ScreenShot
| Created | 2024.04.13 11:20 | Machine | s1_win7_x6401 |
| Filename | index.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetectMalware, unsafe, Save, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, TrojanX, Strab, SmokeLoader, CLASSIC, high, score, Stealc, Sabsik, ZexaF, sq0@aadOjMmG, MachineLearning, Anomalous, susgen, Kryptik, GYGF) | ||
| md5 | fc9acfd02ad9dd6ad695b8ea1a743d38 | ||
| sha256 | 012e44959e1c2bdcce863516a1ca64f5a66b34b2fd7062b23a066e825200b1f4 | ||
| ssdeep | 3072:1EzkyXLosW0V6W+YACXk5LiuG8/9DkuVLI5+kvtaG4K1uIKF:pyXLoK69xCX6LZVguVvkFgou | ||
| imphash | 339ef553d0ba42cadf81511b2d79315b | ||
| impfuzzy | 24:gbG2zxkrkosO2pt7Kwz1JvGqD//s+GpSG1tgcfwl/J3IXlOHuOZyvuT4QjMP9fSm:DMuSOUDzO6YSG1tgcfumYuuc9fSm | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40f000 HeapReAlloc
0x40f004 SetDefaultCommConfigA
0x40f008 TryEnterCriticalSection
0x40f00c GetConsoleAliasesLengthW
0x40f010 VirtualQuery
0x40f014 GetCommState
0x40f018 HeapFree
0x40f01c GetComputerNameW
0x40f020 UnlockFile
0x40f024 FreeEnvironmentStringsA
0x40f028 GetModuleHandleW
0x40f02c FindNextVolumeMountPointA
0x40f030 GetDateFormatA
0x40f034 EnumTimeFormatsW
0x40f038 GlobalAlloc
0x40f03c LoadLibraryW
0x40f040 GetLocaleInfoW
0x40f044 IsBadWritePtr
0x40f048 GetModuleFileNameW
0x40f04c SetConsoleTitleA
0x40f050 SetCurrentDirectoryA
0x40f054 GetCurrentDirectoryW
0x40f058 GetLongPathNameW
0x40f05c GetProcAddress
0x40f060 FindVolumeMountPointClose
0x40f064 GetProcessHeaps
0x40f068 GetAtomNameA
0x40f06c LoadLibraryA
0x40f070 SetCalendarInfoW
0x40f074 SetConsoleOutputCP
0x40f078 CreatePipe
0x40f07c BuildCommDCBA
0x40f080 VirtualProtect
0x40f084 HeapAlloc
0x40f088 GetLastError
0x40f08c Sleep
0x40f090 ExitProcess
0x40f094 GetStartupInfoW
0x40f098 RaiseException
0x40f09c RtlUnwind
0x40f0a0 TerminateProcess
0x40f0a4 GetCurrentProcess
0x40f0a8 UnhandledExceptionFilter
0x40f0ac SetUnhandledExceptionFilter
0x40f0b0 IsDebuggerPresent
0x40f0b4 DeleteCriticalSection
0x40f0b8 LeaveCriticalSection
0x40f0bc EnterCriticalSection
0x40f0c0 VirtualFree
0x40f0c4 VirtualAlloc
0x40f0c8 HeapCreate
0x40f0cc WriteFile
0x40f0d0 GetStdHandle
0x40f0d4 GetModuleFileNameA
0x40f0d8 TlsGetValue
0x40f0dc TlsAlloc
0x40f0e0 TlsSetValue
0x40f0e4 TlsFree
0x40f0e8 InterlockedIncrement
0x40f0ec SetLastError
0x40f0f0 GetCurrentThreadId
0x40f0f4 InterlockedDecrement
0x40f0f8 InitializeCriticalSectionAndSpinCount
0x40f0fc FreeEnvironmentStringsW
0x40f100 GetEnvironmentStringsW
0x40f104 GetCommandLineW
0x40f108 SetHandleCount
0x40f10c GetFileType
0x40f110 GetStartupInfoA
0x40f114 QueryPerformanceCounter
0x40f118 GetTickCount
0x40f11c GetCurrentProcessId
0x40f120 GetSystemTimeAsFileTime
0x40f124 SetFilePointer
0x40f128 WideCharToMultiByte
0x40f12c GetConsoleCP
0x40f130 GetConsoleMode
0x40f134 GetCPInfo
0x40f138 GetACP
0x40f13c GetOEMCP
0x40f140 IsValidCodePage
0x40f144 HeapSize
