ScreenShot
| Created | 2024.04.05 23:38 | Machine | s1_win7_x6401 |
| Filename | toolspub1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (AIDetectMalware, Mokes, malicious, high confidence, unsafe, Save, Attribute, HighConfidence, FileRepMalware, Strab, SmokeLoader, CLASSIC, high, score, Krypt, Detected, Sabsik, ZexaF, kq0@aqKAeHgG, Static AI, Malicious PE, susgen, Kryptik, GYGF, confidence, 100%) | ||
| md5 | af2027f509b6f4b269a7249c2cd5ae4d | ||
| sha256 | 5c2a928300805c6f772128556ec39f4152172ff9757e22e23bf0b89f91f0e101 | ||
| ssdeep | 3072:8or9nIoq91dwPfb4Z3EtqpAQVjnHF3egebZNn7+KX:lRnIoO1d2D4ZUtqpXllugen+0 | ||
| imphash | c8008ea7e1665c11ca589c6a7cb5626c | ||
| impfuzzy | 24:j4XbkrkSLZNTgVjk1VV4WjvCDojmgPVv93oOov5twDcjBlj/J3I+8Ryv0T4IAjMN:isRZrX13n8tucNbh0cIcxkSw | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40a000 GetComputerNameA
0x40a004 LocalUnlock
0x40a008 GetDateFormatW
0x40a00c HeapReAlloc
0x40a010 HeapCompact
0x40a014 GetConsoleAliasesLengthW
0x40a018 GetLocaleInfoA
0x40a01c HeapFree
0x40a020 CreateHardLinkA
0x40a024 GetSystemDefaultLCID
0x40a028 GetModuleHandleW
0x40a02c GlobalAlloc
0x40a030 GlobalFindAtomA
0x40a034 LoadLibraryW
0x40a038 GetConsoleAliasExesLengthW
0x40a03c WriteConsoleOutputA
0x40a040 SetConsoleCP
0x40a044 GetAtomNameW
0x40a048 CreateFileW
0x40a04c WritePrivateProfileStringW
0x40a050 GetLongPathNameW
0x40a054 GetThreadLocale
0x40a058 GetProcAddress
0x40a05c LoadLibraryA
0x40a060 SetCalendarInfoW
0x40a064 FindFirstVolumeMountPointW
0x40a068 HeapWalk
0x40a06c FindAtomA
0x40a070 CreatePipe
0x40a074 GetModuleFileNameA
0x40a078 SetConsoleTitleW
0x40a07c GetCurrentDirectoryA
0x40a080 DeleteCriticalSection
0x40a084 SetFileAttributesW
0x40a088 SetFilePointer
0x40a08c WriteConsoleW
0x40a090 CloseHandle
0x40a094 HeapAlloc
0x40a098 ExitProcess
0x40a09c DecodePointer
0x40a0a0 GetCommandLineA
0x40a0a4 HeapSetInformation
0x40a0a8 GetStartupInfoW
0x40a0ac TerminateProcess
0x40a0b0 GetCurrentProcess
0x40a0b4 UnhandledExceptionFilter
0x40a0b8 SetUnhandledExceptionFilter
0x40a0bc IsDebuggerPresent
0x40a0c0 WriteFile
0x40a0c4 GetStdHandle
0x40a0c8 GetModuleFileNameW
0x40a0cc HeapCreate
0x40a0d0 EncodePointer
0x40a0d4 EnterCriticalSection
0x40a0d8 LeaveCriticalSection
0x40a0dc GetLastError
0x40a0e0 InitializeCriticalSectionAndSpinCount
0x40a0e4 TlsAlloc
0x40a0e8 TlsGetValue
0x40a0ec TlsSetValue
0x40a0f0 TlsFree
0x40a0f4 InterlockedIncrement
0x40a0f8 SetLastError
0x40a0fc GetCurrentThreadId
0x40a100 InterlockedDecrement
0x40a104 FreeEnvironmentStringsW
0x40a108 WideCharToMultiByte
0x40a10c GetEnvironmentStringsW
0x40a110 SetHandleCount
0x40a114 GetFileType
0x40a118 QueryPerformanceCounter
0x40a11c GetTickCount
0x40a120 GetCurrentProcessId
0x40a124 GetSystemTimeAsFileTime
0x40a128 Sleep
0x40a12c RtlUnwind
