ScreenShot
| Created | 2024.03.27 07:31 | Machine | s1_win7_x6403 |
| Filename | @Base.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (Common, Kryplod, malicious, high confidence, score, unsafe, Rhadamanthys, V161, Attribute, HighConfidence, Kryptik, PWSX, bwpd, ShellCodeRunner, CLASSIC, Nekark, neafk, Siggen3, 0NA104CC24, Detected, ai score=85, ABRisk, LBWU, R637934, PasswordStealer, Chgt, Gencirc, susgen, PossibleThreat, confidence, 100%) | ||
| md5 | 9437c89a5f9a51a4ff6d6076083fa6c9 | ||
| sha256 | 0e730f4daa303f419756a2a4da7ae96e583984ba1912abdc228b47a7fbc2ad7f | ||
| ssdeep | 12288:Mk9eNPHnvN2o2Gwka9G/aFoy2d5iTWjxUPIaC:MKMPHnvN2hG/aEaFop5 | ||
| imphash | 9397a1167e5a226e051f04cb219e2bc5 | ||
| impfuzzy | 24:QjraCXdD8HuOGOovwcpVWjQS1o0qtuBgdlJBl39LoHv1GM+CZxCb1:8XOBjcpVwQS1YtuBgDpJQpZW1 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14002a000 GetModuleFileNameA
0x14002a008 WaitForSingleObject
0x14002a010 GetModuleHandleA
0x14002a018 CreateEventW
0x14002a020 Sleep
0x14002a028 CreateThreadpoolWait
0x14002a030 SetThreadpoolWait
0x14002a038 GetProcAddress
0x14002a040 SetEndOfFile
0x14002a048 WriteConsoleW
0x14002a050 HeapSize
0x14002a058 CreateFileW
0x14002a060 GetProcessHeap
0x14002a068 SetStdHandle
0x14002a070 FreeEnvironmentStringsW
0x14002a078 GetEnvironmentStringsW
0x14002a080 GetCommandLineW
0x14002a088 GetCommandLineA
0x14002a090 GetOEMCP
0x14002a098 GetACP
0x14002a0a0 IsValidCodePage
0x14002a0a8 FindNextFileW
0x14002a0b0 EnterCriticalSection
0x14002a0b8 LeaveCriticalSection
0x14002a0c0 InitializeCriticalSectionEx
0x14002a0c8 DeleteCriticalSection
0x14002a0d0 EncodePointer
0x14002a0d8 DecodePointer
0x14002a0e0 MultiByteToWideChar
0x14002a0e8 WideCharToMultiByte
0x14002a0f0 LCMapStringEx
0x14002a0f8 GetStringTypeW
0x14002a100 GetCPInfo
0x14002a108 QueryPerformanceCounter
0x14002a110 GetCurrentProcessId
0x14002a118 GetCurrentThreadId
0x14002a120 GetSystemTimeAsFileTime
0x14002a128 InitializeSListHead
0x14002a130 RtlCaptureContext
0x14002a138 RtlLookupFunctionEntry
0x14002a140 RtlVirtualUnwind
0x14002a148 IsDebuggerPresent
0x14002a150 UnhandledExceptionFilter
0x14002a158 SetUnhandledExceptionFilter
0x14002a160 GetStartupInfoW
0x14002a168 IsProcessorFeaturePresent
0x14002a170 GetModuleHandleW
0x14002a178 GetCurrentProcess
0x14002a180 TerminateProcess
0x14002a188 RtlUnwindEx
0x14002a190 RtlPcToFileHeader
0x14002a198 RaiseException
0x14002a1a0 GetLastError
0x14002a1a8 SetLastError
0x14002a1b0 InitializeCriticalSectionAndSpinCount
0x14002a1b8 TlsAlloc
0x14002a1c0 TlsGetValue
0x14002a1c8 TlsSetValue
0x14002a1d0 TlsFree
0x14002a1d8 FreeLibrary
0x14002a1e0 LoadLibraryExW
0x14002a1e8 GetStdHandle
0x14002a1f0 WriteFile
0x14002a1f8 GetModuleFileNameW
0x14002a200 ExitProcess
0x14002a208 GetModuleHandleExW
0x14002a210 GetFileSizeEx
0x14002a218 SetFilePointerEx
0x14002a220 GetFileType
0x14002a228 FlushFileBuffers
0x14002a230 GetConsoleOutputCP
