ScreenShot
| Created | 2024.04.10 22:26 | Machine | s1_win7_x6401 |
| Filename | SP_activator_11.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 2 detected (AIDetectMalware, susgen) | ||
| md5 | 37bc139d30272f8ca5516adccb5e2300 | ||
| sha256 | da4a0673bf79583fcf55539e7a4ef94e16215c7c8b32a50c30ebc8d412048489 | ||
| ssdeep | 786432:d3k0ifwwDu3glyrF3R6FLexvARIKi6ZgyBe4XMcL4:d3k07igrqFexFKrZgCFXt4 | ||
| imphash | bc526b1ad02acaf5d1cab0404b8af6a5 | ||
| impfuzzy | 24:oWw1q6DInb4LZwsgMT0Vz8cD958QtXJHc9NDI5Q8:oWCqvnhMTyR5ZXpcM5Q8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Winnti_Family | Winnti_Family | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x4600000 SysFreeString
advapi32.dll
0x4600010 RegQueryValueExW
user32.dll
0x4600020 CharNextW
kernel32.dll
0x4600030 GetVersion
kernel32.dll
0x4600040 GetProcAddress
user32.dll
0x4600050 SetClassLongPtrW
gdi32.dll
0x4600060 UnrealizeObject
version.dll
0x4600070 VerQueryValueW
kernel32.dll
0x4600080 GetVersionExW
0x4600088 GetVersion
advapi32.dll
0x4600098 RegUnLoadKeyW
kernel32.dll
0x46000a8 Sleep
netapi32.dll
0x46000b8 NetApiBufferFree
oleaut32.dll
0x46000c8 SafeArrayPtrOfIndex
oleaut32.dll
0x46000d8 GetErrorInfo
ole32.dll
0x46000e8 OleUninitialize
comctl32.dll
0x46000f8 InitializeFlatSB
user32.dll
0x4600108 EnumDisplayMonitors
msvcrt.dll
0x4600118 isxdigit
shell32.dll
0x4600128 ShellExecuteW
shell32.dll
0x4600138 SHGetFolderPathW
winspool.drv
0x4600148 OpenPrinterW
winspool.drv
0x4600158 GetDefaultPrinterW
advapi32.dll
0x4600168 CryptGenRandom
WTSAPI32.dll
0x4600178 WTSSendMessageW
kernel32.dll
0x4600188 FlsSetValue
user32.dll
0x4600198 GetProcessWindowStation
kernel32.dll
0x46001a8 LocalAlloc
0x46001b0 LocalFree
0x46001b8 GetModuleFileNameW
0x46001c0 GetProcessAffinityMask
0x46001c8 SetProcessAffinityMask
0x46001d0 SetThreadAffinityMask
0x46001d8 Sleep
0x46001e0 ExitProcess
0x46001e8 FreeLibrary
0x46001f0 LoadLibraryA
0x46001f8 GetModuleHandleA
0x4600200 GetProcAddress
user32.dll
0x4600210 GetProcessWindowStation
0x4600218 GetUserObjectInformationW
EAT(Export Address Table) Library
0x492bb0 TMethodImplementationIntercept
0x41a290 __dbk_fcall_wrapper
0x8af288 dbkFCallWrapperAddr
oleaut32.dll
0x4600000 SysFreeString
advapi32.dll
0x4600010 RegQueryValueExW
user32.dll
0x4600020 CharNextW
kernel32.dll
0x4600030 GetVersion
kernel32.dll
0x4600040 GetProcAddress
user32.dll
0x4600050 SetClassLongPtrW
gdi32.dll
0x4600060 UnrealizeObject
version.dll
0x4600070 VerQueryValueW
kernel32.dll
0x4600080 GetVersionExW
0x4600088 GetVersion
advapi32.dll
0x4600098 RegUnLoadKeyW
kernel32.dll
0x46000a8 Sleep
netapi32.dll
0x46000b8 NetApiBufferFree
oleaut32.dll
0x46000c8 SafeArrayPtrOfIndex
oleaut32.dll
0x46000d8 GetErrorInfo
ole32.dll
0x46000e8 OleUninitialize
comctl32.dll
0x46000f8 InitializeFlatSB
user32.dll
0x4600108 EnumDisplayMonitors
msvcrt.dll
0x4600118 isxdigit
shell32.dll
0x4600128 ShellExecuteW
shell32.dll
0x4600138 SHGetFolderPathW
winspool.drv
0x4600148 OpenPrinterW
winspool.drv
0x4600158 GetDefaultPrinterW
advapi32.dll
0x4600168 CryptGenRandom
WTSAPI32.dll
0x4600178 WTSSendMessageW
kernel32.dll
0x4600188 FlsSetValue
user32.dll
0x4600198 GetProcessWindowStation
kernel32.dll
0x46001a8 LocalAlloc
0x46001b0 LocalFree
0x46001b8 GetModuleFileNameW
0x46001c0 GetProcessAffinityMask
0x46001c8 SetProcessAffinityMask
0x46001d0 SetThreadAffinityMask
0x46001d8 Sleep
0x46001e0 ExitProcess
0x46001e8 FreeLibrary
0x46001f0 LoadLibraryA
0x46001f8 GetModuleHandleA
0x4600200 GetProcAddress
user32.dll
0x4600210 GetProcessWindowStation
0x4600218 GetUserObjectInformationW
EAT(Export Address Table) Library
0x492bb0 TMethodImplementationIntercept
0x41a290 __dbk_fcall_wrapper
0x8af288 dbkFCallWrapperAddr