ScreenShot
| Created | 2024.04.03 07:15 | Machine | s1_win7_x6403 |
| Filename | download.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 37 detected (AIDetectMalware, malicious, high confidence, score, unsafe, Save, Ransomware, Attribute, HighConfidence, Artemis, PWSX, SmokeLoader, CLASSIC, high, Krypt, Danabot, Detected, PSWTroj, ZexaF, tq0@aiprMXgG, Azorult, Obfuscated, Static AI, Malicious PE, susgen, Kryptik, HWMW, confidence, 100%) | ||
| md5 | 3e74741669b1de60ff8e669d8cb510b9 | ||
| sha256 | 34c289d81ef65d4344cbf44b60a4463fa19fbb83e63d8e43d301984004d97bd6 | ||
| ssdeep | 6144:0NwNn0oAeBUForND89SRAPnAn4sG8DONFT:0KNnvAy7R4wAI7Du | ||
| imphash | 133a23a1d0034a9efe3edc434358c397 | ||
| impfuzzy | 24:jkPlzC8TgVAHl5LkTu0j5JcDWdQB647xrX0mMwZo+OpGj3Nc7v9LtF6SBZRA9wwv:8LHUTdKrXTipGLNcL9LtwSpA9BgwB | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x410010 GetConsoleAliasExesLengthA
0x410014 FindResourceW
0x410018 QueryDosDeviceA
0x41001c _lcreat
0x410020 MoveFileWithProgressA
0x410024 GetNumberFormatA
0x410028 ReadConsoleW
0x41002c GetConsoleCP
0x410030 GlobalFindAtomA
0x410034 LoadLibraryW
0x410038 TerminateThread
0x41003c InitializeCriticalSectionAndSpinCount
0x410040 ReadConsoleInputA
0x410044 CopyFileW
0x410048 GetFileAttributesA
0x41004c GetConsoleAliasW
0x410050 FileTimeToSystemTime
0x410054 GetModuleFileNameW
0x410058 GetEnvironmentVariableA
0x41005c GetTempPathW
0x410060 GetLocaleInfoA
0x410064 GetCurrentDirectoryW
0x410068 ChangeTimerQueueTimer
0x41006c SetLastError
0x410070 GetProcAddress
0x410074 WriteConsoleA
0x410078 InterlockedExchangeAdd
0x41007c LocalAlloc
0x410080 FindFirstVolumeMountPointW
0x410084 VirtualLock
0x410088 VirtualProtect
0x41008c GetWindowsDirectoryW
0x410090 GlobalAddAtomW
0x410094 FindNextVolumeA
0x410098 GetVolumeInformationW
0x41009c WriteConsoleW
0x4100a0 GetStringTypeW
0x4100a4 OutputDebugStringW
0x4100a8 RemoveVectoredExceptionHandler
0x4100ac SetThreadContext
0x4100b0 GetLastError
0x4100b4 GetNumaNodeProcessorMask
0x4100b8 FlushFileBuffers
0x4100bc SetStdHandle
0x4100c0 SetFilePointerEx
0x4100c4 GetConsoleMode
0x4100c8 IsProcessorFeaturePresent
0x4100cc EncodePointer
0x4100d0 DecodePointer
0x4100d4 ExitProcess
0x4100d8 GetModuleHandleExW
0x4100dc MultiByteToWideChar
0x4100e0 WideCharToMultiByte
0x4100e4 GetCommandLineW
0x4100e8 RaiseException
0x4100ec RtlUnwind
0x4100f0 IsDebuggerPresent
0x4100f4 HeapAlloc
0x4100f8 HeapSize
0x4100fc HeapFree
0x410100 GetCurrentThreadId
0x410104 EnterCriticalSection
0x410108 LeaveCriticalSection
0x41010c GetStdHandle
0x410110 GetFileType
0x410114 DeleteCriticalSection
0x410118 GetStartupInfoW
0x41011c CloseHandle
0x410120 UnhandledExceptionFilter
0x410124 SetUnhandledExceptionFilter
0x410128 Sleep
0x41012c GetCurrentProcess
0x410130 TerminateProcess
0x410134 TlsAlloc
0x410138 TlsGetValue
0x41013c TlsSetValue
0x410140 TlsFree
0x410144 GetModuleHandleW
0x410148 WriteFile
0x41014c LoadLibraryExW
0x410150 IsValidCodePage
0x410154 GetACP
0x410158 GetOEMCP
0x41015c GetCPInfo
0x410160 GetProcessHeap
0x410164 QueryPerformanceCounter
