ScreenShot
| Created | 2024.04.08 18:30 | Machine | s1_win7_x6401 |
| Filename | sample8.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 50 detected (AIDetectMalware, Danabot, Malicious, score, GenericKD, Save, high confidence, Kryptik, HWRO, Artemis, LummaStealer, kkxdfi, SmokeLoader, CLASSIC, GenKryptik, LUMMAC, USBLCR24, high, Mokes, Detected, ai score=82, Convagent, Sabsik, ABRisk, YIIJ, PWSX, R641518, GdSda, Obfuscated, Static AI, Malicious PE, susgen, HWMW, MBFW) | ||
| md5 | 23c36291056735c770acd94a1eeb2d74 | ||
| sha256 | 6d8e4f00f741733562a2c7a4a186bc3323c398d3a6c919e601ee22404be2cd07 | ||
| ssdeep | 6144:omBGQYIVvlIfGAbq/5VayaiH5MUxtkUHiaPK://YIVtrAbqRA6+UxyU3C | ||
| imphash | 0be152bdfc9ef291ebc79442873fbb26 | ||
| impfuzzy | 24:UkPHflmpukNvqzFDSVqs/TXD2Ku9iwc+bq/OovIGRtVJBlelohjMovWnZkIQqpyB:wpHAMF0c+ZTGRthElgWqDqyRHFB | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x411008 GetLocaleInfoA
0x41100c GetConsoleAliasExesLengthA
0x411010 SetConsoleTextAttribute
0x411014 GetCurrentProcess
0x411018 QueryDosDeviceA
0x41101c GetModuleHandleW
0x411020 GetTickCount
0x411024 ReadConsoleW
0x411028 GetWindowsDirectoryA
0x41102c EnumTimeFormatsW
0x411030 GlobalAlloc
0x411034 GetVolumeInformationA
0x411038 GetLocaleInfoW
0x41103c GetVersionExW
0x411040 GetConsoleAliasW
0x411044 WriteConsoleW
0x411048 SetSystemPowerState
0x41104c GetModuleFileNameW
0x411050 FindResourceA
0x411054 ExitThread
0x411058 GetLastError
0x41105c GetCurrentDirectoryW
0x411060 GetProcAddress
0x411064 PeekConsoleInputW
0x411068 RemoveDirectoryA
0x41106c LoadLibraryA
0x411070 FindFirstVolumeMountPointW
0x411074 GetNumberFormatW
0x411078 GlobalFindAtomW
0x41107c VirtualProtect
0x411080 GetCurrentProcessId
0x411084 CloseHandle
0x411088 SetStdHandle
0x41108c OutputDebugStringW
0x411090 LoadLibraryExW
0x411094 CreateFileW
0x411098 GetEnvironmentVariableW
0x41109c HeapReAlloc
0x4110a0 EncodePointer
0x4110a4 DecodePointer
0x4110a8 EnterCriticalSection
0x4110ac LeaveCriticalSection
0x4110b0 DeleteCriticalSection
0x4110b4 WideCharToMultiByte
0x4110b8 MultiByteToWideChar
0x4110bc GetStringTypeW
0x4110c0 HeapFree
0x4110c4 HeapAlloc
0x4110c8 ReadFile
0x4110cc GetCommandLineA
0x4110d0 RaiseException
0x4110d4 RtlUnwind
0x4110d8 GetCPInfo
0x4110dc IsProcessorFeaturePresent
0x4110e0 UnhandledExceptionFilter
0x4110e4 SetUnhandledExceptionFilter
0x4110e8 SetLastError
0x4110ec InitializeCriticalSectionAndSpinCount
0x4110f0 Sleep
0x4110f4 TerminateProcess
0x4110f8 TlsAlloc
0x4110fc TlsGetValue
0x411100 TlsSetValue
0x411104 TlsFree
0x411108 GetStartupInfoW
0x41110c LCMapStringW
0x411110 IsDebuggerPresent
0x411114 IsValidCodePage
0x411118 GetACP
0x41111c GetOEMCP
0x411120 GetCurrentThreadId
0x411124 GetProcessHeap
0x411128 ExitProcess
0x41112c GetModuleHandleExW
0x411130 GetStdHandle
0x411134 WriteFile
0x411138 FlushFileBuffers
0x41113c GetConsoleCP
0x411140 GetConsoleMode
