ScreenShot
| Created | 2023.10.27 10:07 | Machine | s1_win7_x6401 |
| Filename | getclient.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 21 detected (Filecoder, Avaddon, Vbjc, malicious, confidence, Siggen21, DCrypt, score, Artemis, RansomGen, susgen) | ||
| md5 | 8a91f3743fe18864ce449301ba6c7cfd | ||
| sha256 | e65a897de99384a667679ca3becc9b2258b9391418a06471517b8a58ae863d99 | ||
| ssdeep | 98304:f3BYZrNCEwfTXMStYZ6aHskFiJLuj9m84MBfBn:/irNPwTMStOdHvwLp891 | ||
| imphash | 9cbefe68f395e67356e2a5d8d1b285c0 | ||
| impfuzzy | 24:UbVjhNwO+VuT2oLtXOr6kwmDruMztxdEr6tP:KwO+VAXOmGx0oP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x8ac1c0 WriteFile
0x8ac1c8 WriteConsoleW
0x8ac1d0 WaitForMultipleObjects
0x8ac1d8 WaitForSingleObject
0x8ac1e0 VirtualQuery
0x8ac1e8 VirtualFree
0x8ac1f0 VirtualAlloc
0x8ac1f8 SwitchToThread
0x8ac200 SuspendThread
0x8ac208 SetWaitableTimer
0x8ac210 SetUnhandledExceptionFilter
0x8ac218 SetProcessPriorityBoost
0x8ac220 SetEvent
0x8ac228 SetErrorMode
0x8ac230 SetConsoleCtrlHandler
0x8ac238 ResumeThread
0x8ac240 PostQueuedCompletionStatus
0x8ac248 LoadLibraryA
0x8ac250 LoadLibraryW
0x8ac258 SetThreadContext
0x8ac260 GetThreadContext
0x8ac268 GetSystemInfo
0x8ac270 GetSystemDirectoryA
0x8ac278 GetStdHandle
0x8ac280 GetQueuedCompletionStatusEx
0x8ac288 GetProcessAffinityMask
0x8ac290 GetProcAddress
0x8ac298 GetEnvironmentStringsW
0x8ac2a0 GetConsoleMode
0x8ac2a8 FreeEnvironmentStringsW
0x8ac2b0 ExitProcess
0x8ac2b8 DuplicateHandle
0x8ac2c0 CreateWaitableTimerExW
0x8ac2c8 CreateThread
0x8ac2d0 CreateIoCompletionPort
0x8ac2d8 CreateFileA
0x8ac2e0 CreateEventA
0x8ac2e8 CloseHandle
0x8ac2f0 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x8ac1c0 WriteFile
0x8ac1c8 WriteConsoleW
0x8ac1d0 WaitForMultipleObjects
0x8ac1d8 WaitForSingleObject
0x8ac1e0 VirtualQuery
0x8ac1e8 VirtualFree
0x8ac1f0 VirtualAlloc
0x8ac1f8 SwitchToThread
0x8ac200 SuspendThread
0x8ac208 SetWaitableTimer
0x8ac210 SetUnhandledExceptionFilter
0x8ac218 SetProcessPriorityBoost
0x8ac220 SetEvent
0x8ac228 SetErrorMode
0x8ac230 SetConsoleCtrlHandler
0x8ac238 ResumeThread
0x8ac240 PostQueuedCompletionStatus
0x8ac248 LoadLibraryA
0x8ac250 LoadLibraryW
0x8ac258 SetThreadContext
0x8ac260 GetThreadContext
0x8ac268 GetSystemInfo
0x8ac270 GetSystemDirectoryA
0x8ac278 GetStdHandle
0x8ac280 GetQueuedCompletionStatusEx
0x8ac288 GetProcessAffinityMask
0x8ac290 GetProcAddress
0x8ac298 GetEnvironmentStringsW
0x8ac2a0 GetConsoleMode
0x8ac2a8 FreeEnvironmentStringsW
0x8ac2b0 ExitProcess
0x8ac2b8 DuplicateHandle
0x8ac2c0 CreateWaitableTimerExW
0x8ac2c8 CreateThread
0x8ac2d0 CreateIoCompletionPort
0x8ac2d8 CreateFileA
0x8ac2e0 CreateEventA
0x8ac2e8 CloseHandle
0x8ac2f0 AddVectoredExceptionHandler
EAT(Export Address Table) is none