ScreenShot
| Created | 2024.01.13 19:03 | Machine | s1_win7_x6401 |
| Filename | abc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (AIDetectMalware, Crypmodng, malicious, high confidence, score, Stop, Lockbit, unsafe, GenericKD, Save, Attribute, HighConfidence, Kryptik, HVXH, DropperX, Smokeloader, Generic@AI, RDML, c6TR6d1C95uYLtVIm6n6Cw, GenSHCode, jjakn, YXEAHZ, Krypt, Detected, StealerC, Sabsik, Chapak, Eldorado, AGEN, R417906, ZexaF, xC0@a0S7jGmG, Azorult, RansomGen, Obfuscated, Static AI, Malicious PE, susgen, GenKryptik, GSKE, confidence, 100%) | ||
| md5 | 7a83a738db05418c0ae6795b317a45f9 | ||
| sha256 | 1520e4cb2748aa5725d8b6c242ff6cf365f6672db35df2745c920ed228666317 | ||
| ssdeep | 6144:xgLn8r0KXqq+l8OUK06rIhRzQE+fTgYn79oUq:xggr0KXqrlhfuZP0n7a | ||
| imphash | 41664c42ec8e82b6bc77023fb19fd70a | ||
| impfuzzy | 24:jaQ4a7PjBTkrkNvglJcD01VL7TQa2gG1tmcHuOZyvDxhI/RT46OaOTqdZl2NZrls:jnx0c81ua2gG1tmMuDDKcszdZcNZBCp7 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x439008 CopyFileExW
0x43900c FreeLibrary
0x439010 CreateJobObjectW
0x439014 HeapFree
0x439018 FreeEnvironmentStringsA
0x43901c GetModuleHandleW
0x439020 TlsSetValue
0x439024 IsProcessInJob
0x439028 WriteConsoleOutputA
0x43902c SetConsoleCP
0x439030 LeaveCriticalSection
0x439034 DnsHostnameToComputerNameW
0x439038 SetMessageWaitingIndicator
0x43903c LocalHandle
0x439040 GetCompressedFileSizeA
0x439044 GetTimeZoneInformation
0x439048 GetConsoleAliasesLengthW
0x43904c SetCurrentDirectoryA
0x439050 GetLastError
0x439054 SetLastError
0x439058 GetProcAddress
0x43905c GetLongPathNameA
0x439060 CreateNamedPipeA
0x439064 OpenWaitableTimerA
0x439068 LoadLibraryA
0x43906c LocalAlloc
0x439070 SetConsoleOutputCP
0x439074 VirtualLock
0x439078 AddAtomA
0x43907c CreateWaitableTimerW
0x439080 LocalFree
0x439084 SetFileAttributesW
0x439088 LCMapStringW
0x43908c CompareStringW
0x439090 TryEnterCriticalSection
0x439094 GetStartupInfoW
0x439098 RaiseException
0x43909c RtlUnwind
0x4390a0 TerminateProcess
0x4390a4 GetCurrentProcess
0x4390a8 UnhandledExceptionFilter
0x4390ac SetUnhandledExceptionFilter
0x4390b0 IsDebuggerPresent
0x4390b4 HeapAlloc
0x4390b8 Sleep
0x4390bc ExitProcess
0x4390c0 WriteFile
0x4390c4 GetStdHandle
0x4390c8 GetModuleFileNameA
0x4390cc GetModuleFileNameW
0x4390d0 FreeEnvironmentStringsW
0x4390d4 GetEnvironmentStringsW
0x4390d8 GetCommandLineW
0x4390dc SetHandleCount
0x4390e0 GetFileType
0x4390e4 GetStartupInfoA
0x4390e8 DeleteCriticalSection
0x4390ec TlsGetValue
0x4390f0 TlsAlloc
0x4390f4 TlsFree
0x4390f8 InterlockedIncrement
0x4390fc GetCurrentThreadId
0x439100 InterlockedDecrement
0x439104 GetCurrentThread
0x439108 HeapCreate
0x43910c HeapDestroy
0x439110 VirtualFree
0x439114 QueryPerformanceCounter
0x439118 GetTickCount
0x43911c GetCurrentProcessId
0x439120 GetSystemTimeAsFileTime
0x439124 FatalAppExitA
0x439128 EnterCriticalSection
0x43912c VirtualAlloc
0x439130 HeapReAlloc
0x439134 HeapSize
0x439138 SetConsoleCtrlHandler
0x43913c InterlockedExchange
0x439140 InitializeCriticalSectionAndSpinCount
0x439144 GetCPInfo
