharToMultiByte
0x424030 LCMapStringEx
0x424034 GetSystemTimeAsFileTime
0x424038 GetModuleHandleW
0x42403c GetProcAddress
0x424040 GetStringTypeW
0x424044 GetCPInfo
0x424048 IsProcessorFeaturePresent
0x42404c UnhandledExceptionFilter
0x424050 SetUnhandledExceptionFilter
0x424054 GetCurrentProcess
0x424058 TerminateProcess
0x42405c GetCurrentProcessId
0x424060 InitializeSListHead
0x424064 IsDebuggerPresent
0x424068 GetStartupInfoW
0x42406c CreateFileW
0x424070 RaiseException
0x424074 RtlUnwind
0x424078 GetLastError
0x42407c SetLastError
0x424080 InitializeCriticalSectionAndSpinCount
0x424084 TlsAlloc
0x424088 TlsGetValue
0x42408c TlsSetValue
0x424090 TlsFree
0x424094 FreeLibrary
0x424098 LoadLibraryExW
0x42409c GetModuleHandleExW
0x4240a0 GetStdHandle
0x4240a4 WriteFile
0x4240a8 GetModuleFileNameW
0x4240ac ExitProcess
0x4240b0 GetCommandLineA
0x4240b4 GetCommandLineW
0x4240b8 HeapFree
0x4240bc HeapAlloc
0x4240c0 CompareStringW
0x4240c4 LCMapStringW
0x4240c8 GetLocaleInfoW
0x4240cc IsValidLocale
0x4240d0 GetUserDefaultLCID
0x4240d4 EnumSystemLocalesW
0x4240d8 GetFileType
0x4240dc FlushFileBuffers
0x4240e0 GetConsoleOutputCP
0x4240e4 GetConsoleMode
0x4240e8 ReadFile
0x4240ec GetFileSizeEx
0x4240f0 SetFilePointerEx
0x4240f4 ReadConsoleW
0x4240f8 HeapReAlloc
0x4240fc FindClose
0x424100 FindFirstFileExW
0x424104 FindNextFileW
0x424108 IsValidCodePage
0x42410c GetACP
0x424110 GetOEMCP
0x424114 GetEnvironmentStringsW
0x424118 FreeEnvironmentStringsW
0x42411c SetEnvironmentVariableW
0x424120 SetStdHandle
0x424124 GetProcessHeap
0x424128 HeapSize
0x42412c WriteConsoleW
EAT(Export Address Table) is none