ScreenShot
| Created | 2024.04.03 07:13 | Machine | s1_win7_x6401 |
| Filename | current.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 37 detected (AIDetectMalware, Stealerc, malicious, high confidence, score, Lockbit, unsafe, Save, Ransomware, Attribute, HighConfidence, Artemis, PWSX, SmokeLoader, CLASSIC, high, Krypt, Danabot, Detected, PSWTroj, STOP, Azorult, ZexaF, wq0@aKMiXNeG, Obfuscated, Static AI, Malicious PE, susgen, Kryptik, HWMW, confidence, 100%) | ||
| md5 | 1dcb40361c41317d2b831b1d96b46916 | ||
| sha256 | 0fe7acf7d3ec871715e0d198b4ec619049d7522eadc458462df603f820e4ebc3 | ||
| ssdeep | 6144:w7RxIyimsb/3wR3G1t32q1UPBsFICmHDqT:w7RxItmsb/3DRssF2D6 | ||
| imphash | 1e09411374dbea8ad2f39c381842a0d3 | ||
| impfuzzy | 24:jkPlzC8TgVAHl5ikTuizj5JcDoFdQB64CxrXfMwZo+OpGj3Nc7v9LtF6SBZRA9wg:8LHPHdPrXjipGLNcL9LtwSpA9BgwB | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x410010 GetConsoleAliasExesLengthA
0x410014 FindResourceW
0x410018 QueryDosDeviceA
0x41001c _lcreat
0x410020 MoveFileWithProgressA
0x410024 GetNumberFormatA
0x410028 ReadConsoleW
0x41002c GetConsoleCP
0x410030 GlobalFindAtomA
0x410034 LoadLibraryW
0x410038 TerminateThread
0x41003c InitializeCriticalSectionAndSpinCount
0x410040 ReadConsoleInputA
0x410044 CopyFileW
0x410048 GetFileAttributesA
0x41004c FindNextVolumeW
0x410050 GetConsoleAliasW
0x410054 FileTimeToSystemTime
0x410058 GetModuleFileNameW
0x41005c GetEnvironmentVariableA
0x410060 GetLocaleInfoA
0x410064 GetLastError
0x410068 GetCurrentDirectoryW
0x41006c ChangeTimerQueueTimer
0x410070 SetLastError
0x410074 GetProcAddress
0x410078 LoadLibraryA
0x41007c WriteConsoleA
0x410080 InterlockedExchangeAdd
0x410084 LocalAlloc
0x410088 FindFirstVolumeMountPointW
0x41008c VirtualLock
0x410090 VirtualProtect
0x410094 GetWindowsDirectoryW
0x410098 GlobalAddAtomW
0x41009c GetVolumeInformationW
0x4100a0 WriteConsoleW
0x4100a4 GetStringTypeW
0x4100a8 OutputDebugStringW
0x4100ac RemoveVectoredExceptionHandler
0x4100b0 SetThreadContext
0x4100b4 GetTempPathW
0x4100b8 GetNumaNodeProcessorMask
0x4100bc FlushFileBuffers
0x4100c0 SetStdHandle
0x4100c4 SetFilePointerEx
0x4100c8 GetConsoleMode
0x4100cc IsProcessorFeaturePresent
0x4100d0 EncodePointer
0x4100d4 DecodePointer
0x4100d8 ExitProcess
0x4100dc GetModuleHandleExW
0x4100e0 MultiByteToWideChar
0x4100e4 WideCharToMultiByte
0x4100e8 GetCommandLineW
0x4100ec RaiseException
0x4100f0 RtlUnwind
0x4100f4 IsDebuggerPresent
0x4100f8 HeapAlloc
0x4100fc HeapSize
0x410100 HeapFree
0x410104 GetCurrentThreadId
0x410108 EnterCriticalSection
0x41010c LeaveCriticalSection
0x410110 GetStdHandle
0x410114 GetFileType
0x410118 DeleteCriticalSection
0x41011c GetStartupInfoW
0x410120 CloseHandle
0x410124 UnhandledExceptionFilter
0x410128 SetUnhandledExceptionFilter
0x41012c Sleep
0x410130 GetCurrentProcess
0x410134 TerminateProcess
0x410138 TlsAlloc
0x41013c TlsGetValue
0x410140 TlsSetValue
0x410144 TlsFree
0x410148 GetModuleHandleW
0x41014c WriteFile
0x410150 LoadLibraryExW
0x410154 IsValidCodePage
0x410158 GetACP
0x41015c GetOEMCP
0x410160 GetCPInfo
0x410164 GetProcessHeap