0x14002a238 GetConsoleMode
0x14002a240 HeapFree
0x14002a248 CloseHandle
0x14002a250 HeapAlloc
0x14002a258 LCMapStringW
0x14002a260 GetLocaleInfoW
0x14002a268 IsValidLocale
0x14002a270 GetUserDefaultLCID
0x14002a278 EnumSystemLocalesW
0x14002a280 ReadFile
0x14002a288 ReadConsoleW
0x14002a290 HeapReAlloc
0x14002a298 FindClose
0x14002a2a0 FindFirstFileExW
0x14002a2a8 RtlUnwind
EAT(Export Address Table) is none
KERNEL32.dll
0x14002a000 GetModuleFileNameA
0x14002a008 WaitForSingleObject
0x14002a010 GetModuleHandleA
0x14002a018 CreateEventW
0x14002a020 Sleep
0x14002a028 CreateThreadpoolWait
0x14002a030 SetThreadpoolWait
0x14002a038 GetProcAddress
0x14002a040 SetEndOfFile
0x14002a048 WriteConsoleW
0x14002a050 HeapSize
0x14002a058 CreateFileW
0x14002a060 GetProcessHeap
0x14002a068 SetStdHandle
0x14002a070 FreeEnvironmentStringsW
0x14002a078 GetEnvironmentStringsW
0x14002a080 GetCommandLineW
0x14002a088 GetCommandLineA
0x14002a090 GetOEMCP
0x14002a098 GetACP
0x14002a0a0 IsValidCodePage
0x14002a0a8 FindNextFileW
0x14002a0b0 EnterCriticalSection
0x14002a0b8 LeaveCriticalSection
0x14002a0c0 InitializeCriticalSectionEx
0x14002a0c8 DeleteCriticalSection
0x14002a0d0 EncodePointer
0x14002a0d8 DecodePointer
0x14002a0e0 MultiByteToWideChar
0x14002a0e8 WideCharToMultiByte
0x14002a0f0 LCMapStringEx
0x14002a0f8 GetStringTypeW
0x14002a100 GetCPInfo
0x14002a108 QueryPerformanceCounter
0x14002a110 GetCurrentProcessId
0x14002a118 GetCurrentThreadId
0x14002a120 GetSystemTimeAsFileTime
0x14002a128 InitializeSListHead
0x14002a130 RtlCaptureContext
0x14002a138 RtlLookupFunctionEntry
0x14002a140 RtlVirtualUnwind
0x14002a148 IsDebuggerPresent
0x14002a150 UnhandledExceptionFilter
0x14002a158 SetUnhandledExceptionFilter
0x14002a160 GetStartupInfoW
0x14002a168 IsProcessorFeaturePresent
0x14002a170 GetModuleHandleW
0x14002a178 GetCurrentProcess
0x14002a180 TerminateProcess
0x14002a188 RtlUnwindEx
0x14002a190 RtlPcToFileHeader
0x14002a198 RaiseException
0x14002a1a0 GetLastError
0x14002a1a8 SetLastError
0x14002a1b0 InitializeCriticalSectionAndSpinCount
0x14002a1b8 TlsAlloc
0x14002a1c0 TlsGetValue
0x14002a1c8 TlsSetValue
0x14002a1d0 TlsFree
0x14002a1d8 FreeLibrary
0x14002a1e0 LoadLibraryExW
0x14002a1e8 GetStdHandle
0x14002a1f0 WriteFile
0x14002a1f8 GetModuleFileNameW
0x14002a200 ExitProcess
0x14002a208 GetModuleHandleExW
0x14002a210 GetFileSizeEx
0x14002a218 SetFilePointerEx
0x14002a220 GetFileType
0x14002a228 FlushFileBuffers
0x14002a230 GetConsoleOutputCP
0x14002a238 GetConsoleMode
0x14002a240 HeapFree
0x14002a248 CloseHandle
0x14002a250 HeapAlloc
0x14002a258 LCMapStringW
0x14002a260 GetLocaleInfoW
0x14002a268 IsValidLocale
0x14002a270 GetUserDefaultLCID
0x14002a278 EnumSystemLocalesW
0x14002a280 ReadFile
0x14002a288 ReadConsoleW
0x14002a290 HeapReAlloc
0x14002a298 FindClose
0x14002a2a0 FindFirstFileExW
0x14002a2a8 RtlUnwind
EAT(Export Address Table) is none