ScreenShot
| Created | 2024.02.04 16:37 | Machine | s1_win7_x6401 |
| Filename | osminogs.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetectMalware, Lumma, Malicious, score, Artemis, unsafe, Save, Attribute, HighConfidence, moderate confidence, GenCBL, TrojanX, Generic@AI, RDML, UL5dLiIY7jSgNIvOFEUZ6w, ZexaF, @R1@ayxmrOei, high, Detected, Sabsik, susgen, confidence, 100%) | ||
| md5 | 95e59305ad61119cf15ee95562bd05ba | ||
| sha256 | dd87f94c961b9612bbd65761bee6ed15318d63652f262e2c425bd177a2341a19 | ||
| ssdeep | 98304:luEqDCBNZBMoC5QnwpByzJYdahsJSktiFB3nCh3UUcRvbL6wXKhVEHsRMYC+dR/o:lwC7MRpY1Y3JKFVCh36L6vIpYC+dl4l | ||
| imphash | 6affd08b44b305f92928dafe665bb2ce | ||
| impfuzzy | 48:Y59XpcM5QZ14ASXJ4Zcp+svZZZDat0+dTRYE:YXXpcug1AXJ4Zcp+AjGt0+lRYE | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x95f000 ExitProcess
USER32.dll
0x95f008 GetDC
GDI32.dll
0x95f010 BitBlt
KERNEL32.dll
0x95f018 LocalAlloc
0x95f01c LocalFree
0x95f020 GetModuleFileNameW
0x95f024 GetProcessAffinityMask
0x95f028 SetProcessAffinityMask
0x95f02c SetThreadAffinityMask
0x95f030 Sleep
0x95f034 ExitProcess
0x95f038 FreeLibrary
0x95f03c LoadLibraryA
0x95f040 GetModuleHandleA
0x95f044 GetProcAddress
USER32.dll
0x95f04c GetProcessWindowStation
0x95f050 GetUserObjectInformationW
KERNEL32.dll
0x95f058 GetSystemTimeAsFileTime
0x95f05c CreateEventA
0x95f060 GetModuleHandleA
0x95f064 TerminateProcess
0x95f068 GetCurrentProcess
0x95f06c CreateToolhelp32Snapshot
0x95f070 Thread32First
0x95f074 GetCurrentProcessId
0x95f078 GetCurrentThreadId
0x95f07c OpenThread
0x95f080 Thread32Next
0x95f084 CloseHandle
0x95f088 SuspendThread
0x95f08c ResumeThread
0x95f090 WriteProcessMemory
0x95f094 GetSystemInfo
0x95f098 VirtualAlloc
0x95f09c VirtualProtect
0x95f0a0 VirtualFree
0x95f0a4 GetProcessAffinityMask
0x95f0a8 SetProcessAffinityMask
0x95f0ac GetCurrentThread
0x95f0b0 SetThreadAffinityMask
0x95f0b4 Sleep
0x95f0b8 LoadLibraryA
0x95f0bc FreeLibrary
0x95f0c0 GetTickCount
0x95f0c4 SystemTimeToFileTime
0x95f0c8 FileTimeToSystemTime
0x95f0cc GlobalFree
0x95f0d0 HeapAlloc
0x95f0d4 HeapFree
0x95f0d8 GetProcAddress
0x95f0dc ExitProcess
0x95f0e0 EnterCriticalSection
0x95f0e4 LeaveCriticalSection
0x95f0e8 InitializeCriticalSection
0x95f0ec DeleteCriticalSection
0x95f0f0 MultiByteToWideChar
0x95f0f4 GetModuleHandleW
0x95f0f8 LoadResource
0x95f0fc FindResourceExW
0x95f100 FindResourceExA
0x95f104 WideCharToMultiByte
0x95f108 GetThreadLocale
0x95f10c GetUserDefaultLCID
0x95f110 GetSystemDefaultLCID
0x95f114 EnumResourceNamesA
0x95f118 EnumResourceNamesW
0x95f11c EnumResourceLanguagesA
0x95f120 EnumResourceLanguagesW
0x95f124 EnumResourceTypesA
0x95f128 EnumResourceTypesW
0x95f12c CreateFileW
0x95f130 LoadLibraryW
0x95f134 GetLastError
0x95f138 GetCommandLineA
0x95f13c GetCPInfo
0x95f140 InterlockedIncrement
0x95f144 InterlockedDecrement
0x95f148 GetACP
0x95f14c GetOEMCP
0x95f150 IsValidCodePage
0x95f154 TlsGetValue
0x95f158 TlsAlloc
0x95f15c TlsSetValue
0x95f160 TlsFree
0x95f164 SetLastError
0x95f168 UnhandledExceptionFilter
0x95f16c SetUnhandledExceptionFilter
0x95f170 IsDebuggerPresent
0x95f174 RaiseException
0x95f178 LCMapStringA
0x95f17c LCMapStringW
0x95f180 SetHandleCount
0x95f184 GetStdHandle
0x95f188 GetFileType
0x95f18c GetStartupInfoA
0x95f190 GetModuleFileNameA
0x95f194 FreeEnvironmentStringsA
0x95f198 GetEnvironmentStrings
0x95f19c FreeEnvironmentStringsW
0x95f1a0 GetEnvironmentStringsW
0x95f1a4 HeapCreate
0x95f1a8 HeapDestroy
0x95f1ac QueryPerformanceCounter
0x95f1b0 HeapReAlloc
0x95f1b4 GetStringTypeA
0x95f1b8 GetStringTypeW
