ScreenShot
| Created | 2024.04.18 07:12 | Machine | s1_win7_x6403 |
| Filename | menta.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 33 detected (AIDetectMalware, Malicious, score, Lockbit, unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, FileRepMalware, RisePro, SmokeLoader, CLASSIC, high, Krypt, Danabot, Detected, Convagent, STOP, Caynamer, R645266, ZexaF, 6q0@auqYLYjG, Obfuscated, Kryptik, HWMW) | ||
| md5 | 2953500b81ed3cbe64f7a016b3bb6c61 | ||
| sha256 | be69fd07cd8c77aebbc0016dd3bf9094e4597f6161e50cb9a746f7c68cc5ecec | ||
| ssdeep | 12288:+1wnWGyxVSmGlbnEYudfU1GttvEX49nh/9YYIvUwWuV+6/79KO8hFrek7xCOfllq:+3qtjEYGf+GttMcnkdhr7/Srek7v9wr | ||
| imphash | 0fcd65e7119513450cc779be2a5d516f | ||
| impfuzzy | 24:OZ9TgVEmX/KGQm9hG8gwMpwc+dpOovXG9tVJBlTDuLoYv1nZeMrcA7mDJ:OZWXf/f3c+WOG9thoLT1AA7SJ | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41a008 FindFirstChangeNotificationW
0x41a00c GetNumaProcessorNode
0x41a010 GetLocaleInfoA
0x41a014 GetUserDefaultLCID
0x41a018 CreateHardLinkA
0x41a01c GetNumberFormatA
0x41a020 GlobalFindAtomA
0x41a024 LoadLibraryW
0x41a028 ReadConsoleInputA
0x41a02c WriteConsoleW
0x41a030 GetModuleFileNameW
0x41a034 GetCompressedFileSizeA
0x41a038 SetThreadLocale
0x41a03c GetStdHandle
0x41a040 GetLastError
0x41a044 VirtualAlloc
0x41a048 CreateTimerQueueTimer
0x41a04c FindVolumeClose
0x41a050 LocalAlloc
0x41a054 GetExitCodeThread
0x41a058 AddAtomW
0x41a05c RemoveDirectoryW
0x41a060 SetCommMask
0x41a064 GetOEMCP
0x41a068 VirtualProtect
0x41a06c SetCalendarInfoA
0x41a070 GetWindowsDirectoryW
0x41a074 GetCurrentProcessId
0x41a078 AddConsoleAliasA
0x41a07c WriteProcessMemory
0x41a080 SetFileAttributesW
0x41a084 GetVolumeInformationW
0x41a088 CreateThread
0x41a08c CreateFileW
0x41a090 CopyFileA
0x41a094 DebugActiveProcess
0x41a098 OutputDebugStringW
0x41a09c FlushFileBuffers
0x41a0a0 SetStdHandle
0x41a0a4 GetConsoleMode
0x41a0a8 WideCharToMultiByte
0x41a0ac MultiByteToWideChar
0x41a0b0 GetStringTypeW
0x41a0b4 EncodePointer
0x41a0b8 DecodePointer
0x41a0bc EnterCriticalSection
0x41a0c0 LeaveCriticalSection
0x41a0c4 DeleteCriticalSection
0x41a0c8 HeapFree
0x41a0cc GetCommandLineA
0x41a0d0 GetCPInfo
0x41a0d4 RaiseException
0x41a0d8 RtlUnwind
0x41a0dc HeapAlloc
0x41a0e0 IsProcessorFeaturePresent
0x41a0e4 UnhandledExceptionFilter
0x41a0e8 SetUnhandledExceptionFilter
0x41a0ec SetLastError
0x41a0f0 InitializeCriticalSectionAndSpinCount
0x41a0f4 Sleep
0x41a0f8 GetCurrentProcess
0x41a0fc TerminateProcess
0x41a100 TlsAlloc
0x41a104 TlsGetValue
0x41a108 TlsSetValue
0x41a10c TlsFree
0x41a110 GetStartupInfoW
0x41a114 GetModuleHandleW
0x41a118 GetProcAddress
0x41a11c LCMapStringW
0x41a120 GetLocaleInfoW
0x41a124 IsValidLocale
0x41a128 EnumSystemLocalesW
0x41a12c IsValidCodePage
0x41a130 GetACP
0x41a134 GetCurrentThreadId
0x41a138 IsDebuggerPresent
0x41a13c GetProcessHeap
0x41a140 ExitProcess
0x41a144 GetModuleHandleExW
0x41a148 HeapSize
0x41a14c GetFileType
0x41a150 CloseHandle
0x41a154 GetModuleFileNameA
0x41a158 WriteFile
