ScreenShot
| Created | 2024.04.19 13:27 | Machine | s1_win7_x6403 |
| Filename | amady.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (AIDetectMalware, Malicious, score, Tedy, unsafe, Attribute, HighConfidence, high confidence, GenKryptik, GUNG, Artemis, GameThief, Worgtop, Kryptik, CLOUD, czete, AMADEY, YXEDRZ, moderate, Krypt, Detected, ai score=83, GrayWare, Wacapew, STOP, Sabsik, Cordimik, 8VDWYY@gen, Eldorado, R626753, Chgt, Gencirc, GksZLRFTqu0) | ||
| md5 | 56543167a8b1731dafeee93e5f2bf479 | ||
| sha256 | 22eedb7d3fabf9d2719f4baf7c6ec7a077b0d8c43f46cc2be02a4a30baa30726 | ||
| ssdeep | 196608:LyMd0UMpIFNGxcUN2QnKz7BvFGMIpeHDcoBMtzwDoJp+x:ZdxmqccUlKz71NIp+j4zOoax | ||
| imphash | 154977cd00315e1cd7a5ff0dceb81b2c | ||
| impfuzzy | 24:QsXcDWDCeDP9HtWOovbOGMUD1ubvgmWDMyl3LU19O807G4TMu9VJUhYjk:QsXcDQC49Nx361oIhGOFG7h5 | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| watch | Drops a binary and executes it |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (18cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | RedLine_Stealer_b_Zero | RedLine stealer | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | ftp_command | ftp command | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | wget_command | wget command | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHELL32.dll
0x1400370f8 SHFileOperationW
0x140037100 SHGetFolderPathW
KERNEL32.dll
0x140037110 CloseHandle
0x140037118 CompareStringW
0x140037120 CreateDirectoryW
0x140037128 CreateFileW
0x140037130 CreateProcessW
0x140037138 DeleteCriticalSection
0x140037140 EncodePointer
0x140037148 EnterCriticalSection
0x140037150 ExitProcess
0x140037158 FindClose
0x140037160 FindFirstFileExW
0x140037168 FindNextFileW
0x140037170 FindResourceA
0x140037178 FlsAlloc
0x140037180 FlsFree
0x140037188 FlsGetValue
0x140037190 FlsSetValue
0x140037198 FlushFileBuffers
0x1400371a0 FormatMessageA
0x1400371a8 FreeEnvironmentStringsW
0x1400371b0 FreeLibrary
0x1400371b8 GetACP
0x1400371c0 GetCPInfo
0x1400371c8 GetCommandLineA
0x1400371d0 GetCommandLineW
0x1400371d8 GetConsoleMode
0x1400371e0 GetConsoleOutputCP
0x1400371e8 GetCurrentProcess
0x1400371f0 GetCurrentProcessId
0x1400371f8 GetCurrentThreadId
0x140037200 GetEnvironmentStringsW
0x140037208 GetExitCodeProcess
0x140037210 GetFileAttributesW
0x140037218 GetFileSizeEx
0x140037220 GetFileType
0x140037228 GetLastError
0x140037230 GetModuleFileNameW
0x140037238 GetModuleHandleExW
0x140037240 GetModuleHandleW
0x140037248 GetOEMCP
0x140037250 GetProcAddress
0x140037258 GetProcessHeap
0x140037260 GetStartupInfoW
0x140037268 GetStdHandle
0x140037270 GetStringTypeW
0x140037278 GetSystemTimeAsFileTime
0x140037280 GetTempPathW
0x140037288 HeapAlloc
0x140037290 HeapFree
0x140037298 HeapReAlloc
0x1400372a0 HeapSize
0x1400372a8 InitializeCriticalSectionAndSpinCount
0x1400372b0 InitializeSListHead
0x1400372b8 IsDebuggerPresent
0x1400372c0 IsProcessorFeaturePresent
0x1400372c8 IsValidCodePage
0x1400372d0 LCMapStringW
0x1400372d8 LeaveCriticalSection
0x1400372e0 LoadLibraryExW
0x1400372e8 LoadResource
0x1400372f0 LockResource
0x1400372f8 MultiByteToWideChar
0x140037300 QueryPerformanceCounter
0x140037308 RaiseException
0x140037310 RtlCaptureContext
