ScreenShot
| Created | 2023.10.26 10:23 | Machine | s1_win7_x6403 |
| Filename | tus.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 32 detected (AIDetectMalware, 5yW@amESq5n, Pwsx, Smokeloader, malicious, confidence, Attribute, HighConfidence, high confidence, Kryptik, HUYH, score, Convagent, CLASSIC, Redline, Detected, Wacapew, Eldorado, ai score=89, Static AI, Suspicious PE, susgen, HUKQ, CrypterX) | ||
| md5 | 10a17abe9f1d739be062dfa9f1730298 | ||
| sha256 | 1fed84f709df74d68b6b899c01698daad2266a433ec956ba1656ed791f3fe2c8 | ||
| ssdeep | 12288:BO6tSZ29AzVvWD+wVLZ5D4bzdKhvixnC7vuZf/60h6DPqY1R:Ba29AzVvWD+wVT4bzWKxG/q | ||
| imphash | 0827946c9a1e10fe2b73e3062ee67b37 | ||
| impfuzzy | 48:Bi9scpVJxYWDWYMXtXOroGtXGzPpU63TuFZGVc:BiOcpVJxYWKHXtXUoGtXGTpUft | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Code injection by writing an executable or DLL to the memory of another process |
| watch | Detects Avast Antivirus through the presence of a library |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | One or more potentially interesting buffers were extracted |
| notice | Yara rule detected in process memory |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4e2000 CloseHandle
0x4e2004 WaitForSingleObjectEx
0x4e2008 Sleep
0x4e200c SwitchToThread
0x4e2010 GetCurrentThreadId
0x4e2014 GetExitCodeThread
0x4e2018 GetNativeSystemInfo
0x4e201c FormatMessageA
0x4e2020 WideCharToMultiByte
0x4e2024 MultiByteToWideChar
0x4e2028 GetStringTypeW
0x4e202c EnterCriticalSection
0x4e2030 LeaveCriticalSection
0x4e2034 InitializeCriticalSectionEx
0x4e2038 DeleteCriticalSection
0x4e203c QueryPerformanceCounter
0x4e2040 QueryPerformanceFrequency
0x4e2044 InitializeSRWLock
0x4e2048 ReleaseSRWLockExclusive
0x4e204c AcquireSRWLockExclusive
0x4e2050 TryAcquireSRWLockExclusive
0x4e2054 InitializeConditionVariable
0x4e2058 WakeConditionVariable
0x4e205c WakeAllConditionVariable
0x4e2060 SleepConditionVariableSRW
0x4e2064 LocalFree
0x4e2068 GetLocaleInfoEx
0x4e206c EncodePointer
0x4e2070 DecodePointer
0x4e2074 LCMapStringEx
0x4e2078 SetFileInformationByHandle
0x4e207c GetTempPathW
0x4e2080 FlsAlloc
0x4e2084 FlsGetValue
0x4e2088 FlsSetValue
0x4e208c FlsFree
0x4e2090 InitOnceExecuteOnce
0x4e2094 SleepConditionVariableCS
0x4e2098 CreateEventExW
0x4e209c CreateSemaphoreExW
0x4e20a0 FlushProcessWriteBuffers
0x4e20a4 GetCurrentProcessorNumber
0x4e20a8 GetSystemTimeAsFileTime
0x4e20ac GetTickCount64
0x4e20b0 FreeLibraryWhenCallbackReturns
0x4e20b4 CreateThreadpoolWork
0x4e20b8 SubmitThreadpoolWork
0x4e20bc CloseThreadpoolWork
0x4e20c0 CreateThreadpoolTimer
0x4e20c4 SetThreadpoolTimer
0x4e20c8 WaitForThreadpoolTimerCallbacks
0x4e20cc CloseThreadpoolTimer
0x4e20d0 CreateThreadpoolWait
0x4e20d4 SetThreadpoolWait
