ScreenShot
| Created | 2024.04.10 21:15 | Machine | s1_win7_x6401 |
| Filename | SP_MASTER_v112.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 21 detected (AIDetectMalware, Bulz, Emotet, Sality, unsafe, V2h1, Attribute, HighConfidence, VMProtect, L suspicious, FileRepMalware, Hacktool, Activator, CLOUD, Generic Reputation PUA, Artemis, MALICIOUS, Chgt, Static AI, Suspicious PE, confidence) | ||
| md5 | a73a7c7d0a0cc88bde17aa70f80eedbe | ||
| sha256 | b64916db4b5eafd0c923e7b04c9013928073159ba835aa7d214e5a8b2ff61b81 | ||
| ssdeep | 98304:lapmx5gq1QojNjloj0bUf1MnyONuaUCtGV8p54DULPWLPrxTHxjOKiIQMdK0:lape5g2oyOayXak8QDUDKz5xjOcM0 | ||
| imphash | 461cb561f05b87c7ac687e29f377e3bf | ||
| impfuzzy | 24:oWw1q6DInb4LZwsgMX0Vz8cD958QtXJHc9NDI5Q8:oWCqvnhMCR5ZXpcM5Q8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0xded000 SysFreeString
advapi32.dll
0xded010 RegQueryValueExW
user32.dll
0xded020 CharNextW
kernel32.dll
0xded030 GetVersion
kernel32.dll
0xded040 GetProcAddress
user32.dll
0xded050 SetClassLongPtrW
gdi32.dll
0xded060 UnrealizeObject
version.dll
0xded070 VerQueryValueW
kernel32.dll
0xded080 GetVersionExW
0xded088 GetVersion
advapi32.dll
0xded098 RegUnLoadKeyW
kernel32.dll
0xded0a8 Sleep
netapi32.dll
0xded0b8 NetApiBufferFree
oleaut32.dll
0xded0c8 SafeArrayPtrOfIndex
oleaut32.dll
0xded0d8 GetErrorInfo
ole32.dll
0xded0e8 OleUninitialize
comctl32.dll
0xded0f8 InitializeFlatSB
user32.dll
0xded108 EnumDisplayMonitors
msvcrt.dll
0xded118 memset
shell32.dll
0xded128 ShellExecuteW
winspool.drv
0xded138 OpenPrinterW
winspool.drv
0xded148 GetDefaultPrinterW
advapi32.dll
0xded158 CryptGenRandom
WTSAPI32.dll
0xded168 WTSSendMessageW
kernel32.dll
0xded178 FlsSetValue
user32.dll
0xded188 GetProcessWindowStation
kernel32.dll
0xded198 LocalAlloc
0xded1a0 LocalFree
0xded1a8 GetModuleFileNameW
0xded1b0 GetProcessAffinityMask
0xded1b8 SetProcessAffinityMask
0xded1c0 SetThreadAffinityMask
0xded1c8 Sleep
0xded1d0 ExitProcess
0xded1d8 FreeLibrary
0xded1e0 LoadLibraryA
0xded1e8 GetModuleHandleA
0xded1f0 GetProcAddress
user32.dll
0xded200 GetProcessWindowStation
0xded208 GetUserObjectInformationW
EAT(Export Address Table) Library
0x492650 TMethodImplementationIntercept
0x419f70 __dbk_fcall_wrapper
0x836288 dbkFCallWrapperAddr
oleaut32.dll
0xded000 SysFreeString
advapi32.dll
0xded010 RegQueryValueExW
user32.dll
0xded020 CharNextW
kernel32.dll
0xded030 GetVersion
kernel32.dll
0xded040 GetProcAddress
user32.dll
0xded050 SetClassLongPtrW
gdi32.dll
0xded060 UnrealizeObject
version.dll
0xded070 VerQueryValueW
kernel32.dll
0xded080 GetVersionExW
0xded088 GetVersion
advapi32.dll
0xded098 RegUnLoadKeyW
kernel32.dll
0xded0a8 Sleep
netapi32.dll
0xded0b8 NetApiBufferFree
oleaut32.dll
0xded0c8 SafeArrayPtrOfIndex
oleaut32.dll
0xded0d8 GetErrorInfo
ole32.dll
0xded0e8 OleUninitialize
comctl32.dll
0xded0f8 InitializeFlatSB
user32.dll
0xded108 EnumDisplayMonitors
msvcrt.dll
0xded118 memset
shell32.dll
0xded128 ShellExecuteW
winspool.drv
0xded138 OpenPrinterW
winspool.drv
0xded148 GetDefaultPrinterW
advapi32.dll
0xded158 CryptGenRandom
WTSAPI32.dll
0xded168 WTSSendMessageW
kernel32.dll
0xded178 FlsSetValue
user32.dll
0xded188 GetProcessWindowStation
kernel32.dll
0xded198 LocalAlloc
0xded1a0 LocalFree
0xded1a8 GetModuleFileNameW
0xded1b0 GetProcessAffinityMask
0xded1b8 SetProcessAffinityMask
0xded1c0 SetThreadAffinityMask
0xded1c8 Sleep
0xded1d0 ExitProcess
0xded1d8 FreeLibrary
0xded1e0 LoadLibraryA
0xded1e8 GetModuleHandleA
0xded1f0 GetProcAddress
user32.dll
0xded200 GetProcessWindowStation
0xded208 GetUserObjectInformationW
EAT(Export Address Table) Library
0x492650 TMethodImplementationIntercept
0x419f70 __dbk_fcall_wrapper
0x836288 dbkFCallWrapperAddr