ScreenShot
| Created | 2023.11.22 13:25 | Machine | s1_win7_x6401 |
| Filename | h.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 50 detected (AIDetectMalware, Blocker, MulDrop24, GenericKD, Artemis, Vue4, Attribute, HighConfidence, malicious, high confidence, a variant of WinGo, TrueClient, zklq, kdokjb, RansomX, Gencirc, ysgqj, SMOKELOADER, YXDKNZ, WinGo, Detected, ABRansom, ZJXX, Malgent, 82B2JJ, score, ai score=85, unsafe, RansomGen, confidence, 100%) | ||
| md5 | 2b5bf637eb6e5bedb1af2cda714bec09 | ||
| sha256 | 32f3c9f5bb08c49ff7a693b79b206cc294f38e07da4ebcec1504da7a9531ec2a | ||
| ssdeep | 49152:MUZ56Dep6vYhqrb/TcvO90d7HjmAFd4A64nsfJyMRAPvuxJpmwD1XMlAw7iZuJ8v:0YNMRAgK9I | ||
| imphash | e9f3106d7dee6b6f654c7637ce5bb373 | ||
| impfuzzy | 48:qJrKxMCy9cmVKeFR+2F42xQHpdXiX1PJOmSplTJGfYJ861k1vcqTjXA:qJexMCyamXRHF42xQHPXiX1Pgb7TJGQF | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1402e8488 AddAtomA
0x1402e8490 AddVectoredExceptionHandler
0x1402e8498 CloseHandle
0x1402e84a0 CreateEventA
0x1402e84a8 CreateFileA
0x1402e84b0 CreateIoCompletionPort
0x1402e84b8 CreateMutexA
0x1402e84c0 CreateSemaphoreA
0x1402e84c8 CreateThread
0x1402e84d0 CreateWaitableTimerExW
0x1402e84d8 DeleteAtom
0x1402e84e0 DeleteCriticalSection
0x1402e84e8 DuplicateHandle
0x1402e84f0 EnterCriticalSection
0x1402e84f8 ExitProcess
0x1402e8500 FindAtomA
0x1402e8508 FormatMessageA
0x1402e8510 FreeEnvironmentStringsW
0x1402e8518 GetAtomNameA
0x1402e8520 GetConsoleMode
0x1402e8528 GetCurrentProcess
0x1402e8530 GetCurrentProcessId
0x1402e8538 GetCurrentThread
0x1402e8540 GetCurrentThreadId
0x1402e8548 GetEnvironmentStringsW
0x1402e8550 GetHandleInformation
0x1402e8558 GetLastError
0x1402e8560 GetProcAddress
0x1402e8568 GetProcessAffinityMask
0x1402e8570 GetQueuedCompletionStatusEx
0x1402e8578 GetStartupInfoA
0x1402e8580 GetStdHandle
0x1402e8588 GetSystemDirectoryA
0x1402e8590 GetSystemInfo
0x1402e8598 GetSystemTimeAsFileTime
0x1402e85a0 GetThreadContext
0x1402e85a8 GetThreadPriority
0x1402e85b0 GetTickCount
0x1402e85b8 InitializeCriticalSection
0x1402e85c0 IsDBCSLeadByteEx
0x1402e85c8 IsDebuggerPresent
0x1402e85d0 LeaveCriticalSection
0x1402e85d8 LoadLibraryA
0x1402e85e0 LoadLibraryW
0x1402e85e8 LocalFree
0x1402e85f0 MultiByteToWideChar
0x1402e85f8 OpenProcess
0x1402e8600 OutputDebugStringA
0x1402e8608 PostQueuedCompletionStatus
0x1402e8610 QueryPerformanceCounter
0x1402e8618 QueryPerformanceFrequency
0x1402e8620 RaiseException
0x1402e8628 ReleaseMutex
0x1402e8630 ReleaseSemaphore
0x1402e8638 RemoveVectoredExceptionHandler
0x1402e8640 ResetEvent
0x1402e8648 ResumeThread
0x1402e8650 SetConsoleCtrlHandler
0x1402e8658 SetErrorMode
0x1402e8660 SetEvent
