ScreenShot
Created | 2024.01.22 14:59 | Machine | s1_win7_x6403 |
Filename | index.php | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 29 detected (AIDetectMalware, malicious, high confidence, score, unsafe, Save, Attribute, HighConfidence, FileRepMalware, Generic@AI, RDML, +058HiE3g93Oadf9KW4tDw, Krypt, Caynamer, ZexaF, nu0@aimgYWdi, BScope, Ajent, Obfuscated, Static AI, Malicious PE, susgen, confidence, 100%) | ||
md5 | cfb1c1dc1927543d3ba7d2776a425e57 | ||
sha256 | 82aa93045796a41e59a428f62a2f353e2343a9789f093b9553a2daab6a81ce47 | ||
ssdeep | 3072:HBAVkKKz6bqDSScMgQXVLC2M9ZmHzgoJ6QbIt6VZZfqgMXEfpF:HB12EcMgQ9C9kHdInt68gMXI | ||
imphash | 78228cc34ce8e71519a98f0987233e7f | ||
impfuzzy | 24:6kPvnrkruair1VV4WDfcDy4S1VUQpa7dyu9lpOOtsNHRnlyv9Wl/J3IcSQxOaNT9:CuLXb16Qpa7dIOtsPK9WDSQvK5eZOUt |
Network IP location
Signature (3cnts)
Level | Description |
---|---|
warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x421008 MoveFileExA
0x42100c GetConsoleAliasExesLengthA
0x421010 HeapAlloc
0x421014 FreeEnvironmentStringsA
0x421018 GetModuleHandleW
0x42101c GetTickCount
0x421020 GetConsoleAliasesA
0x421024 TzSpecificLocalTimeToSystemTime
0x421028 LoadLibraryW
0x42102c GetLocaleInfoW
0x421030 GetAtomNameW
0x421034 GetModuleFileNameW
0x421038 CompareStringW
0x42103c SetConsoleTitleA
0x421040 WritePrivateProfileStringW
0x421044 RaiseException
0x421048 FindResourceA
0x42104c GetLastError
0x421050 GetProcAddress
0x421054 GetTapeStatus
0x421058 SetComputerNameA
0x42105c OpenWaitableTimerA
0x421060 LoadLibraryA
0x421064 LocalAlloc
0x421068 SetCalendarInfoW
0x42106c SetCurrentDirectoryW
0x421070 OpenJobObjectW
0x421074 GetStringTypeW
0x421078 CompareStringA
0x42107c EndUpdateResourceA
0x421080 UnregisterWaitEx
0x421084 LocalFree
0x421088 InterlockedExchange
0x42108c GetEnvironmentVariableW
0x421090 HeapFree
0x421094 GetCommandLineW
0x421098 HeapSetInformation
0x42109c GetStartupInfoW
0x4210a0 TerminateProcess
0x4210a4 GetCurrentProcess
0x4210a8 UnhandledExceptionFilter
0x4210ac SetUnhandledExceptionFilter
0x4210b0 IsDebuggerPresent
0x4210b4 HeapCreate
0x4210b8 HeapDestroy
0x4210bc ExitProcess
0x4210c0 DecodePointer
0x4210c4 WriteFile
0x4210c8 GetStdHandle
0x4210cc FreeEnvironmentStringsW
0x4210d0 GetEnvironmentStringsW
0x4210d4 SetHandleCount
0x4210d8 InitializeCriticalSectionAndSpinCount
0x4210dc GetFileType
0x4210e0 DeleteCriticalSection
0x4210e4 EncodePointer
0x4210e8 TlsAlloc
0x4210ec TlsGetValue
0x4210f0 TlsSetValue
0x4210f4 TlsFree
0x4210f8 InterlockedIncrement
0x4210fc SetLastError
0x421100 GetCurrentThreadId
0x421104 InterlockedDecrement
0x421108 GetCurrentThread
0x42110c QueryPerformanceCounter
0x421110 GetCurrentProcessId
0x421114 GetSystemTimeAsFileTime
0x421118 GetCPInfo
0x42111c GetACP
0x421120 GetOEMCP
0x421124 IsValidCodePage
0x421128 LeaveCriticalSection
0x42112c FatalAppExitA
