ScreenShot
| Created | 2024.04.10 13:50 | Machine | s1_win7_x6403 |
| Filename | i1gcbW1E.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (AIDetectMalware, GenericKD, malicious, confidence, moderate confidence, Artemis, Detected, ai score=83, Acll, ABRisk, LNBO, Chgt, PossibleThreat) | ||
| md5 | 262a7eb58a01d1aab21b24292c181cd3 | ||
| sha256 | 107090a44888272297ecb7a715a9abca4bc17dafe6aa57505436722a5a9926a6 | ||
| ssdeep | 49152:Iwbow/vbvIgF0kyPGcASmbYK94IZsrNSc8n1PI0IU6iD:IwL3bDjcABKAMSXn1q+D | ||
| imphash | f30ecba2902c4a298094694d866ac533 | ||
| impfuzzy | 96:36K6fpcmbWJGaRqtEiRj204G5OpCxLXHgnPgxI:18actJRj204G5DwPN | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x14024e790 CopySid
0x14024e798 GetLengthSid
0x14024e7a0 GetTokenInformation
0x14024e7a8 IsValidSid
0x14024e7b0 OpenProcessToken
0x14024e7b8 RegCloseKey
0x14024e7c0 RegCreateKeyExW
0x14024e7c8 RegSetValueExW
0x14024e7d0 SystemFunction036
crypt.dll
0x14024e7e0 BCryptGenRandom
KERNEL32.dll
0x14024e7f0 DeleteCriticalSection
0x14024e7f8 EnterCriticalSection
0x14024e800 InitializeCriticalSection
0x14024e808 LeaveCriticalSection
0x14024e810 RaiseException
0x14024e818 RtlCaptureContext
0x14024e820 RtlLookupFunctionEntry
0x14024e828 RtlUnwindEx
0x14024e830 VirtualProtect
0x14024e838 VirtualQuery
0x14024e840 __C_specific_handler
msvcrt.dll
0x14024e850 __getmainargs
0x14024e858 __initenv
0x14024e860 __iob_func
0x14024e868 __set_app_type
0x14024e870 __setusermatherr
0x14024e878 _amsg_exit
0x14024e880 _cexit
0x14024e888 _commode
0x14024e890 _fmode
0x14024e898 _fpreset
0x14024e8a0 _initterm
0x14024e8a8 _onexit
0x14024e8b0 abort
0x14024e8b8 calloc
0x14024e8c0 exit
0x14024e8c8 fprintf
0x14024e8d0 free
0x14024e8d8 fwrite
0x14024e8e0 malloc
0x14024e8e8 memcmp
0x14024e8f0 memcpy
0x14024e8f8 memmove
0x14024e900 memset
0x14024e908 signal
0x14024e910 strlen
0x14024e918 strncmp
0x14024e920 vfprintf
0x14024e928 wcslen
ntdll.dll
0x14024e938 NtQueryInformationProcess
0x14024e940 NtQuerySystemInformation
0x14024e948 NtReadFile
0x14024e950 NtWriteFile
0x14024e958 RtlGetVersion
0x14024e960 RtlNtStatusToDosError
0x14024e968 RtlVirtualUnwind
api-ms-win-core-synch-l1-2-0.dll
0x14024e978 WaitOnAddress
0x14024e980 WakeByAddressAll
0x14024e988 WakeByAddressSingle
kernel32.dll
0x14024e998 AddVectoredExceptionHandler
0x14024e9a0 CheckRemoteDebuggerPresent
0x14024e9a8 CloseHandle
0x14024e9b0 CompareStringOrdinal
0x14024e9b8 CreateDirectoryW
0x14024e9c0 CreateFileW
0x14024e9c8 CreateNamedPipeW
0x14024e9d0 CreateProcessW
0x14024e9d8 CreateThread
0x14024e9e0 CreateWaitableTimerExW
0x14024e9e8 DeleteFileW
0x14024e9f0 DeleteProcThreadAttributeList
0x14024e9f8 DuplicateHandle
0x14024ea00 ExitProcess
0x14024ea08 FindClose
0x14024ea10 FindFirstFileW
0x14024ea18 FormatMessageW
0x14024ea20 FreeEnvironmentStringsW
0x14024ea28 FreeLibrary
0x14024ea30 GetConsoleMode