0x411144 HeapSize
0x411148 SetFilePointerEx
0x41114c GetFileType
0x411150 GetModuleFileNameA
0x411154 QueryPerformanceCounter
0x411158 GetSystemTimeAsFileTime
0x41115c GetEnvironmentStringsW
0x411160 FreeEnvironmentStringsW
USER32.dll
0x411170 CharLowerA
0x411174 GetAltTabInfoA
0x411178 GetClassInfoA
0x41117c CharUpperBuffW
0x411180 DrawCaption
ADVAPI32.dll
0x411000 ReadEventLogW
MSIMG32.dll
0x411168 AlphaBlend
EAT(Export Address Table) is none
KERNEL32.dll
0x411008 GetLocaleInfoA
0x41100c GetConsoleAliasExesLengthA
0x411010 SetConsoleTextAttribute
0x411014 GetCurrentProcess
0x411018 QueryDosDeviceA
0x41101c GetModuleHandleW
0x411020 GetTickCount
0x411024 ReadConsoleW
0x411028 GetWindowsDirectoryA
0x41102c EnumTimeFormatsW
0x411030 GlobalAlloc
0x411034 GetVolumeInformationA
0x411038 GetLocaleInfoW
0x41103c GetVersionExW
0x411040 GetConsoleAliasW
0x411044 WriteConsoleW
0x411048 SetSystemPowerState
0x41104c GetModuleFileNameW
0x411050 FindResourceA
0x411054 ExitThread
0x411058 GetLastError
0x41105c GetCurrentDirectoryW
0x411060 GetProcAddress
0x411064 PeekConsoleInputW
0x411068 RemoveDirectoryA
0x41106c LoadLibraryA
0x411070 FindFirstVolumeMountPointW
0x411074 GetNumberFormatW
0x411078 GlobalFindAtomW
0x41107c VirtualProtect
0x411080 GetCurrentProcessId
0x411084 CloseHandle
0x411088 SetStdHandle
0x41108c OutputDebugStringW
0x411090 LoadLibraryExW
0x411094 CreateFileW
0x411098 GetEnvironmentVariableW
0x41109c HeapReAlloc
0x4110a0 EncodePointer
0x4110a4 DecodePointer
0x4110a8 EnterCriticalSection
0x4110ac LeaveCriticalSection
0x4110b0 DeleteCriticalSection
0x4110b4 WideCharToMultiByte
0x4110b8 MultiByteToWideChar
0x4110bc GetStringTypeW
0x4110c0 HeapFree
0x4110c4 HeapAlloc
0x4110c8 ReadFile
0x4110cc GetCommandLineA
0x4110d0 RaiseException
0x4110d4 RtlUnwind
0x4110d8 GetCPInfo
0x4110dc IsProcessorFeaturePresent
0x4110e0 UnhandledExceptionFilter
0x4110e4 SetUnhandledExceptionFilter
0x4110e8 SetLastError
0x4110ec InitializeCriticalSectionAndSpinCount
0x4110f0 Sleep
0x4110f4 TerminateProcess
0x4110f8 TlsAlloc
0x4110fc TlsGetValue
0x411100 TlsSetValue
0x411104 TlsFree
0x411108 GetStartupInfoW
0x41110c LCMapStringW
0x411110 IsDebuggerPresent
0x411114 IsValidCodePage
0x411118 GetACP
0x41111c GetOEMCP
0x411120 GetCurrentThreadId
0x411124 GetProcessHeap
0x411128 ExitProcess
0x41112c GetModuleHandleExW
0x411130 GetStdHandle
0x411134 WriteFile
0x411138 FlushFileBuffers
0x41113c GetConsoleCP
0x411140 GetConsoleMode
0x411144 HeapSize
0x411148 SetFilePointerEx
0x41114c GetFileType
0x411150 GetModuleFileNameA
0x411154 QueryPerformanceCounter
0x411158 GetSystemTimeAsFileTime
0x41115c GetEnvironmentStringsW
0x411160 FreeEnvironmentStringsW
USER32.dll
0x411170 CharLowerA
0x411174 GetAltTabInfoA
0x411178 GetClassInfoA
0x41117c CharUpperBuffW
0x411180 DrawCaption
ADVAPI32.dll
0x411000 ReadEventLogW
MSIMG32.dll
0x411168 AlphaBlend
EAT(Export Address Table) is none