ScreenShot
| Created | 2023.11.20 09:49 | Machine | s1_win7_x6403 |
| Filename | Discord.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetectMalware, tstc, GenericKD, Artemis, PyInstaller, Attribute, HighConfidence, malicious, high confidence, dffz, BDOJ, Simw, lwkun, Python, Muldrop, Detected, Eldorado, GrayWare, Wacapew, BlankGrabber, TCR5QI, score, ai score=81, unsafe, Chgt, CLASSIC, susgen, PackedPyInstaller, confidence, 100%) | ||
| md5 | 5fe0d276069583d186448d4aaf9a2842 | ||
| sha256 | abfae33792c8c075a2993310b182c0090ac9042481f1d7d10e3c72f5bba3680a | ||
| ssdeep | 196608:+EYS6g9qOshoKMuIkhVastRL5Di3uz1D7c03:FYSd8OshouIkPftRL54aRZ3 | ||
| imphash | 20d446c1cb128febd23deb17efb67cf6 | ||
| impfuzzy | 48:t/gub6EwoQ54rzSv6xvi2ymeV9R+hteS1Xc+pIuCJcgTkOtV0Kq14r:phV9eVuhteS1Xc+pIustkiWHS | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| notice | Creates executable files on the filesystem |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x14002b390 CreateWindowExW
0x14002b398 MessageBoxW
0x14002b3a0 MessageBoxA
0x14002b3a8 SystemParametersInfoW
0x14002b3b0 DestroyIcon
0x14002b3b8 SetWindowLongPtrW
0x14002b3c0 GetWindowLongPtrW
0x14002b3c8 GetClientRect
0x14002b3d0 InvalidateRect
0x14002b3d8 ReleaseDC
0x14002b3e0 GetDC
0x14002b3e8 DrawTextW
0x14002b3f0 GetDialogBaseUnits
0x14002b3f8 EndDialog
0x14002b400 DialogBoxIndirectParamW
0x14002b408 MoveWindow
0x14002b410 SendMessageW
COMCTL32.dll
0x14002b028 None
KERNEL32.dll
0x14002b058 GetStringTypeW
0x14002b060 GetFileAttributesExW
0x14002b068 HeapReAlloc
0x14002b070 FlushFileBuffers
0x14002b078 GetCurrentDirectoryW
0x14002b080 IsValidCodePage
0x14002b088 GetACP
0x14002b090 GetModuleHandleW
0x14002b098 MulDiv
0x14002b0a0 GetLastError
0x14002b0a8 SetDllDirectoryW
0x14002b0b0 GetModuleFileNameW
0x14002b0b8 CreateSymbolicLinkW
0x14002b0c0 GetProcAddress
0x14002b0c8 GetCommandLineW
0x14002b0d0 GetEnvironmentVariableW
0x14002b0d8 GetOEMCP
0x14002b0e0 ExpandEnvironmentStringsW
0x14002b0e8 CreateDirectoryW
0x14002b0f0 GetTempPathW
0x14002b0f8 WaitForSingleObject
0x14002b100 Sleep
0x14002b108 GetExitCodeProcess
0x14002b110 CreateProcessW
0x14002b118 GetStartupInfoW
0x14002b120 FreeLibrary
0x14002b128 LoadLibraryExW
0x14002b130 SetConsoleCtrlHandler
0x14002b138 FindClose
0x14002b140 FindFirstFileExW
0x14002b148 CloseHandle
0x14002b150 GetCurrentProcess
0x14002b158 LocalFree
0x14002b160 FormatMessageW
0x14002b168 MultiByteToWideChar
0x14002b170 WideCharToMultiByte
0x14002b178 GetCPInfo
0x14002b180 GetEnvironmentStringsW
0x14002b188 FreeEnvironmentStringsW
0x14002b190 GetProcessHeap
0x14002b198 GetTimeZoneInformation
0x14002b1a0 HeapSize
0x14002b1a8 WriteConsoleW
0x14002b1b0 SetEnvironmentVariableW
0x14002b1b8 RtlUnwindEx
0x14002b1c0 RtlCaptureContext
0x14002b1c8 RtlLookupFunctionEntry