0x14024ea38 GetCurrentProcess
0x14024ea40 GetCurrentProcessId
0x14024ea48 GetCurrentThread
0x14024ea50 GetEnvironmentStringsW
0x14024ea58 GetEnvironmentVariableW
0x14024ea60 GetExitCodeProcess
0x14024ea68 GetFileAttributesW
0x14024ea70 GetFileInformationByHandle
0x14024ea78 GetFileInformationByHandleEx
0x14024ea80 GetFullPathNameW
0x14024ea88 GetLastError
0x14024ea90 GetModuleFileNameW
0x14024ea98 GetModuleHandleA
0x14024eaa0 GetModuleHandleW
0x14024eaa8 GetProcAddress
0x14024eab0 GetProcessHeap
0x14024eab8 GetProcessIoCounters
0x14024eac0 GetProcessTimes
0x14024eac8 GetStdHandle
0x14024ead0 GetSystemDirectoryW
0x14024ead8 GetSystemInfo
0x14024eae0 GetSystemTimePreciseAsFileTime
0x14024eae8 GetSystemTimes
0x14024eaf0 GetTickCount64
0x14024eaf8 GetWindowsDirectoryW
0x14024eb00 GlobalMemoryStatusEx
0x14024eb08 HeapAlloc
0x14024eb10 HeapFree
0x14024eb18 HeapReAlloc
0x14024eb20 InitOnceBeginInitialize
0x14024eb28 InitOnceComplete
0x14024eb30 InitializeProcThreadAttributeList
0x14024eb38 K32GetPerformanceInfo
0x14024eb40 LoadLibraryExA
0x14024eb48 LocalFree
0x14024eb50 MultiByteToWideChar
0x14024eb58 OpenProcess
0x14024eb60 QueryPerformanceCounter
0x14024eb68 QueryPerformanceFrequency
0x14024eb70 ReadFileEx
0x14024eb78 ReadProcessMemory
0x14024eb80 SetFileInformationByHandle
0x14024eb88 SetFilePointerEx
0x14024eb90 SetHandleInformation
0x14024eb98 SetLastError
0x14024eba0 SetThreadStackGuarantee
0x14024eba8 SetUnhandledExceptionFilter
0x14024ebb0 SetWaitableTimer
0x14024ebb8 Sleep
0x14024ebc0 SleepEx
0x14024ebc8 SwitchToThread
0x14024ebd0 TlsAlloc
0x14024ebd8 TlsFree
0x14024ebe0 TlsGetValue
0x14024ebe8 TlsSetValue
0x14024ebf0 UpdateProcThreadAttribute
0x14024ebf8 VirtualQueryEx
0x14024ec00 WaitForSingleObject
0x14024ec08 WriteConsoleW
0x14024ec10 WriteFileEx
ole32.dll
0x14024ec20 CoCreateInstance
0x14024ec28 CoInitializeEx
0x14024ec30 CoInitializeSecurity
0x14024ec38 CoSetProxyBlanket
oleaut32.dll
0x14024ec48 GetErrorInfo
0x14024ec50 SafeArrayAccessData
0x14024ec58 SafeArrayDestroy
0x14024ec60 SafeArrayGetLBound
0x14024ec68 SafeArrayGetUBound
0x14024ec70 SafeArrayUnaccessData
0x14024ec78 SysAllocStringLen
0x14024ec80 SysFreeString
0x14024ec88 SysStringLen
0x14024ec90 VariantClear
pdh.dll
0x14024eca0 PdhAddEnglishCounterW
0x14024eca8 PdhCloseQuery
0x14024ecb0 PdhCollectQueryData
0x14024ecb8 PdhGetFormattedCounterValue
0x14024ecc0 PdhOpenQueryA
0x14024ecc8 PdhRemoveCounter
powrprof.dll
0x14024ecd8 CallNtPowerInformation
psapi.dll
0x14024ece8 GetModuleFileNameExW
0x14024ecf0 GetProcessMemoryInfo
shell32.dll
0x14024ed00 CommandLineToArgvW
0x14024ed08 ShellExecuteExW
ws2_32.dll
0x14024ed18 WSACleanup
0x14024ed20 WSADuplicateSocketW
0x14024ed28 WSAGetLastError
0x14024ed30 WSARecv
0x14024ed38 WSASend
0x14024ed40 WSASocketW
0x14024ed48 WSAStartup
0x14024ed50 accept
0x14024ed58 ind
0x14024ed60 closesocket