0x95f1bc GetLocaleInfoA
0x95f1c0 HeapSize
0x95f1c4 WriteFile
0x95f1c8 RtlUnwind
0x95f1cc SetFilePointer
0x95f1d0 GetConsoleCP
0x95f1d4 GetConsoleMode
0x95f1d8 InitializeCriticalSectionAndSpinCount
0x95f1dc SetStdHandle
0x95f1e0 WriteConsoleA
0x95f1e4 GetConsoleOutputCP
0x95f1e8 WriteConsoleW
0x95f1ec CreateFileA
0x95f1f0 FlushFileBuffers
0x95f1f4 VirtualQuery
EAT(Export Address Table) is none
KERNEL32.dll
0x95f000 ExitProcess
USER32.dll
0x95f008 GetDC
GDI32.dll
0x95f010 BitBlt
KERNEL32.dll
0x95f018 LocalAlloc
0x95f01c LocalFree
0x95f020 GetModuleFileNameW
0x95f024 GetProcessAffinityMask
0x95f028 SetProcessAffinityMask
0x95f02c SetThreadAffinityMask
0x95f030 Sleep
0x95f034 ExitProcess
0x95f038 FreeLibrary
0x95f03c LoadLibraryA
0x95f040 GetModuleHandleA
0x95f044 GetProcAddress
USER32.dll
0x95f04c GetProcessWindowStation
0x95f050 GetUserObjectInformationW
KERNEL32.dll
0x95f058 GetSystemTimeAsFileTime
0x95f05c CreateEventA
0x95f060 GetModuleHandleA
0x95f064 TerminateProcess
0x95f068 GetCurrentProcess
0x95f06c CreateToolhelp32Snapshot
0x95f070 Thread32First
0x95f074 GetCurrentProcessId
0x95f078 GetCurrentThreadId
0x95f07c OpenThread
0x95f080 Thread32Next
0x95f084 CloseHandle
0x95f088 SuspendThread
0x95f08c ResumeThread
0x95f090 WriteProcessMemory
0x95f094 GetSystemInfo
0x95f098 VirtualAlloc
0x95f09c VirtualProtect
0x95f0a0 VirtualFree
0x95f0a4 GetProcessAffinityMask
0x95f0a8 SetProcessAffinityMask
0x95f0ac GetCurrentThread
0x95f0b0 SetThreadAffinityMask
0x95f0b4 Sleep
0x95f0b8 LoadLibraryA
0x95f0bc FreeLibrary
0x95f0c0 GetTickCount
0x95f0c4 SystemTimeToFileTime
0x95f0c8 FileTimeToSystemTime
0x95f0cc GlobalFree
0x95f0d0 HeapAlloc
0x95f0d4 HeapFree
0x95f0d8 GetProcAddress
0x95f0dc ExitProcess
0x95f0e0 EnterCriticalSection
0x95f0e4 LeaveCriticalSection
0x95f0e8 InitializeCriticalSection
0x95f0ec DeleteCriticalSection
0x95f0f0 MultiByteToWideChar
0x95f0f4 GetModuleHandleW
0x95f0f8 LoadResource
0x95f0fc FindResourceExW
0x95f100 FindResourceExA
0x95f104 WideCharToMultiByte
0x95f108 GetThreadLocale
0x95f10c GetUserDefaultLCID
0x95f110 GetSystemDefaultLCID
0x95f114 EnumResourceNamesA
0x95f118 EnumResourceNamesW
0x95f11c EnumResourceLanguagesA
0x95f120 EnumResourceLanguagesW
0x95f124 EnumResourceTypesA
0x95f128 EnumResourceTypesW
0x95f12c CreateFileW
0x95f130 LoadLibraryW
0x95f134 GetLastError
0x95f138 GetCommandLineA
0x95f13c GetCPInfo
0x95f140 InterlockedIncrement
0x95f144 InterlockedDecrement
0x95f148 GetACP
0x95f14c GetOEMCP
0x95f150 IsValidCodePage
0x95f154 TlsGetValue
0x95f158 TlsAlloc
0x95f15c TlsSetValue
0x95f160 TlsFree
0x95f164 SetLastError
0x95f168 UnhandledExceptionFilter
0x95f16c SetUnhandledExceptionFilter
0x95f170 IsDebuggerPresent
0x95f174 RaiseException
0x95f178 LCMapStringA
0x95f17c LCMapStringW
0x95f180 SetHandleCount
0x95f184 GetStdHandle
0x95f188 GetFileType
0x95f18c GetStartupInfoA
0x95f190 GetModuleFileNameA
0x95f194 FreeEnvironmentStringsA
0x95f198 GetEnvironmentStrings
0x95f19c FreeEnvironmentStringsW
0x95f1a0 GetEnvironmentStringsW
0x95f1a4 HeapCreate
0x95f1a8 HeapDestroy
0x95f1ac QueryPerformanceCounter
0x95f1b0 HeapReAlloc
0x95f1b4 GetStringTypeA
0x95f1b8 GetStringTypeW
0x95f1bc GetLocaleInfoA
0x95f1c0 HeapSize
0x95f1c4 WriteFile
0x95f1c8 RtlUnwind
0x95f1cc SetFilePointer
0x95f1d0 GetConsoleCP
0x95f1d4 GetConsoleMode
0x95f1d8 InitializeCriticalSectionAndSpinCount
0x95f1dc SetStdHandle
0x95f1e0 WriteConsoleA
0x95f1e4 GetConsoleOutputCP
0x95f1e8 WriteConsoleW
0x95f1ec CreateFileA
0x95f1f0 FlushFileBuffers
0x95f1f4 VirtualQuery
EAT(Export Address Table) is none