0x14002b1d0 RtlVirtualUnwind
0x14002b1d8 UnhandledExceptionFilter
0x14002b1e0 SetUnhandledExceptionFilter
0x14002b1e8 TerminateProcess
0x14002b1f0 IsProcessorFeaturePresent
0x14002b1f8 QueryPerformanceCounter
0x14002b200 GetCurrentProcessId
0x14002b208 GetCurrentThreadId
0x14002b210 GetSystemTimeAsFileTime
0x14002b218 InitializeSListHead
0x14002b220 IsDebuggerPresent
0x14002b228 SetEndOfFile
0x14002b230 SetLastError
0x14002b238 EnterCriticalSection
0x14002b240 LeaveCriticalSection
0x14002b248 DeleteCriticalSection
0x14002b250 InitializeCriticalSectionAndSpinCount
0x14002b258 TlsAlloc
0x14002b260 TlsGetValue
0x14002b268 TlsSetValue
0x14002b270 TlsFree
0x14002b278 EncodePointer
0x14002b280 RaiseException
0x14002b288 RtlPcToFileHeader
0x14002b290 GetCommandLineA
0x14002b298 CreateFileW
0x14002b2a0 GetDriveTypeW
0x14002b2a8 GetFileInformationByHandle
0x14002b2b0 GetFileType
0x14002b2b8 PeekNamedPipe
0x14002b2c0 SystemTimeToTzSpecificLocalTime
0x14002b2c8 FileTimeToSystemTime
0x14002b2d0 GetFullPathNameW
0x14002b2d8 RemoveDirectoryW
0x14002b2e0 FindNextFileW
0x14002b2e8 SetStdHandle
0x14002b2f0 DeleteFileW
0x14002b2f8 ReadFile
0x14002b300 GetStdHandle
0x14002b308 WriteFile
0x14002b310 ExitProcess
0x14002b318 GetModuleHandleExW
0x14002b320 HeapFree
0x14002b328 GetConsoleMode
0x14002b330 ReadConsoleW
0x14002b338 SetFilePointerEx
0x14002b340 GetConsoleOutputCP
0x14002b348 GetFileSizeEx
0x14002b350 HeapAlloc
0x14002b358 FlsAlloc
0x14002b360 FlsGetValue
0x14002b368 FlsSetValue
0x14002b370 FlsFree
0x14002b378 CompareStringW
0x14002b380 LCMapStringW
ADVAPI32.dll
0x14002b000 OpenProcessToken
0x14002b008 GetTokenInformation
0x14002b010 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x14002b018 ConvertSidToStringSidW
GDI32.dll
0x14002b038 SelectObject
0x14002b040 DeleteObject
0x14002b048 CreateFontIndirectW
EAT(Export Address Table) is none
USER32.dll
0x14002b390 CreateWindowExW
0x14002b398 MessageBoxW
0x14002b3a0 MessageBoxA
0x14002b3a8 SystemParametersInfoW
0x14002b3b0 DestroyIcon
0x14002b3b8 SetWindowLongPtrW
0x14002b3c0 GetWindowLongPtrW
0x14002b3c8 GetClientRect
0x14002b3d0 InvalidateRect
0x14002b3d8 ReleaseDC
0x14002b3e0 GetDC
0x14002b3e8 DrawTextW
0x14002b3f0 GetDialogBaseUnits
0x14002b3f8 EndDialog
0x14002b400 DialogBoxIndirectParamW
0x14002b408 MoveWindow
0x14002b410 SendMessageW
COMCTL32.dll
0x14002b028 None
KERNEL32.dll
0x14002b058 GetStringTypeW
0x14002b060 GetFileAttributesExW
0x14002b068 HeapReAlloc
0x14002b070 FlushFileBuffers
0x14002b078 GetCurrentDirectoryW
0x14002b080 IsValidCodePage
0x14002b088 GetACP
0x14002b090 GetModuleHandleW
0x14002b098 MulDiv
0x14002b0a0 GetLastError
0x14002b0a8 SetDllDirectoryW
0x14002b0b0 GetModuleFileNameW
0x14002b0b8 CreateSymbolicLinkW
0x14002b0c0 GetProcAddress
0x14002b0c8 GetCommandLineW
