ScreenShot
| Created | 2024.01.11 07:37 | Machine | s1_win7_x6401 |
| Filename | build.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 40 detected (AIDetectMalware, Nuitka, Tedy, Artemis, AGen, Attribute, HighConfidence, malicious, high confidence, a variant of Python, U suspicious, Gencirc, Python, Detected, ABRisk, GBSM, GrayWare, Wacapew, Znyonm, Sabsik, score, R626445, unsafe, R002H07AA24, CLOUD, Static AI, Malicious PE, confidence) | ||
| md5 | 1d5084678b97f142dc7c3ea12304cbb6 | ||
| sha256 | 60f351b0db70f792c111229211107802f70ca8e9ce8d6cf8c8d4cb397981d965 | ||
| ssdeep | 196608:9sqcMiSLkjE70vlAVkQY+MLJulgX4weHwDauwcbHZOZhD:KBMiSLkg7mGVkN+MLAgoweHEaK1W | ||
| imphash | a7b0793ae6dd3f16ef244d19e4de0c24 | ||
| impfuzzy | 48:p8XOst9nR35M+k3PlslEJGp6qJ8k3k1vkqqssXh:eXdth95Mr3PlYEJGph6k3mkqqs2 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| watch | Drops a binary and executes it |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
Rules (16cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | ftp_command | ftp command | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | wget_command | wget command | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140033358 CloseHandle
0x140033360 CopyFileW
0x140033368 CreateDirectoryW
0x140033370 CreateFileMappingW
0x140033378 CreateFileW
0x140033380 CreateProcessW
0x140033388 DeleteCriticalSection
0x140033390 DeleteFileW
0x140033398 EnterCriticalSection
0x1400333a0 FindResourceA
0x1400333a8 FormatMessageA
0x1400333b0 FreeLibrary
0x1400333b8 GenerateConsoleCtrlEvent
0x1400333c0 GetCommandLineW
0x1400333c8 GetCurrentProcessId
0x1400333d0 GetExitCodeProcess
0x1400333d8 GetFileAttributesW
0x1400333e0 GetFileSize
0x1400333e8 GetLastError
0x1400333f0 GetModuleFileNameW
0x1400333f8 GetModuleHandleA
0x140033400 GetProcAddress
0x140033408 GetProcessId
0x140033410 GetStartupInfoW
0x140033418 GetSystemTimeAsFileTime
0x140033420 GetTempPathW
0x140033428 InitializeCriticalSection
0x140033430 IsDBCSLeadByteEx
0x140033438 LeaveCriticalSection
0x140033440 LoadLibraryA
0x140033448 LoadResource
0x140033450 LockResource
0x140033458 MapViewOfFile
0x140033460 MultiByteToWideChar
0x140033468 ReadFile
0x140033470 SetConsoleCtrlHandler
0x140033478 SetEnvironmentVariableA
0x140033480 SetUnhandledExceptionFilter
0x140033488 SizeofResource
0x140033490 Sleep
0x140033498 TerminateProcess
0x1400334a0 TlsGetValue
0x1400334a8 UnmapViewOfFile
0x1400334b0 VirtualProtect
0x1400334b8 VirtualQuery
0x1400334c0 WaitForSingleObject
0x1400334c8 WideCharToMultiByte
0x1400334d0 WriteFile
msvcrt.dll
0x1400334e0 __C_specific_handler
0x1400334e8 ___lc_codepage_func
0x1400334f0 ___mb_cur_max_func
0x1400334f8 __iob_func
0x140033500 __set_app_type
0x140033508 __setusermatherr
0x140033510 __wargv
0x140033518 __wgetmainargs
0x140033520 __winitenv
0x140033528 _amsg_exit
0x140033530 _cexit
0x140033538 _commode
0x140033540 _errno
0x140033548 _fmode
0x140033550 _initterm
0x140033558 _lock
0x140033560 _onexit
0x140033568 _unlock
0x140033570 _wcmdln