0x421130 EnterCriticalSection
0x421134 SetConsoleCtrlHandler
0x421138 FreeLibrary
0x42113c Sleep
0x421140 RtlUnwind
0x421144 WideCharToMultiByte
0x421148 LCMapStringW
0x42114c MultiByteToWideChar
0x421150 GetUserDefaultLCID
0x421154 GetLocaleInfoA
0x421158 EnumSystemLocalesA
0x42115c IsValidLocale
0x421160 HeapSize
0x421164 HeapReAlloc
0x421168 IsProcessorFeaturePresent
ADVAPI32.dll
0x421000 RegisterEventSourceW
EAT(Export Address Table) is none
KERNEL32.dll
0x421008 MoveFileExA
0x42100c GetConsoleAliasExesLengthA
0x421010 HeapAlloc
0x421014 FreeEnvironmentStringsA
0x421018 GetModuleHandleW
0x42101c GetTickCount
0x421020 GetConsoleAliasesA
0x421024 TzSpecificLocalTimeToSystemTime
0x421028 LoadLibraryW
0x42102c GetLocaleInfoW
0x421030 GetAtomNameW
0x421034 GetModuleFileNameW
0x421038 CompareStringW
0x42103c SetConsoleTitleA
0x421040 WritePrivateProfileStringW
0x421044 RaiseException
0x421048 FindResourceA
0x42104c GetLastError
0x421050 GetProcAddress
0x421054 GetTapeStatus
0x421058 SetComputerNameA
0x42105c OpenWaitableTimerA
0x421060 LoadLibraryA
0x421064 LocalAlloc
0x421068 SetCalendarInfoW
0x42106c SetCurrentDirectoryW
0x421070 OpenJobObjectW
0x421074 GetStringTypeW
0x421078 CompareStringA
0x42107c EndUpdateResourceA
0x421080 UnregisterWaitEx
0x421084 LocalFree
0x421088 InterlockedExchange
0x42108c GetEnvironmentVariableW
0x421090 HeapFree
0x421094 GetCommandLineW
0x421098 HeapSetInformation
0x42109c GetStartupInfoW
0x4210a0 TerminateProcess
0x4210a4 GetCurrentProcess
0x4210a8 UnhandledExceptionFilter
0x4210ac SetUnhandledExceptionFilter
0x4210b0 IsDebuggerPresent
0x4210b4 HeapCreate
0x4210b8 HeapDestroy
0x4210bc ExitProcess
0x4210c0 DecodePointer
0x4210c4 WriteFile
0x4210c8 GetStdHandle
0x4210cc FreeEnvironmentStringsW
0x4210d0 GetEnvironmentStringsW
0x4210d4 SetHandleCount
0x4210d8 InitializeCriticalSectionAndSpinCount
0x4210dc GetFileType
0x4210e0 DeleteCriticalSection
0x4210e4 EncodePointer
0x4210e8 TlsAlloc
0x4210ec TlsGetValue
0x4210f0 TlsSetValue
0x4210f4 TlsFree
0x4210f8 InterlockedIncrement
0x4210fc SetLastError
0x421100 GetCurrentThreadId
0x421104 InterlockedDecrement
0x421108 GetCurrentThread
0x42110c QueryPerformanceCounter
0x421110 GetCurrentProcessId
0x421114 GetSystemTimeAsFileTime
0x421118 GetCPInfo
0x42111c GetACP
0x421120 GetOEMCP
0x421124 IsValidCodePage
0x421128 LeaveCriticalSection
0x42112c FatalAppExitA
0x421130 EnterCriticalSection
0x421134 SetConsoleCtrlHandler
0x421138 FreeLibrary
0x42113c Sleep
0x421140 RtlUnwind
0x421144 WideCharToMultiByte
0x421148 LCMapStringW
0x42114c MultiByteToWideChar
0x421150 GetUserDefaultLCID
0x421154 GetLocaleInfoA
0x421158 EnumSystemLocalesA
0x42115c IsValidLocale
0x421160 HeapSize
0x421164 HeapReAlloc
0x421168 IsProcessorFeaturePresent
ADVAPI32.dll
0x421000 RegisterEventSourceW
EAT(Export Address Table) is none