0x410168 QueryPerformanceCounter
0x41016c GetCurrentProcessId
0x410170 GetSystemTimeAsFileTime
0x410174 GetEnvironmentStringsW
0x410178 FreeEnvironmentStringsW
0x41017c HeapReAlloc
0x410180 LCMapStringW
0x410184 CreateFileW
USER32.dll
0x410194 DrawCaption
0x410198 CharUpperBuffA
GDI32.dll
0x410008 SetTextColor
ADVAPI32.dll
0x410000 RegisterEventSourceW
ole32.dll
0x4101a0 CoGetPSClsid
MSIMG32.dll
0x41018c AlphaBlend
EAT(Export Address Table) is none
KERNEL32.dll
0x410010 GetConsoleAliasExesLengthA
0x410014 FindResourceW
0x410018 QueryDosDeviceA
0x41001c _lcreat
0x410020 MoveFileWithProgressA
0x410024 GetNumberFormatA
0x410028 ReadConsoleW
0x41002c GetConsoleCP
0x410030 GlobalFindAtomA
0x410034 LoadLibraryW
0x410038 TerminateThread
0x41003c InitializeCriticalSectionAndSpinCount
0x410040 ReadConsoleInputA
0x410044 CopyFileW
0x410048 GetFileAttributesA
0x41004c FindNextVolumeW
0x410050 GetConsoleAliasW
0x410054 FileTimeToSystemTime
0x410058 GetModuleFileNameW
0x41005c GetEnvironmentVariableA
0x410060 GetLocaleInfoA
0x410064 GetLastError
0x410068 GetCurrentDirectoryW
0x41006c ChangeTimerQueueTimer
0x410070 SetLastError
0x410074 GetProcAddress
0x410078 LoadLibraryA
0x41007c WriteConsoleA
0x410080 InterlockedExchangeAdd
0x410084 LocalAlloc
0x410088 FindFirstVolumeMountPointW
0x41008c VirtualLock
0x410090 VirtualProtect
0x410094 GetWindowsDirectoryW
0x410098 GlobalAddAtomW
0x41009c GetVolumeInformationW
0x4100a0 WriteConsoleW
0x4100a4 GetStringTypeW
0x4100a8 OutputDebugStringW
0x4100ac RemoveVectoredExceptionHandler
0x4100b0 SetThreadContext
0x4100b4 GetTempPathW
0x4100b8 GetNumaNodeProcessorMask
0x4100bc FlushFileBuffers
0x4100c0 SetStdHandle
0x4100c4 SetFilePointerEx
0x4100c8 GetConsoleMode
0x4100cc IsProcessorFeaturePresent
0x4100d0 EncodePointer
0x4100d4 DecodePointer
0x4100d8 ExitProcess
0x4100dc GetModuleHandleExW
0x4100e0 MultiByteToWideChar
0x4100e4 WideCharToMultiByte
0x4100e8 GetCommandLineW
0x4100ec RaiseException
0x4100f0 RtlUnwind
0x4100f4 IsDebuggerPresent
0x4100f8 HeapAlloc
0x4100fc HeapSize
0x410100 HeapFree
0x410104 GetCurrentThreadId
0x410108 EnterCriticalSection
0x41010c LeaveCriticalSection
0x410110 GetStdHandle
0x410114 GetFileType
0x410118 DeleteCriticalSection
0x41011c GetStartupInfoW
0x410120 CloseHandle
0x410124 UnhandledExceptionFilter
0x410128 SetUnhandledExceptionFilter
0x41012c Sleep
0x410130 GetCurrentProcess
0x410134 TerminateProcess
0x410138 TlsAlloc
0x41013c TlsGetValue
0x410140 TlsSetValue
0x410144 TlsFree
0x410148 GetModuleHandleW
0x41014c WriteFile
0x410150 LoadLibraryExW
0x410154 IsValidCodePage
0x410158 GetACP
0x41015c GetOEMCP
0x410160 GetCPInfo
0x410164 GetProcessHeap
0x410168 QueryPerformanceCounter
0x41016c GetCurrentProcessId
0x410170 GetSystemTimeAsFileTime
0x410174 GetEnvironmentStringsW
0x410178 FreeEnvironmentStringsW
0x41017c HeapReAlloc
0x410180 LCMapStringW
0x410184 CreateFileW
USER32.dll
0x410194 DrawCaption
0x410198 CharUpperBuffA
GDI32.dll
0x410008 SetTextColor
ADVAPI32.dll
0x410000 RegisterEventSourceW
ole32.dll
0x4101a0 CoGetPSClsid
MSIMG32.dll
0x41018c AlphaBlend
EAT(Export Address Table) is none