0x140037318 RtlLookupFunctionEntry
0x140037320 RtlPcToFileHeader
0x140037328 RtlUnwindEx
0x140037330 RtlVirtualUnwind
0x140037338 SetConsoleCtrlHandler
0x140037340 SetEnvironmentVariableW
0x140037348 SetFilePointerEx
0x140037350 SetLastError
0x140037358 SetStdHandle
0x140037360 SetUnhandledExceptionFilter
0x140037368 SizeofResource
0x140037370 Sleep
0x140037378 TerminateProcess
0x140037380 TlsAlloc
0x140037388 TlsFree
0x140037390 TlsGetValue
0x140037398 TlsSetValue
0x1400373a0 UnhandledExceptionFilter
0x1400373a8 WaitForSingleObject
0x1400373b0 WideCharToMultiByte
0x1400373b8 WriteConsoleW
0x1400373c0 WriteFile
EAT(Export Address Table) is none
SHELL32.dll
0x1400370f8 SHFileOperationW
0x140037100 SHGetFolderPathW
KERNEL32.dll
0x140037110 CloseHandle
0x140037118 CompareStringW
0x140037120 CreateDirectoryW
0x140037128 CreateFileW
0x140037130 CreateProcessW
0x140037138 DeleteCriticalSection
0x140037140 EncodePointer
0x140037148 EnterCriticalSection
0x140037150 ExitProcess
0x140037158 FindClose
0x140037160 FindFirstFileExW
0x140037168 FindNextFileW
0x140037170 FindResourceA
0x140037178 FlsAlloc
0x140037180 FlsFree
0x140037188 FlsGetValue
0x140037190 FlsSetValue
0x140037198 FlushFileBuffers
0x1400371a0 FormatMessageA
0x1400371a8 FreeEnvironmentStringsW
0x1400371b0 FreeLibrary
0x1400371b8 GetACP
0x1400371c0 GetCPInfo
0x1400371c8 GetCommandLineA
0x1400371d0 GetCommandLineW
0x1400371d8 GetConsoleMode
0x1400371e0 GetConsoleOutputCP
0x1400371e8 GetCurrentProcess
0x1400371f0 GetCurrentProcessId
0x1400371f8 GetCurrentThreadId
0x140037200 GetEnvironmentStringsW
0x140037208 GetExitCodeProcess
0x140037210 GetFileAttributesW
0x140037218 GetFileSizeEx
0x140037220 GetFileType
0x140037228 GetLastError
0x140037230 GetModuleFileNameW
0x140037238 GetModuleHandleExW
0x140037240 GetModuleHandleW
0x140037248 GetOEMCP
0x140037250 GetProcAddress
0x140037258 GetProcessHeap
0x140037260 GetStartupInfoW
0x140037268 GetStdHandle
0x140037270 GetStringTypeW
0x140037278 GetSystemTimeAsFileTime
0x140037280 GetTempPathW
0x140037288 HeapAlloc
0x140037290 HeapFree
0x140037298 HeapReAlloc
0x1400372a0 HeapSize
0x1400372a8 InitializeCriticalSectionAndSpinCount
0x1400372b0 InitializeSListHead
0x1400372b8 IsDebuggerPresent
0x1400372c0 IsProcessorFeaturePresent
0x1400372c8 IsValidCodePage
0x1400372d0 LCMapStringW
0x1400372d8 LeaveCriticalSection
0x1400372e0 LoadLibraryExW
0x1400372e8 LoadResource
0x1400372f0 LockResource
0x1400372f8 MultiByteToWideChar
0x140037300 QueryPerformanceCounter
0x140037308 RaiseException
0x140037310 RtlCaptureContext
0x140037318 RtlLookupFunctionEntry
0x140037320 RtlPcToFileHeader
0x140037328 RtlUnwindEx
0x140037330 RtlVirtualUnwind
0x140037338 SetConsoleCtrlHandler
0x140037340 SetEnvironmentVariableW
0x140037348 SetFilePointerEx
0x140037350 SetLastError
0x140037358 SetStdHandle
0x140037360 SetUnhandledExceptionFilter
0x140037368 SizeofResource
0x140037370 Sleep
0x140037378 TerminateProcess
0x140037380 TlsAlloc
0x140037388 TlsFree
0x140037390 TlsGetValue
0x140037398 TlsSetValue
0x1400373a0 UnhandledExceptionFilter
0x1400373a8 WaitForSingleObject
0x1400373b0 WideCharToMultiByte
0x1400373b8 WriteConsoleW
0x1400373c0 WriteFile
EAT(Export Address Table) is none