ScreenShot
| Created | 2024.03.26 07:21 | Machine | s1_win7_x6403 |
| Filename | current.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 31 detected (AIDetectMalware, Tofsee, malicious, high confidence, score, Lockbit, unsafe, Save, Attribute, HighConfidence, Artemis, RansomX, SmokeLoader, CLASSIC, moderate, Detected, Wacatac, Kryptik, Eldorado, ZexaF, xq0@a0zm9, MachineLearning, Anomalous, Static AI, Malicious PE, susgen, HKBB, confidence, 100%) | ||
| md5 | 5b1d07424b8ef92435ba7674b23fab9a | ||
| sha256 | 1ace793de2813811af2c0442c7f11efc323c4b356f996058e1ab8a88a778c83b | ||
| ssdeep | 6144:Wm6nTCuN+1UJEj40m4/ox7azZF1bnTr6kgg5+jdyH6YZLmfIWaHCwtS/:f6nTCuN+Su/wx7oZ7nTrxI4XqIg | ||
| imphash | 30f662bc9e82301466398d35947e1aa4 | ||
| impfuzzy | 24:vkP3OOj3Xi9xDH1ajTDSBg8TtvWNmOovLjOpcdy8Rnlyv9EJ3IjSljMLSBxWS9Rl:EIkGGuypcLK98MSMSBxbp | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40f008 GetNumaProcessorNode
0x40f00c GetLocaleInfoA
0x40f010 GetConsoleAliasExesLengthA
0x40f014 SetUnhandledExceptionFilter
0x40f018 InterlockedIncrement
0x40f01c WaitForSingleObject
0x40f020 SetComputerNameW
0x40f024 ConnectNamedPipe
0x40f028 GetModuleHandleW
0x40f02c GetTickCount
0x40f030 LoadLibraryW
0x40f034 HeapCreate
0x40f038 HeapValidate
0x40f03c GetFileAttributesW
0x40f040 GetModuleFileNameW
0x40f044 FindNextVolumeMountPointW
0x40f048 SetConsoleTitleA
0x40f04c TryEnterCriticalSection
0x40f050 GetLastError
0x40f054 GetLongPathNameW
0x40f058 GetProcAddress
0x40f05c HeapSize
0x40f060 GetAtomNameA
0x40f064 LoadLibraryA
0x40f068 CreateHardLinkW
0x40f06c FindAtomA
0x40f070 GlobalFindAtomW
0x40f074 ConvertDefaultLocale
0x40f078 GetModuleHandleA
0x40f07c HeapSetInformation
0x40f080 GetCurrentDirectoryA
0x40f084 SetCalendarInfoA
0x40f088 CloseHandle
0x40f08c CreateFileW
0x40f090 GetConsoleOutputCP
0x40f094 CreateFileA
0x40f098 ReadFile
0x40f09c HeapAlloc
0x40f0a0 HeapReAlloc
0x40f0a4 GetCommandLineA
0x40f0a8 GetStartupInfoW
0x40f0ac TerminateProcess
0x40f0b0 GetCurrentProcess
0x40f0b4 UnhandledExceptionFilter
0x40f0b8 IsDebuggerPresent
0x40f0bc DecodePointer
0x40f0c0 EncodePointer
0x40f0c4 ExitProcess
0x40f0c8 WriteFile
0x40f0cc GetStdHandle
0x40f0d0 EnterCriticalSection
0x40f0d4 LeaveCriticalSection
0x40f0d8 HeapFree
0x40f0dc GetModuleFileNameA
0x40f0e0 FreeEnvironmentStringsW
0x40f0e4 WideCharToMultiByte
0x40f0e8 GetEnvironmentStringsW
0x40f0ec SetHandleCount
0x40f0f0 InitializeCriticalSectionAndSpinCount
0x40f0f4 GetFileType
0x40f0f8 DeleteCriticalSection
0x40f0fc TlsAlloc
0x40f100 TlsGetValue
0x40f104 TlsSetValue
0x40f108 TlsFree
0x40f10c SetLastError
0x40f110 GetCurrentThreadId
0x40f114 InterlockedDecrement
0x40f118 QueryPerformanceCounter
0x40f11c GetCurrentProcessId
0x40f120 GetSystemTimeAsFileTime
0x40f124 SetFilePointer
0x40f128 GetConsoleCP
0x40f12c GetConsoleMode
0x40f130 GetCPInfo
0x40f134 GetACP
0x40f138 GetOEMCP
