ScreenShot
| Created | 2023.12.22 08:20 | Machine | s1_win7_x6401 |
| Filename | Minodeka.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 56 detected (AIDetectMalware, malicious, high confidence, score, Stop, Lockbit, unsafe, Midie, Save, GenusT, DUGY, Attribute, HighConfidence, Kryptik, HVSH, Artemis, DropperX, SmokeLoader, CLASSIC, mvhpo, R002C0DLL23, high, Krypt, Azorult, ai score=85, JJE9HK, Eldorado, RunPE, R628530, ZexaF, zq0@aW2CZppG, BScope, Convagent, Chgt, Obfuscated, Static AI, Malicious PE, susgen, HVSL, confidence, 100%) | ||
| md5 | eb591336a1a8c61faf248e784166a19a | ||
| sha256 | 7f81b931493420f34c52b63c21f8ed5faa53a08670de7517ecc16470bffac190 | ||
| ssdeep | 6144:tDVLs/fpj2yuH05kgX9G5jI8SAcPrHVAnXQ/tLAl5AxNZPCj:tDVY3pj2yC05HzdrHegF1Na | ||
| imphash | 6aff1f4d738e9d17912a05ebd3caee8a | ||
| impfuzzy | 24:KZd/tCHkrkR9fPClb1EdTlJ6FvlgdTcADa4btOSGB5mVcfLpluHuOZyvnRT4BHQo:c5REdG5stOSGTIcfF0uRcBwZa | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44c010 FindFirstChangeNotificationW
0x44c014 EnumCalendarInfoA
0x44c018 LoadResource
0x44c01c GlobalAddAtomA
0x44c020 EndUpdateResourceW
0x44c024 InterlockedIncrement
0x44c028 GetCurrentProcess
0x44c02c SetComputerNameW
0x44c030 GetComputerNameW
0x44c034 BackupSeek
0x44c038 GetProcessHeap
0x44c03c GetConsoleAliasesLengthA
0x44c040 LoadLibraryW
0x44c044 SetCommConfig
0x44c048 TerminateThread
0x44c04c GetVersionExW
0x44c050 Beep
0x44c054 EnumResourceLanguagesA
0x44c058 GetOverlappedResult
0x44c05c InterlockedExchange
0x44c060 GetLastError
0x44c064 SetLastError
0x44c068 GetNativeSystemInfo
0x44c06c VirtualAlloc
0x44c070 OpenMutexA
0x44c074 CreateFileMappingA
0x44c078 LocalAlloc
0x44c07c BeginUpdateResourceA
0x44c080 OpenJobObjectW
0x44c084 FindAtomA
0x44c088 DeviceIoControl
0x44c08c GlobalFindAtomW
0x44c090 FindFirstVolumeMountPointA
0x44c094 GetModuleHandleA
0x44c098 VirtualProtect
0x44c09c SetCalendarInfoA
0x44c0a0 OpenSemaphoreW
0x44c0a4 GetWindowsDirectoryW
0x44c0a8 TlsFree
0x44c0ac LCMapStringW
0x44c0b0 lstrcpyA
0x44c0b4 GetFullPathNameA
0x44c0b8 CreateFileA
0x44c0bc GetProcAddress
0x44c0c0 GetComputerNameA
0x44c0c4 UnhandledExceptionFilter
0x44c0c8 SetUnhandledExceptionFilter
0x44c0cc GetModuleHandleW
0x44c0d0 Sleep
0x44c0d4 ExitProcess
0x44c0d8 GetStartupInfoW
0x44c0dc RaiseException
0x44c0e0 RtlUnwind
0x44c0e4 WriteFile
0x44c0e8 GetStdHandle
0x44c0ec GetModuleFileNameA
0x44c0f0 GetCPInfo
0x44c0f4 InterlockedDecrement
0x44c0f8 GetACP
0x44c0fc GetOEMCP
0x44c100 IsValidCodePage
0x44c104 TlsGetValue
0x44c108 TlsAlloc
0x44c10c TlsSetValue
0x44c110 GetCurrentThreadId
0x44c114 TerminateProcess
0x44c118 IsDebuggerPresent
0x44c11c HeapAlloc
0x44c120 HeapFree
0x44c124 HeapSize
0x44c128 DeleteCriticalSection
0x44c12c LeaveCriticalSection
0x44c130 EnterCriticalSection
0x44c134 LoadLibraryA
0x44c138 InitializeCriticalSectionAndSpinCount
0x44c13c GetModuleFileNameW
0x44c140 FreeEnvironmentStringsW
0x44c144 GetEnvironmentStringsW
0x44c148 GetCommandLineW
0x44c14c SetHandleCount
0x44c150 GetFileType
0x44c154 GetStartupInfoA
0x44c158 HeapCreate
0x44c15c VirtualFree
