ScreenShot
| Created | 2024.04.03 07:22 | Machine | s1_win7_x6403 |
| Filename | 123.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 5 detected (Attribute, HighConfidence, U13eBereYPL) | ||
| md5 | 9f632d69a52c4076934ce5f569a675bd | ||
| sha256 | 62f5be16dcf28ae6f77a753987842fc47b6c939b4cc16eeb9ed83e9eed32bf61 | ||
| ssdeep | 49152:UJrXDFN+9iEXvLqbWOqUCAu4Om/+zspq7uCsJRH:UdgQvNCsJRH | ||
| imphash | 3e15aa248ffd863c4d280e6e314baf7c | ||
| impfuzzy | 96:QrBtkrXxtnQiUwPWdGJeQHwCNI090W7mKj1:Lrht/PWw3HuIP7mKj1 | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
cryptprimitives.dll
0x1401ad198 ProcessPrng
kernel32.dll
0x1401ad208 PostQueuedCompletionStatus
0x1401ad210 CreateIoCompletionPort
0x1401ad218 GetQueuedCompletionStatusEx
0x1401ad220 SetHandleInformation
0x1401ad228 LocalFree
0x1401ad230 GetSystemInfo
0x1401ad238 SetFileCompletionNotificationModes
0x1401ad240 GetCurrentThreadId
0x1401ad248 Sleep
0x1401ad250 lstrlenW
0x1401ad258 GetSystemTimeAsFileTime
0x1401ad260 InitializeSListHead
0x1401ad268 IsDebuggerPresent
0x1401ad270 UnhandledExceptionFilter
0x1401ad278 SetUnhandledExceptionFilter
0x1401ad280 GetCurrentThread
0x1401ad288 GetLastError
0x1401ad290 AddVectoredExceptionHandler
0x1401ad298 SetThreadStackGuarantee
0x1401ad2a0 SwitchToThread
0x1401ad2a8 CreateWaitableTimerExW
0x1401ad2b0 SetWaitableTimer
0x1401ad2b8 WaitForSingleObject
0x1401ad2c0 QueryPerformanceCounter
0x1401ad2c8 RtlCaptureContext
0x1401ad2d0 RtlVirtualUnwind
0x1401ad2d8 RtlLookupFunctionEntry
0x1401ad2e0 SetLastError
0x1401ad2e8 GetCurrentDirectoryW
0x1401ad2f0 GetEnvironmentVariableW
0x1401ad2f8 HeapFree
0x1401ad300 EnumSystemLocalesA
0x1401ad308 GetStdHandle
0x1401ad310 GetCurrentProcessId
0x1401ad318 HeapAlloc
0x1401ad320 QueryPerformanceFrequency
0x1401ad328 GetSystemTimePreciseAsFileTime
0x1401ad330 HeapCreate
0x1401ad338 HeapReAlloc
0x1401ad340 ReleaseMutex
0x1401ad348 GetProcessHeap
0x1401ad350 FindNextFileW
0x1401ad358 FindClose
0x1401ad360 FindFirstFileW
0x1401ad368 GetFinalPathNameByHandleW
0x1401ad370 FlushInstructionCache
0x1401ad378 WriteProcessMemory
0x1401ad380 GetConsoleMode
0x1401ad388 GetProcAddress
0x1401ad390 GetModuleHandleW
0x1401ad398 FormatMessageW
0x1401ad3a0 MultiByteToWideChar
0x1401ad3a8 WriteConsoleW
0x1401ad3b0 CreateThread
0x1401ad3b8 GetFullPathNameW
0x1401ad3c0 WaitForSingleObjectEx
0x1401ad3c8 LoadLibraryA
0x1401ad3d0 CreateMutexA
0x1401ad3d8 GetModuleHandleA
0x1401ad3e0 GetCurrentProcess
0x1401ad3e8 CloseHandle
0x1401ad3f0 IsProcessorFeaturePresent
secur32.dll
0x1401ad440 InitializeSecurityContextW
0x1401ad448 DecryptMessage
0x1401ad450 AcquireCredentialsHandleA
0x1401ad458 AcceptSecurityContext
0x1401ad460 FreeCredentialsHandle
0x1401ad468 DeleteSecurityContext
0x1401ad470 QueryContextAttributesW
0x1401ad478 FreeContextBuffer
0x1401ad480 EncryptMessage
0x1401ad488 ApplyControlToken
advapi32.dll
0x1401ad050 RegOpenKeyExW
0x1401ad058 RegQueryValueExW
0x1401ad060 SystemFunction036
0x1401ad068 RegCloseKey
ws2_32.dll
0x1401ad4a8 WSASend
0x1401ad4b0 recv
0x1401ad4b8 shutdown
0x1401ad4c0 getpeername
0x1401ad4c8 getsockopt
0x1401ad4d0 ioctlsocket
0x1401ad4d8 connect
0x1401ad4e0 ind
0x1401ad4e8 WSASocketW
0x1401ad4f0 WSAGetLastError
0x1401ad4f8 setsockopt
0x1401ad500 WSAStartup
0x1401ad508 WSAIoctl
0x1401ad510 WSACleanup
0x1401ad518 getsockname
0x1401ad520 freeaddrinfo
0x1401ad528 closesocket
0x1401ad530 getaddrinfo
