ScreenShot
| Created | 2024.04.05 23:41 | Machine | s1_win7_x6401 |
| Filename | ttt01.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetectMalware, Pitou, Malicious, score, PitouRI, S28786866, Lazy, unsafe, Vf86, Attribute, HighConfidence, Windows, Threat, GenericRXHQ, jpbcqi, CLASSIC, XPACK, high, Detected, ai score=80, Onkods, Q@52urg7, Eldorado, Tepfer, R96475, General, Bootkit, Genetic, Bkjl, GenAsa, LdWfSJxvz3M, Static AI, Malicious PE) | ||
| md5 | 9185b776b7a981d060b0bb0d7ffed201 | ||
| sha256 | 91a45c416324ed3a8c184e349214e7c82d6df0df4fe6d06f3c7818c0d322373b | ||
| ssdeep | 12288:zZMh/qXO/ljOBYbPUV7TRnP+vacQlokO+bW:Wh/qXIvbPUFxqaQ2W | ||
| imphash | 32a31bfad8ca2c4b8a1a523b9cceb9d8 | ||
| impfuzzy | 48:vk9+wEl9/YoAZtDVLWMTiZc6dc3/3QpnBz+/iufrZA/150votD5FSelAlnXZWVSp:s9+wEl+oAZVZWEKc2c3oxQP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
COMDLG32.dll
0x410000 GetOpenFileNameA
0x410004 GetSaveFileNameA
GDI32.dll
0x41000c BitBlt
0x410010 DeleteDC
0x410014 CreateCompatibleDC
0x410018 GetStockObject
0x41001c SetBkColor
0x410020 SetTextColor
0x410024 SelectObject
0x410028 GetDeviceCaps
0x41002c CreateCompatibleBitmap
0x410030 CreateBitmap
0x410034 TextOutA
0x410038 DeleteObject
KERNEL32.dll
0x410040 RtlUnwind
0x410044 SetStdHandle
0x410048 WideCharToMultiByte
0x41004c GetSystemTimeAsFileTime
0x410050 WriteFile
0x410054 GetModuleHandleW
0x410058 LeaveCriticalSection
0x41005c DeleteCriticalSection
0x410060 GetConsoleCP
0x410064 SetConsoleCtrlHandler
0x410068 Sleep
0x41006c GetCurrentThreadId
0x410070 RaiseException
0x410074 GetStdHandle
0x410078 MultiByteToWideChar
0x41007c TerminateProcess
0x410080 GetStringTypeW
0x410084 EnumSystemLocalesW
0x410088 LoadLibraryExW
0x41008c ReadFile
0x410090 OutputDebugStringW
0x410094 GetCPInfo
0x410098 HeapFree
0x41009c GetModuleFileNameW
0x4100a0 FormatMessageA
0x4100a4 GetCurrentProcess
0x4100a8 GetLastError
0x4100ac FreeEnvironmentStringsW
0x4100b0 AreFileApisANSI
0x4100b4 HeapSize
0x4100b8 SetUnhandledExceptionFilter
0x4100bc GetModuleFileNameA
0x4100c0 GetConsoleMode
0x4100c4 GetEnvironmentStringsW
0x4100c8 FlushFileBuffers
0x4100cc IsValidCodePage
0x4100d0 CreateSemaphoreW
0x4100d4 IsProcessorFeaturePresent
0x4100d8 GetACP
0x4100dc EnterCriticalSection
0x4100e0 LCMapStringW
0x4100e4 FreeLibrary
0x4100e8 GetProcAddress
0x4100ec DecodePointer
0x4100f0 GetFileType
0x4100f4 EncodePointer
0x4100f8 CreateFileW
0x4100fc GetProcessHeap
0x410100 GetOEMCP
0x410104 TlsFree
0x410108 CloseHandle
0x41010c GetStartupInfoW
0x410110 SetFilePointerEx
0x410114 HeapAlloc
0x410118 QueryPerformanceCounter
0x41011c IsValidLocale
0x410120 GetModuleHandleExW
0x410124 TlsGetValue
0x410128 GetLocaleInfoW
0x41012c TlsSetValue
0x410130 IsDebuggerPresent
0x410134 CompareStringW
0x410138 InitializeCriticalSectionAndSpinCount
0x41013c GetDateFormatW
0x410140 CreateFileA
0x410144 UnhandledExceptionFilter
0x410148 LoadLibraryW
0x41014c SetPriorityClass
0x410150 InterlockedDecrement
0x410154 WriteConsoleW
0x410158 GetTimeFormatW
0x41015c GetModuleHandleA
0x410160 HeapReAlloc
0x410164 SetLastError
0x410168 GetCurrentProcessId
0x41016c GetCurrentThread
0x410170 GetUserDefaultLCID
0x410174 ExitProcess
0x410178 FatalAppExitA
0x41017c InterlockedExchange
0x410180 InterlockedIncrement
0x410184 TlsAlloc
0x410188 GetCurrentDirectoryA
SHELL32.dll
0x410190 ShellExecuteA
USER32.dll
0x410198 GetMessageA
0x41019c InvalidateRect
0x4101a0 SetDlgItemTextA
0x4101a4 PostQuitMessage
0x4101a8 SetCursor
0x4101ac PeekMessageA
0x4101b0 DestroyWindow
0x4101b4 AdjustWindowRect
0x4101b8 MessageBoxA
0x4101bc LoadImageA
0x4101c0 GetSystemMenu
0x4101c4 IsIconic
0x4101c8 DefWindowProcA
0x4101cc LoadStringA
0x4101d0 RegisterClassExA
0x4101d4 SetForegroundWindow
0x4101d8 CloseWindow
0x4101dc GetCursorPos
0x4101e0 ReleaseDC
0x4101e4 GetSystemMetrics
