ScreenShot
| Created | 2024.01.04 10:50 | Machine | s1_win7_x6401 |
| Filename | loader.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetectMalware, Agentb, trtl, Malicious, score, Artemis, unsafe, Themida, swycg, Attribute, HighConfidence, Q suspicious, TrojanX, Detected, Wacatac, N0DZOZ, Eldorado, Chgt, Static AI, Suspicious PE, susgen, confidence, 100%) | ||
| md5 | 099181592db185c539594ecf3053f52d | ||
| sha256 | 51745628d4c34c4b7fc4da7451ef6ca27fdeb2183423be4cc44dc67400184196 | ||
| ssdeep | 393216:FPl7+tvhQO0gdCuE111+FZoQQ1CdjgP1RvtaWjBMrgROI0O9rgtBzb6:GtvhQ4d2+FZoeZ61R1fjWgROIZ9rgtBC | ||
| imphash | 243fc301a399348ee0d577e40291124d | ||
| impfuzzy | 12:EJtnzz8im3EQvv0SzN1LWJjyDOI5wT2Q4W2U5K8YpfSKyaKiT+j7:CnzzYEQvMCLWJjySIOT5ZOfS5ziT+j7 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | themida_packer | themida packer | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1401485c0 GetModuleHandleA
USER32.dll
0x1401485d0 TrackMouseEvent
ADVAPI32.dll
0x1401485e0 OpenProcessToken
ole32.dll
0x1401485f0 CoUninitialize
OLEAUT32.dll
0x140148600 VariantClear
WS2_32.dll
0x140148610 WSACleanup
MSVCP140.dll
0x140148620 ??1_Lockit@std@@QEAA@XZ
d3dx11_43.dll
0x140148630 D3DX11CreateShaderResourceViewFromMemory
ntdll.dll
0x140148640 RtlAnsiStringToUnicodeString
d3d11.dll
0x140148650 D3D11CreateDeviceAndSwapChain
IMM32.dll
0x140148660 ImmSetCandidateWindow
D3DCOMPILER_43.dll
0x140148670 D3DCompile
dwmapi.dll
0x140148680 DwmExtendFrameIntoClientArea
VCRUNTIME140_1.dll
0x140148690 __CxxFrameHandler4
VCRUNTIME140.dll
0x1401486a0 __std_exception_copy
api-ms-win-crt-stdio-l1-1-0.dll
0x1401486b0 fgetc
api-ms-win-crt-heap-l1-1-0.dll
0x1401486c0 _callnewh
api-ms-win-crt-time-l1-1-0.dll
0x1401486d0 strftime
api-ms-win-crt-filesystem-l1-1-0.dll
0x1401486e0 _unlock_file
api-ms-win-crt-string-l1-1-0.dll
0x1401486f0 strncmp
api-ms-win-crt-convert-l1-1-0.dll
0x140148700 strtol
api-ms-win-crt-runtime-l1-1-0.dll
0x140148710 _exit
api-ms-win-crt-utility-l1-1-0.dll
0x140148720 qsort
api-ms-win-crt-math-l1-1-0.dll
0x140148730 acosf
api-ms-win-crt-locale-l1-1-0.dll
0x140148740 ___lc_codepage_func
EAT(Export Address Table) is none
kernel32.dll
0x1401485c0 GetModuleHandleA
USER32.dll
0x1401485d0 TrackMouseEvent
ADVAPI32.dll
0x1401485e0 OpenProcessToken
ole32.dll
0x1401485f0 CoUninitialize
OLEAUT32.dll
0x140148600 VariantClear
WS2_32.dll
0x140148610 WSACleanup
MSVCP140.dll
0x140148620 ??1_Lockit@std@@QEAA@XZ
d3dx11_43.dll
0x140148630 D3DX11CreateShaderResourceViewFromMemory
ntdll.dll
0x140148640 RtlAnsiStringToUnicodeString
d3d11.dll
0x140148650 D3D11CreateDeviceAndSwapChain
IMM32.dll
0x140148660 ImmSetCandidateWindow
D3DCOMPILER_43.dll
0x140148670 D3DCompile
dwmapi.dll
0x140148680 DwmExtendFrameIntoClientArea
VCRUNTIME140_1.dll
0x140148690 __CxxFrameHandler4
VCRUNTIME140.dll
0x1401486a0 __std_exception_copy
api-ms-win-crt-stdio-l1-1-0.dll
0x1401486b0 fgetc
api-ms-win-crt-heap-l1-1-0.dll
0x1401486c0 _callnewh
api-ms-win-crt-time-l1-1-0.dll
0x1401486d0 strftime
api-ms-win-crt-filesystem-l1-1-0.dll
0x1401486e0 _unlock_file
api-ms-win-crt-string-l1-1-0.dll
0x1401486f0 strncmp
api-ms-win-crt-convert-l1-1-0.dll
0x140148700 strtol
api-ms-win-crt-runtime-l1-1-0.dll
0x140148710 _exit
api-ms-win-crt-utility-l1-1-0.dll
0x140148720 qsort
api-ms-win-crt-math-l1-1-0.dll
0x140148730 acosf
api-ms-win-crt-locale-l1-1-0.dll
0x140148740 ___lc_codepage_func
EAT(Export Address Table) is none