ScreenShot
| Created | 2024.03.31 11:20 | Machine | s1_win7_x6401 |
| Filename | random.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (AIDetectMalware, malicious, high confidence, score, Stop, Lockbit, GenericKD, unsafe, Fragtor, Save, Genus, Attribute, HighConfidence, Kryptik, HWSK, Artemis, PWSX, GenKryptik, SmokeLoader, CLASSIC, MulDrop9, AMADEY, YXEC3Z, high, Krypt, Danabot, Detected, ai score=81, Convagent, RisePro, Azorult, Sabsik, JF9ES8, R641315, ZexaF, Zq0@aGXDA0eG, Genetic, Obfuscated, Static AI, Malicious PE, susgen, HWMW, confidence, 100%) | ||
| md5 | 501172b22cd8ce26e766b8a88a90f12c | ||
| sha256 | aa7e7a8858f19ab6e33cdaac83983b53c7b1aab28dae5d5892fe3b2c54e89722 | ||
| ssdeep | 24576:Mq4JhdP/QPapN5IeJkCxBhxjAT1kKq6Po:Mq4XB/zpnDkCxBhxjOu96Po | ||
| imphash | bf99ed1c6e12a2d49719cb0ce3fd5ba7 | ||
| impfuzzy | 24:0/rkrkRp+PSGklYku/cDvqsHTxPT+vgexIkPZysoHOovIGFJ3NcHjM1WzvctRl8C:33CKoex7TGHNcYMctR/6AQvI | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x410008 InterlockedIncrement
0x41000c ReadConsoleA
0x410010 GetTickCount
0x410014 GetConsoleAliasesLengthA
0x410018 GetWindowsDirectoryA
0x41001c GlobalAlloc
0x410020 SetCommConfig
0x410024 GetLocaleInfoW
0x410028 GetSystemPowerStatus
0x41002c GetVersionExW
0x410030 FindNextVolumeW
0x410034 GetConsoleAliasW
0x410038 GetWriteWatch
0x41003c WriteConsoleW
0x410040 CreateFileW
0x410044 GetEnvironmentVariableA
0x410048 ExitThread
0x41004c GetHandleInformation
0x410050 GetLastError
0x410054 GetProcAddress
0x410058 FindResourceW
0x41005c RemoveDirectoryA
0x410060 LoadLibraryA
0x410064 FindFirstVolumeMountPointW
0x410068 SetConsoleCtrlHandler
0x41006c GetNumberFormatW
0x410070 SetFileApisToANSI
0x410074 QueryDosDeviceW
0x410078 GlobalFindAtomW
0x41007c GetModuleFileNameA
0x410080 VirtualProtect
0x410084 GetCurrentDirectoryA
0x410088 PeekConsoleInputA
0x41008c _lopen
0x410090 GetCurrentProcessId
0x410094 GetVolumeInformationW
0x410098 OutputDebugStringW
0x41009c HeapReAlloc
0x4100a0 SetStdHandle
0x4100a4 LCMapStringW
0x4100a8 GetConsoleAliasExesLengthA
0x4100ac MultiByteToWideChar
0x4100b0 EncodePointer
0x4100b4 DecodePointer
0x4100b8 ReadFile
0x4100bc ExitProcess
0x4100c0 GetModuleHandleExW
0x4100c4 WideCharToMultiByte
0x4100c8 GetCommandLineA
0x4100cc RaiseException
0x4100d0 RtlUnwind
0x4100d4 IsProcessorFeaturePresent
0x4100d8 IsDebuggerPresent
0x4100dc IsValidCodePage
0x4100e0 GetACP
0x4100e4 GetOEMCP
0x4100e8 GetCPInfo
0x4100ec SetLastError
0x4100f0 GetCurrentThreadId
0x4100f4 EnterCriticalSection
0x4100f8 LeaveCriticalSection
0x4100fc FlushFileBuffers
0x410100 WriteFile
0x410104 GetConsoleCP
0x410108 GetConsoleMode
0x41010c DeleteCriticalSection
0x410110 HeapSize
0x410114 HeapFree
0x410118 SetFilePointerEx
0x41011c GetStdHandle
0x410120 GetFileType
0x410124 GetStartupInfoW
0x410128 UnhandledExceptionFilter
0x41012c SetUnhandledExceptionFilter
0x410130 InitializeCriticalSectionAndSpinCount
0x410134 Sleep
0x410138 GetCurrentProcess
0x41013c TerminateProcess
0x410140 TlsAlloc
0x410144 TlsGetValue
