ScreenShot
| Created | 2024.01.31 16:07 | Machine | s1_win7_x6401 |
| Filename | 12.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (AIDetectMalware, Injects, malicious, high confidence, score, Artemis, Dn2@e8Vjkjg, unsafe, Vkoj, GenusT, DUPD, Attribute, HighConfidence, ETOS, InjectorX, khysav, yktfp, R002C0XAO24, Krypt, Detected, ai score=83, ZgRAT, Leonem, ABRisk, TCQV, Azorult, Hider, Chgt, CLASSIC, confidence, 100%) | ||
| md5 | ac481092ba6b334ba64482381726c022 | ||
| sha256 | c230cf0d3c075b686aa8935996fc01b7012d1751d03fd760542318537a4f6177 | ||
| ssdeep | 24576:ausGRdrEAbm4zesGRdrEAbm4zf+dNzlg7+EZnBkzF7RDb9DBAb030++slpDB3vCv:aubdYAm4zebdYAm4zf+3C7+EZ+9b9t+d | ||
| imphash | d2645bbc353c1453eda8dde166a0cc4d | ||
| impfuzzy | 48:PAi/1wzxQQZwggwegkH1xkxR3Yl39pFqxxgLxdT+yrmFNiWc4lhw+pxmHIkSMwZu:PAi/1GxQQZfgZgkH1xkxRuNpFqxxgLx7 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x42b51000 GetProcAddress
0x42b51004 GetModuleHandleW
MSVBVM60.DLL
0x42b5100c __vbaVarSub
0x42b51010 __vbaVarTstGt
0x42b51014 _CIcos
0x42b51018 _adj_fptan
0x42b5101c __vbaVarMove
0x42b51020 __vbaVarVargNofree
0x42b51024 __vbaFreeVar
0x42b51028 __vbaAryMove
0x42b5102c __vbaStrVarMove
0x42b51030 __vbaLenBstr
0x42b51034 __vbaFreeVarList
0x42b51038 None
0x42b5103c _adj_fdiv_m64
0x42b51040 None
0x42b51044 __vbaFreeObjList
0x42b51048 _adj_fprem1
0x42b5104c __vbaStrCat
0x42b51050 __vbaSetSystemError
0x42b51054 __vbaHresultCheckObj
0x42b51058 __vbaLenVar
0x42b5105c _adj_fdiv_m32
0x42b51060 __vbaAryVar
0x42b51064 __vbaAryDestruct
0x42b51068 __vbaObjSet
0x42b5106c None
0x42b51070 _adj_fdiv_m16i
0x42b51074 __vbaObjSetAddref
0x42b51078 _adj_fdivr_m16i
0x42b5107c __vbaRefVarAry
0x42b51080 _CIsin
0x42b51084 __vbaErase
0x42b51088 __vbaVarZero
0x42b5108c __vbaChkstk
0x42b51090 EVENT_SINK_AddRef
0x42b51094 __vbaAryConstruct2
0x42b51098 __vbaVarTstEq
0x42b5109c None
0x42b510a0 DllFunctionCall
0x42b510a4 _adj_fpatan
0x42b510a8 __vbaRedim
0x42b510ac EVENT_SINK_Release
0x42b510b0 __vbaNew
0x42b510b4 None
0x42b510b8 _CIsqrt
0x42b510bc EVENT_SINK_QueryInterface
0x42b510c0 __vbaStr2Vec
0x42b510c4 __vbaExceptHandler
0x42b510c8 __vbaStrToUnicode
0x42b510cc None
0x42b510d0 _adj_fprem
0x42b510d4 _adj_fdivr_m64
0x42b510d8 None
0x42b510dc __vbaFPException
0x42b510e0 GetMem4
0x42b510e4 __vbaStrVarVal
0x42b510e8 __vbaUbound
0x42b510ec __vbaVarCat
0x42b510f0 None
0x42b510f4 _CIlog
0x42b510f8 __vbaNew2
0x42b510fc _adj_fdiv_m32i
0x42b51100 _adj_fdivr_m32i
0x42b51104 __vbaStrCopy
0x42b51108 __vbaFreeStrList
0x42b5110c _adj_fdivr_m32