0x14002b0d0 GetEnvironmentVariableW
0x14002b0d8 GetOEMCP
0x14002b0e0 ExpandEnvironmentStringsW
0x14002b0e8 CreateDirectoryW
0x14002b0f0 GetTempPathW
0x14002b0f8 WaitForSingleObject
0x14002b100 Sleep
0x14002b108 GetExitCodeProcess
0x14002b110 CreateProcessW
0x14002b118 GetStartupInfoW
0x14002b120 FreeLibrary
0x14002b128 LoadLibraryExW
0x14002b130 SetConsoleCtrlHandler
0x14002b138 FindClose
0x14002b140 FindFirstFileExW
0x14002b148 CloseHandle
0x14002b150 GetCurrentProcess
0x14002b158 LocalFree
0x14002b160 FormatMessageW
0x14002b168 MultiByteToWideChar
0x14002b170 WideCharToMultiByte
0x14002b178 GetCPInfo
0x14002b180 GetEnvironmentStringsW
0x14002b188 FreeEnvironmentStringsW
0x14002b190 GetProcessHeap
0x14002b198 GetTimeZoneInformation
0x14002b1a0 HeapSize
0x14002b1a8 WriteConsoleW
0x14002b1b0 SetEnvironmentVariableW
0x14002b1b8 RtlUnwindEx
0x14002b1c0 RtlCaptureContext
0x14002b1c8 RtlLookupFunctionEntry
0x14002b1d0 RtlVirtualUnwind
0x14002b1d8 UnhandledExceptionFilter
0x14002b1e0 SetUnhandledExceptionFilter
0x14002b1e8 TerminateProcess
0x14002b1f0 IsProcessorFeaturePresent
0x14002b1f8 QueryPerformanceCounter
0x14002b200 GetCurrentProcessId
0x14002b208 GetCurrentThreadId
0x14002b210 GetSystemTimeAsFileTime
0x14002b218 InitializeSListHead
0x14002b220 IsDebuggerPresent
0x14002b228 SetEndOfFile
0x14002b230 SetLastError
0x14002b238 EnterCriticalSection
0x14002b240 LeaveCriticalSection
0x14002b248 DeleteCriticalSection
0x14002b250 InitializeCriticalSectionAndSpinCount
0x14002b258 TlsAlloc
0x14002b260 TlsGetValue
0x14002b268 TlsSetValue
0x14002b270 TlsFree
0x14002b278 EncodePointer
0x14002b280 RaiseException
0x14002b288 RtlPcToFileHeader
0x14002b290 GetCommandLineA
0x14002b298 CreateFileW
0x14002b2a0 GetDriveTypeW
0x14002b2a8 GetFileInformationByHandle
0x14002b2b0 GetFileType
0x14002b2b8 PeekNamedPipe
0x14002b2c0 SystemTimeToTzSpecificLocalTime
0x14002b2c8 FileTimeToSystemTime
0x14002b2d0 GetFullPathNameW
0x14002b2d8 RemoveDirectoryW
0x14002b2e0 FindNextFileW
0x14002b2e8 SetStdHandle
0x14002b2f0 DeleteFileW
0x14002b2f8 ReadFile
0x14002b300 GetStdHandle
0x14002b308 WriteFile
0x14002b310 ExitProcess
0x14002b318 GetModuleHandleExW
0x14002b320 HeapFree
0x14002b328 GetConsoleMode
0x14002b330 ReadConsoleW
0x14002b338 SetFilePointerEx
0x14002b340 GetConsoleOutputCP
0x14002b348 GetFileSizeEx
0x14002b350 HeapAlloc
0x14002b358 FlsAlloc
0x14002b360 FlsGetValue
0x14002b368 FlsSetValue
0x14002b370 FlsFree
0x14002b378 CompareStringW
0x14002b380 LCMapStringW
ADVAPI32.dll
0x14002b000 OpenProcessToken
0x14002b008 GetTokenInformation
0x14002b010 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x14002b018 ConvertSidToStringSidW
GDI32.dll
0x14002b038 SelectObject
0x14002b040 DeleteObject
0x14002b048 CreateFontIndirectW
EAT(Export Address Table) is none