ScreenShot
| Created | 2024.04.03 13:43 | Machine | s1_win7_x6401 |
| Filename | download.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 33 detected (AIDetectMalware, Zbot, m5ir, malicious, high confidence, score, Lockbit, unsafe, Save, Attribute, HighConfidence, Artemis, FileRepMalware, Cryp, SmokeLoader, CLASSIC, high, Outbreak, Detected, RisePro, Sabsik, Strab, Kryptik, Eldorado, ZexaF, Zq0@ayKfg4gG, Chgt, Static AI, Suspicious PE, susgen, GYGF, confidence, 100%) | ||
| md5 | f29bb9918f3803046c2bab24c20b458d | ||
| sha256 | b84760ded0544c86d23849130082b99c3000b1e4ca5da0690fcdfbf2771b7993 | ||
| ssdeep | 24576:OYHymN8tZiUqGvCBSYcjOaTKsB5Oih4un0:OYRNyZiUqwCgYWHhn | ||
| imphash | eb67be19b81b44ee5931ef078192d536 | ||
| impfuzzy | 24:hCkrkDnkKr1jkz1VV4WWvCDZ4EeTgv9nMZLOtZt5gcrliJ3I+HRyv0T4QjMICigH:hFYrPq1u6tZticrcC0cgIxkkSw | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40d000 DebugActiveProcess
0x40d004 GetDateFormatW
0x40d008 CreateFileA
0x40d00c GetConsoleAliasesLengthW
0x40d010 GetNumaProcessorNode
0x40d014 GetLocaleInfoA
0x40d018 HeapAlloc
0x40d01c InterlockedIncrement
0x40d020 HeapFree
0x40d024 CreateHardLinkA
0x40d028 ConnectNamedPipe
0x40d02c GetModuleHandleW
0x40d030 FindNextVolumeMountPointA
0x40d034 ReadConsoleOutputA
0x40d038 GetUserDefaultLangID
0x40d03c GlobalAlloc
0x40d040 LoadLibraryW
0x40d044 GetConsoleAliasExesLengthW
0x40d048 lstrcpynW
0x40d04c GetAtomNameW
0x40d050 LocalHandle
0x40d054 SetConsoleTitleA
0x40d058 WritePrivateProfileStringW
0x40d05c GetThreadLocale
0x40d060 GetProcAddress
0x40d064 GetLongPathNameA
0x40d068 SetComputerNameA
0x40d06c SetCalendarInfoW
0x40d070 SetConsoleDisplayMode
0x40d074 GlobalFindAtomW
0x40d078 GetModuleFileNameA
0x40d07c HeapSetInformation
0x40d080 VirtualProtect
0x40d084 GetCurrentDirectoryA
0x40d088 DeleteCriticalSection
0x40d08c FindAtomW
0x40d090 GetSystemTime
0x40d094 SetFileAttributesW
0x40d098 CreateFileW
0x40d09c EncodePointer
0x40d0a0 DecodePointer
0x40d0a4 ExitProcess
0x40d0a8 GetCommandLineW
0x40d0ac GetStartupInfoW
0x40d0b0 RaiseException
0x40d0b4 TerminateProcess
0x40d0b8 GetCurrentProcess
0x40d0bc UnhandledExceptionFilter
0x40d0c0 SetUnhandledExceptionFilter
0x40d0c4 IsDebuggerPresent
0x40d0c8 GetLastError
0x40d0cc IsProcessorFeaturePresent
0x40d0d0 WriteFile
0x40d0d4 GetStdHandle
0x40d0d8 GetModuleFileNameW
0x40d0dc HeapCreate
0x40d0e0 EnterCriticalSection
0x40d0e4 LeaveCriticalSection
0x40d0e8 Sleep
0x40d0ec HeapSize
0x40d0f0 InitializeCriticalSectionAndSpinCount
0x40d0f4 TlsAlloc
0x40d0f8 TlsGetValue
0x40d0fc TlsSetValue
0x40d100 TlsFree
0x40d104 SetLastError
0x40d108 GetCurrentThreadId
0x40d10c InterlockedDecrement
0x40d110 FreeEnvironmentStringsW
0x40d114 GetEnvironmentStringsW
0x40d118 SetHandleCount
0x40d11c GetFileType
0x40d120 QueryPerformanceCounter
0x40d124 GetTickCount
0x40d128 GetCurrentProcessId
0x40d12c GetSystemTimeAsFileTime
0x40d130 SetFilePointer
0x40d134 WideCharToMultiByte
0x40d138 GetConsoleCP