0x1401ad538 send
crypt32.dll
0x1401ad1a8 CertGetCertificateChain
0x1401ad1b0 CertVerifyCertificateChainPolicy
0x1401ad1b8 CertDuplicateCertificateChain
0x1401ad1c0 CertFreeCertificateChain
0x1401ad1c8 CertDuplicateCertificateContext
0x1401ad1d0 CertFreeCertificateContext
0x1401ad1d8 CertEnumCertificatesInStore
0x1401ad1e0 CertAddCertificateContextToStore
0x1401ad1e8 CertOpenStore
0x1401ad1f0 CertCloseStore
0x1401ad1f8 CertDuplicateStore
ntdll.dll
0x1401ad400 RtlNtStatusToDosError
0x1401ad408 NtDeviceIoControlFile
0x1401ad410 NtCancelIoFileEx
0x1401ad418 NtWriteFile
0x1401ad420 NtCreateFile
shell32.dll
0x1401ad498 SHGetKnownFolderPath
ole32.dll
0x1401ad430 CoTaskMemFree
crypt.dll
0x1401ad188 BCryptGenRandom
api-ms-win-core-synch-l1-2-0.dll
0x1401ad078 WakeByAddressAll
0x1401ad080 WakeByAddressSingle
0x1401ad088 WaitOnAddress
VCRUNTIME140.dll
0x1401ad000 __C_specific_handler
0x1401ad008 __current_exception_context
0x1401ad010 __current_exception
0x1401ad018 __CxxFrameHandler3
0x1401ad020 memcpy
0x1401ad028 memmove
0x1401ad030 memcmp
0x1401ad038 memset
0x1401ad040 _CxxThrowException
api-ms-win-crt-math-l1-1-0.dll
0x1401ad0c0 __setusermatherr
0x1401ad0c8 pow
api-ms-win-crt-runtime-l1-1-0.dll
0x1401ad0d8 _initterm
0x1401ad0e0 _initterm_e
0x1401ad0e8 exit
0x1401ad0f0 _exit
0x1401ad0f8 _initialize_narrow_environment
0x1401ad100 __p___argc
0x1401ad108 __p___argv
0x1401ad110 _cexit
0x1401ad118 _c_exit
0x1401ad120 _register_thread_local_exe_atexit_callback
0x1401ad128 _configure_narrow_argv
0x1401ad130 _set_app_type
0x1401ad138 terminate
0x1401ad140 _initialize_onexit_table
0x1401ad148 _register_onexit_function
0x1401ad150 _crt_atexit
0x1401ad158 _seh_filter_exe
0x1401ad160 _get_initial_narrow_environment
api-ms-win-crt-stdio-l1-1-0.dll
0x1401ad170 _set_fmode
0x1401ad178 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1401ad0b0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1401ad098 free
0x1401ad0a0 _set_new_mode
EAT(Export Address Table) is none
cryptprimitives.dll
0x1401ad198 ProcessPrng
kernel32.dll
0x1401ad208 PostQueuedCompletionStatus
0x1401ad210 CreateIoCompletionPort
0x1401ad218 GetQueuedCompletionStatusEx
0x1401ad220 SetHandleInformation
0x1401ad228 LocalFree
0x1401ad230 GetSystemInfo
0x1401ad238 SetFileCompletionNotificationModes
0x1401ad240 GetCurrentThreadId
0x1401ad248 Sleep
0x1401ad250 lstrlenW
0x1401ad258 GetSystemTimeAsFileTime
0x1401ad260 InitializeSListHead
0x1401ad268 IsDebuggerPresent
0x1401ad270 UnhandledExceptionFilter
0x1401ad278 SetUnhandledExceptionFilter
0x1401ad280 GetCurrentThread
0x1401ad288 GetLastError
0x1401ad290 AddVectoredExceptionHandler
0x1401ad298 SetThreadStackGuarantee
0x1401ad2a0 SwitchToThread
0x1401ad2a8 CreateWaitableTimerExW
0x1401ad2b0 SetWaitableTimer
0x1401ad2b8 WaitForSingleObject
0x1401ad2c0 QueryPerformanceCounter
0x1401ad2c8 RtlCaptureContext
0x1401ad2d0 RtlVirtualUnwind
0x1401ad2d8 RtlLookupFunctionEntry
0x1401ad2e0 SetLastError
0x1401ad2e8 GetCurrentDirectoryW
0x1401ad2f0 GetEnvironmentVariableW
0x1401ad2f8 HeapFree
0x1401ad300 EnumSystemLocalesA
0x1401ad308 GetStdHandle
0x1401ad310 GetCurrentProcessId
0x1401ad318 HeapAlloc
0x1401ad320 QueryPerformanceFrequency
0x1401ad328 GetSystemTimePreciseAsFileTime
0x1401ad330 HeapCreate
0x1401ad338 HeapReAlloc
0x1401ad340 ReleaseMutex
0x1401ad348 GetProcessHeap
0x1401ad350 FindNextFileW
0x1401ad358 FindClose
0x1401ad360 FindFirstFileW