0x1402e8668 SetLastError
0x1402e8670 SetProcessAffinityMask
0x1402e8678 SetProcessPriorityBoost
0x1402e8680 SetThreadContext
0x1402e8688 SetThreadPriority
0x1402e8690 SetUnhandledExceptionFilter
0x1402e8698 SetWaitableTimer
0x1402e86a0 Sleep
0x1402e86a8 SuspendThread
0x1402e86b0 SwitchToThread
0x1402e86b8 TlsAlloc
0x1402e86c0 TlsGetValue
0x1402e86c8 TlsSetValue
0x1402e86d0 TryEnterCriticalSection
0x1402e86d8 VirtualAlloc
0x1402e86e0 VirtualFree
0x1402e86e8 VirtualProtect
0x1402e86f0 VirtualQuery
0x1402e86f8 WaitForMultipleObjects
0x1402e8700 WaitForSingleObject
0x1402e8708 WideCharToMultiByte
0x1402e8710 WriteConsoleW
0x1402e8718 WriteFile
0x1402e8720 __C_specific_handler
msvcrt.dll
0x1402e8730 ___lc_codepage_func
0x1402e8738 ___mb_cur_max_func
0x1402e8740 __getmainargs
0x1402e8748 __initenv
0x1402e8750 __iob_func
0x1402e8758 __lconv_init
0x1402e8760 __set_app_type
0x1402e8768 __setusermatherr
0x1402e8770 _acmdln
0x1402e8778 _amsg_exit
0x1402e8780 _beginthread
0x1402e8788 _beginthreadex
0x1402e8790 _cexit
0x1402e8798 _commode
0x1402e87a0 _endthreadex
0x1402e87a8 _errno
0x1402e87b0 _fmode
0x1402e87b8 _initterm
0x1402e87c0 _lock
0x1402e87c8 _memccpy
0x1402e87d0 _onexit
0x1402e87d8 _setjmp
0x1402e87e0 _strdup
0x1402e87e8 _ultoa
0x1402e87f0 _unlock
0x1402e87f8 abort
0x1402e8800 calloc
0x1402e8808 exit
0x1402e8810 fprintf
0x1402e8818 fputc
0x1402e8820 free
0x1402e8828 fwrite
0x1402e8830 localeconv
0x1402e8838 longjmp
0x1402e8840 malloc
0x1402e8848 memcpy
0x1402e8850 memmove
0x1402e8858 memset
0x1402e8860 printf
0x1402e8868 realloc
0x1402e8870 signal
0x1402e8878 strerror
0x1402e8880 strlen
0x1402e8888 strncmp
0x1402e8890 system
0x1402e8898 vfprintf
0x1402e88a0 wcslen
USER32.dll
0x1402e88b0 MessageBoxA
EAT(Export Address Table) Library
0x1402e5540 _cgo_dummy_export
KERNEL32.dll
0x1402e8488 AddAtomA
0x1402e8490 AddVectoredExceptionHandler
0x1402e8498 CloseHandle
0x1402e84a0 CreateEventA
0x1402e84a8 CreateFileA
0x1402e84b0 CreateIoCompletionPort
0x1402e84b8 CreateMutexA
0x1402e84c0 CreateSemaphoreA
0x1402e84c8 CreateThread
0x1402e84d0 CreateWaitableTimerExW
0x1402e84d8 DeleteAtom
0x1402e84e0 DeleteCriticalSection
0x1402e84e8 DuplicateHandle
0x1402e84f0 EnterCriticalSection
0x1402e84f8 ExitProcess
0x1402e8500 FindAtomA
0x1402e8508 FormatMessageA
0x1402e8510 FreeEnvironmentStringsW
0x1402e8518 GetAtomNameA
0x1402e8520 GetConsoleMode
0x1402e8528 GetCurrentProcess
0x1402e8530 GetCurrentProcessId
0x1402e8538 GetCurrentThread
0x1402e8540 GetCurrentThreadId
0x1402e8548 GetEnvironmentStringsW
0x1402e8550 GetHandleInformation
0x1402e8558 GetLastError
0x1402e8560 GetProcAddress
0x1402e8568 GetProcessAffinityMask
0x1402e8570 GetQueuedCompletionStatusEx
