ScreenShot
| Created | 2024.04.03 17:13 | Machine | s1_win7_x6401 |
| Filename | PrintSpoofer.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetectMalware, PrintSpoofer, Windows, FakePipe, Malicious, score, Generic Exploit, DeepScan, unsafe, Printer, Vwkj, Attribute, HighConfidence, HackTool, ExploitX, Tool, kickwd, MLMVwqCgTxH, ltmky, R002C0XAU24, Detected, ai score=80, Wacatac, Eldorado, GdSda, Gencirc, susgen, confidence, 100%) | ||
| md5 | dbdcbacbc74b139d914747690ebe0e1c | ||
| sha256 | 54fbd0b6c760f3f0892bd7fabeb6bbad9444a013a024e8a22813c0c0a77d6c18 | ||
| ssdeep | 6144:a/dfokZMIBEOm3XT5Vxm1bO+UTNwWuV7UkwEg2lC:uVo8MIBNmz5DmrUTsXg | ||
| imphash | a2dc41f7a4e1e31604fbb9965c565df5 | ||
| impfuzzy | 48:1O+teSO8cAc+pG+c35uFZGPd1fwNbXaFkJzM:1O+teSO8Zc+pG+JmfgbqFgI | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400cd0d0 WriteConsoleW
0x1400cd0d8 GetComputerNameW
0x1400cd0e0 GetSystemDirectoryW
0x1400cd0e8 GetCurrentThread
0x1400cd0f0 CreateThread
0x1400cd0f8 GetCurrentProcess
0x1400cd100 CreateEventW
0x1400cd108 WaitForSingleObject
0x1400cd110 CreateNamedPipeW
0x1400cd118 ConnectNamedPipe
0x1400cd120 GetLastError
0x1400cd128 CloseHandle
0x1400cd130 CreateFileW
0x1400cd138 HeapReAlloc
0x1400cd140 HeapSize
0x1400cd148 ReadConsoleW
0x1400cd150 ReadFile
0x1400cd158 SetFilePointerEx
0x1400cd160 GetFileSizeEx
0x1400cd168 SetConsoleCtrlHandler
0x1400cd170 GetStringTypeW
0x1400cd178 SetStdHandle
0x1400cd180 SetEnvironmentVariableW
0x1400cd188 GetCurrentThreadId
0x1400cd190 IsDebuggerPresent
0x1400cd198 RaiseException
0x1400cd1a0 MultiByteToWideChar
0x1400cd1a8 WideCharToMultiByte
0x1400cd1b0 RtlCaptureContext
0x1400cd1b8 RtlLookupFunctionEntry
0x1400cd1c0 RtlVirtualUnwind
0x1400cd1c8 UnhandledExceptionFilter
0x1400cd1d0 SetUnhandledExceptionFilter
0x1400cd1d8 TerminateProcess
0x1400cd1e0 IsProcessorFeaturePresent
0x1400cd1e8 QueryPerformanceCounter
0x1400cd1f0 GetCurrentProcessId
0x1400cd1f8 GetSystemTimeAsFileTime
0x1400cd200 InitializeSListHead
0x1400cd208 GetStartupInfoW
0x1400cd210 GetModuleHandleW
0x1400cd218 HeapAlloc
0x1400cd220 HeapFree
0x1400cd228 GetProcessHeap
0x1400cd230 VirtualQuery
0x1400cd238 FreeLibrary
0x1400cd240 GetProcAddress
0x1400cd248 RtlUnwindEx
0x1400cd250 InterlockedPushEntrySList
0x1400cd258 InterlockedFlushSList
0x1400cd260 GetModuleFileNameW
0x1400cd268 LoadLibraryExW
0x1400cd270 SetLastError
0x1400cd278 EnterCriticalSection
0x1400cd280 LeaveCriticalSection
0x1400cd288 DeleteCriticalSection
0x1400cd290 InitializeCriticalSectionAndSpinCount
0x1400cd298 TlsAlloc
0x1400cd2a0 TlsGetValue