0x1401ad368 GetFinalPathNameByHandleW
0x1401ad370 FlushInstructionCache
0x1401ad378 WriteProcessMemory
0x1401ad380 GetConsoleMode
0x1401ad388 GetProcAddress
0x1401ad390 GetModuleHandleW
0x1401ad398 FormatMessageW
0x1401ad3a0 MultiByteToWideChar
0x1401ad3a8 WriteConsoleW
0x1401ad3b0 CreateThread
0x1401ad3b8 GetFullPathNameW
0x1401ad3c0 WaitForSingleObjectEx
0x1401ad3c8 LoadLibraryA
0x1401ad3d0 CreateMutexA
0x1401ad3d8 GetModuleHandleA
0x1401ad3e0 GetCurrentProcess
0x1401ad3e8 CloseHandle
0x1401ad3f0 IsProcessorFeaturePresent
secur32.dll
0x1401ad440 InitializeSecurityContextW
0x1401ad448 DecryptMessage
0x1401ad450 AcquireCredentialsHandleA
0x1401ad458 AcceptSecurityContext
0x1401ad460 FreeCredentialsHandle
0x1401ad468 DeleteSecurityContext
0x1401ad470 QueryContextAttributesW
0x1401ad478 FreeContextBuffer
0x1401ad480 EncryptMessage
0x1401ad488 ApplyControlToken
advapi32.dll
0x1401ad050 RegOpenKeyExW
0x1401ad058 RegQueryValueExW
0x1401ad060 SystemFunction036
0x1401ad068 RegCloseKey
ws2_32.dll
0x1401ad4a8 WSASend
0x1401ad4b0 recv
0x1401ad4b8 shutdown
0x1401ad4c0 getpeername
0x1401ad4c8 getsockopt
0x1401ad4d0 ioctlsocket
0x1401ad4d8 connect
0x1401ad4e0 ind
0x1401ad4e8 WSASocketW
0x1401ad4f0 WSAGetLastError
0x1401ad4f8 setsockopt
0x1401ad500 WSAStartup
0x1401ad508 WSAIoctl
0x1401ad510 WSACleanup
0x1401ad518 getsockname
0x1401ad520 freeaddrinfo
0x1401ad528 closesocket
0x1401ad530 getaddrinfo
0x1401ad538 send
crypt32.dll
0x1401ad1a8 CertGetCertificateChain
0x1401ad1b0 CertVerifyCertificateChainPolicy
0x1401ad1b8 CertDuplicateCertificateChain
0x1401ad1c0 CertFreeCertificateChain
0x1401ad1c8 CertDuplicateCertificateContext
0x1401ad1d0 CertFreeCertificateContext
0x1401ad1d8 CertEnumCertificatesInStore
0x1401ad1e0 CertAddCertificateContextToStore
0x1401ad1e8 CertOpenStore
0x1401ad1f0 CertCloseStore
0x1401ad1f8 CertDuplicateStore
ntdll.dll
0x1401ad400 RtlNtStatusToDosError
0x1401ad408 NtDeviceIoControlFile
0x1401ad410 NtCancelIoFileEx
0x1401ad418 NtWriteFile
0x1401ad420 NtCreateFile
shell32.dll
0x1401ad498 SHGetKnownFolderPath
ole32.dll
0x1401ad430 CoTaskMemFree
crypt.dll
0x1401ad188 BCryptGenRandom
api-ms-win-core-synch-l1-2-0.dll
0x1401ad078 WakeByAddressAll
0x1401ad080 WakeByAddressSingle
0x1401ad088 WaitOnAddress
VCRUNTIME140.dll
0x1401ad000 __C_specific_handler
0x1401ad008 __current_exception_context
0x1401ad010 __current_exception
0x1401ad018 __CxxFrameHandler3
0x1401ad020 memcpy
0x1401ad028 memmove
0x1401ad030 memcmp
0x1401ad038 memset
0x1401ad040 _CxxThrowException
api-ms-win-crt-math-l1-1-0.dll
0x1401ad0c0 __setusermatherr
0x1401ad0c8 pow
api-ms-win-crt-runtime-l1-1-0.dll
0x1401ad0d8 _initterm
0x1401ad0e0 _initterm_e
0x1401ad0e8 exit
0x1401ad0f0 _exit
0x1401ad0f8 _initialize_narrow_environment
0x1401ad100 __p___argc
0x1401ad108 __p___argv
0x1401ad110 _cexit
0x1401ad118 _c_exit
0x1401ad120 _register_thread_local_exe_atexit_callback
0x1401ad128 _configure_narrow_argv
0x1401ad130 _set_app_type
0x1401ad138 terminate
0x1401ad140 _initialize_onexit_table
0x1401ad148 _register_onexit_function
0x1401ad150 _crt_atexit
0x1401ad158 _seh_filter_exe
0x1401ad160 _get_initial_narrow_environment
api-ms-win-crt-stdio-l1-1-0.dll
0x1401ad170 _set_fmode
0x1401ad178 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1401ad0b0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1401ad098 free
0x1401ad0a0 _set_new_mode
EAT(Export Address Table) is none