ScreenShot
| Created | 2024.01.14 13:38 | Machine | s1_win7_x6403_us |
| Filename | twointe.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (AIDetectMalware, malicious, high confidence, Stop, FakeAVSecurityTool, unsafe, Save, Hacktool, Attribute, HighConfidence, Artemis, FileRepMalware, Cryp, score, Generic@AI, RDML, QoTF742lQnjYXIIJkrDOmg, Krypt, Obfuscated, ctez, Detected, Krypter, ZexaF, ru0@aK@UOqpi, Static AI, Malicious PE, Ransomeware, GandCrypt, confidence, 100%) | ||
| md5 | ce4df085dbbf900194f5d8bf6900ac52 | ||
| sha256 | 6d85262730489297ec3d3051accf2dc5ad651df709dd0e2e154845544e601b0a | ||
| ssdeep | 6144:LnBYfAQ8K3xoL4oKQzW5QsHUhqjgw+6AyAu2r23U2eILY:LnBYfEK3sPKQ4QmNGyAu1p | ||
| imphash | 691a82025742b16964fc0a05536242f1 | ||
| impfuzzy | 48:9MlXEpDmTNVG1tQKl95SRvLKdZRZBxC0+4QYV:aR2kDG1tQKj5SRvLGZ7a4nV | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x437010 InterlockedDecrement
0x437014 GetTimeFormatA
0x437018 FreeEnvironmentStringsA
0x43701c GetModuleHandleW
0x437020 GetTickCount
0x437024 VirtualFree
0x437028 LoadLibraryW
0x43702c GetAtomNameW
0x437030 GetMailslotInfo
0x437034 LCMapStringA
0x437038 GetConsoleOutputCP
0x43703c GetConsoleAliasesW
0x437040 GetLastError
0x437044 GetProcAddress
0x437048 GetLongPathNameA
0x43704c GetTapeStatus
0x437050 GetConsoleAliasExesLengthA
0x437054 HeapSize
0x437058 LoadLibraryA
0x43705c LocalAlloc
0x437060 SetCalendarInfoW
0x437064 WritePrivateProfileStringA
0x437068 GetModuleFileNameA
0x43706c lstrcatW
0x437070 FreeEnvironmentStringsW
0x437074 CompareStringA
0x437078 LocalFree
0x43707c CompareStringW
0x437080 GetTimeZoneInformation
0x437084 GetLocaleInfoW
0x437088 LCMapStringW
0x43708c GetStringTypeW
0x437090 TlsGetValue
0x437094 GetLocaleInfoA
0x437098 GetProcessHeaps
0x43709c TryEnterCriticalSection
0x4370a0 MultiByteToWideChar
0x4370a4 GetStringTypeA
0x4370a8 GetCommandLineA
0x4370ac GetStartupInfoA
0x4370b0 RaiseException
0x4370b4 RtlUnwind
0x4370b8 TerminateProcess
0x4370bc GetCurrentProcess
0x4370c0 UnhandledExceptionFilter
0x4370c4 SetUnhandledExceptionFilter
0x4370c8 IsDebuggerPresent
0x4370cc HeapAlloc
0x4370d0 HeapFree
0x4370d4 TlsAlloc
0x4370d8 TlsSetValue
0x4370dc TlsFree
0x4370e0 InterlockedIncrement
0x4370e4 SetLastError
0x4370e8 GetCurrentThreadId
0x4370ec GetCurrentThread
0x4370f0 Sleep
0x4370f4 ExitProcess
0x4370f8 WriteFile
0x4370fc GetStdHandle
0x437100 GetEnvironmentStrings
0x437104 WideCharToMultiByte
0x437108 GetEnvironmentStringsW
0x43710c SetHandleCount
0x437110 GetFileType
0x437114 DeleteCriticalSection
0x437118 HeapCreate
0x43711c HeapDestroy
0x437120 QueryPerformanceCounter
0x437124 GetCurrentProcessId
0x437128 GetSystemTimeAsFileTime
0x43712c LeaveCriticalSection
0x437130 FatalAppExitA
0x437134 EnterCriticalSection
0x437138 VirtualAlloc
0x43713c HeapReAlloc
0x437140 GetCPInfo
0x437144 GetACP
0x437148 GetOEMCP
0x43714c IsValidCodePage
0x437150 SetConsoleCtrlHandler
0x437154 FreeLibrary
0x437158 InterlockedExchange
