ScreenShot
| Created | 2024.04.12 08:41 | Machine | s1_win7_x6403 |
| Filename | inte.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (AIDetectMalware, Convagent, Artemis, unsafe, Save, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, GWHZ, BotX, SmokeLoader, CLASSIC, high, score, Krypt, Detected, Stealc, Znyonm, Kryptik, Eldorado, ZexaF, xu0@aeWBtReG, Static AI, Malicious PE, GYGF) | ||
| md5 | bba1a4cc39235bf1a7579bace4fb48b9 | ||
| sha256 | 44d30d6e283b9245d82a8e018ac8d12da5675db52fb536cb868f65808908e22e | ||
| ssdeep | 6144:uMreaHHzY+01nM96uAnjT8xepx1P2DCL:jzHHzY+gGdeHl | ||
| imphash | 73d78b8912724f8acfba9df29f4a49e9 | ||
| impfuzzy | 24:fsxkPUbG2SlpKxkrkRLsOcJw21JvGqD/8z8pO3Ztjv2Rnlyv95/J3IjT4QMCcoti:Ea1rPO5+Or3ZtrOK97McqcotSX3 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40f000 HeapReAlloc
0x40f004 EnumCalendarInfoA
0x40f008 TryEnterCriticalSection
0x40f00c GetConsoleAliasExesLengthA
0x40f010 SetDefaultCommConfigW
0x40f014 HeapFree
0x40f018 GetComputerNameW
0x40f01c UnlockFile
0x40f020 GetModuleHandleW
0x40f024 VirtualFree
0x40f028 FindNextVolumeMountPointA
0x40f02c GetConsoleAliasesLengthA
0x40f030 GetDateFormatA
0x40f034 SetCommState
0x40f038 GetConsoleCP
0x40f03c GlobalAlloc
0x40f040 LoadLibraryW
0x40f044 GetLocaleInfoW
0x40f048 IsBadWritePtr
0x40f04c GetAtomNameW
0x40f050 SetConsoleTitleA
0x40f054 SetCurrentDirectoryA
0x40f058 GetCurrentDirectoryW
0x40f05c GetLongPathNameW
0x40f060 GetProcAddress
0x40f064 FindVolumeMountPointClose
0x40f068 GetProcessHeaps
0x40f06c LoadLibraryA
0x40f070 SetCalendarInfoW
0x40f074 CreatePipe
0x40f078 GetModuleFileNameA
0x40f07c FreeEnvironmentStringsW
0x40f080 CloseHandle
0x40f084 CreateFileW
0x40f088 HeapAlloc
0x40f08c GetLastError
0x40f090 GetCommandLineW
0x40f094 HeapSetInformation
0x40f098 GetStartupInfoW
0x40f09c RaiseException
0x40f0a0 TerminateProcess
0x40f0a4 GetCurrentProcess
0x40f0a8 UnhandledExceptionFilter
0x40f0ac SetUnhandledExceptionFilter
0x40f0b0 IsDebuggerPresent
0x40f0b4 DecodePointer
0x40f0b8 EncodePointer
0x40f0bc IsProcessorFeaturePresent
0x40f0c0 ExitProcess
0x40f0c4 WriteFile
0x40f0c8 GetStdHandle
0x40f0cc GetModuleFileNameW
0x40f0d0 HeapCreate
0x40f0d4 GetEnvironmentStringsW
0x40f0d8 SetHandleCount
0x40f0dc InitializeCriticalSectionAndSpinCount
0x40f0e0 GetFileType
0x40f0e4 DeleteCriticalSection
0x40f0e8 TlsAlloc
0x40f0ec TlsGetValue
0x40f0f0 TlsSetValue
0x40f0f4 TlsFree
0x40f0f8 InterlockedIncrement
0x40f0fc SetLastError
0x40f100 GetCurrentThreadId
0x40f104 InterlockedDecrement
0x40f108 QueryPerformanceCounter
0x40f10c GetTickCount
0x40f110 GetCurrentProcessId
0x40f114 GetSystemTimeAsFileTime
0x40f118 SetFilePointer
0x40f11c WideCharToMultiByte
0x40f120 GetConsoleMode
0x40f124 EnterCriticalSection