0x4101e8 LoadIconA
0x4101ec CreateWindowExA
0x4101f0 ShowCursor
0x4101f4 SetWindowPos
0x4101f8 GetCursor
0x4101fc SendMessageA
0x410200 RemoveMenu
0x410204 GetDlgItemTextA
0x410208 EndDialog
0x41020c DialogBoxParamA
0x410210 GetDC
0x410214 LoadCursorA
0x410218 DispatchMessageA
0x41021c TranslateMessage
0x410220 WaitMessage
WINMM.dll
0x410228 timeKillEvent
0x41022c PlaySoundA
0x410230 timeSetEvent
EAT(Export Address Table) is none
COMDLG32.dll
0x410000 GetOpenFileNameA
0x410004 GetSaveFileNameA
GDI32.dll
0x41000c BitBlt
0x410010 DeleteDC
0x410014 CreateCompatibleDC
0x410018 GetStockObject
0x41001c SetBkColor
0x410020 SetTextColor
0x410024 SelectObject
0x410028 GetDeviceCaps
0x41002c CreateCompatibleBitmap
0x410030 CreateBitmap
0x410034 TextOutA
0x410038 DeleteObject
KERNEL32.dll
0x410040 RtlUnwind
0x410044 SetStdHandle
0x410048 WideCharToMultiByte
0x41004c GetSystemTimeAsFileTime
0x410050 WriteFile
0x410054 GetModuleHandleW
0x410058 LeaveCriticalSection
0x41005c DeleteCriticalSection
0x410060 GetConsoleCP
0x410064 SetConsoleCtrlHandler
0x410068 Sleep
0x41006c GetCurrentThreadId
0x410070 RaiseException
0x410074 GetStdHandle
0x410078 MultiByteToWideChar
0x41007c TerminateProcess
0x410080 GetStringTypeW
0x410084 EnumSystemLocalesW
0x410088 LoadLibraryExW
0x41008c ReadFile
0x410090 OutputDebugStringW
0x410094 GetCPInfo
0x410098 HeapFree
0x41009c GetModuleFileNameW
0x4100a0 FormatMessageA
0x4100a4 GetCurrentProcess
0x4100a8 GetLastError
0x4100ac FreeEnvironmentStringsW
0x4100b0 AreFileApisANSI
0x4100b4 HeapSize
0x4100b8 SetUnhandledExceptionFilter
0x4100bc GetModuleFileNameA
0x4100c0 GetConsoleMode
0x4100c4 GetEnvironmentStringsW
0x4100c8 FlushFileBuffers
0x4100cc IsValidCodePage
0x4100d0 CreateSemaphoreW
0x4100d4 IsProcessorFeaturePresent
0x4100d8 GetACP
0x4100dc EnterCriticalSection
0x4100e0 LCMapStringW
0x4100e4 FreeLibrary
0x4100e8 GetProcAddress
0x4100ec DecodePointer
0x4100f0 GetFileType
0x4100f4 EncodePointer
0x4100f8 CreateFileW
0x4100fc GetProcessHeap
0x410100 GetOEMCP
0x410104 TlsFree
0x410108 CloseHandle
0x41010c GetStartupInfoW
0x410110 SetFilePointerEx
0x410114 HeapAlloc
0x410118 QueryPerformanceCounter
0x41011c IsValidLocale
0x410120 GetModuleHandleExW
0x410124 TlsGetValue
0x410128 GetLocaleInfoW
0x41012c TlsSetValue
0x410130 IsDebuggerPresent
0x410134 CompareStringW
0x410138 InitializeCriticalSectionAndSpinCount
0x41013c GetDateFormatW
0x410140 CreateFileA
0x410144 UnhandledExceptionFilter
0x410148 LoadLibraryW
0x41014c SetPriorityClass
0x410150 InterlockedDecrement
0x410154 WriteConsoleW
0x410158 GetTimeFormatW
0x41015c GetModuleHandleA
0x410160 HeapReAlloc
0x410164 SetLastError
0x410168 GetCurrentProcessId
0x41016c GetCurrentThread
0x410170 GetUserDefaultLCID
0x410174 ExitProcess
0x410178 FatalAppExitA
0x41017c InterlockedExchange
0x410180 InterlockedIncrement
0x410184 TlsAlloc
0x410188 GetCurrentDirectoryA
SHELL32.dll
0x410190 ShellExecuteA
USER32.dll
0x410198 GetMessageA
0x41019c InvalidateRect
0x4101a0 SetDlgItemTextA
0x4101a4 PostQuitMessage
0x4101a8 SetCursor
0x4101ac PeekMessageA
0x4101b0 DestroyWindow
0x4101b4 AdjustWindowRect
0x4101b8 MessageBoxA
0x4101bc LoadImageA
0x4101c0 GetSystemMenu
0x4101c4 IsIconic
0x4101c8 DefWindowProcA
0x4101cc LoadStringA
0x4101d0 RegisterClassExA
0x4101d4 SetForegroundWindow
0x4101d8 CloseWindow
0x4101dc GetCursorPos
0x4101e0 ReleaseDC
0x4101e4 GetSystemMetrics
0x4101e8 LoadIconA
0x4101ec CreateWindowExA
0x4101f0 ShowCursor
0x4101f4 SetWindowPos
0x4101f8 GetCursor
0x4101fc SendMessageA
0x410200 RemoveMenu
0x410204 GetDlgItemTextA
0x410208 EndDialog
0x41020c DialogBoxParamA
0x410210 GetDC
0x410214 LoadCursorA
0x410218 DispatchMessageA
0x41021c TranslateMessage
0x410220 WaitMessage
WINMM.dll
0x410228 timeKillEvent
0x41022c PlaySoundA
0x410230 timeSetEvent
EAT(Export Address Table) is none