ScreenShot
| Created | 2023.12.14 07:58 | Machine | s1_win7_x6403 |
| Filename | BEST-13-12-2023v1.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 16 detected (AIDetectMalware, Vudm, Attribute, HighConfidence, malicious, high confidence, a variant of WinGo, score, FileRepMalware, Misc, Sabsik, unsafe, Chgt, WinGo) | ||
| md5 | 4bc1bd277770c8da36c5d31968a0e977 | ||
| sha256 | b5ca13b6a480bb276bfe2440ae0a7d896039e5cc272bcd74bf9204d3b4919900 | ||
| ssdeep | 98304:hIAXS/l+HHb7QICgF3EqF6DnCmE3or8r1:8l+HHbhCgF0qFqE7 | ||
| imphash | 5929190c8765f5bc37b052ab5c6c53e7 | ||
| impfuzzy | 48:qJrKxMCy9cmwKeFR+2u42xQ2HpdXiX1PJOmSnlTJGfYJ861k1vcqTjz:qJexMCyamCRHu42xQ2HPXiX1PgblTJGh | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14066547c AddAtomA
0x140665484 AddVectoredExceptionHandler
0x14066548c CloseHandle
0x140665494 CreateEventA
0x14066549c CreateFileA
0x1406654a4 CreateIoCompletionPort
0x1406654ac CreateMutexA
0x1406654b4 CreateSemaphoreA
0x1406654bc CreateThread
0x1406654c4 CreateWaitableTimerExW
0x1406654cc DeleteAtom
0x1406654d4 DeleteCriticalSection
0x1406654dc DuplicateHandle
0x1406654e4 EnterCriticalSection
0x1406654ec ExitProcess
0x1406654f4 FindAtomA
0x1406654fc FormatMessageA
0x140665504 FreeEnvironmentStringsW
0x14066550c GetAtomNameA
0x140665514 GetConsoleMode
0x14066551c GetCurrentProcess
0x140665524 GetCurrentProcessId
0x14066552c GetCurrentThread
0x140665534 GetCurrentThreadId
0x14066553c GetEnvironmentStringsW
0x140665544 GetErrorMode
0x14066554c GetHandleInformation
0x140665554 GetLastError
0x14066555c GetProcAddress
0x140665564 GetProcessAffinityMask
0x14066556c GetQueuedCompletionStatusEx
0x140665574 GetStartupInfoA
0x14066557c GetStdHandle
0x140665584 GetSystemDirectoryA
0x14066558c GetSystemInfo
0x140665594 GetSystemTimeAsFileTime
0x14066559c GetThreadContext
0x1406655a4 GetThreadPriority
0x1406655ac GetTickCount
0x1406655b4 InitializeCriticalSection
0x1406655bc IsDBCSLeadByteEx
0x1406655c4 IsDebuggerPresent
0x1406655cc LeaveCriticalSection
0x1406655d4 LoadLibraryExW
0x1406655dc LoadLibraryW
0x1406655e4 LocalFree
0x1406655ec MultiByteToWideChar
0x1406655f4 OpenProcess
0x1406655fc OutputDebugStringA
0x140665604 PostQueuedCompletionStatus
0x14066560c QueryPerformanceCounter
0x140665614 QueryPerformanceFrequency
0x14066561c RaiseException
0x140665624 RaiseFailFastException
0x14066562c ReleaseMutex
0x140665634 ReleaseSemaphore
0x14066563c RemoveVectoredExceptionHandler
0x140665644 ResetEvent
0x14066564c ResumeThread
0x140665654 SetConsoleCtrlHandler
0x14066565c SetErrorMode
0x140665664 SetEvent
0x14066566c SetLastError
0x140665674 SetProcessAffinityMask
0x14066567c SetProcessPriorityBoost
0x140665684 SetThreadContext
0x14066568c SetThreadPriority
0x140665694 SetUnhandledExceptionFilter
0x14066569c SetWaitableTimer
0x1406656a4 Sleep
0x1406656ac SuspendThread
0x1406656b4 SwitchToThread
0x1406656bc TlsAlloc
0x1406656c4 TlsGetValue
0x1406656cc TlsSetValue
0x1406656d4 TryEnterCriticalSection
0x1406656dc VirtualAlloc
0x1406656e4 VirtualFree
0x1406656ec VirtualProtect
0x1406656f4 VirtualQuery
0x1406656fc WaitForMultipleObjects
0x140665704 WaitForSingleObject
0x14066570c WerGetFlags
0x140665714 WerSetFlags
0x14066571c WideCharToMultiByte
0x140665724 WriteConsoleW
0x14066572c WriteFile
0x140665734 __C_specific_handler
msvcrt.dll
0x140665744 ___lc_codepage_func
0x14066574c ___mb_cur_max_func
0x140665754 __getmainargs
0x14066575c __initenv
0x140665764 __iob_func
0x14066576c __lconv_init
0x140665774 __set_app_type
0x14066577c __setusermatherr
0x140665784 _acmdln
0x14066578c _amsg_exit
0x140665794 _beginthread
0x14066579c _beginthreadex
0x1406657a4 _cexit
0x1406657ac _commode
0x1406657b4 _endthreadex
0x1406657bc _errno
0x1406657c4 _fmode
0x1406657cc _initterm
0x1406657d4 _lock
0x1406657dc _memccpy
0x1406657e4 _onexit
0x1406657ec _setjmp
0x1406657f4 _strdup
0x1406657fc _ultoa
0x140665804 _unlock
0x14066580c abort
0x140665814 calloc
0x14066581c exit
0x140665824 fprintf
0x14066582c fputc
0x140665834 free
