ScreenShot
| Created | 2024.04.10 13:49 | Machine | s1_win7_x6403 |
| Filename | crypted6077866846MVYQY.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 51 detected (Common, Redline, Malicious, score, Genericml, Lazy, unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, HWSU, Generic@AI, RDML, z79c+IDV6DEeQpr6DNRs6Q, uvzxg, YXEDEZ, Detected, ai score=81, xnet, Eldorado, PWSX, R642373, Bdhl, Static AI, Malicious PE, susgen, GenKryptik, GVLG) | ||
| md5 | c8edf453ed433cefb2696bb859e0f782 | ||
| sha256 | 0c5c2b10c3161ad9452c25d4a10e082ec94f0eb39b583c03ab3534a5e45649a0 | ||
| ssdeep | 12288:ypFy1/EXmhwdmojNcp/yhBxrQWQAxfUyD4lIx:ypFy1/EXRdUqByWQwf | ||
| imphash | 7ea8dffd703d941f5f072a5931c9ade2 | ||
| impfuzzy | 24:ODbzOjqBKAWJtdShwcpVf2GhlJBl39roUOovbODFZphvREZHu9+GMAZ:q/WJtdSmcpVf2GnpZi3DFZvR | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45a000 VirtualProtect
0x45a004 GetProcAddress
0x45a008 VirtualAllocEx
0x45a00c LoadLibraryA
0x45a010 CreateThread
0x45a014 Sleep
0x45a018 VirtualAlloc
0x45a01c lstrlenW
0x45a020 WaitForSingleObject
0x45a024 FreeConsole
0x45a028 GetCurrentThreadId
0x45a02c ReleaseSRWLockExclusive
0x45a030 AcquireSRWLockExclusive
0x45a034 WakeAllConditionVariable
0x45a038 SleepConditionVariableSRW
0x45a03c UnhandledExceptionFilter
0x45a040 SetUnhandledExceptionFilter
0x45a044 GetCurrentProcess
0x45a048 TerminateProcess
0x45a04c IsProcessorFeaturePresent
0x45a050 IsDebuggerPresent
0x45a054 GetStartupInfoW
0x45a058 GetModuleHandleW
0x45a05c QueryPerformanceCounter
0x45a060 GetCurrentProcessId
0x45a064 GetSystemTimeAsFileTime
0x45a068 InitializeSListHead
0x45a06c WideCharToMultiByte
0x45a070 EncodePointer
0x45a074 DecodePointer
0x45a078 EnterCriticalSection
0x45a07c LeaveCriticalSection
0x45a080 InitializeCriticalSectionEx
0x45a084 DeleteCriticalSection
0x45a088 MultiByteToWideChar
0x45a08c LCMapStringEx
0x45a090 GetStringTypeW
0x45a094 GetCPInfo
0x45a098 CreateFileW
0x45a09c RaiseException
0x45a0a0 RtlUnwind
0x45a0a4 GetLastError
0x45a0a8 SetLastError
0x45a0ac InitializeCriticalSectionAndSpinCount
0x45a0b0 TlsAlloc
0x45a0b4 TlsGetValue
0x45a0b8 TlsSetValue
0x45a0bc TlsFree
0x45a0c0 FreeLibrary
0x45a0c4 LoadLibraryExW
0x45a0c8 ExitProcess
0x45a0cc GetModuleHandleExW
0x45a0d0 GetModuleFileNameW
0x45a0d4 GetStdHandle
0x45a0d8 WriteFile
0x45a0dc GetCommandLineA
0x45a0e0 GetCommandLineW
0x45a0e4 CompareStringW
0x45a0e8 LCMapStringW
0x45a0ec GetLocaleInfoW
0x45a0f0 IsValidLocale
0x45a0f4 GetUserDefaultLCID
0x45a0f8 EnumSystemLocalesW
0x45a0fc HeapFree
0x45a100 HeapAlloc
0x45a104 GetFileType
0x45a108 FindClose
0x45a10c FindFirstFileExW
0x45a110 FindNextFileW
0x45a114 IsValidCodePage
0x45a118 GetACP
0x45a11c GetOEMCP