0x4e20d8 CloseThreadpoolWait
0x4e20dc GetModuleHandleW
0x4e20e0 GetProcAddress
0x4e20e4 GetFileInformationByHandleEx
0x4e20e8 CreateSymbolicLinkW
0x4e20ec CompareStringEx
0x4e20f0 GetCPInfo
0x4e20f4 IsProcessorFeaturePresent
0x4e20f8 GetCurrentProcessId
0x4e20fc InitializeSListHead
0x4e2100 IsDebuggerPresent
0x4e2104 UnhandledExceptionFilter
0x4e2108 SetUnhandledExceptionFilter
0x4e210c GetStartupInfoW
0x4e2110 GetCurrentProcess
0x4e2114 TerminateProcess
0x4e2118 CreateFileW
0x4e211c RaiseException
0x4e2120 RtlUnwind
0x4e2124 InterlockedPushEntrySList
0x4e2128 InterlockedFlushSList
0x4e212c GetLastError
0x4e2130 SetLastError
0x4e2134 InitializeCriticalSectionAndSpinCount
0x4e2138 TlsAlloc
0x4e213c TlsGetValue
0x4e2140 TlsSetValue
0x4e2144 TlsFree
0x4e2148 FreeLibrary
0x4e214c LoadLibraryExW
0x4e2150 CreateThread
0x4e2154 ExitThread
0x4e2158 ResumeThread
0x4e215c FreeLibraryAndExitThread
0x4e2160 GetModuleHandleExW
0x4e2164 GetStdHandle
0x4e2168 WriteFile
0x4e216c GetModuleFileNameW
0x4e2170 ExitProcess
0x4e2174 GetCommandLineA
0x4e2178 GetCommandLineW
0x4e217c GetCurrentThread
0x4e2180 HeapAlloc
0x4e2184 HeapFree
0x4e2188 GetDateFormatW
0x4e218c GetTimeFormatW
0x4e2190 CompareStringW
0x4e2194 LCMapStringW
0x4e2198 GetLocaleInfoW
0x4e219c IsValidLocale
0x4e21a0 GetUserDefaultLCID
0x4e21a4 EnumSystemLocalesW
0x4e21a8 GetFileType
0x4e21ac SetConsoleCtrlHandler
0x4e21b0 FlushFileBuffers
0x4e21b4 GetConsoleOutputCP
0x4e21b8 GetConsoleMode
0x4e21bc ReadFile
0x4e21c0 GetFileSizeEx
0x4e21c4 SetFilePointerEx
0x4e21c8 ReadConsoleW
0x4e21cc HeapReAlloc
0x4e21d0 GetTimeZoneInformation
0x4e21d4 OutputDebugStringW
0x4e21d8 FindClose
0x4e21dc FindFirstFileExW
0x4e21e0 FindNextFileW
0x4e21e4 IsValidCodePage
0x4e21e8 GetACP
0x4e21ec GetOEMCP
0x4e21f0 GetEnvironmentStringsW
0x4e21f4 FreeEnvironmentStringsW
0x4e21f8 SetEnvironmentVariableW
0x4e21fc SetStdHandle
0x4e2200 GetProcessHeap
0x4e2204 HeapSize
0x4e2208 WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x4e2000 CloseHandle
0x4e2004 WaitForSingleObjectEx
0x4e2008 Sleep
0x4e200c SwitchToThread
0x4e2010 GetCurrentThreadId
0x4e2014 GetExitCodeThread
0x4e2018 GetNativeSystemInfo
0x4e201c FormatMessageA
0x4e2020 WideCharToMultiByte
0x4e2024 MultiByteToWideChar
0x4e2028 GetStringTypeW
0x4e202c EnterCriticalSection
0x4e2030 LeaveCriticalSection
0x4e2034 InitializeCriticalSectionEx
0x4e2038 DeleteCriticalSection
0x4e203c QueryPerformanceCounter
0x4e2040 QueryPerformanceFrequency
0x4e2044 InitializeSRWLock
0x4e2048 ReleaseSRWLockExclusive
0x4e204c AcquireSRWLockExclusive
0x4e2050 TryAcquireSRWLockExclusive
0x4e2054 InitializeConditionVariable
0x4e2058 WakeConditionVariable
0x4e205c WakeAllConditionVariable
0x4e2060 SleepConditionVariableSRW
0x4e2064 LocalFree
0x4e2068 GetLocaleInfoEx
