ScreenShot
| Created | 2024.01.14 13:42 | Machine | s1_win7_x6401 |
| Filename | 7juwy31nzd44.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 19 detected (AIDetectMalware, Attribute, HighConfidence, Malicious, wacapew, RATX, CLOUD, SMOKELOADER, YXEAMZ, Casdet, PossibleThreat, confidence) | ||
| md5 | a1be5a9cc2660e483c811d758fa8ed51 | ||
| sha256 | a9b29d40d6f4afd429412a831266e8290567e2347889c0c061ccd4866c55bfb9 | ||
| ssdeep | 6144:xRwFYknviMev8XMwlugUu1CRt66onaN0K+PRqig5TJwT0gEmZSoM:jwFYS3+8X4u1CRt6KN0VJqfTy0gAoM | ||
| imphash | 852cb63e185fed3cd5137a7895a34d3f | ||
| impfuzzy | 24:0jMl5DXHuOGOovqXcpVWQf02twS1kBg3JBl39roVgv5GM4aZ7OGe9wDuKmJEQn:NBvcpV1LtwS1kBgPpZZ3Z7OH9BKlQ | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14003c018 CreateProcessW
0x14003c020 CreateDirectoryW
0x14003c028 WaitForSingleObject
0x14003c030 GetFileAttributesW
0x14003c038 CreateEventW
0x14003c040 MultiByteToWideChar
0x14003c048 Sleep
0x14003c050 GetLastError
0x14003c058 SetFileAttributesA
0x14003c060 VerSetConditionMask
0x14003c068 VerifyVersionInfoW
0x14003c070 SetEndOfFile
0x14003c078 WriteConsoleW
0x14003c080 HeapSize
0x14003c088 CloseHandle
0x14003c090 GetProcessHeap
0x14003c098 SetStdHandle
0x14003c0a0 GetModuleFileNameW
0x14003c0a8 IsDebuggerPresent
0x14003c0b0 GetModuleHandleW
0x14003c0b8 GetProcAddress
0x14003c0c0 TerminateProcess
0x14003c0c8 FreeEnvironmentStringsW
0x14003c0d0 GetEnvironmentStringsW
0x14003c0d8 GetCommandLineW
0x14003c0e0 GetCommandLineA
0x14003c0e8 GetOEMCP
0x14003c0f0 GetACP
0x14003c0f8 IsValidCodePage
0x14003c100 FindNextFileW
0x14003c108 FindFirstFileExW
0x14003c110 FindClose
0x14003c118 HeapReAlloc
0x14003c120 CreateFileW
0x14003c128 GetCurrentProcess
0x14003c130 GetStringTypeW
0x14003c138 WideCharToMultiByte
0x14003c140 EnterCriticalSection
0x14003c148 LeaveCriticalSection
0x14003c150 InitializeCriticalSectionEx
0x14003c158 DeleteCriticalSection
0x14003c160 EncodePointer
0x14003c168 DecodePointer
0x14003c170 LocalFree
0x14003c178 LCMapStringEx
0x14003c180 GetCPInfo
0x14003c188 RtlCaptureContext
0x14003c190 RtlLookupFunctionEntry
0x14003c198 RtlVirtualUnwind
0x14003c1a0 UnhandledExceptionFilter
0x14003c1a8 SetUnhandledExceptionFilter
0x14003c1b0 IsProcessorFeaturePresent
0x14003c1b8 QueryPerformanceCounter
0x14003c1c0 GetCurrentProcessId
0x14003c1c8 GetCurrentThreadId
0x14003c1d0 GetSystemTimeAsFileTime
0x14003c1d8 InitializeSListHead
0x14003c1e0 GetStartupInfoW
0x14003c1e8 RtlUnwindEx
0x14003c1f0 RtlPcToFileHeader
0x14003c1f8 RaiseException
0x14003c200 SetLastError
0x14003c208 InitializeCriticalSectionAndSpinCount
0x14003c210 TlsAlloc
0x14003c218 TlsGetValue
0x14003c220 TlsSetValue
0x14003c228 TlsFree
0x14003c230 FreeLibrary
0x14003c238 LoadLibraryExW
0x14003c240 ExitProcess
0x14003c248 GetModuleHandleExW
0x14003c250 GetStdHandle
0x14003c258 WriteFile
0x14003c260 HeapAlloc
0x14003c268 HeapFree
0x14003c270 GetFileType
0x14003c278 GetFileSizeEx
0x14003c280 SetFilePointerEx
0x14003c288 FlushFileBuffers
0x14003c290 GetConsoleOutputCP
0x14003c298 GetConsoleMode
0x14003c2a0 FlsAlloc
0x14003c2a8 FlsGetValue
0x14003c2b0 FlsSetValue
0x14003c2b8 FlsFree
0x14003c2c0 LCMapStringW
0x14003c2c8 GetLocaleInfoW
0x14003c2d0 IsValidLocale
