ScreenShot
| Created | 2023.11.21 18:18 | Machine | s1_win7_x6402 |
| Filename | Updatе.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 33 detected (AIDetectMalware, Stealerc, Save, malicious, confidence, Attribute, HighConfidence, high confidence, score, LUMMASTEALER, YXDKTZ, high, Static AI, Malicious PE, ABRisk, LIET, Leonem, Detected, Artemis, BScope, Wirenet, unsafe, Chgt, Generic@AI, RDML, MifeMdidFMWS9qAo3Wk8iw, susgen, PossibleThreat, ZexaF, RqW@auLEUL) | ||
| md5 | 3f6d2aa85fcd8e38412f4ab60f8f47f4 | ||
| sha256 | 3eb644492c55f3afab73d0b9842a835d67ccf35c46767d45ae7d2e78fc96d7e5 | ||
| ssdeep | 12288:R1nGfvqfcZCnVsUonX/hNKo1FdsJt2m2Nl1KsHBMIDG4LcykS/xXn8SUtbR+i:RrcZ0VGnPnveJxwl1uu/9/xXn8b4 | ||
| imphash | 411d07b56145caf2dc98484203a9ed7b | ||
| impfuzzy | 24:DAIJFiqqlxaLDonztP1GMndlJeDc+pl7LoEOovbOrRZHu93vB3l1:0IJFfqlxDztP1xic+pBc3gBV1 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x423130 TranslateMessage
0x423134 KillTimer
0x423138 DispatchMessageW
0x42313c GetMessageW
0x423140 SetTimer
KERNEL32.dll
0x423000 FreeLibrary
0x423004 WriteConsoleW
0x423008 CloseHandle
0x42300c CreateFileW
0x423010 GetDiskFreeSpaceExA
0x423014 QueryPerformanceCounter
0x423018 QueryPerformanceFrequency
0x42301c HeapAlloc
0x423020 HeapFree
0x423024 GetCurrentProcess
0x423028 GetSystemTime
0x42302c GetLocalTime
0x423030 VirtualProtect
0x423034 GetModuleHandleA
0x423038 GetProcAddress
0x42303c LoadLibraryA
0x423040 lstrcmpA
0x423044 lstrlenA
0x423048 FreeConsole
0x42304c UnhandledExceptionFilter
0x423050 SetUnhandledExceptionFilter
0x423054 TerminateProcess
0x423058 IsProcessorFeaturePresent
0x42305c GetCurrentProcessId
0x423060 GetCurrentThreadId
0x423064 GetSystemTimeAsFileTime
0x423068 InitializeSListHead
0x42306c IsDebuggerPresent
0x423070 GetStartupInfoW
0x423074 GetModuleHandleW
0x423078 SetFilePointerEx
0x42307c GetConsoleMode
0x423080 RaiseException
0x423084 GetLastError
0x423088 SetLastError
0x42308c EncodePointer
0x423090 EnterCriticalSection
0x423094 LeaveCriticalSection
0x423098 DeleteCriticalSection
0x42309c InitializeCriticalSectionAndSpinCount
0x4230a0 TlsAlloc
0x4230a4 TlsGetValue
0x4230a8 TlsSetValue
0x4230ac TlsFree
0x4230b0 DecodePointer
0x4230b4 LoadLibraryExW
0x4230b8 GetStdHandle
0x4230bc WriteFile
0x4230c0 GetModuleFileNameW
0x4230c4 ExitProcess
0x4230c8 GetModuleHandleExW
0x4230cc GetCommandLineA
0x4230d0 GetCommandLineW
0x4230d4 FindClose
0x4230d8 FindFirstFileExW
0x4230dc FindNextFileW
0x4230e0 IsValidCodePage
0x4230e4 GetACP
0x4230e8 GetOEMCP
0x4230ec GetCPInfo
0x4230f0 MultiByteToWideChar
0x4230f4 WideCharToMultiByte
0x4230f8 GetEnvironmentStringsW
0x4230fc FreeEnvironmentStringsW
0x423100 SetEnvironmentVariableW
0x423104 SetStdHandle
0x423108 GetFileType
0x42310c GetStringTypeW
0x423110 CompareStringW
0x423114 LCMapStringW
0x423118 GetProcessHeap
0x42311c HeapSize
0x423120 HeapReAlloc
0x423124 FlushFileBuffers
0x423128 GetConsoleOutputCP
ntdll.dll
0x423148 RtlUnwind
EAT(Export Address Table) is none
USER32.dll
0x423130 TranslateMessage
0x423134 KillTimer
0x423138 DispatchMessageW
0x42313c GetMessageW
0x423140 SetTimer
KERNEL32.dll
0x423000 FreeLibrary
0x423004 WriteConsoleW
0x423008 CloseHandle
0x42300c CreateFileW
0x423010 GetDiskFreeSpaceExA
0x423014 QueryPerformanceCounter
0x423018 QueryPerformanceFrequency
0x42301c HeapAlloc
0x423020 HeapFree
0x423024 GetCurrentProcess
0x423028 GetSystemTime
0x42302c GetLocalTime
0x423030 VirtualProtect
0x423034 GetModuleHandleA
0x423038 GetProcAddress
0x42303c LoadLibraryA
0x423040 lstrcmpA
0x423044 lstrlenA
0x423048 FreeConsole
0x42304c UnhandledExceptionFilter
0x423050 SetUnhandledExceptionFilter
0x423054 TerminateProcess
0x423058 IsProcessorFeaturePresent
0x42305c GetCurrentProcessId
0x423060 GetCurrentThreadId
0x423064 GetSystemTimeAsFileTime
0x423068 InitializeSListHead
0x42306c IsDebuggerPresent
0x423070 GetStartupInfoW
0x423074 GetModuleHandleW
0x423078 SetFilePointerEx
0x42307c GetConsoleMode
0x423080 RaiseException
0x423084 GetLastError
0x423088 SetLastError
0x42308c EncodePointer
0x423090 EnterCriticalSection
0x423094 LeaveCriticalSection
0x423098 DeleteCriticalSection
0x42309c InitializeCriticalSectionAndSpinCount
0x4230a0 TlsAlloc
0x4230a4 TlsGetValue
0x4230a8 TlsSetValue
0x4230ac TlsFree
0x4230b0 DecodePointer
0x4230b4 LoadLibraryExW
0x4230b8 GetStdHandle
0x4230bc WriteFile
0x4230c0 GetModuleFileNameW
0x4230c4 ExitProcess
0x4230c8 GetModuleHandleExW
0x4230cc GetCommandLineA
0x4230d0 GetCommandLineW
0x4230d4 FindClose
0x4230d8 FindFirstFileExW
0x4230dc FindNextFileW
0x4230e0 IsValidCodePage
0x4230e4 GetACP
0x4230e8 GetOEMCP
0x4230ec GetCPInfo
0x4230f0 MultiByteToWideChar
0x4230f4 WideCharToMultiByte
0x4230f8 GetEnvironmentStringsW
0x4230fc FreeEnvironmentStringsW
0x423100 SetEnvironmentVariableW
0x423104 SetStdHandle
0x423108 GetFileType
0x42310c GetStringTypeW
0x423110 CompareStringW
0x423114 LCMapStringW
0x423118 GetProcessHeap
0x42311c HeapSize
0x423120 HeapReAlloc
0x423124 FlushFileBuffers
0x423128 GetConsoleOutputCP
ntdll.dll
0x423148 RtlUnwind
EAT(Export Address Table) is none