0x1400cd2a8 TlsSetValue
0x1400cd2b0 TlsFree
0x1400cd2b8 EncodePointer
0x1400cd2c0 RtlPcToFileHeader
0x1400cd2c8 GetStdHandle
0x1400cd2d0 WriteFile
0x1400cd2d8 ExitProcess
0x1400cd2e0 GetModuleHandleExW
0x1400cd2e8 GetCommandLineA
0x1400cd2f0 GetCommandLineW
0x1400cd2f8 GetDateFormatW
0x1400cd300 GetTimeFormatW
0x1400cd308 CompareStringW
0x1400cd310 LCMapStringW
0x1400cd318 GetLocaleInfoW
0x1400cd320 IsValidLocale
0x1400cd328 GetUserDefaultLCID
0x1400cd330 EnumSystemLocalesW
0x1400cd338 GetFileType
0x1400cd340 FlushFileBuffers
0x1400cd348 GetConsoleOutputCP
0x1400cd350 GetConsoleMode
0x1400cd358 OutputDebugStringW
0x1400cd360 FindClose
0x1400cd368 FindFirstFileExW
0x1400cd370 FindNextFileW
0x1400cd378 IsValidCodePage
0x1400cd380 GetACP
0x1400cd388 GetOEMCP
0x1400cd390 GetCPInfo
0x1400cd398 GetEnvironmentStringsW
0x1400cd3a0 FreeEnvironmentStringsW
0x1400cd3a8 RtlUnwind
ADVAPI32.dll
0x1400cd000 CreateProcessAsUserW
0x1400cd008 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x1400cd010 CreateProcessWithTokenW
0x1400cd018 LookupPrivilegeNameW
0x1400cd020 SetTokenInformation
0x1400cd028 RevertToSelf
0x1400cd030 InitializeSecurityDescriptor
0x1400cd038 GetTokenInformation
0x1400cd040 DuplicateTokenEx
0x1400cd048 AdjustTokenPrivileges
0x1400cd050 OpenThreadToken
0x1400cd058 OpenProcessToken
0x1400cd060 ImpersonateNamedPipeClient
RPCRT4.dll
0x1400cd498 NdrClientCall3
0x1400cd4a0 RpcBindingFree
0x1400cd4a8 UuidToStringW
0x1400cd4b0 UuidCreate
0x1400cd4b8 RpcStringFreeW
0x1400cd4c0 RpcStringBindingComposeW
0x1400cd4c8 RpcBindingFromStringBindingW
USERENV.dll
0x1400cd530 DestroyEnvironmentBlock
0x1400cd538 CreateEnvironmentBlock
EAT(Export Address Table) is none
KERNEL32.dll
0x1400cd0d0 WriteConsoleW
0x1400cd0d8 GetComputerNameW
0x1400cd0e0 GetSystemDirectoryW
0x1400cd0e8 GetCurrentThread
0x1400cd0f0 CreateThread
0x1400cd0f8 GetCurrentProcess
0x1400cd100 CreateEventW
0x1400cd108 WaitForSingleObject
0x1400cd110 CreateNamedPipeW
0x1400cd118 ConnectNamedPipe
0x1400cd120 GetLastError
0x1400cd128 CloseHandle
0x1400cd130 CreateFileW
0x1400cd138 HeapReAlloc
0x1400cd140 HeapSize
0x1400cd148 ReadConsoleW
0x1400cd150 ReadFile
0x1400cd158 SetFilePointerEx
0x1400cd160 GetFileSizeEx
0x1400cd168 SetConsoleCtrlHandler
0x1400cd170 GetStringTypeW
0x1400cd178 SetStdHandle
0x1400cd180 SetEnvironmentVariableW
0x1400cd188 GetCurrentThreadId
0x1400cd190 IsDebuggerPresent
0x1400cd198 RaiseException
0x1400cd1a0 MultiByteToWideChar
0x1400cd1a8 WideCharToMultiByte
0x1400cd1b0 RtlCaptureContext
0x1400cd1b8 RtlLookupFunctionEntry