0x40a130 GetCPInfo
0x40a134 GetACP
0x40a138 GetOEMCP
0x40a13c IsValidCodePage
0x40a140 MultiByteToWideChar
0x40a144 HeapSize
0x40a148 GetConsoleCP
0x40a14c GetConsoleMode
0x40a150 FlushFileBuffers
0x40a154 IsProcessorFeaturePresent
0x40a158 LCMapStringW
0x40a15c GetStringTypeW
0x40a160 ReadFile
0x40a164 SetStdHandle
USER32.dll
0x40a16c GetMonitorInfoW
0x40a170 LoadIconA
EAT(Export Address Table) is none
KERNEL32.dll
0x40a000 GetComputerNameA
0x40a004 LocalUnlock
0x40a008 GetDateFormatW
0x40a00c HeapReAlloc
0x40a010 HeapCompact
0x40a014 GetConsoleAliasesLengthW
0x40a018 GetLocaleInfoA
0x40a01c HeapFree
0x40a020 CreateHardLinkA
0x40a024 GetSystemDefaultLCID
0x40a028 GetModuleHandleW
0x40a02c GlobalAlloc
0x40a030 GlobalFindAtomA
0x40a034 LoadLibraryW
0x40a038 GetConsoleAliasExesLengthW
0x40a03c WriteConsoleOutputA
0x40a040 SetConsoleCP
0x40a044 GetAtomNameW
0x40a048 CreateFileW
0x40a04c WritePrivateProfileStringW
0x40a050 GetLongPathNameW
0x40a054 GetThreadLocale
0x40a058 GetProcAddress
0x40a05c LoadLibraryA
0x40a060 SetCalendarInfoW
0x40a064 FindFirstVolumeMountPointW
0x40a068 HeapWalk
0x40a06c FindAtomA
0x40a070 CreatePipe
0x40a074 GetModuleFileNameA
0x40a078 SetConsoleTitleW
0x40a07c GetCurrentDirectoryA
0x40a080 DeleteCriticalSection
0x40a084 SetFileAttributesW
0x40a088 SetFilePointer
0x40a08c WriteConsoleW
0x40a090 CloseHandle
0x40a094 HeapAlloc
0x40a098 ExitProcess
0x40a09c DecodePointer
0x40a0a0 GetCommandLineA
0x40a0a4 HeapSetInformation
0x40a0a8 GetStartupInfoW
0x40a0ac TerminateProcess
0x40a0b0 GetCurrentProcess
0x40a0b4 UnhandledExceptionFilter
0x40a0b8 SetUnhandledExceptionFilter
0x40a0bc IsDebuggerPresent
0x40a0c0 WriteFile
0x40a0c4 GetStdHandle
0x40a0c8 GetModuleFileNameW
0x40a0cc HeapCreate
0x40a0d0 EncodePointer
0x40a0d4 EnterCriticalSection
0x40a0d8 LeaveCriticalSection
0x40a0dc GetLastError
0x40a0e0 InitializeCriticalSectionAndSpinCount
0x40a0e4 TlsAlloc
0x40a0e8 TlsGetValue
0x40a0ec TlsSetValue
0x40a0f0 TlsFree
0x40a0f4 InterlockedIncrement
0x40a0f8 SetLastError
0x40a0fc GetCurrentThreadId
0x40a100 InterlockedDecrement
0x40a104 FreeEnvironmentStringsW
0x40a108 WideCharToMultiByte
0x40a10c GetEnvironmentStringsW
0x40a110 SetHandleCount
0x40a114 GetFileType
0x40a118 QueryPerformanceCounter
0x40a11c GetTickCount
0x40a120 GetCurrentProcessId
0x40a124 GetSystemTimeAsFileTime
0x40a128 Sleep
0x40a12c RtlUnwind
0x40a130 GetCPInfo
0x40a134 GetACP
0x40a138 GetOEMCP
0x40a13c IsValidCodePage
0x40a140 MultiByteToWideChar
0x40a144 HeapSize
0x40a148 GetConsoleCP
0x40a14c GetConsoleMode
0x40a150 FlushFileBuffers
0x40a154 IsProcessorFeaturePresent
0x40a158 LCMapStringW
0x40a15c GetStringTypeW
0x40a160 ReadFile
0x40a164 SetStdHandle
USER32.dll
0x40a16c GetMonitorInfoW
0x40a170 LoadIconA
EAT(Export Address Table) is none