ScreenShot
| Created | 2023.12.11 19:27 | Machine | s1_win7_x6403 |
| Filename | soft.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (AIDetectMalware, malicious, high confidence, GenericKD, Smokeloader, unsafe, V8zt, Genus, Attribute, HighConfidence, score, Gencirc, AGEN, YXDLEZ, Sabsik, HeurC, KVMH008, Malware@#2isdp7z4b08tg, Znyonm, Detected, Injection, BScope, TrojanPSW, Stealerc, ai score=80, Chgt, Generic@AI, RDML, YA1YdaT1fYGsI8spsma3jg, Static AI, Malicious PE, susgen, Behavior, ZexaF, lMW@aqjdC9k, confidence, 100%) | ||
| md5 | 1836716b2f372522b52f865d74f59dc7 | ||
| sha256 | 8bc73b56e4f82591734a80dfae67191e5fb269ccbe313635be904d9d9f85009f | ||
| ssdeep | 24576:aCKJMjFsCBqTsGlZdYRcUfuTZIeTcfa7luMuUmK0+ds:HKUFsCBqTdZdIaT0Uf | ||
| imphash | e7d79f06bfc04ada764066273cf9101b | ||
| impfuzzy | 24:z9JcpVxgcmr0KAW1Jt3bSYEoeD/zhyJBlaT7TvorTQuFZ6GMAEWpOovbOPZHu9m:z9JcpVVmrcW1Jt3bSG8zA8/zduFZol3H | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Detects Avast Antivirus through the presence of a library |
| watch | Manipulates memory of a non-child process indicative of process injection |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x6e2000 Sleep
0x6e2004 SetStdHandle
0x6e2008 FormatMessageA
0x6e200c WideCharToMultiByte
0x6e2010 EnterCriticalSection
0x6e2014 LeaveCriticalSection
0x6e2018 InitializeCriticalSectionEx
0x6e201c DeleteCriticalSection
0x6e2020 LocalFree
0x6e2024 GetLocaleInfoEx
0x6e2028 EncodePointer
0x6e202c DecodePointer
0x6e2030 MultiByteToWideChar
0x6e2034 LCMapStringEx
0x6e2038 GetStringTypeW
0x6e203c CompareStringEx
0x6e2040 GetCPInfo
0x6e2044 ReleaseSRWLockExclusive
0x6e2048 AcquireSRWLockExclusive
0x6e204c WakeAllConditionVariable
0x6e2050 SleepConditionVariableSRW
0x6e2054 GetCurrentThreadId
0x6e2058 UnhandledExceptionFilter
0x6e205c SetUnhandledExceptionFilter
0x6e2060 GetCurrentProcess
0x6e2064 TerminateProcess
0x6e2068 IsProcessorFeaturePresent
0x6e206c IsDebuggerPresent
0x6e2070 RaiseException
0x6e2074 QueryPerformanceCounter
0x6e2078 GetCurrentProcessId
0x6e207c GetSystemTimeAsFileTime
0x6e2080 InitializeSListHead
0x6e2084 GetStartupInfoW
0x6e2088 GetModuleHandleW
0x6e208c GetLastError
0x6e2090 HeapAlloc
0x6e2094 HeapFree
0x6e2098 GetProcessHeap
0x6e209c VirtualQuery
0x6e20a0 FreeLibrary
0x6e20a4 GetProcAddress
0x6e20a8 RtlUnwind
0x6e20ac InterlockedPushEntrySList
0x6e20b0 InterlockedFlushSList
0x6e20b4 GetModuleFileNameW
0x6e20b8 LoadLibraryExW
0x6e20bc SetLastError
0x6e20c0 InitializeCriticalSectionAndSpinCount
0x6e20c4 TlsAlloc
0x6e20c8 TlsGetValue
0x6e20cc TlsSetValue
0x6e20d0 TlsFree
0x6e20d4 HeapValidate
0x6e20d8 GetSystemInfo
0x6e20dc GetModuleHandleExW
0x6e20e0 GetStdHandle
0x6e20e4 WriteFile
0x6e20e8 ExitProcess
0x6e20ec GetCurrentThread
0x6e20f0 GetFileType
0x6e20f4 HeapReAlloc
0x6e20f8 HeapSize
0x6e20fc HeapQueryInformation
0x6e2100 OutputDebugStringW
0x6e2104 WriteConsoleW
0x6e2108 SetConsoleCtrlHandler
0x6e210c GetTempPathW
0x6e2110 GetDateFormatW
0x6e2114 GetTimeFormatW
0x6e2118 CompareStringW
0x6e211c LCMapStringW
0x6e2120 GetLocaleInfoW
0x6e2124 IsValidLocale
0x6e2128 GetUserDefaultLCID