0x40d13c GetConsoleMode
0x40d140 GetCPInfo
0x40d144 GetACP
0x40d148 GetOEMCP
0x40d14c IsValidCodePage
0x40d150 RtlUnwind
0x40d154 MultiByteToWideChar
0x40d158 HeapReAlloc
0x40d15c SetStdHandle
0x40d160 WriteConsoleW
0x40d164 LCMapStringW
0x40d168 GetStringTypeW
0x40d16c FlushFileBuffers
0x40d170 ReadFile
0x40d174 CloseHandle
USER32.dll
0x40d17c GetMonitorInfoW
0x40d180 CopyRect
0x40d184 LoadIconA
EAT(Export Address Table) is none
KERNEL32.dll
0x40d000 DebugActiveProcess
0x40d004 GetDateFormatW
0x40d008 CreateFileA
0x40d00c GetConsoleAliasesLengthW
0x40d010 GetNumaProcessorNode
0x40d014 GetLocaleInfoA
0x40d018 HeapAlloc
0x40d01c InterlockedIncrement
0x40d020 HeapFree
0x40d024 CreateHardLinkA
0x40d028 ConnectNamedPipe
0x40d02c GetModuleHandleW
0x40d030 FindNextVolumeMountPointA
0x40d034 ReadConsoleOutputA
0x40d038 GetUserDefaultLangID
0x40d03c GlobalAlloc
0x40d040 LoadLibraryW
0x40d044 GetConsoleAliasExesLengthW
0x40d048 lstrcpynW
0x40d04c GetAtomNameW
0x40d050 LocalHandle
0x40d054 SetConsoleTitleA
0x40d058 WritePrivateProfileStringW
0x40d05c GetThreadLocale
0x40d060 GetProcAddress
0x40d064 GetLongPathNameA
0x40d068 SetComputerNameA
0x40d06c SetCalendarInfoW
0x40d070 SetConsoleDisplayMode
0x40d074 GlobalFindAtomW
0x40d078 GetModuleFileNameA
0x40d07c HeapSetInformation
0x40d080 VirtualProtect
0x40d084 GetCurrentDirectoryA
0x40d088 DeleteCriticalSection
0x40d08c FindAtomW
0x40d090 GetSystemTime
0x40d094 SetFileAttributesW
0x40d098 CreateFileW
0x40d09c EncodePointer
0x40d0a0 DecodePointer
0x40d0a4 ExitProcess
0x40d0a8 GetCommandLineW
0x40d0ac GetStartupInfoW
0x40d0b0 RaiseException
0x40d0b4 TerminateProcess
0x40d0b8 GetCurrentProcess
0x40d0bc UnhandledExceptionFilter
0x40d0c0 SetUnhandledExceptionFilter
0x40d0c4 IsDebuggerPresent
0x40d0c8 GetLastError
0x40d0cc IsProcessorFeaturePresent
0x40d0d0 WriteFile
0x40d0d4 GetStdHandle
0x40d0d8 GetModuleFileNameW
0x40d0dc HeapCreate
0x40d0e0 EnterCriticalSection
0x40d0e4 LeaveCriticalSection
0x40d0e8 Sleep
0x40d0ec HeapSize
0x40d0f0 InitializeCriticalSectionAndSpinCount
0x40d0f4 TlsAlloc
0x40d0f8 TlsGetValue
0x40d0fc TlsSetValue
0x40d100 TlsFree
0x40d104 SetLastError
0x40d108 GetCurrentThreadId
0x40d10c InterlockedDecrement
0x40d110 FreeEnvironmentStringsW
0x40d114 GetEnvironmentStringsW
0x40d118 SetHandleCount
0x40d11c GetFileType
0x40d120 QueryPerformanceCounter
0x40d124 GetTickCount
0x40d128 GetCurrentProcessId
0x40d12c GetSystemTimeAsFileTime
0x40d130 SetFilePointer
0x40d134 WideCharToMultiByte
0x40d138 GetConsoleCP
0x40d13c GetConsoleMode
0x40d140 GetCPInfo
0x40d144 GetACP
0x40d148 GetOEMCP
0x40d14c IsValidCodePage
0x40d150 RtlUnwind
0x40d154 MultiByteToWideChar
0x40d158 HeapReAlloc
0x40d15c SetStdHandle
0x40d160 WriteConsoleW
0x40d164 LCMapStringW
0x40d168 GetStringTypeW
0x40d16c FlushFileBuffers
0x40d170 ReadFile
0x40d174 CloseHandle
USER32.dll
0x40d17c GetMonitorInfoW
0x40d180 CopyRect
0x40d184 LoadIconA
EAT(Export Address Table) is none