ScreenShot
| Created | 2024.02.04 16:52 | Machine | s1_win7_x6403 |
| Filename | inte.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (AIDetectMalware, malicious, high confidence, score, Stop, Lockbit, unsafe, Save, Hacktool, Attribute, HighConfidence, Artemis, CrypterX, Generic@AI, RDML, pg8ZmtZISJDlviiuKOduXQ, high, Krypt, Detected, Sabsik, Glupteba, R633410, ZexaF, vC0@aGjjEHpi, BScope, Tofsee, Obfuscated, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 7a861d2a7d07c0efa9e429d6bbad1ffc | ||
| sha256 | dc36c00644bc994d5bb02aa68b3cd866e22bf8f55903bb7ca785068037531bb8 | ||
| ssdeep | 6144:l7fbsgL+pivdR8DusUhdGrXMWiB0H440/Q1kDc:lX7+pivj8DkVB0Y40YeY | ||
| imphash | bf14849f4ab78a7abfe404cb860b648b | ||
| impfuzzy | 48:L1X+jQ4FU1/VIqtzZcqK98DS5KdxBZEBLf:RcUVVJtzZcqQ8DS5GxrEV | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43800c MoveFileExA
0x438010 FindResourceW
0x438014 HeapAlloc
0x438018 InterlockedIncrement
0x43801c OpenJobObjectA
0x438020 SetDefaultCommConfigW
0x438024 CreateDirectoryW
0x438028 GetTickCount
0x43802c GetProcessHeap
0x438030 GetConsoleAliasesLengthA
0x438034 TzSpecificLocalTimeToSystemTime
0x438038 GetSystemTimes
0x43803c WideCharToMultiByte
0x438040 GetVolumeInformationA
0x438044 LoadLibraryW
0x438048 CompareStringW
0x43804c GetStartupInfoW
0x438050 WritePrivateProfileStringW
0x438054 GetLocaleInfoA
0x438058 GetConsoleAliasesW
0x43805c GlobalUnfix
0x438060 SetCurrentDirectoryA
0x438064 GetLastError
0x438068 GetProcAddress
0x43806c CreateNamedPipeA
0x438070 ResetEvent
0x438074 OpenWaitableTimerA
0x438078 GetAtomNameA
0x43807c LoadLibraryA
0x438080 LocalAlloc
0x438084 SetProcessWorkingSetSize
0x438088 FreeEnvironmentStringsW
0x43808c GetCurrentDirectoryA
0x438090 EndUpdateResourceA
0x438094 FileTimeToLocalFileTime
0x438098 IsValidLocale
0x43809c EnumSystemLocalesA
0x4380a0 GetModuleHandleExA
0x4380a4 FlushFileBuffers
0x4380a8 EnumDateFormatsExW
0x4380ac HeapFree
0x4380b0 EncodePointer
0x4380b4 DecodePointer
0x4380b8 GetCommandLineW
0x4380bc HeapSetInformation
0x4380c0 TerminateProcess
0x4380c4 GetCurrentProcess
0x4380c8 UnhandledExceptionFilter
0x4380cc SetUnhandledExceptionFilter
0x4380d0 IsDebuggerPresent
0x4380d4 HeapCreate
0x4380d8 HeapDestroy
0x4380dc Sleep
0x4380e0 HeapSize
0x4380e4 GetModuleHandleW
0x4380e8 ExitProcess
0x4380ec EnterCriticalSection
0x4380f0 LeaveCriticalSection
0x4380f4 CloseHandle
0x4380f8 WriteFile
0x4380fc GetStdHandle
0x438100 GetModuleFileNameW
0x438104 GetEnvironmentStringsW
0x438108 SetHandleCount
0x43810c InitializeCriticalSectionAndSpinCount
0x438110 GetFileType
0x438114 DeleteCriticalSection
0x438118 TlsAlloc
0x43811c TlsGetValue
0x438120 TlsSetValue
0x438124 TlsFree
0x438128 SetLastError
0x43812c GetCurrentThreadId
0x438130 InterlockedDecrement
0x438134 GetCurrentThread
0x438138 QueryPerformanceCounter
0x43813c GetCurrentProcessId
0x438140 GetSystemTimeAsFileTime
0x438144 HeapReAlloc
0x438148 FatalAppExitA
0x43814c SetConsoleCtrlHandler
0x438150 FreeLibrary
0x438154 InterlockedExchange
0x438158 GetLocaleInfoW
0x43815c RtlUnwind
0x438160 GetCPInfo
0x438164 GetACP
0x438168 GetOEMCP
0x43816c IsValidCodePage