0x43715c InitializeCriticalSectionAndSpinCount
0x437160 GetDateFormatA
0x437164 GetUserDefaultLCID
0x437168 EnumSystemLocalesA
0x43716c IsValidLocale
0x437170 SetEnvironmentVariableA
USER32.dll
0x437178 GetMonitorInfoA
0x43717c GetForegroundWindow
0x437180 GetKeyboardType
0x437184 LookupIconIdFromDirectory
GDI32.dll
0x437008 GetBoundsRect
ADVAPI32.dll
0x437000 ObjectPrivilegeAuditAlarmA
ole32.dll
0x43718c CreateDataCache
EAT(Export Address Table) is none
KERNEL32.dll
0x437010 InterlockedDecrement
0x437014 GetTimeFormatA
0x437018 FreeEnvironmentStringsA
0x43701c GetModuleHandleW
0x437020 GetTickCount
0x437024 VirtualFree
0x437028 LoadLibraryW
0x43702c GetAtomNameW
0x437030 GetMailslotInfo
0x437034 LCMapStringA
0x437038 GetConsoleOutputCP
0x43703c GetConsoleAliasesW
0x437040 GetLastError
0x437044 GetProcAddress
0x437048 GetLongPathNameA
0x43704c GetTapeStatus
0x437050 GetConsoleAliasExesLengthA
0x437054 HeapSize
0x437058 LoadLibraryA
0x43705c LocalAlloc
0x437060 SetCalendarInfoW
0x437064 WritePrivateProfileStringA
0x437068 GetModuleFileNameA
0x43706c lstrcatW
0x437070 FreeEnvironmentStringsW
0x437074 CompareStringA
0x437078 LocalFree
0x43707c CompareStringW
0x437080 GetTimeZoneInformation
0x437084 GetLocaleInfoW
0x437088 LCMapStringW
0x43708c GetStringTypeW
0x437090 TlsGetValue
0x437094 GetLocaleInfoA
0x437098 GetProcessHeaps
0x43709c TryEnterCriticalSection
0x4370a0 MultiByteToWideChar
0x4370a4 GetStringTypeA
0x4370a8 GetCommandLineA
0x4370ac GetStartupInfoA
0x4370b0 RaiseException
0x4370b4 RtlUnwind
0x4370b8 TerminateProcess
0x4370bc GetCurrentProcess
0x4370c0 UnhandledExceptionFilter
0x4370c4 SetUnhandledExceptionFilter
0x4370c8 IsDebuggerPresent
0x4370cc HeapAlloc
0x4370d0 HeapFree
0x4370d4 TlsAlloc
0x4370d8 TlsSetValue
0x4370dc TlsFree
0x4370e0 InterlockedIncrement
0x4370e4 SetLastError
0x4370e8 GetCurrentThreadId
0x4370ec GetCurrentThread
0x4370f0 Sleep
0x4370f4 ExitProcess
0x4370f8 WriteFile
0x4370fc GetStdHandle
0x437100 GetEnvironmentStrings
0x437104 WideCharToMultiByte
0x437108 GetEnvironmentStringsW
0x43710c SetHandleCount
0x437110 GetFileType
0x437114 DeleteCriticalSection
0x437118 HeapCreate
0x43711c HeapDestroy
0x437120 QueryPerformanceCounter
0x437124 GetCurrentProcessId
0x437128 GetSystemTimeAsFileTime
0x43712c LeaveCriticalSection
0x437130 FatalAppExitA
0x437134 EnterCriticalSection
0x437138 VirtualAlloc
0x43713c HeapReAlloc
0x437140 GetCPInfo
0x437144 GetACP
0x437148 GetOEMCP
0x43714c IsValidCodePage
0x437150 SetConsoleCtrlHandler
0x437154 FreeLibrary
0x437158 InterlockedExchange
0x43715c InitializeCriticalSectionAndSpinCount
0x437160 GetDateFormatA
0x437164 GetUserDefaultLCID
0x437168 EnumSystemLocalesA
0x43716c IsValidLocale
0x437170 SetEnvironmentVariableA
USER32.dll
0x437178 GetMonitorInfoA
0x43717c GetForegroundWindow
0x437180 GetKeyboardType
0x437184 LookupIconIdFromDirectory
GDI32.dll
0x437008 GetBoundsRect
ADVAPI32.dll
0x437000 ObjectPrivilegeAuditAlarmA
ole32.dll
0x43718c CreateDataCache
EAT(Export Address Table) is none