ScreenShot
| Created | 2023.11.26 13:58 | Machine | s1_win7_x6403 |
| Filename | updates.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 51 detected (AIDetectMalware, Tasker, tsbe, malicious, high confidence, GenericKD, Netwire, unsafe, Save, Genus, DPKP, Attribute, HighConfidence, a variant of WinGo, score, Wingo, Anhl, AGEN, MulDrop20, Ekocit, GenKD, ABTrojan, XGHI, Malware@#3d9w0t89m7uad, Detected, R525732, Artemis, ai score=82, NetWiredRC, Static AI, Suspicious PE, susgen, confidence, 100%) | ||
| md5 | 2b5eca0c8dcfd123b1790a137feb4146 | ||
| sha256 | 1f64ef3c5f7690033cf54608c3f4ba61a99c1494a2a2d5aa06f8b6634d8e305b | ||
| ssdeep | 49152:Qmd9Cf3Vvwxrb/T2vO90d7HjmAFd4A64nsfJdVfZgXKRQHfDTJz1jStov0hlZ0Az:+3qH8qo8V0A | ||
| imphash | 9cbefe68f395e67356e2a5d8d1b285c0 | ||
| impfuzzy | 24:UbVjhNwO+VuT2oLtXOr6kwmDruMztxdEr6tP:KwO+VAXOmGx0oP | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| watch | Detects the presence of Wine emulator |
| watch | Drops a binary and executes it |
| watch | Installs itself for autorun at Windows startup |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Connects to a Dynamic DNS Domain |
| notice | Creates a shortcut to an executable file |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (14cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | infoStealer_browser_b_Zero | browser info stealer | binaries (download) |
| danger | NetWire_RAT_Zero | NetWire RAT | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | lnk_file_format | Microsoft Windows Shortcut File Format | binaries (download) |
| info | Lnk_Format_Zero | LNK Format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x603120 WriteFile
0x603128 WriteConsoleW
0x603130 WaitForMultipleObjects
0x603138 WaitForSingleObject
0x603140 VirtualQuery
0x603148 VirtualFree
0x603150 VirtualAlloc
0x603158 SwitchToThread
0x603160 SuspendThread
0x603168 SetWaitableTimer
0x603170 SetUnhandledExceptionFilter
0x603178 SetProcessPriorityBoost
0x603180 SetEvent
0x603188 SetErrorMode
0x603190 SetConsoleCtrlHandler
0x603198 ResumeThread
0x6031a0 PostQueuedCompletionStatus
0x6031a8 LoadLibraryA
0x6031b0 LoadLibraryW
0x6031b8 SetThreadContext
0x6031c0 GetThreadContext
0x6031c8 GetSystemInfo
0x6031d0 GetSystemDirectoryA
0x6031d8 GetStdHandle
0x6031e0 GetQueuedCompletionStatusEx
0x6031e8 GetProcessAffinityMask
0x6031f0 GetProcAddress
0x6031f8 GetEnvironmentStringsW
0x603200 GetConsoleMode
0x603208 FreeEnvironmentStringsW
0x603210 ExitProcess
0x603218 DuplicateHandle
0x603220 CreateWaitableTimerExW
0x603228 CreateThread
0x603230 CreateIoCompletionPort
0x603238 CreateFileA
0x603240 CreateEventA
0x603248 CloseHandle
0x603250 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x603120 WriteFile
0x603128 WriteConsoleW
0x603130 WaitForMultipleObjects
0x603138 WaitForSingleObject
0x603140 VirtualQuery
0x603148 VirtualFree
0x603150 VirtualAlloc
0x603158 SwitchToThread
0x603160 SuspendThread
0x603168 SetWaitableTimer
0x603170 SetUnhandledExceptionFilter
0x603178 SetProcessPriorityBoost
0x603180 SetEvent
0x603188 SetErrorMode
0x603190 SetConsoleCtrlHandler
0x603198 ResumeThread
0x6031a0 PostQueuedCompletionStatus
0x6031a8 LoadLibraryA
0x6031b0 LoadLibraryW
0x6031b8 SetThreadContext
0x6031c0 GetThreadContext
0x6031c8 GetSystemInfo
0x6031d0 GetSystemDirectoryA
0x6031d8 GetStdHandle
0x6031e0 GetQueuedCompletionStatusEx
0x6031e8 GetProcessAffinityMask
0x6031f0 GetProcAddress
0x6031f8 GetEnvironmentStringsW
0x603200 GetConsoleMode
0x603208 FreeEnvironmentStringsW
0x603210 ExitProcess
0x603218 DuplicateHandle
0x603220 CreateWaitableTimerExW
0x603228 CreateThread
0x603230 CreateIoCompletionPort
0x603238 CreateFileA
0x603240 CreateEventA
0x603248 CloseHandle
0x603250 AddVectoredExceptionHandler
EAT(Export Address Table) is none