0x1400cd1c0 RtlVirtualUnwind
0x1400cd1c8 UnhandledExceptionFilter
0x1400cd1d0 SetUnhandledExceptionFilter
0x1400cd1d8 TerminateProcess
0x1400cd1e0 IsProcessorFeaturePresent
0x1400cd1e8 QueryPerformanceCounter
0x1400cd1f0 GetCurrentProcessId
0x1400cd1f8 GetSystemTimeAsFileTime
0x1400cd200 InitializeSListHead
0x1400cd208 GetStartupInfoW
0x1400cd210 GetModuleHandleW
0x1400cd218 HeapAlloc
0x1400cd220 HeapFree
0x1400cd228 GetProcessHeap
0x1400cd230 VirtualQuery
0x1400cd238 FreeLibrary
0x1400cd240 GetProcAddress
0x1400cd248 RtlUnwindEx
0x1400cd250 InterlockedPushEntrySList
0x1400cd258 InterlockedFlushSList
0x1400cd260 GetModuleFileNameW
0x1400cd268 LoadLibraryExW
0x1400cd270 SetLastError
0x1400cd278 EnterCriticalSection
0x1400cd280 LeaveCriticalSection
0x1400cd288 DeleteCriticalSection
0x1400cd290 InitializeCriticalSectionAndSpinCount
0x1400cd298 TlsAlloc
0x1400cd2a0 TlsGetValue
0x1400cd2a8 TlsSetValue
0x1400cd2b0 TlsFree
0x1400cd2b8 EncodePointer
0x1400cd2c0 RtlPcToFileHeader
0x1400cd2c8 GetStdHandle
0x1400cd2d0 WriteFile
0x1400cd2d8 ExitProcess
0x1400cd2e0 GetModuleHandleExW
0x1400cd2e8 GetCommandLineA
0x1400cd2f0 GetCommandLineW
0x1400cd2f8 GetDateFormatW
0x1400cd300 GetTimeFormatW
0x1400cd308 CompareStringW
0x1400cd310 LCMapStringW
0x1400cd318 GetLocaleInfoW
0x1400cd320 IsValidLocale
0x1400cd328 GetUserDefaultLCID
0x1400cd330 EnumSystemLocalesW
0x1400cd338 GetFileType
0x1400cd340 FlushFileBuffers
0x1400cd348 GetConsoleOutputCP
0x1400cd350 GetConsoleMode
0x1400cd358 OutputDebugStringW
0x1400cd360 FindClose
0x1400cd368 FindFirstFileExW
0x1400cd370 FindNextFileW
0x1400cd378 IsValidCodePage
0x1400cd380 GetACP
0x1400cd388 GetOEMCP
0x1400cd390 GetCPInfo
0x1400cd398 GetEnvironmentStringsW
0x1400cd3a0 FreeEnvironmentStringsW
0x1400cd3a8 RtlUnwind
ADVAPI32.dll
0x1400cd000 CreateProcessAsUserW
0x1400cd008 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x1400cd010 CreateProcessWithTokenW
0x1400cd018 LookupPrivilegeNameW
0x1400cd020 SetTokenInformation
0x1400cd028 RevertToSelf
0x1400cd030 InitializeSecurityDescriptor
0x1400cd038 GetTokenInformation
0x1400cd040 DuplicateTokenEx
0x1400cd048 AdjustTokenPrivileges
0x1400cd050 OpenThreadToken
0x1400cd058 OpenProcessToken
0x1400cd060 ImpersonateNamedPipeClient
RPCRT4.dll
0x1400cd498 NdrClientCall3
0x1400cd4a0 RpcBindingFree
0x1400cd4a8 UuidToStringW
0x1400cd4b0 UuidCreate
0x1400cd4b8 RpcStringFreeW
0x1400cd4c0 RpcStringBindingComposeW
0x1400cd4c8 RpcBindingFromStringBindingW
USERENV.dll
0x1400cd530 DestroyEnvironmentBlock
0x1400cd538 CreateEnvironmentBlock
EAT(Export Address Table) is none