0x410148 TlsSetValue
0x41014c TlsFree
0x410150 GetModuleHandleW
0x410154 GetModuleFileNameW
0x410158 LoadLibraryExW
0x41015c HeapAlloc
0x410160 GetProcessHeap
0x410164 QueryPerformanceCounter
0x410168 GetSystemTimeAsFileTime
0x41016c GetEnvironmentStringsW
0x410170 FreeEnvironmentStringsW
0x410174 GetStringTypeW
0x410178 CloseHandle
USER32.dll
0x410180 CharUpperBuffA
0x410184 DrawFrameControl
0x410188 ChangeMenuA
ADVAPI32.dll
0x410000 ReadEventLogW
EAT(Export Address Table) is none
KERNEL32.dll
0x410008 InterlockedIncrement
0x41000c ReadConsoleA
0x410010 GetTickCount
0x410014 GetConsoleAliasesLengthA
0x410018 GetWindowsDirectoryA
0x41001c GlobalAlloc
0x410020 SetCommConfig
0x410024 GetLocaleInfoW
0x410028 GetSystemPowerStatus
0x41002c GetVersionExW
0x410030 FindNextVolumeW
0x410034 GetConsoleAliasW
0x410038 GetWriteWatch
0x41003c WriteConsoleW
0x410040 CreateFileW
0x410044 GetEnvironmentVariableA
0x410048 ExitThread
0x41004c GetHandleInformation
0x410050 GetLastError
0x410054 GetProcAddress
0x410058 FindResourceW
0x41005c RemoveDirectoryA
0x410060 LoadLibraryA
0x410064 FindFirstVolumeMountPointW
0x410068 SetConsoleCtrlHandler
0x41006c GetNumberFormatW
0x410070 SetFileApisToANSI
0x410074 QueryDosDeviceW
0x410078 GlobalFindAtomW
0x41007c GetModuleFileNameA
0x410080 VirtualProtect
0x410084 GetCurrentDirectoryA
0x410088 PeekConsoleInputA
0x41008c _lopen
0x410090 GetCurrentProcessId
0x410094 GetVolumeInformationW
0x410098 OutputDebugStringW
0x41009c HeapReAlloc
0x4100a0 SetStdHandle
0x4100a4 LCMapStringW
0x4100a8 GetConsoleAliasExesLengthA
0x4100ac MultiByteToWideChar
0x4100b0 EncodePointer
0x4100b4 DecodePointer
0x4100b8 ReadFile
0x4100bc ExitProcess
0x4100c0 GetModuleHandleExW
0x4100c4 WideCharToMultiByte
0x4100c8 GetCommandLineA
0x4100cc RaiseException
0x4100d0 RtlUnwind
0x4100d4 IsProcessorFeaturePresent
0x4100d8 IsDebuggerPresent
0x4100dc IsValidCodePage
0x4100e0 GetACP
0x4100e4 GetOEMCP
0x4100e8 GetCPInfo
0x4100ec SetLastError
0x4100f0 GetCurrentThreadId
0x4100f4 EnterCriticalSection
0x4100f8 LeaveCriticalSection
0x4100fc FlushFileBuffers
0x410100 WriteFile
0x410104 GetConsoleCP
0x410108 GetConsoleMode
0x41010c DeleteCriticalSection
0x410110 HeapSize
0x410114 HeapFree
0x410118 SetFilePointerEx
0x41011c GetStdHandle
0x410120 GetFileType
0x410124 GetStartupInfoW
0x410128 UnhandledExceptionFilter
0x41012c SetUnhandledExceptionFilter
0x410130 InitializeCriticalSectionAndSpinCount
0x410134 Sleep
0x410138 GetCurrentProcess
0x41013c TerminateProcess
0x410140 TlsAlloc
0x410144 TlsGetValue
0x410148 TlsSetValue
0x41014c TlsFree
0x410150 GetModuleHandleW
0x410154 GetModuleFileNameW
0x410158 LoadLibraryExW
0x41015c HeapAlloc
0x410160 GetProcessHeap
0x410164 QueryPerformanceCounter
0x410168 GetSystemTimeAsFileTime
0x41016c GetEnvironmentStringsW
0x410170 FreeEnvironmentStringsW
0x410174 GetStringTypeW
0x410178 CloseHandle
USER32.dll
0x410180 CharUpperBuffA
0x410184 DrawFrameControl
0x410188 ChangeMenuA
ADVAPI32.dll
0x410000 ReadEventLogW
EAT(Export Address Table) is none