ScreenShot
| Created | 2023.12.04 15:39 | Machine | s1_win7_x6401 |
| Filename | VmManagedSetup.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (AIDetectMalware, Coroxy, GenericKD, Artemis, Vwk7, Garvi, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, kcbicj, BackdoorX, Gencirc, eaiaq, SYSTEMBC, YXDJGZ, high, score, Static AI, Malicious PE, ai score=89, GenKD, Detected, ABRisk, WDSU, CobaltStrike, unsafe, Chgt, ZsddHZdT6qP, susgen) | ||
| md5 | 7ee103ee99b95c07cc4a024e4d0fdc03 | ||
| sha256 | cc4960939a41d6a281ddad307b107e16214f4aeda261c9b5037f26e60dc7bba2 | ||
| ssdeep | 384:TWqH7LUQNe0YeoH9R7rkJApmiiT7AemssVnQgJmd:TW6LUQNeresznN8MsCntM | ||
| imphash | 18f62dfc818367ab05a2e7444bf7f15f | ||
| impfuzzy | 24:UvZn1QELsk5WXxye8zM2udUkKPzB19UjXQcd2EY4wxp:81Qi6SDbEQLEY/p | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | SystemBC_IN | SystemBC | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
user32.dll
0x140004130 wsprintfA
ws2_32.dll
0x140004140 closesocket
0x140004148 shutdown
0x140004150 send
0x140004158 WSAIoctl
0x140004160 recv
0x140004168 accept
0x140004170 listen
0x140004178 getaddrinfo
0x140004180 ioctlsocket
0x140004188 connect
0x140004190 setsockopt
0x140004198 ind
0x1400041a0 htons
0x1400041a8 htonl
0x1400041b0 freeaddrinfo
0x1400041b8 inet_ntoa
0x1400041c0 inet_addr
0x1400041c8 socket
0x1400041d0 WSAStartup
0x1400041d8 select
advapi32.dll
0x140004000 RegCloseKey
0x140004008 RegOpenKeyExA
0x140004010 RegSetValueExA
0x140004018 RegCreateKeyExA
0x140004020 GetSidSubAuthority
0x140004028 GetTokenInformation
0x140004030 OpenProcessToken
0x140004038 RegDeleteValueA
kernel32.dll
0x140004048 VirtualFree
0x140004050 GetCurrentProcess
0x140004058 SetEvent
0x140004060 WaitForSingleObject
0x140004068 CloseHandle
0x140004070 LocalAlloc
0x140004078 CreateFileA
0x140004080 GetVolumeInformationA
0x140004088 VirtualAlloc
0x140004090 CreateEventA
0x140004098 LocalFree
0x1400040a0 ExitProcess
0x1400040a8 Sleep
0x1400040b0 FileTimeToSystemTime
0x1400040b8 SetFilePointer
0x1400040c0 WriteFile
0x1400040c8 GetModuleFileNameA
0x1400040d0 CreateThread
0x1400040d8 GetLocalTime
0x1400040e0 GetTempPathA
0x1400040e8 SystemTimeToFileTime
secur32.dll
0x140004118 GetUserNameExA
0x140004120 GetUserNameExW
ole32.dll
0x1400040f8 CoCreateInstance
0x140004100 CoUninitialize
0x140004108 CoInitialize
EAT(Export Address Table) is none
user32.dll
0x140004130 wsprintfA
ws2_32.dll
0x140004140 closesocket
0x140004148 shutdown
0x140004150 send
0x140004158 WSAIoctl
0x140004160 recv
0x140004168 accept
0x140004170 listen
0x140004178 getaddrinfo
0x140004180 ioctlsocket
0x140004188 connect
0x140004190 setsockopt
0x140004198 ind
0x1400041a0 htons
0x1400041a8 htonl
0x1400041b0 freeaddrinfo
0x1400041b8 inet_ntoa
0x1400041c0 inet_addr
0x1400041c8 socket
0x1400041d0 WSAStartup
0x1400041d8 select
advapi32.dll
0x140004000 RegCloseKey
0x140004008 RegOpenKeyExA
0x140004010 RegSetValueExA
0x140004018 RegCreateKeyExA
0x140004020 GetSidSubAuthority
0x140004028 GetTokenInformation
0x140004030 OpenProcessToken
0x140004038 RegDeleteValueA
kernel32.dll
0x140004048 VirtualFree
0x140004050 GetCurrentProcess
0x140004058 SetEvent
0x140004060 WaitForSingleObject
0x140004068 CloseHandle
0x140004070 LocalAlloc
0x140004078 CreateFileA
0x140004080 GetVolumeInformationA
0x140004088 VirtualAlloc
0x140004090 CreateEventA
0x140004098 LocalFree
0x1400040a0 ExitProcess
0x1400040a8 Sleep
0x1400040b0 FileTimeToSystemTime
0x1400040b8 SetFilePointer
0x1400040c0 WriteFile
0x1400040c8 GetModuleFileNameA
0x1400040d0 CreateThread
0x1400040d8 GetLocalTime
0x1400040e0 GetTempPathA
0x1400040e8 SystemTimeToFileTime
secur32.dll
0x140004118 GetUserNameExA
0x140004120 GetUserNameExW
ole32.dll
0x1400040f8 CoCreateInstance
0x140004100 CoUninitialize
0x140004108 CoInitialize
EAT(Export Address Table) is none