0x140033578 _wcsdup
0x140033580 _wcsicmp
0x140033588 _wrename
0x140033590 abort
0x140033598 calloc
0x1400335a0 exit
0x1400335a8 fprintf
0x1400335b0 fputc
0x1400335b8 free
0x1400335c0 fwrite
0x1400335c8 localeconv
0x1400335d0 malloc
0x1400335d8 mbstowcs
0x1400335e0 memcpy
0x1400335e8 memmove
0x1400335f0 memset
0x1400335f8 puts
0x140033600 signal
0x140033608 strerror
0x140033610 strlen
0x140033618 strncmp
0x140033620 vfprintf
0x140033628 wcscmp
0x140033630 wcslen
0x140033638 wcsncmp
SHELL32.dll
0x140033648 SHFileOperationW
0x140033650 SHGetFolderPathW
EAT(Export Address Table) is none
KERNEL32.dll
0x140033358 CloseHandle
0x140033360 CopyFileW
0x140033368 CreateDirectoryW
0x140033370 CreateFileMappingW
0x140033378 CreateFileW
0x140033380 CreateProcessW
0x140033388 DeleteCriticalSection
0x140033390 DeleteFileW
0x140033398 EnterCriticalSection
0x1400333a0 FindResourceA
0x1400333a8 FormatMessageA
0x1400333b0 FreeLibrary
0x1400333b8 GenerateConsoleCtrlEvent
0x1400333c0 GetCommandLineW
0x1400333c8 GetCurrentProcessId
0x1400333d0 GetExitCodeProcess
0x1400333d8 GetFileAttributesW
0x1400333e0 GetFileSize
0x1400333e8 GetLastError
0x1400333f0 GetModuleFileNameW
0x1400333f8 GetModuleHandleA
0x140033400 GetProcAddress
0x140033408 GetProcessId
0x140033410 GetStartupInfoW
0x140033418 GetSystemTimeAsFileTime
0x140033420 GetTempPathW
0x140033428 InitializeCriticalSection
0x140033430 IsDBCSLeadByteEx
0x140033438 LeaveCriticalSection
0x140033440 LoadLibraryA
0x140033448 LoadResource
0x140033450 LockResource
0x140033458 MapViewOfFile
0x140033460 MultiByteToWideChar
0x140033468 ReadFile
0x140033470 SetConsoleCtrlHandler
0x140033478 SetEnvironmentVariableA
0x140033480 SetUnhandledExceptionFilter
0x140033488 SizeofResource
0x140033490 Sleep
0x140033498 TerminateProcess
0x1400334a0 TlsGetValue
0x1400334a8 UnmapViewOfFile
0x1400334b0 VirtualProtect
0x1400334b8 VirtualQuery
0x1400334c0 WaitForSingleObject
0x1400334c8 WideCharToMultiByte
0x1400334d0 WriteFile
msvcrt.dll
0x1400334e0 __C_specific_handler
0x1400334e8 ___lc_codepage_func
0x1400334f0 ___mb_cur_max_func
0x1400334f8 __iob_func
0x140033500 __set_app_type
0x140033508 __setusermatherr
0x140033510 __wargv
0x140033518 __wgetmainargs
0x140033520 __winitenv
0x140033528 _amsg_exit
0x140033530 _cexit
0x140033538 _commode
0x140033540 _errno
0x140033548 _fmode
0x140033550 _initterm
0x140033558 _lock
0x140033560 _onexit
0x140033568 _unlock
0x140033570 _wcmdln
0x140033578 _wcsdup
0x140033580 _wcsicmp
0x140033588 _wrename
0x140033590 abort
0x140033598 calloc
0x1400335a0 exit
0x1400335a8 fprintf
0x1400335b0 fputc
0x1400335b8 free
0x1400335c0 fwrite
0x1400335c8 localeconv
0x1400335d0 malloc
0x1400335d8 mbstowcs
0x1400335e0 memcpy
0x1400335e8 memmove
0x1400335f0 memset
0x1400335f8 puts
0x140033600 signal
0x140033608 strerror
0x140033610 strlen
0x140033618 strncmp
0x140033620 vfprintf
0x140033628 wcscmp
0x140033630 wcslen
0x140033638 wcsncmp
SHELL32.dll
0x140033648 SHFileOperationW
0x140033650 SHGetFolderPathW
EAT(Export Address Table) is none