ScreenShot
| Created | 2024.01.06 10:43 | Machine | s1_win7_x6401 |
| Filename | test1.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 25 detected (AIDetectMalware, Ctsinf, Artemis, Save, malicious, Attribute, HighConfidence, high confidence, score, FileRepMalware, Misc, Static AI, Suspicious PE, Goshell, Rozena, Eldorado, Phonzy, Detected, unsafe, Chgt, WinGo, PossibleThreat) | ||
| md5 | 962824cca80e5383661a072b452812ef | ||
| sha256 | 756c48b8e22d22eaf24ad8c69928bcf1cbb08e63ef897eac21366f4f6bd2c403 | ||
| ssdeep | 196608:0hOi698VEyHewhqN0q+LNazg+WqMyhFw6rrCi:6Oiik+uJxaTMyD | ||
| imphash | 4f2f006e2ecf7172ad368f8289dc96c1 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6tP:AwO+VUjXOmokx0oP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0xbfb1c0 WriteFile
0xbfb1c8 WriteConsoleW
0xbfb1d0 WerSetFlags
0xbfb1d8 WerGetFlags
0xbfb1e0 WaitForMultipleObjects
0xbfb1e8 WaitForSingleObject
0xbfb1f0 VirtualQuery
0xbfb1f8 VirtualFree
0xbfb200 VirtualAlloc
0xbfb208 TlsAlloc
0xbfb210 SwitchToThread
0xbfb218 SuspendThread
0xbfb220 SetWaitableTimer
0xbfb228 SetUnhandledExceptionFilter
0xbfb230 SetProcessPriorityBoost
0xbfb238 SetEvent
0xbfb240 SetErrorMode
0xbfb248 SetConsoleCtrlHandler
0xbfb250 ResumeThread
0xbfb258 RaiseFailFastException
0xbfb260 PostQueuedCompletionStatus
0xbfb268 LoadLibraryW
0xbfb270 LoadLibraryExW
0xbfb278 SetThreadContext
0xbfb280 GetThreadContext
0xbfb288 GetSystemInfo
0xbfb290 GetSystemDirectoryA
0xbfb298 GetStdHandle
0xbfb2a0 GetQueuedCompletionStatusEx
0xbfb2a8 GetProcessAffinityMask
0xbfb2b0 GetProcAddress
0xbfb2b8 GetErrorMode
0xbfb2c0 GetEnvironmentStringsW
0xbfb2c8 GetCurrentThreadId
0xbfb2d0 GetConsoleMode
0xbfb2d8 FreeEnvironmentStringsW
0xbfb2e0 ExitProcess
0xbfb2e8 DuplicateHandle
0xbfb2f0 CreateWaitableTimerExW
0xbfb2f8 CreateThread
0xbfb300 CreateIoCompletionPort
0xbfb308 CreateFileA
0xbfb310 CreateEventA
0xbfb318 CloseHandle
0xbfb320 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0xbfb1c0 WriteFile
0xbfb1c8 WriteConsoleW
0xbfb1d0 WerSetFlags
0xbfb1d8 WerGetFlags
0xbfb1e0 WaitForMultipleObjects
0xbfb1e8 WaitForSingleObject
0xbfb1f0 VirtualQuery
0xbfb1f8 VirtualFree
0xbfb200 VirtualAlloc
0xbfb208 TlsAlloc
0xbfb210 SwitchToThread
0xbfb218 SuspendThread
0xbfb220 SetWaitableTimer
0xbfb228 SetUnhandledExceptionFilter
0xbfb230 SetProcessPriorityBoost
0xbfb238 SetEvent
0xbfb240 SetErrorMode
0xbfb248 SetConsoleCtrlHandler
0xbfb250 ResumeThread
0xbfb258 RaiseFailFastException
0xbfb260 PostQueuedCompletionStatus
0xbfb268 LoadLibraryW
0xbfb270 LoadLibraryExW
0xbfb278 SetThreadContext
0xbfb280 GetThreadContext
0xbfb288 GetSystemInfo
0xbfb290 GetSystemDirectoryA
0xbfb298 GetStdHandle
0xbfb2a0 GetQueuedCompletionStatusEx
0xbfb2a8 GetProcessAffinityMask
0xbfb2b0 GetProcAddress
0xbfb2b8 GetErrorMode
0xbfb2c0 GetEnvironmentStringsW
0xbfb2c8 GetCurrentThreadId
0xbfb2d0 GetConsoleMode
0xbfb2d8 FreeEnvironmentStringsW
0xbfb2e0 ExitProcess
0xbfb2e8 DuplicateHandle
0xbfb2f0 CreateWaitableTimerExW
0xbfb2f8 CreateThread
0xbfb300 CreateIoCompletionPort
0xbfb308 CreateFileA
0xbfb310 CreateEventA
0xbfb318 CloseHandle
0xbfb320 AddVectoredExceptionHandler
EAT(Export Address Table) is none