0x438170 SetStdHandle
0x438174 GetConsoleCP
0x438178 GetConsoleMode
0x43817c LCMapStringW
0x438180 MultiByteToWideChar
0x438184 GetStringTypeW
0x438188 SetFilePointer
0x43818c IsProcessorFeaturePresent
0x438190 WriteConsoleW
0x438194 CreateFileW
0x438198 GetUserDefaultLCID
0x43819c RaiseException
USER32.dll
0x4381a4 DestroyIcon
ADVAPI32.dll
0x438000 ReadEventLogA
0x438004 GetServiceKeyNameA
EAT(Export Address Table) is none
KERNEL32.dll
0x43800c MoveFileExA
0x438010 FindResourceW
0x438014 HeapAlloc
0x438018 InterlockedIncrement
0x43801c OpenJobObjectA
0x438020 SetDefaultCommConfigW
0x438024 CreateDirectoryW
0x438028 GetTickCount
0x43802c GetProcessHeap
0x438030 GetConsoleAliasesLengthA
0x438034 TzSpecificLocalTimeToSystemTime
0x438038 GetSystemTimes
0x43803c WideCharToMultiByte
0x438040 GetVolumeInformationA
0x438044 LoadLibraryW
0x438048 CompareStringW
0x43804c GetStartupInfoW
0x438050 WritePrivateProfileStringW
0x438054 GetLocaleInfoA
0x438058 GetConsoleAliasesW
0x43805c GlobalUnfix
0x438060 SetCurrentDirectoryA
0x438064 GetLastError
0x438068 GetProcAddress
0x43806c CreateNamedPipeA
0x438070 ResetEvent
0x438074 OpenWaitableTimerA
0x438078 GetAtomNameA
0x43807c LoadLibraryA
0x438080 LocalAlloc
0x438084 SetProcessWorkingSetSize
0x438088 FreeEnvironmentStringsW
0x43808c GetCurrentDirectoryA
0x438090 EndUpdateResourceA
0x438094 FileTimeToLocalFileTime
0x438098 IsValidLocale
0x43809c EnumSystemLocalesA
0x4380a0 GetModuleHandleExA
0x4380a4 FlushFileBuffers
0x4380a8 EnumDateFormatsExW
0x4380ac HeapFree
0x4380b0 EncodePointer
0x4380b4 DecodePointer
0x4380b8 GetCommandLineW
0x4380bc HeapSetInformation
0x4380c0 TerminateProcess
0x4380c4 GetCurrentProcess
0x4380c8 UnhandledExceptionFilter
0x4380cc SetUnhandledExceptionFilter
0x4380d0 IsDebuggerPresent
0x4380d4 HeapCreate
0x4380d8 HeapDestroy
0x4380dc Sleep
0x4380e0 HeapSize
0x4380e4 GetModuleHandleW
0x4380e8 ExitProcess
0x4380ec EnterCriticalSection
0x4380f0 LeaveCriticalSection
0x4380f4 CloseHandle
0x4380f8 WriteFile
0x4380fc GetStdHandle
0x438100 GetModuleFileNameW
0x438104 GetEnvironmentStringsW
0x438108 SetHandleCount
0x43810c InitializeCriticalSectionAndSpinCount
0x438110 GetFileType
0x438114 DeleteCriticalSection
0x438118 TlsAlloc
0x43811c TlsGetValue
0x438120 TlsSetValue
0x438124 TlsFree
0x438128 SetLastError
0x43812c GetCurrentThreadId
0x438130 InterlockedDecrement
0x438134 GetCurrentThread
0x438138 QueryPerformanceCounter
0x43813c GetCurrentProcessId
0x438140 GetSystemTimeAsFileTime
0x438144 HeapReAlloc
0x438148 FatalAppExitA
0x43814c SetConsoleCtrlHandler
0x438150 FreeLibrary
0x438154 InterlockedExchange
0x438158 GetLocaleInfoW
0x43815c RtlUnwind
0x438160 GetCPInfo
0x438164 GetACP
0x438168 GetOEMCP
0x43816c IsValidCodePage
0x438170 SetStdHandle
0x438174 GetConsoleCP
0x438178 GetConsoleMode
0x43817c LCMapStringW
0x438180 MultiByteToWideChar
0x438184 GetStringTypeW
0x438188 SetFilePointer
0x43818c IsProcessorFeaturePresent
0x438190 WriteConsoleW
0x438194 CreateFileW
0x438198 GetUserDefaultLCID
0x43819c RaiseException
USER32.dll
0x4381a4 DestroyIcon
ADVAPI32.dll
0x438000 ReadEventLogA
0x438004 GetServiceKeyNameA
EAT(Export Address Table) is none