ScreenShot
| Created | 2024.04.03 07:16 | Machine | s1_win7_x6401 |
| Filename | wek.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 38 detected (AIDetectMalware, WinGo, malicious, high confidence, score, Artemis, unsafe, V2kp, a variant of WinGo, CLASSIC, AGEN, MulDrop26, SMOKELOADER, YXEDBZ, Detected, AsyncRAT, Casdet, H42K7L, Eldorado, Chgt, confidence, 100%) | ||
| md5 | bcc93e415a05ea5bb4ac3985fe389866 | ||
| sha256 | 6ce6fd56b675cb8ffc6e5ecb11bb80640e24e58a09985f8a4f635ee9c3c2bf97 | ||
| ssdeep | 49152:wrtSAbjawsGcz8QfpyvcRjBZPohnKZV7+P:bOaw1uF4 | ||
| imphash | 5929190c8765f5bc37b052ab5c6c53e7 | ||
| impfuzzy | 48:qJrKxMCy9cmwKeFR+2u42xQ2HpdXiX1PJOmSnlTJGfYJ861k1vcqTjz:qJexMCyamCRHu42xQ2HPXiX1PgblTJGh | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14030747c AddAtomA
0x140307484 AddVectoredExceptionHandler
0x14030748c CloseHandle
0x140307494 CreateEventA
0x14030749c CreateFileA
0x1403074a4 CreateIoCompletionPort
0x1403074ac CreateMutexA
0x1403074b4 CreateSemaphoreA
0x1403074bc CreateThread
0x1403074c4 CreateWaitableTimerExW
0x1403074cc DeleteAtom
0x1403074d4 DeleteCriticalSection
0x1403074dc DuplicateHandle
0x1403074e4 EnterCriticalSection
0x1403074ec ExitProcess
0x1403074f4 FindAtomA
0x1403074fc FormatMessageA
0x140307504 FreeEnvironmentStringsW
0x14030750c GetAtomNameA
0x140307514 GetConsoleMode
0x14030751c GetCurrentProcess
0x140307524 GetCurrentProcessId
0x14030752c GetCurrentThread
0x140307534 GetCurrentThreadId
0x14030753c GetEnvironmentStringsW
0x140307544 GetErrorMode
0x14030754c GetHandleInformation
0x140307554 GetLastError
0x14030755c GetProcAddress
0x140307564 GetProcessAffinityMask
0x14030756c GetQueuedCompletionStatusEx
0x140307574 GetStartupInfoA
0x14030757c GetStdHandle
0x140307584 GetSystemDirectoryA
0x14030758c GetSystemInfo
0x140307594 GetSystemTimeAsFileTime
0x14030759c GetThreadContext
0x1403075a4 GetThreadPriority
0x1403075ac GetTickCount
0x1403075b4 InitializeCriticalSection
0x1403075bc IsDBCSLeadByteEx
0x1403075c4 IsDebuggerPresent
0x1403075cc LeaveCriticalSection
0x1403075d4 LoadLibraryExW
0x1403075dc LoadLibraryW
0x1403075e4 LocalFree
0x1403075ec MultiByteToWideChar
0x1403075f4 OpenProcess
0x1403075fc OutputDebugStringA
0x140307604 PostQueuedCompletionStatus
0x14030760c QueryPerformanceCounter
0x140307614 QueryPerformanceFrequency
0x14030761c RaiseException
0x140307624 RaiseFailFastException
0x14030762c ReleaseMutex
0x140307634 ReleaseSemaphore
0x14030763c RemoveVectoredExceptionHandler
0x140307644 ResetEvent
0x14030764c ResumeThread
0x140307654 SetConsoleCtrlHandler
0x14030765c SetErrorMode
0x140307664 SetEvent
0x14030766c SetLastError
0x140307674 SetProcessAffinityMask
0x14030767c SetProcessPriorityBoost
0x140307684 SetThreadContext
0x14030768c SetThreadPriority
0x140307694 SetUnhandledExceptionFilter
0x14030769c SetWaitableTimer
0x1403076a4 Sleep
0x1403076ac SuspendThread
0x1403076b4 SwitchToThread
0x1403076bc TlsAlloc
0x1403076c4 TlsGetValue
0x1403076cc TlsSetValue
0x1403076d4 TryEnterCriticalSection
0x1403076dc VirtualAlloc
0x1403076e4 VirtualFree
0x1403076ec VirtualProtect
0x1403076f4 VirtualQuery
0x1403076fc WaitForMultipleObjects
0x140307704 WaitForSingleObject
0x14030770c WerGetFlags
0x140307714 WerSetFlags
0x14030771c WideCharToMultiByte
0x140307724 WriteConsoleW
0x14030772c WriteFile
0x140307734 __C_specific_handler
msvcrt.dll
0x140307744 ___lc_codepage_func
0x14030774c ___mb_cur_max_func
0x140307754 __getmainargs
0x14030775c __initenv
0x140307764 __iob_func
0x14030776c __lconv_init
0x140307774 __set_app_type
0x14030777c __setusermatherr
0x140307784 _acmdln
0x14030778c _amsg_exit
0x140307794 _beginthread
0x14030779c _beginthreadex
0x1403077a4 _cexit
0x1403077ac _commode
0x1403077b4 _endthreadex
0x1403077bc _errno
0x1403077c4 _fmode
0x1403077cc _initterm
0x1403077d4 _lock
0x1403077dc _memccpy
0x1403077e4 _onexit
0x1403077ec _setjmp
0x1403077f4 _strdup
0x1403077fc _ultoa
0x140307804 _unlock
0x14030780c abort
0x140307814 calloc
0x14030781c exit
0x140307824 fprintf
0x14030782c fputc
