ScreenShot
| Created | 2023.12.22 08:11 | Machine | s1_win7_x6403 |
| Filename | ww.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 32 detected (AIDetectMalware, malicious, high confidence, score, Stop, Lockbit, unsafe, Save, Attribute, HighConfidence, Artemis, high, Krypt, Detected, Wacatac, Kryptik, Eldorado, ZexaF, Eq0@aWeE, BScope, Convagent, SmokeLoader, CLASSIC, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | ca582fafbbb257ccf1bf91dac47fcf4f | ||
| sha256 | b0c34116121eb910abfa1b9a462b70bab59faa0800c779496fbb528f0b183b7c | ||
| ssdeep | 12288:pBuHCw8yfWsk3UrPP5ZSY7GQqc38JOaFir:+CsuzU35yW3paFir | ||
| imphash | 7ac24a9e85698f19a8d2637811e8f9f4 | ||
| impfuzzy | 24:r10LPU+4CXdTlJcDc4j+lvTpQxvaAH2+fcjtoGbaNHuOZyv4uRT4mlNkF:1CXddu8+fcjtoGOPu46cmrkF | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x462008 EnumCalendarInfoA
0x46200c GlobalAddAtomA
0x462010 InterlockedIncrement
0x462014 OpenJobObjectA
0x462018 GetCurrentProcess
0x46201c GetModuleHandleW
0x462020 GetCommConfig
0x462024 GetProcessHeap
0x462028 GetWindowsDirectoryA
0x46202c SizeofResource
0x462030 EnumResourceLanguagesA
0x462034 CreateFileW
0x462038 GetOverlappedResult
0x46203c ExitThread
0x462040 GetVolumePathNameA
0x462044 FlushFileBuffers
0x462048 InterlockedExchange
0x46204c GetLastError
0x462050 SetLastError
0x462054 GetProcAddress
0x462058 VirtualAlloc
0x46205c GetComputerNameA
0x462060 LoadLibraryA
0x462064 OpenMutexA
0x462068 LocalAlloc
0x46206c CreateHardLinkW
0x462070 FindFirstVolumeMountPointW
0x462074 BeginUpdateResourceA
0x462078 GlobalFindAtomW
0x46207c VirtualProtect
0x462080 _lopen
0x462084 GetVersionExA
0x462088 FindAtomW
0x46208c GetFileInformationByHandle
0x462090 OpenFileMappingA
0x462094 TlsFree
0x462098 LCMapStringW
0x46209c lstrcpyA
0x4620a0 BackupWrite
0x4620a4 GetFullPathNameW
0x4620a8 InterlockedDecrement
0x4620ac Sleep
0x4620b0 InitializeCriticalSection
0x4620b4 DeleteCriticalSection
0x4620b8 EnterCriticalSection
0x4620bc LeaveCriticalSection
0x4620c0 UnhandledExceptionFilter
0x4620c4 SetUnhandledExceptionFilter
0x4620c8 GetStartupInfoW
0x4620cc RaiseException
0x4620d0 RtlUnwind
0x4620d4 HeapFree
0x4620d8 ExitProcess
0x4620dc WriteFile
0x4620e0 GetStdHandle
0x4620e4 GetModuleFileNameA
0x4620e8 TerminateProcess
0x4620ec IsDebuggerPresent
0x4620f0 HeapAlloc
0x4620f4 GetModuleFileNameW
0x4620f8 FreeEnvironmentStringsW
0x4620fc GetEnvironmentStringsW
0x462100 GetCommandLineW
0x462104 SetHandleCount
0x462108 GetFileType
0x46210c GetStartupInfoA
0x462110 TlsGetValue
0x462114 TlsAlloc
0x462118 TlsSetValue
0x46211c GetCurrentThreadId
0x462120 HeapCreate
0x462124 VirtualFree
0x462128 QueryPerformanceCounter
0x46212c GetTickCount
0x462130 GetCurrentProcessId
0x462134 GetSystemTimeAsFileTime
0x462138 HeapSize
0x46213c HeapReAlloc
