ScreenShot
| Created | 2024.04.23 07:48 | Machine | s1_win7_x6403 |
| Filename | dirtquire.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetectMalware, Malicious, score, Lazy, unsafe, Save, Attribute, HighConfidence, high confidence, Kryptik, HWWP, Artemis, PWSX, Generic@AI, RDML, rejXUn2QiqbPDsxTUcWcnw, PhemedromeSteal, jftis, Locky, high, Outbreak, Detected, ai score=88, Redline, AMMH, Eldorado, R645634, ZexaF, ruW@aSgQAbb, GdSda, Gencirc, Static AI, Malicious PE, susgen) | ||
| md5 | e795115169cc800de0392d6a675d58fd | ||
| sha256 | 17f929c1d40a7fd6f897c0b15ca9c44b2059cbccb3037c31619d87954659478e | ||
| ssdeep | 6144:s/wl9dobdtMJNPX459l2/FpnovRWf1RdSxWbkHg6O0:HdoRtMJRkQp2MY0QO0 | ||
| imphash | 19233e39149f52fdb71945647d5026f4 | ||
| impfuzzy | 24:gpj4fcpVWcZtlS14GhlJBlCDoLoEOovbO3gv9FZYGMAkEZHu9n:ggcpV5ZtlS14GnVc3y9FZg | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x423140 GetUpdateRgn
KERNEL32.dll
0x423000 FreeLibrary
0x423004 CreateFileW
0x423008 WaitForSingleObject
0x42300c CloseHandle
0x423010 FreeConsole
0x423014 CreateThread
0x423018 VirtualProtectEx
0x42301c WideCharToMultiByte
0x423020 EnterCriticalSection
0x423024 LeaveCriticalSection
0x423028 InitializeCriticalSectionEx
0x42302c DeleteCriticalSection
0x423030 EncodePointer
0x423034 DecodePointer
0x423038 MultiByteToWideChar
0x42303c LCMapStringEx
0x423040 GetStringTypeW
0x423044 GetCPInfo
0x423048 IsProcessorFeaturePresent
0x42304c UnhandledExceptionFilter
0x423050 SetUnhandledExceptionFilter
0x423054 GetCurrentProcess
0x423058 TerminateProcess
0x42305c QueryPerformanceCounter
0x423060 GetCurrentProcessId
0x423064 GetCurrentThreadId
0x423068 GetSystemTimeAsFileTime
0x42306c InitializeSListHead
0x423070 IsDebuggerPresent
0x423074 GetStartupInfoW
0x423078 GetModuleHandleW
0x42307c HeapSize
0x423080 RaiseException
0x423084 RtlUnwind
0x423088 GetLastError
0x42308c SetLastError
0x423090 InitializeCriticalSectionAndSpinCount
0x423094 TlsAlloc
0x423098 TlsGetValue
0x42309c TlsSetValue
0x4230a0 TlsFree
0x4230a4 WriteConsoleW
0x4230a8 GetProcAddress
0x4230ac LoadLibraryExW
0x4230b0 GetStdHandle
0x4230b4 WriteFile
0x4230b8 GetModuleFileNameW
0x4230bc ExitProcess
0x4230c0 GetModuleHandleExW
0x4230c4 GetCommandLineA
0x4230c8 GetCommandLineW
0x4230cc HeapAlloc
0x4230d0 HeapFree
0x4230d4 GetFileType
0x4230d8 CompareStringW
0x4230dc LCMapStringW
0x4230e0 GetLocaleInfoW
0x4230e4 IsValidLocale
0x4230e8 GetUserDefaultLCID
0x4230ec EnumSystemLocalesW
0x4230f0 FlushFileBuffers
0x4230f4 GetConsoleOutputCP
0x4230f8 GetConsoleMode
0x4230fc ReadFile
0x423100 GetFileSizeEx
0x423104 SetFilePointerEx
0x423108 ReadConsoleW
0x42310c HeapReAlloc
0x423110 FindClose
0x423114 FindFirstFileExW
0x423118 FindNextFileW
0x42311c IsValidCodePage
0x423120 GetACP
0x423124 GetOEMCP
0x423128 GetEnvironmentStringsW
0x42312c FreeEnvironmentStringsW
0x423130 SetEnvironmentVariableW
0x423134 SetStdHandle
0x423138 GetProcessHeap
EAT(Export Address Table) is none
USER32.dll
0x423140 GetUpdateRgn
KERNEL32.dll
0x423000 FreeLibrary
0x423004 CreateFileW
0x423008 WaitForSingleObject
0x42300c CloseHandle
0x423010 FreeConsole
0x423014 CreateThread
0x423018 VirtualProtectEx
0x42301c WideCharToMultiByte
0x423020 EnterCriticalSection
0x423024 LeaveCriticalSection
0x423028 InitializeCriticalSectionEx
0x42302c DeleteCriticalSection
0x423030 EncodePointer
0x423034 DecodePointer
0x423038 MultiByteToWideChar
0x42303c LCMapStringEx
0x423040 GetStringTypeW
0x423044 GetCPInfo
0x423048 IsProcessorFeaturePresent
0x42304c UnhandledExceptionFilter
0x423050 SetUnhandledExceptionFilter
0x423054 GetCurrentProcess
0x423058 TerminateProcess
0x42305c QueryPerformanceCounter
0x423060 GetCurrentProcessId
0x423064 GetCurrentThreadId
0x423068 GetSystemTimeAsFileTime
0x42306c InitializeSListHead
0x423070 IsDebuggerPresent
0x423074 GetStartupInfoW
0x423078 GetModuleHandleW
0x42307c HeapSize
0x423080 RaiseException
0x423084 RtlUnwind
0x423088 GetLastError
0x42308c SetLastError
0x423090 InitializeCriticalSectionAndSpinCount
0x423094 TlsAlloc
0x423098 TlsGetValue
0x42309c TlsSetValue
0x4230a0 TlsFree
0x4230a4 WriteConsoleW
0x4230a8 GetProcAddress
0x4230ac LoadLibraryExW
0x4230b0 GetStdHandle
0x4230b4 WriteFile
0x4230b8 GetModuleFileNameW
0x4230bc ExitProcess
0x4230c0 GetModuleHandleExW
0x4230c4 GetCommandLineA
0x4230c8 GetCommandLineW
0x4230cc HeapAlloc
0x4230d0 HeapFree
0x4230d4 GetFileType
0x4230d8 CompareStringW
0x4230dc LCMapStringW
0x4230e0 GetLocaleInfoW
0x4230e4 IsValidLocale
0x4230e8 GetUserDefaultLCID
0x4230ec EnumSystemLocalesW
0x4230f0 FlushFileBuffers
0x4230f4 GetConsoleOutputCP
0x4230f8 GetConsoleMode
0x4230fc ReadFile
0x423100 GetFileSizeEx
0x423104 SetFilePointerEx
0x423108 ReadConsoleW
0x42310c HeapReAlloc
0x423110 FindClose
0x423114 FindFirstFileExW
0x423118 FindNextFileW
0x42311c IsValidCodePage
0x423120 GetACP
0x423124 GetOEMCP
0x423128 GetEnvironmentStringsW
0x42312c FreeEnvironmentStringsW
0x423130 SetEnvironmentVariableW
0x423134 SetStdHandle
0x423138 GetProcessHeap
EAT(Export Address Table) is none