0x42b51110 _adj_fdiv_r
0x42b51114 None
0x42b51118 __vbaI4Var
0x42b5111c __vbaAryLock
0x42b51120 __vbaVarAdd
0x42b51124 __vbaStrToAnsi
0x42b51128 __vbaVarDup
0x42b5112c __vbaVarCopy
0x42b51130 None
0x42b51134 _CIatan
0x42b51138 __vbaStrMove
0x42b5113c __vbaCastObj
0x42b51140 __vbaAryCopy
0x42b51144 _allmul
0x42b51148 _CItan
0x42b5114c __vbaAryUnlock
0x42b51150 _CIexp
0x42b51154 __vbaFreeStr
0x42b51158 __vbaFreeObj
EAT(Export Address Table) is none
KERNEL32.DLL
0x42b51000 GetProcAddress
0x42b51004 GetModuleHandleW
MSVBVM60.DLL
0x42b5100c __vbaVarSub
0x42b51010 __vbaVarTstGt
0x42b51014 _CIcos
0x42b51018 _adj_fptan
0x42b5101c __vbaVarMove
0x42b51020 __vbaVarVargNofree
0x42b51024 __vbaFreeVar
0x42b51028 __vbaAryMove
0x42b5102c __vbaStrVarMove
0x42b51030 __vbaLenBstr
0x42b51034 __vbaFreeVarList
0x42b51038 None
0x42b5103c _adj_fdiv_m64
0x42b51040 None
0x42b51044 __vbaFreeObjList
0x42b51048 _adj_fprem1
0x42b5104c __vbaStrCat
0x42b51050 __vbaSetSystemError
0x42b51054 __vbaHresultCheckObj
0x42b51058 __vbaLenVar
0x42b5105c _adj_fdiv_m32
0x42b51060 __vbaAryVar
0x42b51064 __vbaAryDestruct
0x42b51068 __vbaObjSet
0x42b5106c None
0x42b51070 _adj_fdiv_m16i
0x42b51074 __vbaObjSetAddref
0x42b51078 _adj_fdivr_m16i
0x42b5107c __vbaRefVarAry
0x42b51080 _CIsin
0x42b51084 __vbaErase
0x42b51088 __vbaVarZero
0x42b5108c __vbaChkstk
0x42b51090 EVENT_SINK_AddRef
0x42b51094 __vbaAryConstruct2
0x42b51098 __vbaVarTstEq
0x42b5109c None
0x42b510a0 DllFunctionCall
0x42b510a4 _adj_fpatan
0x42b510a8 __vbaRedim
0x42b510ac EVENT_SINK_Release
0x42b510b0 __vbaNew
0x42b510b4 None
0x42b510b8 _CIsqrt
0x42b510bc EVENT_SINK_QueryInterface
0x42b510c0 __vbaStr2Vec
0x42b510c4 __vbaExceptHandler
0x42b510c8 __vbaStrToUnicode
0x42b510cc None
0x42b510d0 _adj_fprem
0x42b510d4 _adj_fdivr_m64
0x42b510d8 None
0x42b510dc __vbaFPException
0x42b510e0 GetMem4
0x42b510e4 __vbaStrVarVal
0x42b510e8 __vbaUbound
0x42b510ec __vbaVarCat
0x42b510f0 None
0x42b510f4 _CIlog
0x42b510f8 __vbaNew2
0x42b510fc _adj_fdiv_m32i
0x42b51100 _adj_fdivr_m32i
0x42b51104 __vbaStrCopy
0x42b51108 __vbaFreeStrList
0x42b5110c _adj_fdivr_m32
0x42b51110 _adj_fdiv_r
0x42b51114 None
0x42b51118 __vbaI4Var
0x42b5111c __vbaAryLock
0x42b51120 __vbaVarAdd
0x42b51124 __vbaStrToAnsi
0x42b51128 __vbaVarDup
0x42b5112c __vbaVarCopy
0x42b51130 None
0x42b51134 _CIatan
0x42b51138 __vbaStrMove
0x42b5113c __vbaCastObj
0x42b51140 __vbaAryCopy
0x42b51144 _allmul
0x42b51148 _CItan
0x42b5114c __vbaAryUnlock
0x42b51150 _CIexp
0x42b51154 __vbaFreeStr
0x42b51158 __vbaFreeObj
EAT(Export Address Table) is none