0x44c160 QueryPerformanceCounter
0x44c164 GetTickCount
0x44c168 GetCurrentProcessId
0x44c16c GetSystemTimeAsFileTime
0x44c170 LCMapStringA
0x44c174 WideCharToMultiByte
0x44c178 MultiByteToWideChar
0x44c17c GetStringTypeA
0x44c180 GetStringTypeW
0x44c184 GetLocaleInfoA
0x44c188 HeapReAlloc
USER32.dll
0x44c190 EnableWindow
GDI32.dll
0x44c008 GetDeviceGammaRamp
ADVAPI32.dll
0x44c000 BackupEventLogW
WINHTTP.dll
0x44c198 WinHttpCheckPlatform
EAT(Export Address Table) is none
KERNEL32.dll
0x44c010 FindFirstChangeNotificationW
0x44c014 EnumCalendarInfoA
0x44c018 LoadResource
0x44c01c GlobalAddAtomA
0x44c020 EndUpdateResourceW
0x44c024 InterlockedIncrement
0x44c028 GetCurrentProcess
0x44c02c SetComputerNameW
0x44c030 GetComputerNameW
0x44c034 BackupSeek
0x44c038 GetProcessHeap
0x44c03c GetConsoleAliasesLengthA
0x44c040 LoadLibraryW
0x44c044 SetCommConfig
0x44c048 TerminateThread
0x44c04c GetVersionExW
0x44c050 Beep
0x44c054 EnumResourceLanguagesA
0x44c058 GetOverlappedResult
0x44c05c InterlockedExchange
0x44c060 GetLastError
0x44c064 SetLastError
0x44c068 GetNativeSystemInfo
0x44c06c VirtualAlloc
0x44c070 OpenMutexA
0x44c074 CreateFileMappingA
0x44c078 LocalAlloc
0x44c07c BeginUpdateResourceA
0x44c080 OpenJobObjectW
0x44c084 FindAtomA
0x44c088 DeviceIoControl
0x44c08c GlobalFindAtomW
0x44c090 FindFirstVolumeMountPointA
0x44c094 GetModuleHandleA
0x44c098 VirtualProtect
0x44c09c SetCalendarInfoA
0x44c0a0 OpenSemaphoreW
0x44c0a4 GetWindowsDirectoryW
0x44c0a8 TlsFree
0x44c0ac LCMapStringW
0x44c0b0 lstrcpyA
0x44c0b4 GetFullPathNameA
0x44c0b8 CreateFileA
0x44c0bc GetProcAddress
0x44c0c0 GetComputerNameA
0x44c0c4 UnhandledExceptionFilter
0x44c0c8 SetUnhandledExceptionFilter
0x44c0cc GetModuleHandleW
0x44c0d0 Sleep
0x44c0d4 ExitProcess
0x44c0d8 GetStartupInfoW
0x44c0dc RaiseException
0x44c0e0 RtlUnwind
0x44c0e4 WriteFile
0x44c0e8 GetStdHandle
0x44c0ec GetModuleFileNameA
0x44c0f0 GetCPInfo
0x44c0f4 InterlockedDecrement
0x44c0f8 GetACP
0x44c0fc GetOEMCP
0x44c100 IsValidCodePage
0x44c104 TlsGetValue
0x44c108 TlsAlloc
0x44c10c TlsSetValue
0x44c110 GetCurrentThreadId
0x44c114 TerminateProcess
0x44c118 IsDebuggerPresent
0x44c11c HeapAlloc
0x44c120 HeapFree
0x44c124 HeapSize
0x44c128 DeleteCriticalSection
0x44c12c LeaveCriticalSection
0x44c130 EnterCriticalSection
0x44c134 LoadLibraryA
0x44c138 InitializeCriticalSectionAndSpinCount
0x44c13c GetModuleFileNameW
0x44c140 FreeEnvironmentStringsW
0x44c144 GetEnvironmentStringsW
0x44c148 GetCommandLineW
0x44c14c SetHandleCount
0x44c150 GetFileType
0x44c154 GetStartupInfoA
0x44c158 HeapCreate
0x44c15c VirtualFree
0x44c160 QueryPerformanceCounter
0x44c164 GetTickCount
0x44c168 GetCurrentProcessId
0x44c16c GetSystemTimeAsFileTime
0x44c170 LCMapStringA
0x44c174 WideCharToMultiByte
0x44c178 MultiByteToWideChar
0x44c17c GetStringTypeA
0x44c180 GetStringTypeW
0x44c184 GetLocaleInfoA
0x44c188 HeapReAlloc
USER32.dll
0x44c190 EnableWindow
GDI32.dll
0x44c008 GetDeviceGammaRamp
ADVAPI32.dll
0x44c000 BackupEventLogW
WINHTTP.dll
0x44c198 WinHttpCheckPlatform
EAT(Export Address Table) is none