0x14024ed68 connect
0x14024ed70 freeaddrinfo
0x14024ed78 getaddrinfo
0x14024ed80 getpeername
0x14024ed88 getsockname
0x14024ed90 getsockopt
0x14024ed98 ioctlsocket
0x14024eda0 listen
0x14024eda8 recv
0x14024edb0 select
0x14024edb8 send
0x14024edc0 setsockopt
cryptprimitives.dll
0x14024edd0 ProcessPrng
EAT(Export Address Table) is none
ADVAPI32.dll
0x14024e790 CopySid
0x14024e798 GetLengthSid
0x14024e7a0 GetTokenInformation
0x14024e7a8 IsValidSid
0x14024e7b0 OpenProcessToken
0x14024e7b8 RegCloseKey
0x14024e7c0 RegCreateKeyExW
0x14024e7c8 RegSetValueExW
0x14024e7d0 SystemFunction036
crypt.dll
0x14024e7e0 BCryptGenRandom
KERNEL32.dll
0x14024e7f0 DeleteCriticalSection
0x14024e7f8 EnterCriticalSection
0x14024e800 InitializeCriticalSection
0x14024e808 LeaveCriticalSection
0x14024e810 RaiseException
0x14024e818 RtlCaptureContext
0x14024e820 RtlLookupFunctionEntry
0x14024e828 RtlUnwindEx
0x14024e830 VirtualProtect
0x14024e838 VirtualQuery
0x14024e840 __C_specific_handler
msvcrt.dll
0x14024e850 __getmainargs
0x14024e858 __initenv
0x14024e860 __iob_func
0x14024e868 __set_app_type
0x14024e870 __setusermatherr
0x14024e878 _amsg_exit
0x14024e880 _cexit
0x14024e888 _commode
0x14024e890 _fmode
0x14024e898 _fpreset
0x14024e8a0 _initterm
0x14024e8a8 _onexit
0x14024e8b0 abort
0x14024e8b8 calloc
0x14024e8c0 exit
0x14024e8c8 fprintf
0x14024e8d0 free
0x14024e8d8 fwrite
0x14024e8e0 malloc
0x14024e8e8 memcmp
0x14024e8f0 memcpy
0x14024e8f8 memmove
0x14024e900 memset
0x14024e908 signal
0x14024e910 strlen
0x14024e918 strncmp
0x14024e920 vfprintf
0x14024e928 wcslen
ntdll.dll
0x14024e938 NtQueryInformationProcess
0x14024e940 NtQuerySystemInformation
0x14024e948 NtReadFile
0x14024e950 NtWriteFile
0x14024e958 RtlGetVersion
0x14024e960 RtlNtStatusToDosError
0x14024e968 RtlVirtualUnwind
api-ms-win-core-synch-l1-2-0.dll
0x14024e978 WaitOnAddress
0x14024e980 WakeByAddressAll
0x14024e988 WakeByAddressSingle
kernel32.dll
0x14024e998 AddVectoredExceptionHandler
0x14024e9a0 CheckRemoteDebuggerPresent
0x14024e9a8 CloseHandle
0x14024e9b0 CompareStringOrdinal
0x14024e9b8 CreateDirectoryW
0x14024e9c0 CreateFileW
0x14024e9c8 CreateNamedPipeW
0x14024e9d0 CreateProcessW
0x14024e9d8 CreateThread
0x14024e9e0 CreateWaitableTimerExW
0x14024e9e8 DeleteFileW
0x14024e9f0 DeleteProcThreadAttributeList
0x14024e9f8 DuplicateHandle
0x14024ea00 ExitProcess
0x14024ea08 FindClose
0x14024ea10 FindFirstFileW
0x14024ea18 FormatMessageW
0x14024ea20 FreeEnvironmentStringsW
0x14024ea28 FreeLibrary
0x14024ea30 GetConsoleMode
0x14024ea38 GetCurrentProcess
0x14024ea40 GetCurrentProcessId
0x14024ea48 GetCurrentThread
0x14024ea50 GetEnvironmentStringsW
0x14024ea58 GetEnvironmentVariableW
0x14024ea60 GetExitCodeProcess
0x14024ea68 GetFileAttributesW
0x14024ea70 GetFileInformationByHandle
0x14024ea78 GetFileInformationByHandleEx
0x14024ea80 GetFullPathNameW
