ScreenShot
Created | 2024.04.19 13:16 | Machine | s1_win7_x6401 |
Filename | build_1GyXIDXRUC.exe | ||
Type | PE32 executable (console) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 47 detected (AIDetectMalware, Malicious, score, Artemis, unsafe, Reline, V1lg, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, GWRU, PWSX, CLOUD, PhemedromeSteal, odadv, DownLoaderNET, AMADEY, YXEDRZ, high, Krypt, Detected, Convagent, Wacatac, Znyonm, XehookStealer, HPN7BH, Kryptik, Eldorado, PWStealer, ZexaF, nuY@aawuULni, Chgt, FalseSign, Nqil, ai score=82, susgen, GWQT) | ||
md5 | 51b0ed6b4908a21e5cc1d9ec7c046040 | ||
sha256 | 4e68c5a537320cbe88842a53e5691b7f1a590b9c0b491a12baaeeda111dcaa4d | ||
ssdeep | 6144:gQtdqzqv7rArb/LoEyavuW6uqQqNW14pv:gQtdqWk/LDmQqQqK4pv | ||
imphash | 82004e1f718cc406824f64c2578845d6 | ||
impfuzzy | 24:0uj49tMS10hlJnc+pl3eDo/CyoEOovbO3kPvRRZHu9oGMp:mtMS105c+ppmyc30nl |
Network IP location
Signature (4cnts)
Level | Description |
---|---|
danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | One or more processes crashed |
Rules (6cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x414000 OffsetRgn
KERNEL32.dll
0x414008 VirtualProtect
0x41400c WaitForSingleObject
0x414010 CloseHandle
0x414014 FreeConsole
0x414018 CreateThread
0x41401c UnhandledExceptionFilter
0x414020 SetUnhandledExceptionFilter
0x414024 GetCurrentProcess
0x414028 TerminateProcess
0x41402c IsProcessorFeaturePresent
0x414030 QueryPerformanceCounter
0x414034 GetCurrentProcessId
0x414038 GetCurrentThreadId
0x41403c GetSystemTimeAsFileTime
0x414040 InitializeSListHead
0x414044 IsDebuggerPresent
0x414048 GetStartupInfoW
0x41404c GetModuleHandleW
0x414050 WriteConsoleW
0x414054 RtlUnwind
0x414058 GetLastError
0x41405c SetLastError
0x414060 EnterCriticalSection
0x414064 LeaveCriticalSection
0x414068 DeleteCriticalSection
0x41406c InitializeCriticalSectionAndSpinCount
0x414070 TlsAlloc
0x414074 TlsGetValue
0x414078 TlsSetValue
0x41407c TlsFree
0x414080 FreeLibrary
0x414084 GetProcAddress
0x414088 LoadLibraryExW
0x41408c EncodePointer
0x414090 RaiseException
0x414094 GetStdHandle
0x414098 WriteFile
0x41409c GetModuleFileNameW
0x4140a0 ExitProcess
0x4140a4 GetModuleHandleExW
0x4140a8 GetCommandLineA
0x4140ac GetCommandLineW
0x4140b0 HeapAlloc
0x4140b4 HeapFree
0x4140b8 CompareStringW
0x4140bc LCMapStringW
0x4140c0 GetFileType
0x4140c4 FindClose
0x4140c8 FindFirstFileExW
0x4140cc FindNextFileW
0x4140d0 IsValidCodePage
0x4140d4 GetACP
0x4140d8 GetOEMCP
0x4140dc GetCPInfo
0x4140e0 MultiByteToWideChar
0x4140e4 WideCharToMultiByte
0x4140e8 GetEnvironmentStringsW
0x4140ec FreeEnvironmentStringsW
0x4140f0 SetEnvironmentVariableW
0x4140f4 SetStdHandle
0x4140f8 GetStringTypeW
0x4140fc GetProcessHeap
0x414100 FlushFileBuffers
0x414104 GetConsoleOutputCP
0x414108 GetConsoleMode
0x41410c GetFileSizeEx
0x414110 SetFilePointerEx
0x414114 HeapSize
0x414118 HeapReAlloc
0x41411c CreateFileW
0x414120 DecodePointer
EAT(Export Address Table) is none
GDI32.dll
0x414000 OffsetRgn
KERNEL32.dll
0x414008 VirtualProtect
0x41400c WaitForSingleObject
0x414010 CloseHandle
0x414014 FreeConsole
0x414018 CreateThread
0x41401c UnhandledExceptionFilter
0x414020 SetUnhandledExceptionFilter
0x414024 GetCurrentProcess
0x414028 TerminateProcess
0x41402c IsProcessorFeaturePresent
0x414030 QueryPerformanceCounter
0x414034 GetCurrentProcessId
0x414038 GetCurrentThreadId
0x41403c GetSystemTimeAsFileTime
0x414040 InitializeSListHead
0x414044 IsDebuggerPresent
0x414048 GetStartupInfoW
0x41404c GetModuleHandleW
0x414050 WriteConsoleW
0x414054 RtlUnwind
0x414058 GetLastError
0x41405c SetLastError
0x414060 EnterCriticalSection
0x414064 LeaveCriticalSection
0x414068 DeleteCriticalSection
0x41406c InitializeCriticalSectionAndSpinCount
0x414070 TlsAlloc
0x414074 TlsGetValue
0x414078 TlsSetValue
0x41407c TlsFree
0x414080 FreeLibrary
0x414084 GetProcAddress
0x414088 LoadLibraryExW
0x41408c EncodePointer
0x414090 RaiseException
0x414094 GetStdHandle
0x414098 WriteFile
0x41409c GetModuleFileNameW
0x4140a0 ExitProcess
0x4140a4 GetModuleHandleExW
0x4140a8 GetCommandLineA
0x4140ac GetCommandLineW
0x4140b0 HeapAlloc
0x4140b4 HeapFree
0x4140b8 CompareStringW
0x4140bc LCMapStringW
0x4140c0 GetFileType
0x4140c4 FindClose
0x4140c8 FindFirstFileExW
0x4140cc FindNextFileW
0x4140d0 IsValidCodePage
0x4140d4 GetACP
0x4140d8 GetOEMCP
0x4140dc GetCPInfo
0x4140e0 MultiByteToWideChar
0x4140e4 WideCharToMultiByte
0x4140e8 GetEnvironmentStringsW
0x4140ec FreeEnvironmentStringsW
0x4140f0 SetEnvironmentVariableW
0x4140f4 SetStdHandle
0x4140f8 GetStringTypeW
0x4140fc GetProcessHeap
0x414100 FlushFileBuffers
0x414104 GetConsoleOutputCP
0x414108 GetConsoleMode
0x41410c GetFileSizeEx
0x414110 SetFilePointerEx
0x414114 HeapSize
0x414118 HeapReAlloc
0x41411c CreateFileW
0x414120 DecodePointer
EAT(Export Address Table) is none