0x41a15c QueryPerformanceCounter
0x41a160 GetSystemTimeAsFileTime
0x41a164 GetEnvironmentStringsW
0x41a168 FreeEnvironmentStringsW
0x41a16c HeapReAlloc
0x41a170 LoadLibraryExW
0x41a174 ReadFile
0x41a178 SetFilePointerEx
0x41a17c GetConsoleCP
USER32.dll
0x41a184 GetMenuItemID
GDI32.dll
0x41a000 GetCharacterPlacementW
ole32.dll
0x41a194 CoMarshalHresult
WINHTTP.dll
0x41a18c WinHttpReadData
EAT(Export Address Table) is none
KERNEL32.dll
0x41a008 FindFirstChangeNotificationW
0x41a00c GetNumaProcessorNode
0x41a010 GetLocaleInfoA
0x41a014 GetUserDefaultLCID
0x41a018 CreateHardLinkA
0x41a01c GetNumberFormatA
0x41a020 GlobalFindAtomA
0x41a024 LoadLibraryW
0x41a028 ReadConsoleInputA
0x41a02c WriteConsoleW
0x41a030 GetModuleFileNameW
0x41a034 GetCompressedFileSizeA
0x41a038 SetThreadLocale
0x41a03c GetStdHandle
0x41a040 GetLastError
0x41a044 VirtualAlloc
0x41a048 CreateTimerQueueTimer
0x41a04c FindVolumeClose
0x41a050 LocalAlloc
0x41a054 GetExitCodeThread
0x41a058 AddAtomW
0x41a05c RemoveDirectoryW
0x41a060 SetCommMask
0x41a064 GetOEMCP
0x41a068 VirtualProtect
0x41a06c SetCalendarInfoA
0x41a070 GetWindowsDirectoryW
0x41a074 GetCurrentProcessId
0x41a078 AddConsoleAliasA
0x41a07c WriteProcessMemory
0x41a080 SetFileAttributesW
0x41a084 GetVolumeInformationW
0x41a088 CreateThread
0x41a08c CreateFileW
0x41a090 CopyFileA
0x41a094 DebugActiveProcess
0x41a098 OutputDebugStringW
0x41a09c FlushFileBuffers
0x41a0a0 SetStdHandle
0x41a0a4 GetConsoleMode
0x41a0a8 WideCharToMultiByte
0x41a0ac MultiByteToWideChar
0x41a0b0 GetStringTypeW
0x41a0b4 EncodePointer
0x41a0b8 DecodePointer
0x41a0bc EnterCriticalSection
0x41a0c0 LeaveCriticalSection
0x41a0c4 DeleteCriticalSection
0x41a0c8 HeapFree
0x41a0cc GetCommandLineA
0x41a0d0 GetCPInfo
0x41a0d4 RaiseException
0x41a0d8 RtlUnwind
0x41a0dc HeapAlloc
0x41a0e0 IsProcessorFeaturePresent
0x41a0e4 UnhandledExceptionFilter
0x41a0e8 SetUnhandledExceptionFilter
0x41a0ec SetLastError
0x41a0f0 InitializeCriticalSectionAndSpinCount
0x41a0f4 Sleep
0x41a0f8 GetCurrentProcess
0x41a0fc TerminateProcess
0x41a100 TlsAlloc
0x41a104 TlsGetValue
0x41a108 TlsSetValue
0x41a10c TlsFree
0x41a110 GetStartupInfoW
0x41a114 GetModuleHandleW
0x41a118 GetProcAddress
0x41a11c LCMapStringW
0x41a120 GetLocaleInfoW
0x41a124 IsValidLocale
0x41a128 EnumSystemLocalesW
0x41a12c IsValidCodePage
0x41a130 GetACP
0x41a134 GetCurrentThreadId
0x41a138 IsDebuggerPresent
0x41a13c GetProcessHeap
0x41a140 ExitProcess
0x41a144 GetModuleHandleExW
0x41a148 HeapSize
0x41a14c GetFileType
0x41a150 CloseHandle
0x41a154 GetModuleFileNameA
0x41a158 WriteFile
0x41a15c QueryPerformanceCounter
0x41a160 GetSystemTimeAsFileTime
0x41a164 GetEnvironmentStringsW
0x41a168 FreeEnvironmentStringsW
0x41a16c HeapReAlloc
0x41a170 LoadLibraryExW
0x41a174 ReadFile
0x41a178 SetFilePointerEx
0x41a17c GetConsoleCP
USER32.dll
0x41a184 GetMenuItemID
GDI32.dll
0x41a000 GetCharacterPlacementW
ole32.dll
0x41a194 CoMarshalHresult
WINHTTP.dll
0x41a18c WinHttpReadData
EAT(Export Address Table) is none