0x14003c2d8 GetUserDefaultLCID
0x14003c2e0 EnumSystemLocalesW
0x14003c2e8 DeleteFileW
0x14003c2f0 ReadFile
0x14003c2f8 ReadConsoleW
0x14003c300 RtlUnwind
USER32.dll
0x14003c330 MessageBoxA
ADVAPI32.dll
0x14003c000 RegSetValueExW
0x14003c008 RegOpenKeyExW
SHELL32.dll
0x14003c320 ShellExecuteExW
OLEAUT32.dll
0x14003c310 VariantClear
EAT(Export Address Table) is none
KERNEL32.dll
0x14003c018 CreateProcessW
0x14003c020 CreateDirectoryW
0x14003c028 WaitForSingleObject
0x14003c030 GetFileAttributesW
0x14003c038 CreateEventW
0x14003c040 MultiByteToWideChar
0x14003c048 Sleep
0x14003c050 GetLastError
0x14003c058 SetFileAttributesA
0x14003c060 VerSetConditionMask
0x14003c068 VerifyVersionInfoW
0x14003c070 SetEndOfFile
0x14003c078 WriteConsoleW
0x14003c080 HeapSize
0x14003c088 CloseHandle
0x14003c090 GetProcessHeap
0x14003c098 SetStdHandle
0x14003c0a0 GetModuleFileNameW
0x14003c0a8 IsDebuggerPresent
0x14003c0b0 GetModuleHandleW
0x14003c0b8 GetProcAddress
0x14003c0c0 TerminateProcess
0x14003c0c8 FreeEnvironmentStringsW
0x14003c0d0 GetEnvironmentStringsW
0x14003c0d8 GetCommandLineW
0x14003c0e0 GetCommandLineA
0x14003c0e8 GetOEMCP
0x14003c0f0 GetACP
0x14003c0f8 IsValidCodePage
0x14003c100 FindNextFileW
0x14003c108 FindFirstFileExW
0x14003c110 FindClose
0x14003c118 HeapReAlloc
0x14003c120 CreateFileW
0x14003c128 GetCurrentProcess
0x14003c130 GetStringTypeW
0x14003c138 WideCharToMultiByte
0x14003c140 EnterCriticalSection
0x14003c148 LeaveCriticalSection
0x14003c150 InitializeCriticalSectionEx
0x14003c158 DeleteCriticalSection
0x14003c160 EncodePointer
0x14003c168 DecodePointer
0x14003c170 LocalFree
0x14003c178 LCMapStringEx
0x14003c180 GetCPInfo
0x14003c188 RtlCaptureContext
0x14003c190 RtlLookupFunctionEntry
0x14003c198 RtlVirtualUnwind
0x14003c1a0 UnhandledExceptionFilter
0x14003c1a8 SetUnhandledExceptionFilter
0x14003c1b0 IsProcessorFeaturePresent
0x14003c1b8 QueryPerformanceCounter
0x14003c1c0 GetCurrentProcessId
0x14003c1c8 GetCurrentThreadId
0x14003c1d0 GetSystemTimeAsFileTime
0x14003c1d8 InitializeSListHead
0x14003c1e0 GetStartupInfoW
0x14003c1e8 RtlUnwindEx
0x14003c1f0 RtlPcToFileHeader
0x14003c1f8 RaiseException
0x14003c200 SetLastError
0x14003c208 InitializeCriticalSectionAndSpinCount
0x14003c210 TlsAlloc
0x14003c218 TlsGetValue
0x14003c220 TlsSetValue
0x14003c228 TlsFree
0x14003c230 FreeLibrary
0x14003c238 LoadLibraryExW
0x14003c240 ExitProcess
0x14003c248 GetModuleHandleExW
0x14003c250 GetStdHandle
0x14003c258 WriteFile
0x14003c260 HeapAlloc
0x14003c268 HeapFree
0x14003c270 GetFileType
0x14003c278 GetFileSizeEx
0x14003c280 SetFilePointerEx
0x14003c288 FlushFileBuffers
0x14003c290 GetConsoleOutputCP
0x14003c298 GetConsoleMode
0x14003c2a0 FlsAlloc
0x14003c2a8 FlsGetValue
0x14003c2b0 FlsSetValue
0x14003c2b8 FlsFree
0x14003c2c0 LCMapStringW
0x14003c2c8 GetLocaleInfoW
0x14003c2d0 IsValidLocale
0x14003c2d8 GetUserDefaultLCID
0x14003c2e0 EnumSystemLocalesW
0x14003c2e8 DeleteFileW
0x14003c2f0 ReadFile
0x14003c2f8 ReadConsoleW
0x14003c300 RtlUnwind
USER32.dll
0x14003c330 MessageBoxA
ADVAPI32.dll
0x14003c000 RegSetValueExW
0x14003c008 RegOpenKeyExW
SHELL32.dll
0x14003c320 ShellExecuteExW
OLEAUT32.dll
0x14003c310 VariantClear
EAT(Export Address Table) is none