0x410168 GetCurrentProcessId
0x41016c GetSystemTimeAsFileTime
0x410170 GetEnvironmentStringsW
0x410174 FreeEnvironmentStringsW
0x410178 HeapReAlloc
0x41017c LCMapStringW
0x410180 CreateFileW
USER32.dll
0x410190 DrawCaption
0x410194 CharUpperBuffA
GDI32.dll
0x410008 SetTextColor
ADVAPI32.dll
0x410000 RegisterEventSourceW
ole32.dll
0x41019c CoGetPSClsid
MSIMG32.dll
0x410188 AlphaBlend
EAT(Export Address Table) is none
KERNEL32.dll
0x410010 GetConsoleAliasExesLengthA
0x410014 FindResourceW
0x410018 QueryDosDeviceA
0x41001c _lcreat
0x410020 MoveFileWithProgressA
0x410024 GetNumberFormatA
0x410028 ReadConsoleW
0x41002c GetConsoleCP
0x410030 GlobalFindAtomA
0x410034 LoadLibraryW
0x410038 TerminateThread
0x41003c InitializeCriticalSectionAndSpinCount
0x410040 ReadConsoleInputA
0x410044 CopyFileW
0x410048 GetFileAttributesA
0x41004c GetConsoleAliasW
0x410050 FileTimeToSystemTime
0x410054 GetModuleFileNameW
0x410058 GetEnvironmentVariableA
0x41005c GetTempPathW
0x410060 GetLocaleInfoA
0x410064 GetCurrentDirectoryW
0x410068 ChangeTimerQueueTimer
0x41006c SetLastError
0x410070 GetProcAddress
0x410074 WriteConsoleA
0x410078 InterlockedExchangeAdd
0x41007c LocalAlloc
0x410080 FindFirstVolumeMountPointW
0x410084 VirtualLock
0x410088 VirtualProtect
0x41008c GetWindowsDirectoryW
0x410090 GlobalAddAtomW
0x410094 FindNextVolumeA
0x410098 GetVolumeInformationW
0x41009c WriteConsoleW
0x4100a0 GetStringTypeW
0x4100a4 OutputDebugStringW
0x4100a8 RemoveVectoredExceptionHandler
0x4100ac SetThreadContext
0x4100b0 GetLastError
0x4100b4 GetNumaNodeProcessorMask
0x4100b8 FlushFileBuffers
0x4100bc SetStdHandle
0x4100c0 SetFilePointerEx
0x4100c4 GetConsoleMode
0x4100c8 IsProcessorFeaturePresent
0x4100cc EncodePointer
0x4100d0 DecodePointer
0x4100d4 ExitProcess
0x4100d8 GetModuleHandleExW
0x4100dc MultiByteToWideChar
0x4100e0 WideCharToMultiByte
0x4100e4 GetCommandLineW
0x4100e8 RaiseException
0x4100ec RtlUnwind
0x4100f0 IsDebuggerPresent
0x4100f4 HeapAlloc
0x4100f8 HeapSize
0x4100fc HeapFree
0x410100 GetCurrentThreadId
0x410104 EnterCriticalSection
0x410108 LeaveCriticalSection
0x41010c GetStdHandle
0x410110 GetFileType
0x410114 DeleteCriticalSection
0x410118 GetStartupInfoW
0x41011c CloseHandle
0x410120 UnhandledExceptionFilter
0x410124 SetUnhandledExceptionFilter
0x410128 Sleep
0x41012c GetCurrentProcess
0x410130 TerminateProcess
0x410134 TlsAlloc
0x410138 TlsGetValue
0x41013c TlsSetValue
0x410140 TlsFree
0x410144 GetModuleHandleW
0x410148 WriteFile
0x41014c LoadLibraryExW
0x410150 IsValidCodePage
0x410154 GetACP
0x410158 GetOEMCP
0x41015c GetCPInfo
0x410160 GetProcessHeap
0x410164 QueryPerformanceCounter
0x410168 GetCurrentProcessId
0x41016c GetSystemTimeAsFileTime
0x410170 GetEnvironmentStringsW
0x410174 FreeEnvironmentStringsW
0x410178 HeapReAlloc
0x41017c LCMapStringW
0x410180 CreateFileW
USER32.dll
0x410190 DrawCaption
0x410194 CharUpperBuffA
GDI32.dll
0x410008 SetTextColor
ADVAPI32.dll
0x410000 RegisterEventSourceW
ole32.dll
0x41019c CoGetPSClsid
MSIMG32.dll
0x410188 AlphaBlend
EAT(Export Address Table) is none