0x40f148 GetLocaleInfoA
0x40f14c SetStdHandle
0x40f150 WriteConsoleA
0x40f154 GetConsoleOutputCP
0x40f158 WriteConsoleW
0x40f15c MultiByteToWideChar
0x40f160 LCMapStringA
0x40f164 LCMapStringW
0x40f168 GetStringTypeA
0x40f16c GetStringTypeW
0x40f170 CreateFileA
0x40f174 CloseHandle
0x40f178 FlushFileBuffers
0x40f17c GetModuleHandleA
USER32.dll
0x40f184 LoadIconW
EAT(Export Address Table) is none
KERNEL32.dll
0x40f000 HeapReAlloc
0x40f004 SetDefaultCommConfigA
0x40f008 TryEnterCriticalSection
0x40f00c GetConsoleAliasesLengthW
0x40f010 VirtualQuery
0x40f014 GetCommState
0x40f018 HeapFree
0x40f01c GetComputerNameW
0x40f020 UnlockFile
0x40f024 FreeEnvironmentStringsA
0x40f028 GetModuleHandleW
0x40f02c FindNextVolumeMountPointA
0x40f030 GetDateFormatA
0x40f034 EnumTimeFormatsW
0x40f038 GlobalAlloc
0x40f03c LoadLibraryW
0x40f040 GetLocaleInfoW
0x40f044 IsBadWritePtr
0x40f048 GetModuleFileNameW
0x40f04c SetConsoleTitleA
0x40f050 SetCurrentDirectoryA
0x40f054 GetCurrentDirectoryW
0x40f058 GetLongPathNameW
0x40f05c GetProcAddress
0x40f060 FindVolumeMountPointClose
0x40f064 GetProcessHeaps
0x40f068 GetAtomNameA
0x40f06c LoadLibraryA
0x40f070 SetCalendarInfoW
0x40f074 SetConsoleOutputCP
0x40f078 CreatePipe
0x40f07c BuildCommDCBA
0x40f080 VirtualProtect
0x40f084 HeapAlloc
0x40f088 GetLastError
0x40f08c Sleep
0x40f090 ExitProcess
0x40f094 GetStartupInfoW
0x40f098 RaiseException
0x40f09c RtlUnwind
0x40f0a0 TerminateProcess
0x40f0a4 GetCurrentProcess
0x40f0a8 UnhandledExceptionFilter
0x40f0ac SetUnhandledExceptionFilter
0x40f0b0 IsDebuggerPresent
0x40f0b4 DeleteCriticalSection
0x40f0b8 LeaveCriticalSection
0x40f0bc EnterCriticalSection
0x40f0c0 VirtualFree
0x40f0c4 VirtualAlloc
0x40f0c8 HeapCreate
0x40f0cc WriteFile
0x40f0d0 GetStdHandle
0x40f0d4 GetModuleFileNameA
0x40f0d8 TlsGetValue
0x40f0dc TlsAlloc
0x40f0e0 TlsSetValue
0x40f0e4 TlsFree
0x40f0e8 InterlockedIncrement
0x40f0ec SetLastError
0x40f0f0 GetCurrentThreadId
0x40f0f4 InterlockedDecrement
0x40f0f8 InitializeCriticalSectionAndSpinCount
0x40f0fc FreeEnvironmentStringsW
0x40f100 GetEnvironmentStringsW
0x40f104 GetCommandLineW
0x40f108 SetHandleCount
0x40f10c GetFileType
0x40f110 GetStartupInfoA
0x40f114 QueryPerformanceCounter
0x40f118 GetTickCount
0x40f11c GetCurrentProcessId
0x40f120 GetSystemTimeAsFileTime
0x40f124 SetFilePointer
0x40f128 WideCharToMultiByte
0x40f12c GetConsoleCP
0x40f130 GetConsoleMode
0x40f134 GetCPInfo
0x40f138 GetACP
0x40f13c GetOEMCP
0x40f140 IsValidCodePage
0x40f144 HeapSize
0x40f148 GetLocaleInfoA
0x40f14c SetStdHandle
0x40f150 WriteConsoleA
0x40f154 GetConsoleOutputCP
0x40f158 WriteConsoleW
0x40f15c MultiByteToWideChar
0x40f160 LCMapStringA
0x40f164 LCMapStringW
0x40f168 GetStringTypeA
0x40f16c GetStringTypeW
0x40f170 CreateFileA
0x40f174 CloseHandle
0x40f178 FlushFileBuffers
0x40f17c GetModuleHandleA
USER32.dll
0x40f184 LoadIconW
EAT(Export Address Table) is none