0x40f13c IsValidCodePage
0x40f140 Sleep
0x40f144 RtlUnwind
0x40f148 MultiByteToWideChar
0x40f14c SetStdHandle
0x40f150 WriteConsoleW
0x40f154 LCMapStringW
0x40f158 GetStringTypeW
0x40f15c IsProcessorFeaturePresent
0x40f160 FlushFileBuffers
0x40f164 RaiseException
USER32.dll
0x40f16c GetMonitorInfoA
ADVAPI32.dll
0x40f000 RegCreateKeyW
ole32.dll
0x40f17c CoTaskMemFree
WINHTTP.dll
0x40f174 WinHttpOpen
EAT(Export Address Table) is none
KERNEL32.dll
0x40f008 GetNumaProcessorNode
0x40f00c GetLocaleInfoA
0x40f010 GetConsoleAliasExesLengthA
0x40f014 SetUnhandledExceptionFilter
0x40f018 InterlockedIncrement
0x40f01c WaitForSingleObject
0x40f020 SetComputerNameW
0x40f024 ConnectNamedPipe
0x40f028 GetModuleHandleW
0x40f02c GetTickCount
0x40f030 LoadLibraryW
0x40f034 HeapCreate
0x40f038 HeapValidate
0x40f03c GetFileAttributesW
0x40f040 GetModuleFileNameW
0x40f044 FindNextVolumeMountPointW
0x40f048 SetConsoleTitleA
0x40f04c TryEnterCriticalSection
0x40f050 GetLastError
0x40f054 GetLongPathNameW
0x40f058 GetProcAddress
0x40f05c HeapSize
0x40f060 GetAtomNameA
0x40f064 LoadLibraryA
0x40f068 CreateHardLinkW
0x40f06c FindAtomA
0x40f070 GlobalFindAtomW
0x40f074 ConvertDefaultLocale
0x40f078 GetModuleHandleA
0x40f07c HeapSetInformation
0x40f080 GetCurrentDirectoryA
0x40f084 SetCalendarInfoA
0x40f088 CloseHandle
0x40f08c CreateFileW
0x40f090 GetConsoleOutputCP
0x40f094 CreateFileA
0x40f098 ReadFile
0x40f09c HeapAlloc
0x40f0a0 HeapReAlloc
0x40f0a4 GetCommandLineA
0x40f0a8 GetStartupInfoW
0x40f0ac TerminateProcess
0x40f0b0 GetCurrentProcess
0x40f0b4 UnhandledExceptionFilter
0x40f0b8 IsDebuggerPresent
0x40f0bc DecodePointer
0x40f0c0 EncodePointer
0x40f0c4 ExitProcess
0x40f0c8 WriteFile
0x40f0cc GetStdHandle
0x40f0d0 EnterCriticalSection
0x40f0d4 LeaveCriticalSection
0x40f0d8 HeapFree
0x40f0dc GetModuleFileNameA
0x40f0e0 FreeEnvironmentStringsW
0x40f0e4 WideCharToMultiByte
0x40f0e8 GetEnvironmentStringsW
0x40f0ec SetHandleCount
0x40f0f0 InitializeCriticalSectionAndSpinCount
0x40f0f4 GetFileType
0x40f0f8 DeleteCriticalSection
0x40f0fc TlsAlloc
0x40f100 TlsGetValue
0x40f104 TlsSetValue
0x40f108 TlsFree
0x40f10c SetLastError
0x40f110 GetCurrentThreadId
0x40f114 InterlockedDecrement
0x40f118 QueryPerformanceCounter
0x40f11c GetCurrentProcessId
0x40f120 GetSystemTimeAsFileTime
0x40f124 SetFilePointer
0x40f128 GetConsoleCP
0x40f12c GetConsoleMode
0x40f130 GetCPInfo
0x40f134 GetACP
0x40f138 GetOEMCP
0x40f13c IsValidCodePage
0x40f140 Sleep
0x40f144 RtlUnwind
0x40f148 MultiByteToWideChar
0x40f14c SetStdHandle
0x40f150 WriteConsoleW
0x40f154 LCMapStringW
0x40f158 GetStringTypeW
0x40f15c IsProcessorFeaturePresent
0x40f160 FlushFileBuffers
0x40f164 RaiseException
USER32.dll
0x40f16c GetMonitorInfoA
ADVAPI32.dll
0x40f000 RegCreateKeyW
ole32.dll
0x40f17c CoTaskMemFree
WINHTTP.dll
0x40f174 WinHttpOpen
EAT(Export Address Table) is none