0x462140 GetCPInfo
0x462144 GetACP
0x462148 GetOEMCP
0x46214c IsValidCodePage
0x462150 GetLocaleInfoA
0x462154 GetStringTypeA
0x462158 MultiByteToWideChar
0x46215c GetStringTypeW
0x462160 InitializeCriticalSectionAndSpinCount
0x462164 GetModuleHandleA
0x462168 LCMapStringA
0x46216c WideCharToMultiByte
USER32.dll
0x462174 SetClipboardViewer
GDI32.dll
0x462000 GetDeviceGammaRamp
EAT(Export Address Table) is none
KERNEL32.dll
0x462008 EnumCalendarInfoA
0x46200c GlobalAddAtomA
0x462010 InterlockedIncrement
0x462014 OpenJobObjectA
0x462018 GetCurrentProcess
0x46201c GetModuleHandleW
0x462020 GetCommConfig
0x462024 GetProcessHeap
0x462028 GetWindowsDirectoryA
0x46202c SizeofResource
0x462030 EnumResourceLanguagesA
0x462034 CreateFileW
0x462038 GetOverlappedResult
0x46203c ExitThread
0x462040 GetVolumePathNameA
0x462044 FlushFileBuffers
0x462048 InterlockedExchange
0x46204c GetLastError
0x462050 SetLastError
0x462054 GetProcAddress
0x462058 VirtualAlloc
0x46205c GetComputerNameA
0x462060 LoadLibraryA
0x462064 OpenMutexA
0x462068 LocalAlloc
0x46206c CreateHardLinkW
0x462070 FindFirstVolumeMountPointW
0x462074 BeginUpdateResourceA
0x462078 GlobalFindAtomW
0x46207c VirtualProtect
0x462080 _lopen
0x462084 GetVersionExA
0x462088 FindAtomW
0x46208c GetFileInformationByHandle
0x462090 OpenFileMappingA
0x462094 TlsFree
0x462098 LCMapStringW
0x46209c lstrcpyA
0x4620a0 BackupWrite
0x4620a4 GetFullPathNameW
0x4620a8 InterlockedDecrement
0x4620ac Sleep
0x4620b0 InitializeCriticalSection
0x4620b4 DeleteCriticalSection
0x4620b8 EnterCriticalSection
0x4620bc LeaveCriticalSection
0x4620c0 UnhandledExceptionFilter
0x4620c4 SetUnhandledExceptionFilter
0x4620c8 GetStartupInfoW
0x4620cc RaiseException
0x4620d0 RtlUnwind
0x4620d4 HeapFree
0x4620d8 ExitProcess
0x4620dc WriteFile
0x4620e0 GetStdHandle
0x4620e4 GetModuleFileNameA
0x4620e8 TerminateProcess
0x4620ec IsDebuggerPresent
0x4620f0 HeapAlloc
0x4620f4 GetModuleFileNameW
0x4620f8 FreeEnvironmentStringsW
0x4620fc GetEnvironmentStringsW
0x462100 GetCommandLineW
0x462104 SetHandleCount
0x462108 GetFileType
0x46210c GetStartupInfoA
0x462110 TlsGetValue
0x462114 TlsAlloc
0x462118 TlsSetValue
0x46211c GetCurrentThreadId
0x462120 HeapCreate
0x462124 VirtualFree
0x462128 QueryPerformanceCounter
0x46212c GetTickCount
0x462130 GetCurrentProcessId
0x462134 GetSystemTimeAsFileTime
0x462138 HeapSize
0x46213c HeapReAlloc
0x462140 GetCPInfo
0x462144 GetACP
0x462148 GetOEMCP
0x46214c IsValidCodePage
0x462150 GetLocaleInfoA
0x462154 GetStringTypeA
0x462158 MultiByteToWideChar
0x46215c GetStringTypeW
0x462160 InitializeCriticalSectionAndSpinCount
0x462164 GetModuleHandleA
0x462168 LCMapStringA
0x46216c WideCharToMultiByte
USER32.dll
0x462174 SetClipboardViewer
GDI32.dll
0x462000 GetDeviceGammaRamp
EAT(Export Address Table) is none