0x1402e8578 GetStartupInfoA
0x1402e8580 GetStdHandle
0x1402e8588 GetSystemDirectoryA
0x1402e8590 GetSystemInfo
0x1402e8598 GetSystemTimeAsFileTime
0x1402e85a0 GetThreadContext
0x1402e85a8 GetThreadPriority
0x1402e85b0 GetTickCount
0x1402e85b8 InitializeCriticalSection
0x1402e85c0 IsDBCSLeadByteEx
0x1402e85c8 IsDebuggerPresent
0x1402e85d0 LeaveCriticalSection
0x1402e85d8 LoadLibraryA
0x1402e85e0 LoadLibraryW
0x1402e85e8 LocalFree
0x1402e85f0 MultiByteToWideChar
0x1402e85f8 OpenProcess
0x1402e8600 OutputDebugStringA
0x1402e8608 PostQueuedCompletionStatus
0x1402e8610 QueryPerformanceCounter
0x1402e8618 QueryPerformanceFrequency
0x1402e8620 RaiseException
0x1402e8628 ReleaseMutex
0x1402e8630 ReleaseSemaphore
0x1402e8638 RemoveVectoredExceptionHandler
0x1402e8640 ResetEvent
0x1402e8648 ResumeThread
0x1402e8650 SetConsoleCtrlHandler
0x1402e8658 SetErrorMode
0x1402e8660 SetEvent
0x1402e8668 SetLastError
0x1402e8670 SetProcessAffinityMask
0x1402e8678 SetProcessPriorityBoost
0x1402e8680 SetThreadContext
0x1402e8688 SetThreadPriority
0x1402e8690 SetUnhandledExceptionFilter
0x1402e8698 SetWaitableTimer
0x1402e86a0 Sleep
0x1402e86a8 SuspendThread
0x1402e86b0 SwitchToThread
0x1402e86b8 TlsAlloc
0x1402e86c0 TlsGetValue
0x1402e86c8 TlsSetValue
0x1402e86d0 TryEnterCriticalSection
0x1402e86d8 VirtualAlloc
0x1402e86e0 VirtualFree
0x1402e86e8 VirtualProtect
0x1402e86f0 VirtualQuery
0x1402e86f8 WaitForMultipleObjects
0x1402e8700 WaitForSingleObject
0x1402e8708 WideCharToMultiByte
0x1402e8710 WriteConsoleW
0x1402e8718 WriteFile
0x1402e8720 __C_specific_handler
msvcrt.dll
0x1402e8730 ___lc_codepage_func
0x1402e8738 ___mb_cur_max_func
0x1402e8740 __getmainargs
0x1402e8748 __initenv
0x1402e8750 __iob_func
0x1402e8758 __lconv_init
0x1402e8760 __set_app_type
0x1402e8768 __setusermatherr
0x1402e8770 _acmdln
0x1402e8778 _amsg_exit
0x1402e8780 _beginthread
0x1402e8788 _beginthreadex
0x1402e8790 _cexit
0x1402e8798 _commode
0x1402e87a0 _endthreadex
0x1402e87a8 _errno
0x1402e87b0 _fmode
0x1402e87b8 _initterm
0x1402e87c0 _lock
0x1402e87c8 _memccpy
0x1402e87d0 _onexit
0x1402e87d8 _setjmp
0x1402e87e0 _strdup
0x1402e87e8 _ultoa
0x1402e87f0 _unlock
0x1402e87f8 abort
0x1402e8800 calloc
0x1402e8808 exit
0x1402e8810 fprintf
0x1402e8818 fputc
0x1402e8820 free
0x1402e8828 fwrite
0x1402e8830 localeconv
0x1402e8838 longjmp
0x1402e8840 malloc
0x1402e8848 memcpy
0x1402e8850 memmove
0x1402e8858 memset
0x1402e8860 printf
0x1402e8868 realloc
0x1402e8870 signal
0x1402e8878 strerror
0x1402e8880 strlen
0x1402e8888 strncmp
0x1402e8890 system
0x1402e8898 vfprintf
0x1402e88a0 wcslen
USER32.dll
0x1402e88b0 MessageBoxA
EAT(Export Address Table) Library
0x1402e5540 _cgo_dummy_export