0x40f128 LeaveCriticalSection
0x40f12c GetCPInfo
0x40f130 GetACP
0x40f134 GetOEMCP
0x40f138 IsValidCodePage
0x40f13c Sleep
0x40f140 RtlUnwind
0x40f144 HeapSize
0x40f148 SetStdHandle
0x40f14c WriteConsoleW
0x40f150 MultiByteToWideChar
0x40f154 LCMapStringW
0x40f158 GetStringTypeW
0x40f15c FlushFileBuffers
USER32.dll
0x40f164 LoadIconW
ole32.dll
0x40f16c CoTaskMemFree
EAT(Export Address Table) is none
KERNEL32.dll
0x40f000 HeapReAlloc
0x40f004 EnumCalendarInfoA
0x40f008 TryEnterCriticalSection
0x40f00c GetConsoleAliasExesLengthA
0x40f010 SetDefaultCommConfigW
0x40f014 HeapFree
0x40f018 GetComputerNameW
0x40f01c UnlockFile
0x40f020 GetModuleHandleW
0x40f024 VirtualFree
0x40f028 FindNextVolumeMountPointA
0x40f02c GetConsoleAliasesLengthA
0x40f030 GetDateFormatA
0x40f034 SetCommState
0x40f038 GetConsoleCP
0x40f03c GlobalAlloc
0x40f040 LoadLibraryW
0x40f044 GetLocaleInfoW
0x40f048 IsBadWritePtr
0x40f04c GetAtomNameW
0x40f050 SetConsoleTitleA
0x40f054 SetCurrentDirectoryA
0x40f058 GetCurrentDirectoryW
0x40f05c GetLongPathNameW
0x40f060 GetProcAddress
0x40f064 FindVolumeMountPointClose
0x40f068 GetProcessHeaps
0x40f06c LoadLibraryA
0x40f070 SetCalendarInfoW
0x40f074 CreatePipe
0x40f078 GetModuleFileNameA
0x40f07c FreeEnvironmentStringsW
0x40f080 CloseHandle
0x40f084 CreateFileW
0x40f088 HeapAlloc
0x40f08c GetLastError
0x40f090 GetCommandLineW
0x40f094 HeapSetInformation
0x40f098 GetStartupInfoW
0x40f09c RaiseException
0x40f0a0 TerminateProcess
0x40f0a4 GetCurrentProcess
0x40f0a8 UnhandledExceptionFilter
0x40f0ac SetUnhandledExceptionFilter
0x40f0b0 IsDebuggerPresent
0x40f0b4 DecodePointer
0x40f0b8 EncodePointer
0x40f0bc IsProcessorFeaturePresent
0x40f0c0 ExitProcess
0x40f0c4 WriteFile
0x40f0c8 GetStdHandle
0x40f0cc GetModuleFileNameW
0x40f0d0 HeapCreate
0x40f0d4 GetEnvironmentStringsW
0x40f0d8 SetHandleCount
0x40f0dc InitializeCriticalSectionAndSpinCount
0x40f0e0 GetFileType
0x40f0e4 DeleteCriticalSection
0x40f0e8 TlsAlloc
0x40f0ec TlsGetValue
0x40f0f0 TlsSetValue
0x40f0f4 TlsFree
0x40f0f8 InterlockedIncrement
0x40f0fc SetLastError
0x40f100 GetCurrentThreadId
0x40f104 InterlockedDecrement
0x40f108 QueryPerformanceCounter
0x40f10c GetTickCount
0x40f110 GetCurrentProcessId
0x40f114 GetSystemTimeAsFileTime
0x40f118 SetFilePointer
0x40f11c WideCharToMultiByte
0x40f120 GetConsoleMode
0x40f124 EnterCriticalSection
0x40f128 LeaveCriticalSection
0x40f12c GetCPInfo
0x40f130 GetACP
0x40f134 GetOEMCP
0x40f138 IsValidCodePage
0x40f13c Sleep
0x40f140 RtlUnwind
0x40f144 HeapSize
0x40f148 SetStdHandle
0x40f14c WriteConsoleW
0x40f150 MultiByteToWideChar
0x40f154 LCMapStringW
0x40f158 GetStringTypeW
0x40f15c FlushFileBuffers
USER32.dll
0x40f164 LoadIconW
ole32.dll
0x40f16c CoTaskMemFree
EAT(Export Address Table) is none