0x14066583c fwrite
0x140665844 localeconv
0x14066584c longjmp
0x140665854 malloc
0x14066585c memcpy
0x140665864 memmove
0x14066586c memset
0x140665874 printf
0x14066587c realloc
0x140665884 signal
0x14066588c strerror
0x140665894 strlen
0x14066589c strncmp
0x1406658a4 vfprintf
0x1406658ac wcslen
EAT(Export Address Table) Library
0x1406628d0 _cgo_dummy_export
KERNEL32.dll
0x14066547c AddAtomA
0x140665484 AddVectoredExceptionHandler
0x14066548c CloseHandle
0x140665494 CreateEventA
0x14066549c CreateFileA
0x1406654a4 CreateIoCompletionPort
0x1406654ac CreateMutexA
0x1406654b4 CreateSemaphoreA
0x1406654bc CreateThread
0x1406654c4 CreateWaitableTimerExW
0x1406654cc DeleteAtom
0x1406654d4 DeleteCriticalSection
0x1406654dc DuplicateHandle
0x1406654e4 EnterCriticalSection
0x1406654ec ExitProcess
0x1406654f4 FindAtomA
0x1406654fc FormatMessageA
0x140665504 FreeEnvironmentStringsW
0x14066550c GetAtomNameA
0x140665514 GetConsoleMode
0x14066551c GetCurrentProcess
0x140665524 GetCurrentProcessId
0x14066552c GetCurrentThread
0x140665534 GetCurrentThreadId
0x14066553c GetEnvironmentStringsW
0x140665544 GetErrorMode
0x14066554c GetHandleInformation
0x140665554 GetLastError
0x14066555c GetProcAddress
0x140665564 GetProcessAffinityMask
0x14066556c GetQueuedCompletionStatusEx
0x140665574 GetStartupInfoA
0x14066557c GetStdHandle
0x140665584 GetSystemDirectoryA
0x14066558c GetSystemInfo
0x140665594 GetSystemTimeAsFileTime
0x14066559c GetThreadContext
0x1406655a4 GetThreadPriority
0x1406655ac GetTickCount
0x1406655b4 InitializeCriticalSection
0x1406655bc IsDBCSLeadByteEx
0x1406655c4 IsDebuggerPresent
0x1406655cc LeaveCriticalSection
0x1406655d4 LoadLibraryExW
0x1406655dc LoadLibraryW
0x1406655e4 LocalFree
0x1406655ec MultiByteToWideChar
0x1406655f4 OpenProcess
0x1406655fc OutputDebugStringA
0x140665604 PostQueuedCompletionStatus
0x14066560c QueryPerformanceCounter
0x140665614 QueryPerformanceFrequency
0x14066561c RaiseException
0x140665624 RaiseFailFastException
0x14066562c ReleaseMutex
0x140665634 ReleaseSemaphore
0x14066563c RemoveVectoredExceptionHandler
0x140665644 ResetEvent
0x14066564c ResumeThread
0x140665654 SetConsoleCtrlHandler
0x14066565c SetErrorMode
0x140665664 SetEvent
0x14066566c SetLastError
0x140665674 SetProcessAffinityMask
0x14066567c SetProcessPriorityBoost
0x140665684 SetThreadContext
0x14066568c SetThreadPriority
0x140665694 SetUnhandledExceptionFilter
0x14066569c SetWaitableTimer
0x1406656a4 Sleep
0x1406656ac SuspendThread
0x1406656b4 SwitchToThread
0x1406656bc TlsAlloc
0x1406656c4 TlsGetValue
0x1406656cc TlsSetValue
0x1406656d4 TryEnterCriticalSection
0x1406656dc VirtualAlloc
0x1406656e4 VirtualFree
0x1406656ec VirtualProtect
0x1406656f4 VirtualQuery
0x1406656fc WaitForMultipleObjects
0x140665704 WaitForSingleObject
0x14066570c WerGetFlags
0x140665714 WerSetFlags
0x14066571c WideCharToMultiByte
0x140665724 WriteConsoleW
0x14066572c WriteFile
0x140665734 __C_specific_handler
msvcrt.dll
0x140665744 ___lc_codepage_func
0x14066574c ___mb_cur_max_func
0x140665754 __getmainargs
0x14066575c __initenv
0x140665764 __iob_func
0x14066576c __lconv_init
0x140665774 __set_app_type
0x14066577c __setusermatherr
0x140665784 _acmdln
0x14066578c _amsg_exit
0x140665794 _beginthread
0x14066579c _beginthreadex
0x1406657a4 _cexit
0x1406657ac _commode
0x1406657b4 _endthreadex
0x1406657bc _errno
0x1406657c4 _fmode
0x1406657cc _initterm
0x1406657d4 _lock
0x1406657dc _memccpy
0x1406657e4 _onexit
0x1406657ec _setjmp
0x1406657f4 _strdup
0x1406657fc _ultoa
0x140665804 _unlock
0x14066580c abort
0x140665814 calloc
0x14066581c exit
0x140665824 fprintf
0x14066582c fputc
0x140665834 free
0x14066583c fwrite
0x140665844 localeconv
0x14066584c longjmp
0x140665854 malloc
0x14066585c memcpy
0x140665864 memmove
0x14066586c memset
0x140665874 printf
0x14066587c realloc
0x140665884 signal
0x14066588c strerror
0x140665894 strlen
0x14066589c strncmp
0x1406658a4 vfprintf
0x1406658ac wcslen
EAT(Export Address Table) Library
0x1406628d0 _cgo_dummy_export