0x4e206c EncodePointer
0x4e2070 DecodePointer
0x4e2074 LCMapStringEx
0x4e2078 SetFileInformationByHandle
0x4e207c GetTempPathW
0x4e2080 FlsAlloc
0x4e2084 FlsGetValue
0x4e2088 FlsSetValue
0x4e208c FlsFree
0x4e2090 InitOnceExecuteOnce
0x4e2094 SleepConditionVariableCS
0x4e2098 CreateEventExW
0x4e209c CreateSemaphoreExW
0x4e20a0 FlushProcessWriteBuffers
0x4e20a4 GetCurrentProcessorNumber
0x4e20a8 GetSystemTimeAsFileTime
0x4e20ac GetTickCount64
0x4e20b0 FreeLibraryWhenCallbackReturns
0x4e20b4 CreateThreadpoolWork
0x4e20b8 SubmitThreadpoolWork
0x4e20bc CloseThreadpoolWork
0x4e20c0 CreateThreadpoolTimer
0x4e20c4 SetThreadpoolTimer
0x4e20c8 WaitForThreadpoolTimerCallbacks
0x4e20cc CloseThreadpoolTimer
0x4e20d0 CreateThreadpoolWait
0x4e20d4 SetThreadpoolWait
0x4e20d8 CloseThreadpoolWait
0x4e20dc GetModuleHandleW
0x4e20e0 GetProcAddress
0x4e20e4 GetFileInformationByHandleEx
0x4e20e8 CreateSymbolicLinkW
0x4e20ec CompareStringEx
0x4e20f0 GetCPInfo
0x4e20f4 IsProcessorFeaturePresent
0x4e20f8 GetCurrentProcessId
0x4e20fc InitializeSListHead
0x4e2100 IsDebuggerPresent
0x4e2104 UnhandledExceptionFilter
0x4e2108 SetUnhandledExceptionFilter
0x4e210c GetStartupInfoW
0x4e2110 GetCurrentProcess
0x4e2114 TerminateProcess
0x4e2118 CreateFileW
0x4e211c RaiseException
0x4e2120 RtlUnwind
0x4e2124 InterlockedPushEntrySList
0x4e2128 InterlockedFlushSList
0x4e212c GetLastError
0x4e2130 SetLastError
0x4e2134 InitializeCriticalSectionAndSpinCount
0x4e2138 TlsAlloc
0x4e213c TlsGetValue
0x4e2140 TlsSetValue
0x4e2144 TlsFree
0x4e2148 FreeLibrary
0x4e214c LoadLibraryExW
0x4e2150 CreateThread
0x4e2154 ExitThread
0x4e2158 ResumeThread
0x4e215c FreeLibraryAndExitThread
0x4e2160 GetModuleHandleExW
0x4e2164 GetStdHandle
0x4e2168 WriteFile
0x4e216c GetModuleFileNameW
0x4e2170 ExitProcess
0x4e2174 GetCommandLineA
0x4e2178 GetCommandLineW
0x4e217c GetCurrentThread
0x4e2180 HeapAlloc
0x4e2184 HeapFree
0x4e2188 GetDateFormatW
0x4e218c GetTimeFormatW
0x4e2190 CompareStringW
0x4e2194 LCMapStringW
0x4e2198 GetLocaleInfoW
0x4e219c IsValidLocale
0x4e21a0 GetUserDefaultLCID
0x4e21a4 EnumSystemLocalesW
0x4e21a8 GetFileType
0x4e21ac SetConsoleCtrlHandler
0x4e21b0 FlushFileBuffers
0x4e21b4 GetConsoleOutputCP
0x4e21b8 GetConsoleMode
0x4e21bc ReadFile
0x4e21c0 GetFileSizeEx
0x4e21c4 SetFilePointerEx
0x4e21c8 ReadConsoleW
0x4e21cc HeapReAlloc
0x4e21d0 GetTimeZoneInformation
0x4e21d4 OutputDebugStringW
0x4e21d8 FindClose
0x4e21dc FindFirstFileExW
0x4e21e0 FindNextFileW
0x4e21e4 IsValidCodePage
0x4e21e8 GetACP
0x4e21ec GetOEMCP
0x4e21f0 GetEnvironmentStringsW
0x4e21f4 FreeEnvironmentStringsW
0x4e21f8 SetEnvironmentVariableW
0x4e21fc SetStdHandle
0x4e2200 GetProcessHeap
0x4e2204 HeapSize
0x4e2208 WriteConsoleW
EAT(Export Address Table) is none