ScreenShot
| Created | 2024.01.20 18:06 | Machine | s1_win7_x6403 |
| Filename | bin.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (AIDetectMalware, SmokeLoader, malicious, high confidence, score, Lockbit, GenericKD, unsafe, Save, Attribute, HighConfidence, Kryptik, HWAN, Artemis, BotX, CLASSIC, vzlkp, MulDrop9, Krypt, IcedID, GenKD, Detected, Sabsik, FormBook, QQI1Q1, Eldorado, FSWW, R631044, ZexaF, vq1@aGtINQnG, GdSda, Obfuscated, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | cb200521eb0a2795343b74dc489bceb6 | ||
| sha256 | 41c452f4ba12f523916ad3390d3711d9d6c05a7c698a83a890095a8c722249a5 | ||
| ssdeep | 6144:wVe3lL1uX1ACTFC1NQYNYD3ffl1fqdIhwqB1pJd:EiRu3FoQ9vfl1ydIhN1 | ||
| imphash | 99ab48e675287c5fa87def369efc076c | ||
| impfuzzy | 24:jkrksOwKYUTgfMfPlJUbDo4jEdQBOpVO/euY6KJittdcMiRv9dQluHuOvRB+vjME:kd+d7pVO/K3cttdcMS9S0ZB+aw | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x432000 GetConsoleAliasesLengthW
0x432004 FindResourceW
0x432008 InterlockedIncrement
0x43200c QueryDosDeviceA
0x432010 InterlockedCompareExchange
0x432014 FindCloseChangeNotification
0x432018 GetComputerNameW
0x43201c CreateHardLinkA
0x432020 GetTickCount
0x432024 GlobalFindAtomA
0x432028 SetConsoleMode
0x43202c WriteConsoleW
0x432030 SetComputerNameExW
0x432034 GetStartupInfoA
0x432038 GetLastError
0x43203c SetLastError
0x432040 ReadConsoleOutputCharacterA
0x432044 GetProcAddress
0x432048 VirtualAlloc
0x43204c SetComputerNameA
0x432050 LoadLibraryA
0x432054 InterlockedExchangeAdd
0x432058 LocalAlloc
0x43205c AddAtomW
0x432060 lstrcmpiW
0x432064 GetModuleHandleA
0x432068 PurgeComm
0x43206c CompareStringA
0x432070 DeleteFileW
0x432074 GetCurrentProcessId
0x432078 DebugBreak
0x43207c ResetWriteWatch
0x432080 ResumeThread
0x432084 GetConsoleOutputCP
0x432088 MultiByteToWideChar
0x43208c GetModuleHandleW
0x432090 Sleep
0x432094 ExitProcess
0x432098 GetStartupInfoW
0x43209c GetCPInfo
0x4320a0 InterlockedDecrement
0x4320a4 GetACP
0x4320a8 GetOEMCP
0x4320ac IsValidCodePage
0x4320b0 TlsGetValue
0x4320b4 TlsAlloc
0x4320b8 TlsSetValue
0x4320bc TlsFree
0x4320c0 GetCurrentThreadId
0x4320c4 TerminateProcess
0x4320c8 GetCurrentProcess
0x4320cc UnhandledExceptionFilter
0x4320d0 SetUnhandledExceptionFilter
0x4320d4 IsDebuggerPresent
0x4320d8 EnterCriticalSection
0x4320dc LeaveCriticalSection
0x4320e0 RtlUnwind
0x4320e4 SetHandleCount
0x4320e8 GetStdHandle
0x4320ec GetFileType
0x4320f0 DeleteCriticalSection
0x4320f4 HeapFree
0x4320f8 WriteFile
0x4320fc GetModuleFileNameA
0x432100 InitializeCriticalSectionAndSpinCount
0x432104 GetModuleFileNameW
0x432108 FreeEnvironmentStringsW
0x43210c GetEnvironmentStringsW
0x432110 GetCommandLineW
0x432114 HeapCreate
0x432118 VirtualFree
0x43211c QueryPerformanceCounter
0x432120 GetSystemTimeAsFileTime
0x432124 RaiseException
0x432128 LCMapStringA
0x43212c WideCharToMultiByte
0x432130 LCMapStringW
