ScreenShot
| Created | 2023.11.10 09:30 | Machine | s1_win7_x6401 |
| Filename | i.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 57 detected (AIDetectMalware, Coroxy, Jaik, Artemis, Vfni, malicious, ZexaF, aqW@a4KyXy, Attribute, HighConfidence, high confidence, score, GenericML, xnet, kcakfo, Bkjl, teemc, Siggen21, SMOKELOADER, YXDKHZ, high, Detected, Wacatac, Threat, HLLSI, based, Maximus, R609090, ai score=88, BScope, TrojanProxy, Sybici, unsafe, Chgt, Generic@AI, RDML, vgoIABHLbcxwvc, +LXA, Static AI, Malicious PE, susgen, MalwareX, confidence, 100%) | ||
| md5 | 80929c8d2ecd8d400fed9a029f4e4763 | ||
| sha256 | 9199144c5156434c69d008c19562f9f6cf851720598c6550bbc2fc1f93e743ad | ||
| ssdeep | 96:kbzB1sIGNT8dfY4zbQbxkKYcsMWQAMIwcG9g5vOPEZ1eLP5FOzCVGSBXNBL7Kse9:kbF1PkUfY8LKMp5jeEZ1eLxkWksnO | ||
| imphash | 765650190224c30d988bfe1c70e8de98 | ||
| impfuzzy | 12:wZgZGMwQPKOHGFYNooj7GuzgGKjhIl0ydJWJ9JDJKEKHG/UJXL5JxHDsVpoYdrSW:wZA/CVojrznKpOVG8VRjshZSywxtiD | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | SystemBC_IN | SystemBC | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
user32.dll
0x403080 wsprintfA
kernel32.dll
0x403010 CreateFileA
0x403014 CreateThread
0x403018 ExitProcess
0x40301c FileTimeToSystemTime
0x403020 GetCurrentProcess
0x403024 GetLocalTime
0x403028 GetTempPathA
0x40302c GetVolumeInformationA
0x403030 CreateEventA
0x403034 LocalFree
0x403038 SetEvent
0x40303c SetFilePointer
0x403040 CloseHandle
0x403044 SystemTimeToFileTime
0x403048 VirtualAlloc
0x40304c VirtualFree
0x403050 WaitForSingleObject
0x403054 WriteFile
0x403058 LocalAlloc
0x40305c Sleep
advapi32.dll
0x403000 OpenProcessToken
0x403004 GetTokenInformation
0x403008 GetSidSubAuthority
wsock32.dll
0x403098 WSAStartup
0x40309c closesocket
0x4030a0 connect
0x4030a4 htons
0x4030a8 inet_addr
0x4030ac inet_ntoa
0x4030b0 ioctlsocket
0x4030b4 recv
0x4030b8 select
0x4030bc send
0x4030c0 setsockopt
0x4030c4 shutdown
0x4030c8 socket
ws2_32.dll
0x403088 freeaddrinfo
0x40308c WSAIoctl
0x403090 getaddrinfo
ole32.dll
0x403064 CoInitialize
0x403068 CoCreateInstance
0x40306c CoUninitialize
secur32.dll
0x403074 GetUserNameExW
0x403078 GetUserNameExA
EAT(Export Address Table) is none
user32.dll
0x403080 wsprintfA
kernel32.dll
0x403010 CreateFileA
0x403014 CreateThread
0x403018 ExitProcess
0x40301c FileTimeToSystemTime
0x403020 GetCurrentProcess
0x403024 GetLocalTime
0x403028 GetTempPathA
0x40302c GetVolumeInformationA
0x403030 CreateEventA
0x403034 LocalFree
0x403038 SetEvent
0x40303c SetFilePointer
0x403040 CloseHandle
0x403044 SystemTimeToFileTime
0x403048 VirtualAlloc
0x40304c VirtualFree
0x403050 WaitForSingleObject
0x403054 WriteFile
0x403058 LocalAlloc
0x40305c Sleep
advapi32.dll
0x403000 OpenProcessToken
0x403004 GetTokenInformation
0x403008 GetSidSubAuthority
wsock32.dll
0x403098 WSAStartup
0x40309c closesocket
0x4030a0 connect
0x4030a4 htons
0x4030a8 inet_addr
0x4030ac inet_ntoa
0x4030b0 ioctlsocket
0x4030b4 recv
0x4030b8 select
0x4030bc send
0x4030c0 setsockopt
0x4030c4 shutdown
0x4030c8 socket
ws2_32.dll
0x403088 freeaddrinfo
0x40308c WSAIoctl
0x403090 getaddrinfo
ole32.dll
0x403064 CoInitialize
0x403068 CoCreateInstance
0x40306c CoUninitialize
secur32.dll
0x403074 GetUserNameExW
0x403078 GetUserNameExA
EAT(Export Address Table) is none