0x45a120 GetEnvironmentStringsW
0x45a124 FreeEnvironmentStringsW
0x45a128 SetEnvironmentVariableW
0x45a12c GetProcessHeap
0x45a130 SetStdHandle
0x45a134 CloseHandle
0x45a138 FlushFileBuffers
0x45a13c GetConsoleOutputCP
0x45a140 GetConsoleMode
0x45a144 ReadFile
0x45a148 GetFileSizeEx
0x45a14c SetFilePointerEx
0x45a150 ReadConsoleW
0x45a154 HeapReAlloc
0x45a158 HeapSize
0x45a15c WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x45a000 VirtualProtect
0x45a004 GetProcAddress
0x45a008 VirtualAllocEx
0x45a00c LoadLibraryA
0x45a010 CreateThread
0x45a014 Sleep
0x45a018 VirtualAlloc
0x45a01c lstrlenW
0x45a020 WaitForSingleObject
0x45a024 FreeConsole
0x45a028 GetCurrentThreadId
0x45a02c ReleaseSRWLockExclusive
0x45a030 AcquireSRWLockExclusive
0x45a034 WakeAllConditionVariable
0x45a038 SleepConditionVariableSRW
0x45a03c UnhandledExceptionFilter
0x45a040 SetUnhandledExceptionFilter
0x45a044 GetCurrentProcess
0x45a048 TerminateProcess
0x45a04c IsProcessorFeaturePresent
0x45a050 IsDebuggerPresent
0x45a054 GetStartupInfoW
0x45a058 GetModuleHandleW
0x45a05c QueryPerformanceCounter
0x45a060 GetCurrentProcessId
0x45a064 GetSystemTimeAsFileTime
0x45a068 InitializeSListHead
0x45a06c WideCharToMultiByte
0x45a070 EncodePointer
0x45a074 DecodePointer
0x45a078 EnterCriticalSection
0x45a07c LeaveCriticalSection
0x45a080 InitializeCriticalSectionEx
0x45a084 DeleteCriticalSection
0x45a088 MultiByteToWideChar
0x45a08c LCMapStringEx
0x45a090 GetStringTypeW
0x45a094 GetCPInfo
0x45a098 CreateFileW
0x45a09c RaiseException
0x45a0a0 RtlUnwind
0x45a0a4 GetLastError
0x45a0a8 SetLastError
0x45a0ac InitializeCriticalSectionAndSpinCount
0x45a0b0 TlsAlloc
0x45a0b4 TlsGetValue
0x45a0b8 TlsSetValue
0x45a0bc TlsFree
0x45a0c0 FreeLibrary
0x45a0c4 LoadLibraryExW
0x45a0c8 ExitProcess
0x45a0cc GetModuleHandleExW
0x45a0d0 GetModuleFileNameW
0x45a0d4 GetStdHandle
0x45a0d8 WriteFile
0x45a0dc GetCommandLineA
0x45a0e0 GetCommandLineW
0x45a0e4 CompareStringW
0x45a0e8 LCMapStringW
0x45a0ec GetLocaleInfoW
0x45a0f0 IsValidLocale
0x45a0f4 GetUserDefaultLCID
0x45a0f8 EnumSystemLocalesW
0x45a0fc HeapFree
0x45a100 HeapAlloc
0x45a104 GetFileType
0x45a108 FindClose
0x45a10c FindFirstFileExW
0x45a110 FindNextFileW
0x45a114 IsValidCodePage
0x45a118 GetACP
0x45a11c GetOEMCP
0x45a120 GetEnvironmentStringsW
0x45a124 FreeEnvironmentStringsW
0x45a128 SetEnvironmentVariableW
0x45a12c GetProcessHeap
0x45a130 SetStdHandle
0x45a134 CloseHandle
0x45a138 FlushFileBuffers
0x45a13c GetConsoleOutputCP
0x45a140 GetConsoleMode
0x45a144 ReadFile
0x45a148 GetFileSizeEx
0x45a14c SetFilePointerEx
0x45a150 ReadConsoleW
0x45a154 HeapReAlloc
0x45a158 HeapSize
0x45a15c WriteConsoleW
EAT(Export Address Table) is none