ScreenShot
| Created | 2024.04.10 13:44 | Machine | s1_win7_x6401 |
| Filename | klounada.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 41 detected (AIDetectMalware, Malicious, score, Zusy, unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, VMProtect, Artemis, FileRepMalware, Misc, Generic@AI, RDML, 7qbB2Vqnem4M07cCPLbN9Q, XPACK, high, Detected, ai score=81, Znyonm, R644235, ZexaF, @BW@aqKHcs, Zmhl, Static AI, Malicious PE, susgen) | ||
| md5 | 616756248d85c819fd0830d660a7aaa0 | ||
| sha256 | 1e2f5b51b09d3f0060700403f138e33cf4c085dde4fbb469c420e9fd840f04d3 | ||
| ssdeep | 98304:g2GmrHOupd2UnxrkWKnuIGQi0iEFZTbKEH/Zh9lkdKnZ7QOjXIEgTH:a1UxrxWuYFFhDYKnOObIEgT | ||
| imphash | 89c8abd38fd3ffc06ee06d01f9b3cbbf | ||
| impfuzzy | 12:oZCiwxrnfg0Q5kBZGoQtXJxZGb9AJcDfA5kLfP9m:YCiwxE0Q58QtXJHc9NDI5Q8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x801000 ExitProcess
ole32.dll
0x801008 CoCreateInstance
OLEAUT32.dll
0x801010 SysAllocString
USER32.dll
0x801018 CloseClipboard
GDI32.dll
0x801020 BitBlt
WTSAPI32.dll
0x801028 WTSSendMessageW
KERNEL32.dll
0x801030 VirtualQuery
USER32.dll
0x801038 GetProcessWindowStation
KERNEL32.dll
0x801040 LocalAlloc
0x801044 LocalFree
0x801048 GetModuleFileNameW
0x80104c GetProcessAffinityMask
0x801050 SetProcessAffinityMask
0x801054 SetThreadAffinityMask
0x801058 Sleep
0x80105c ExitProcess
0x801060 FreeLibrary
0x801064 LoadLibraryA
0x801068 GetModuleHandleA
0x80106c GetProcAddress
USER32.dll
0x801074 GetProcessWindowStation
0x801078 GetUserObjectInformationW
EAT(Export Address Table) is none
KERNEL32.dll
0x801000 ExitProcess
ole32.dll
0x801008 CoCreateInstance
OLEAUT32.dll
0x801010 SysAllocString
USER32.dll
0x801018 CloseClipboard
GDI32.dll
0x801020 BitBlt
WTSAPI32.dll
0x801028 WTSSendMessageW
KERNEL32.dll
0x801030 VirtualQuery
USER32.dll
0x801038 GetProcessWindowStation
KERNEL32.dll
0x801040 LocalAlloc
0x801044 LocalFree
0x801048 GetModuleFileNameW
0x80104c GetProcessAffinityMask
0x801050 SetProcessAffinityMask
0x801054 SetThreadAffinityMask
0x801058 Sleep
0x80105c ExitProcess
0x801060 FreeLibrary
0x801064 LoadLibraryA
0x801068 GetModuleHandleA
0x80106c GetProcAddress
USER32.dll
0x801074 GetProcessWindowStation
0x801078 GetUserObjectInformationW
EAT(Export Address Table) is none