0x14024ea88 GetLastError
0x14024ea90 GetModuleFileNameW
0x14024ea98 GetModuleHandleA
0x14024eaa0 GetModuleHandleW
0x14024eaa8 GetProcAddress
0x14024eab0 GetProcessHeap
0x14024eab8 GetProcessIoCounters
0x14024eac0 GetProcessTimes
0x14024eac8 GetStdHandle
0x14024ead0 GetSystemDirectoryW
0x14024ead8 GetSystemInfo
0x14024eae0 GetSystemTimePreciseAsFileTime
0x14024eae8 GetSystemTimes
0x14024eaf0 GetTickCount64
0x14024eaf8 GetWindowsDirectoryW
0x14024eb00 GlobalMemoryStatusEx
0x14024eb08 HeapAlloc
0x14024eb10 HeapFree
0x14024eb18 HeapReAlloc
0x14024eb20 InitOnceBeginInitialize
0x14024eb28 InitOnceComplete
0x14024eb30 InitializeProcThreadAttributeList
0x14024eb38 K32GetPerformanceInfo
0x14024eb40 LoadLibraryExA
0x14024eb48 LocalFree
0x14024eb50 MultiByteToWideChar
0x14024eb58 OpenProcess
0x14024eb60 QueryPerformanceCounter
0x14024eb68 QueryPerformanceFrequency
0x14024eb70 ReadFileEx
0x14024eb78 ReadProcessMemory
0x14024eb80 SetFileInformationByHandle
0x14024eb88 SetFilePointerEx
0x14024eb90 SetHandleInformation
0x14024eb98 SetLastError
0x14024eba0 SetThreadStackGuarantee
0x14024eba8 SetUnhandledExceptionFilter
0x14024ebb0 SetWaitableTimer
0x14024ebb8 Sleep
0x14024ebc0 SleepEx
0x14024ebc8 SwitchToThread
0x14024ebd0 TlsAlloc
0x14024ebd8 TlsFree
0x14024ebe0 TlsGetValue
0x14024ebe8 TlsSetValue
0x14024ebf0 UpdateProcThreadAttribute
0x14024ebf8 VirtualQueryEx
0x14024ec00 WaitForSingleObject
0x14024ec08 WriteConsoleW
0x14024ec10 WriteFileEx
ole32.dll
0x14024ec20 CoCreateInstance
0x14024ec28 CoInitializeEx
0x14024ec30 CoInitializeSecurity
0x14024ec38 CoSetProxyBlanket
oleaut32.dll
0x14024ec48 GetErrorInfo
0x14024ec50 SafeArrayAccessData
0x14024ec58 SafeArrayDestroy
0x14024ec60 SafeArrayGetLBound
0x14024ec68 SafeArrayGetUBound
0x14024ec70 SafeArrayUnaccessData
0x14024ec78 SysAllocStringLen
0x14024ec80 SysFreeString
0x14024ec88 SysStringLen
0x14024ec90 VariantClear
pdh.dll
0x14024eca0 PdhAddEnglishCounterW
0x14024eca8 PdhCloseQuery
0x14024ecb0 PdhCollectQueryData
0x14024ecb8 PdhGetFormattedCounterValue
0x14024ecc0 PdhOpenQueryA
0x14024ecc8 PdhRemoveCounter
powrprof.dll
0x14024ecd8 CallNtPowerInformation
psapi.dll
0x14024ece8 GetModuleFileNameExW
0x14024ecf0 GetProcessMemoryInfo
shell32.dll
0x14024ed00 CommandLineToArgvW
0x14024ed08 ShellExecuteExW
ws2_32.dll
0x14024ed18 WSACleanup
0x14024ed20 WSADuplicateSocketW
0x14024ed28 WSAGetLastError
0x14024ed30 WSARecv
0x14024ed38 WSASend
0x14024ed40 WSASocketW
0x14024ed48 WSAStartup
0x14024ed50 accept
0x14024ed58 ind
0x14024ed60 closesocket
0x14024ed68 connect
0x14024ed70 freeaddrinfo
0x14024ed78 getaddrinfo
0x14024ed80 getpeername
0x14024ed88 getsockname
0x14024ed90 getsockopt
0x14024ed98 ioctlsocket
0x14024eda0 listen
0x14024eda8 recv
0x14024edb0 select
0x14024edb8 send
0x14024edc0 setsockopt
cryptprimitives.dll
0x14024edd0 ProcessPrng
EAT(Export Address Table) is none