0x6e212c EnumSystemLocalesW
0x6e2130 CloseHandle
0x6e2134 FlushFileBuffers
0x6e2138 GetConsoleOutputCP
0x6e213c GetConsoleMode
0x6e2140 ReadFile
0x6e2144 GetFileSizeEx
0x6e2148 SetFilePointerEx
0x6e214c ReadConsoleW
0x6e2150 GetTimeZoneInformation
0x6e2154 FindClose
0x6e2158 FindFirstFileExW
0x6e215c FindNextFileW
0x6e2160 IsValidCodePage
0x6e2164 GetACP
0x6e2168 GetOEMCP
0x6e216c GetCommandLineA
0x6e2170 GetCommandLineW
0x6e2174 GetEnvironmentStringsW
0x6e2178 FreeEnvironmentStringsW
0x6e217c SetEnvironmentVariableW
0x6e2180 CreateFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x6e2000 Sleep
0x6e2004 SetStdHandle
0x6e2008 FormatMessageA
0x6e200c WideCharToMultiByte
0x6e2010 EnterCriticalSection
0x6e2014 LeaveCriticalSection
0x6e2018 InitializeCriticalSectionEx
0x6e201c DeleteCriticalSection
0x6e2020 LocalFree
0x6e2024 GetLocaleInfoEx
0x6e2028 EncodePointer
0x6e202c DecodePointer
0x6e2030 MultiByteToWideChar
0x6e2034 LCMapStringEx
0x6e2038 GetStringTypeW
0x6e203c CompareStringEx
0x6e2040 GetCPInfo
0x6e2044 ReleaseSRWLockExclusive
0x6e2048 AcquireSRWLockExclusive
0x6e204c WakeAllConditionVariable
0x6e2050 SleepConditionVariableSRW
0x6e2054 GetCurrentThreadId
0x6e2058 UnhandledExceptionFilter
0x6e205c SetUnhandledExceptionFilter
0x6e2060 GetCurrentProcess
0x6e2064 TerminateProcess
0x6e2068 IsProcessorFeaturePresent
0x6e206c IsDebuggerPresent
0x6e2070 RaiseException
0x6e2074 QueryPerformanceCounter
0x6e2078 GetCurrentProcessId
0x6e207c GetSystemTimeAsFileTime
0x6e2080 InitializeSListHead
0x6e2084 GetStartupInfoW
0x6e2088 GetModuleHandleW
0x6e208c GetLastError
0x6e2090 HeapAlloc
0x6e2094 HeapFree
0x6e2098 GetProcessHeap
0x6e209c VirtualQuery
0x6e20a0 FreeLibrary
0x6e20a4 GetProcAddress
0x6e20a8 RtlUnwind
0x6e20ac InterlockedPushEntrySList
0x6e20b0 InterlockedFlushSList
0x6e20b4 GetModuleFileNameW
0x6e20b8 LoadLibraryExW
0x6e20bc SetLastError
0x6e20c0 InitializeCriticalSectionAndSpinCount
0x6e20c4 TlsAlloc
0x6e20c8 TlsGetValue
0x6e20cc TlsSetValue
0x6e20d0 TlsFree
0x6e20d4 HeapValidate
0x6e20d8 GetSystemInfo
0x6e20dc GetModuleHandleExW
0x6e20e0 GetStdHandle
0x6e20e4 WriteFile
0x6e20e8 ExitProcess
0x6e20ec GetCurrentThread
0x6e20f0 GetFileType
0x6e20f4 HeapReAlloc
0x6e20f8 HeapSize
0x6e20fc HeapQueryInformation
0x6e2100 OutputDebugStringW
0x6e2104 WriteConsoleW
0x6e2108 SetConsoleCtrlHandler
0x6e210c GetTempPathW
0x6e2110 GetDateFormatW
0x6e2114 GetTimeFormatW
0x6e2118 CompareStringW
0x6e211c LCMapStringW
0x6e2120 GetLocaleInfoW
0x6e2124 IsValidLocale
0x6e2128 GetUserDefaultLCID
0x6e212c EnumSystemLocalesW
0x6e2130 CloseHandle
0x6e2134 FlushFileBuffers
0x6e2138 GetConsoleOutputCP
0x6e213c GetConsoleMode
0x6e2140 ReadFile
0x6e2144 GetFileSizeEx
0x6e2148 SetFilePointerEx
0x6e214c ReadConsoleW
0x6e2150 GetTimeZoneInformation
0x6e2154 FindClose
0x6e2158 FindFirstFileExW
0x6e215c FindNextFileW
0x6e2160 IsValidCodePage
0x6e2164 GetACP
0x6e2168 GetOEMCP
0x6e216c GetCommandLineA
0x6e2170 GetCommandLineW
0x6e2174 GetEnvironmentStringsW
0x6e2178 FreeEnvironmentStringsW
0x6e217c SetEnvironmentVariableW
0x6e2180 CreateFileW
EAT(Export Address Table) is none