0x439148 GetACP
0x43914c GetOEMCP
0x439150 IsValidCodePage
0x439154 GetLocaleInfoW
0x439158 GetLocaleInfoA
0x43915c WideCharToMultiByte
0x439160 GetTimeFormatA
0x439164 GetDateFormatA
0x439168 GetUserDefaultLCID
0x43916c EnumSystemLocalesA
0x439170 IsValidLocale
0x439174 GetStringTypeA
0x439178 MultiByteToWideChar
0x43917c GetStringTypeW
0x439180 LCMapStringA
0x439184 CompareStringA
0x439188 SetEnvironmentVariableA
ADVAPI32.dll
0x439000 CreateServiceA
EAT(Export Address Table) is none
KERNEL32.dll
0x439008 CopyFileExW
0x43900c FreeLibrary
0x439010 CreateJobObjectW
0x439014 HeapFree
0x439018 FreeEnvironmentStringsA
0x43901c GetModuleHandleW
0x439020 TlsSetValue
0x439024 IsProcessInJob
0x439028 WriteConsoleOutputA
0x43902c SetConsoleCP
0x439030 LeaveCriticalSection
0x439034 DnsHostnameToComputerNameW
0x439038 SetMessageWaitingIndicator
0x43903c LocalHandle
0x439040 GetCompressedFileSizeA
0x439044 GetTimeZoneInformation
0x439048 GetConsoleAliasesLengthW
0x43904c SetCurrentDirectoryA
0x439050 GetLastError
0x439054 SetLastError
0x439058 GetProcAddress
0x43905c GetLongPathNameA
0x439060 CreateNamedPipeA
0x439064 OpenWaitableTimerA
0x439068 LoadLibraryA
0x43906c LocalAlloc
0x439070 SetConsoleOutputCP
0x439074 VirtualLock
0x439078 AddAtomA
0x43907c CreateWaitableTimerW
0x439080 LocalFree
0x439084 SetFileAttributesW
0x439088 LCMapStringW
0x43908c CompareStringW
0x439090 TryEnterCriticalSection
0x439094 GetStartupInfoW
0x439098 RaiseException
0x43909c RtlUnwind
0x4390a0 TerminateProcess
0x4390a4 GetCurrentProcess
0x4390a8 UnhandledExceptionFilter
0x4390ac SetUnhandledExceptionFilter
0x4390b0 IsDebuggerPresent
0x4390b4 HeapAlloc
0x4390b8 Sleep
0x4390bc ExitProcess
0x4390c0 WriteFile
0x4390c4 GetStdHandle
0x4390c8 GetModuleFileNameA
0x4390cc GetModuleFileNameW
0x4390d0 FreeEnvironmentStringsW
0x4390d4 GetEnvironmentStringsW
0x4390d8 GetCommandLineW
0x4390dc SetHandleCount
0x4390e0 GetFileType
0x4390e4 GetStartupInfoA
0x4390e8 DeleteCriticalSection
0x4390ec TlsGetValue
0x4390f0 TlsAlloc
0x4390f4 TlsFree
0x4390f8 InterlockedIncrement
0x4390fc GetCurrentThreadId
0x439100 InterlockedDecrement
0x439104 GetCurrentThread
0x439108 HeapCreate
0x43910c HeapDestroy
0x439110 VirtualFree
0x439114 QueryPerformanceCounter
0x439118 GetTickCount
0x43911c GetCurrentProcessId
0x439120 GetSystemTimeAsFileTime
0x439124 FatalAppExitA
0x439128 EnterCriticalSection
0x43912c VirtualAlloc
0x439130 HeapReAlloc
0x439134 HeapSize
0x439138 SetConsoleCtrlHandler
0x43913c InterlockedExchange
0x439140 InitializeCriticalSectionAndSpinCount
0x439144 GetCPInfo
0x439148 GetACP
0x43914c GetOEMCP
0x439150 IsValidCodePage
0x439154 GetLocaleInfoW
0x439158 GetLocaleInfoA
0x43915c WideCharToMultiByte
0x439160 GetTimeFormatA
0x439164 GetDateFormatA
0x439168 GetUserDefaultLCID
0x43916c EnumSystemLocalesA
0x439170 IsValidLocale
0x439174 GetStringTypeA
0x439178 MultiByteToWideChar
0x43917c GetStringTypeW
0x439180 LCMapStringA
0x439184 CompareStringA
0x439188 SetEnvironmentVariableA
ADVAPI32.dll
0x439000 CreateServiceA
EAT(Export Address Table) is none