0x432134 GetStringTypeA
0x432138 GetStringTypeW
0x43213c GetLocaleInfoA
0x432140 CloseHandle
0x432144 CreateFileA
0x432148 HeapAlloc
0x43214c HeapReAlloc
0x432150 HeapSize
0x432154 GetConsoleCP
0x432158 GetConsoleMode
0x43215c FlushFileBuffers
0x432160 SetStdHandle
0x432164 SetFilePointer
0x432168 SetEndOfFile
0x43216c GetProcessHeap
0x432170 ReadFile
0x432174 WriteConsoleA
USER32.dll
0x43217c SetMessageExtraInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x432000 GetConsoleAliasesLengthW
0x432004 FindResourceW
0x432008 InterlockedIncrement
0x43200c QueryDosDeviceA
0x432010 InterlockedCompareExchange
0x432014 FindCloseChangeNotification
0x432018 GetComputerNameW
0x43201c CreateHardLinkA
0x432020 GetTickCount
0x432024 GlobalFindAtomA
0x432028 SetConsoleMode
0x43202c WriteConsoleW
0x432030 SetComputerNameExW
0x432034 GetStartupInfoA
0x432038 GetLastError
0x43203c SetLastError
0x432040 ReadConsoleOutputCharacterA
0x432044 GetProcAddress
0x432048 VirtualAlloc
0x43204c SetComputerNameA
0x432050 LoadLibraryA
0x432054 InterlockedExchangeAdd
0x432058 LocalAlloc
0x43205c AddAtomW
0x432060 lstrcmpiW
0x432064 GetModuleHandleA
0x432068 PurgeComm
0x43206c CompareStringA
0x432070 DeleteFileW
0x432074 GetCurrentProcessId
0x432078 DebugBreak
0x43207c ResetWriteWatch
0x432080 ResumeThread
0x432084 GetConsoleOutputCP
0x432088 MultiByteToWideChar
0x43208c GetModuleHandleW
0x432090 Sleep
0x432094 ExitProcess
0x432098 GetStartupInfoW
0x43209c GetCPInfo
0x4320a0 InterlockedDecrement
0x4320a4 GetACP
0x4320a8 GetOEMCP
0x4320ac IsValidCodePage
0x4320b0 TlsGetValue
0x4320b4 TlsAlloc
0x4320b8 TlsSetValue
0x4320bc TlsFree
0x4320c0 GetCurrentThreadId
0x4320c4 TerminateProcess
0x4320c8 GetCurrentProcess
0x4320cc UnhandledExceptionFilter
0x4320d0 SetUnhandledExceptionFilter
0x4320d4 IsDebuggerPresent
0x4320d8 EnterCriticalSection
0x4320dc LeaveCriticalSection
0x4320e0 RtlUnwind
0x4320e4 SetHandleCount
0x4320e8 GetStdHandle
0x4320ec GetFileType
0x4320f0 DeleteCriticalSection
0x4320f4 HeapFree
0x4320f8 WriteFile
0x4320fc GetModuleFileNameA
0x432100 InitializeCriticalSectionAndSpinCount
0x432104 GetModuleFileNameW
0x432108 FreeEnvironmentStringsW
0x43210c GetEnvironmentStringsW
0x432110 GetCommandLineW
0x432114 HeapCreate
0x432118 VirtualFree
0x43211c QueryPerformanceCounter
0x432120 GetSystemTimeAsFileTime
0x432124 RaiseException
0x432128 LCMapStringA
0x43212c WideCharToMultiByte
0x432130 LCMapStringW
0x432134 GetStringTypeA
0x432138 GetStringTypeW
0x43213c GetLocaleInfoA
0x432140 CloseHandle
0x432144 CreateFileA
0x432148 HeapAlloc
0x43214c HeapReAlloc
0x432150 HeapSize
0x432154 GetConsoleCP
0x432158 GetConsoleMode
0x43215c FlushFileBuffers
0x432160 SetStdHandle
0x432164 SetFilePointer
0x432168 SetEndOfFile
0x43216c GetProcessHeap
0x432170 ReadFile
0x432174 WriteConsoleA
USER32.dll
0x43217c SetMessageExtraInfo
EAT(Export Address Table) is none