0x140307834 free
0x14030783c fwrite
0x140307844 localeconv
0x14030784c longjmp
0x140307854 malloc
0x14030785c memcpy
0x140307864 memmove
0x14030786c memset
0x140307874 printf
0x14030787c realloc
0x140307884 signal
0x14030788c strerror
0x140307894 strlen
0x14030789c strncmp
0x1403078a4 vfprintf
0x1403078ac wcslen
EAT(Export Address Table) Library
0x140304a90 _cgo_dummy_export
KERNEL32.dll
0x14030747c AddAtomA
0x140307484 AddVectoredExceptionHandler
0x14030748c CloseHandle
0x140307494 CreateEventA
0x14030749c CreateFileA
0x1403074a4 CreateIoCompletionPort
0x1403074ac CreateMutexA
0x1403074b4 CreateSemaphoreA
0x1403074bc CreateThread
0x1403074c4 CreateWaitableTimerExW
0x1403074cc DeleteAtom
0x1403074d4 DeleteCriticalSection
0x1403074dc DuplicateHandle
0x1403074e4 EnterCriticalSection
0x1403074ec ExitProcess
0x1403074f4 FindAtomA
0x1403074fc FormatMessageA
0x140307504 FreeEnvironmentStringsW
0x14030750c GetAtomNameA
0x140307514 GetConsoleMode
0x14030751c GetCurrentProcess
0x140307524 GetCurrentProcessId
0x14030752c GetCurrentThread
0x140307534 GetCurrentThreadId
0x14030753c GetEnvironmentStringsW
0x140307544 GetErrorMode
0x14030754c GetHandleInformation
0x140307554 GetLastError
0x14030755c GetProcAddress
0x140307564 GetProcessAffinityMask
0x14030756c GetQueuedCompletionStatusEx
0x140307574 GetStartupInfoA
0x14030757c GetStdHandle
0x140307584 GetSystemDirectoryA
0x14030758c GetSystemInfo
0x140307594 GetSystemTimeAsFileTime
0x14030759c GetThreadContext
0x1403075a4 GetThreadPriority
0x1403075ac GetTickCount
0x1403075b4 InitializeCriticalSection
0x1403075bc IsDBCSLeadByteEx
0x1403075c4 IsDebuggerPresent
0x1403075cc LeaveCriticalSection
0x1403075d4 LoadLibraryExW
0x1403075dc LoadLibraryW
0x1403075e4 LocalFree
0x1403075ec MultiByteToWideChar
0x1403075f4 OpenProcess
0x1403075fc OutputDebugStringA
0x140307604 PostQueuedCompletionStatus
0x14030760c QueryPerformanceCounter
0x140307614 QueryPerformanceFrequency
0x14030761c RaiseException
0x140307624 RaiseFailFastException
0x14030762c ReleaseMutex
0x140307634 ReleaseSemaphore
0x14030763c RemoveVectoredExceptionHandler
0x140307644 ResetEvent
0x14030764c ResumeThread
0x140307654 SetConsoleCtrlHandler
0x14030765c SetErrorMode
0x140307664 SetEvent
0x14030766c SetLastError
0x140307674 SetProcessAffinityMask
0x14030767c SetProcessPriorityBoost
0x140307684 SetThreadContext
0x14030768c SetThreadPriority
0x140307694 SetUnhandledExceptionFilter
0x14030769c SetWaitableTimer
0x1403076a4 Sleep
0x1403076ac SuspendThread
0x1403076b4 SwitchToThread
0x1403076bc TlsAlloc
0x1403076c4 TlsGetValue
0x1403076cc TlsSetValue
0x1403076d4 TryEnterCriticalSection
0x1403076dc VirtualAlloc
0x1403076e4 VirtualFree
0x1403076ec VirtualProtect
0x1403076f4 VirtualQuery
0x1403076fc WaitForMultipleObjects
0x140307704 WaitForSingleObject
0x14030770c WerGetFlags
0x140307714 WerSetFlags
0x14030771c WideCharToMultiByte
0x140307724 WriteConsoleW
0x14030772c WriteFile
0x140307734 __C_specific_handler
msvcrt.dll
0x140307744 ___lc_codepage_func
0x14030774c ___mb_cur_max_func
0x140307754 __getmainargs
0x14030775c __initenv
0x140307764 __iob_func
0x14030776c __lconv_init
0x140307774 __set_app_type
0x14030777c __setusermatherr
0x140307784 _acmdln
0x14030778c _amsg_exit
0x140307794 _beginthread
0x14030779c _beginthreadex
0x1403077a4 _cexit
0x1403077ac _commode
0x1403077b4 _endthreadex
0x1403077bc _errno
0x1403077c4 _fmode
0x1403077cc _initterm
0x1403077d4 _lock
0x1403077dc _memccpy
0x1403077e4 _onexit
0x1403077ec _setjmp
0x1403077f4 _strdup
0x1403077fc _ultoa
0x140307804 _unlock
0x14030780c abort
0x140307814 calloc
0x14030781c exit
0x140307824 fprintf
0x14030782c fputc
0x140307834 free
0x14030783c fwrite
0x140307844 localeconv
0x14030784c longjmp
0x140307854 malloc
0x14030785c memcpy
0x140307864 memmove
0x14030786c memset
0x140307874 printf
0x14030787c realloc
0x140307884 signal
0x14030788c strerror
0x140307894 strlen
0x14030789c strncmp
0x1403078a4 vfprintf
0x1403078ac wcslen
EAT(Export Address Table) Library
0x140304a90 _cgo_dummy_export