ScreenShot
| Created | 2024.04.23 11:19 | Machine | s1_win7_x6403 |
| Filename | toolspub1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 49 detected (AIDetectMalware, Malicious, score, Convagent, Lockbit, unsafe, GenericKD, Save, Ransomware, Attribute, HighConfidence, high confidence, Kryptik, HWXC, Artemis, CrypterX, Stealerc, SmokeLoader, CLASSIC, high, Outbreak, Detected, ai score=88, Znyonm, 0NMY1C, ABRisk, QHXT, TrojanX, R645870, ZexaF, rq0@aalTEebG, Chgt, Obfuscated, Static AI, Malicious PE, susgen, HWMW, HIFL) | ||
| md5 | ace2b92a3208dec19577cbac84d543b2 | ||
| sha256 | 1d5fe89aae579ea253d121deb90c9a61f94ddab13ff51f58f939a57f0edab73e | ||
| ssdeep | 3072:KiD09rKj/em+qxnnoVL0OA18WIyXpOx9E7sFW7CsZONbo0r5EK4kwgpG:YY6mM7A18B9NFW7CswRZr5E | ||
| imphash | 2497a562a80e46afc8082945c685e4fc | ||
| impfuzzy | 24:VZ9MNIWmX/RlJcD/uFdQBA8TJ9o944KrSdeZo+OovIGJDcV/Mwv9LtRlfxnZreAf:VZ6ILX/d0K2rZiTGJDcT9LtRfMq | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x410010 LocalCompact
0x410014 GetUserDefaultLCID
0x410018 AddConsoleAliasW
0x41001c CreateHardLinkA
0x410020 GetTickCount
0x410024 EnumTimeFormatsW
0x410028 FindResourceExA
0x41002c GetVolumeInformationA
0x410030 WriteConsoleW
0x410034 GetCompressedFileSizeA
0x410038 GetTempPathW
0x41003c SetThreadLocale
0x410040 GetLastError
0x410044 SetLastError
0x410048 GetProcAddress
0x41004c CreateTimerQueueTimer
0x410050 CopyFileA
0x410054 GetLocaleInfoA
0x410058 SetFileAttributesA
0x41005c LoadLibraryA
0x410060 WriteConsoleA
0x410064 InterlockedExchangeAdd
0x410068 LocalAlloc
0x41006c SetCalendarInfoW
0x410070 GetExitCodeThread
0x410074 RemoveDirectoryW
0x410078 AddAtomA
0x41007c GlobalFindAtomW
0x410080 GetModuleFileNameA
0x410084 GetOEMCP
0x410088 GlobalUnWire
0x41008c LoadLibraryExA
0x410090 ReadConsoleInputW
0x410094 GetWindowsDirectoryW
0x410098 GetCurrentProcessId
0x41009c AddConsoleAliasA
0x4100a0 GetComputerNameA
0x4100a4 FindFirstChangeNotificationW
0x4100a8 SetStdHandle
0x4100ac GetSystemDefaultLangID
0x4100b0 OutputDebugStringW
0x4100b4 FlushFileBuffers
0x4100b8 HeapFree
0x4100bc EncodePointer
0x4100c0 DecodePointer
0x4100c4 ExitProcess
0x4100c8 GetModuleHandleExW
0x4100cc MultiByteToWideChar
0x4100d0 WideCharToMultiByte
0x4100d4 GetCommandLineA
0x4100d8 RaiseException
0x4100dc RtlUnwind
0x4100e0 IsProcessorFeaturePresent
0x4100e4 IsValidCodePage
0x4100e8 GetACP
0x4100ec GetCPInfo
0x4100f0 GetCurrentThreadId
0x4100f4 IsDebuggerPresent
0x4100f8 GetProcessHeap
0x4100fc HeapSize
0x410100 EnterCriticalSection
0x410104 LeaveCriticalSection
0x410108 ReadFile
0x41010c GetConsoleMode
0x410110 ReadConsoleW
0x410114 GetStdHandle
0x410118 GetFileType
0x41011c DeleteCriticalSection
0x410120 GetStartupInfoW
0x410124 CloseHandle
0x410128 UnhandledExceptionFilter
0x41012c SetUnhandledExceptionFilter
0x410130 InitializeCriticalSectionAndSpinCount
0x410134 Sleep
0x410138 GetCurrentProcess
0x41013c TerminateProcess
0x410140 TlsAlloc
0x410144 TlsGetValue
0x410148 TlsSetValue
0x41014c TlsFree
0x410150 GetModuleHandleW
0x410154 WriteFile
0x410158 GetModuleFileNameW
0x41015c LoadLibraryExW
0x410160 HeapAlloc
0x410164 QueryPerformanceCounter
0x410168 GetSystemTimeAsFileTime
0x41016c GetEnvironmentStringsW
0x410170 FreeEnvironmentStringsW
0x410174 GetStringTypeW
0x410178 HeapReAlloc
0x41017c SetFilePointerEx
0x410180 LCMapStringW
0x410184 GetConsoleCP
0x410188 CreateFileW
GDI32.dll
0x410008 GetCharacterPlacementW
ADVAPI32.dll
0x410000 DeregisterEventSource
WINHTTP.dll
0x410190 WinHttpConnect
EAT(Export Address Table) is none
KERNEL32.dll
0x410010 LocalCompact
0x410014 GetUserDefaultLCID
0x410018 AddConsoleAliasW
0x41001c CreateHardLinkA
0x410020 GetTickCount
0x410024 EnumTimeFormatsW
0x410028 FindResourceExA
0x41002c GetVolumeInformationA
0x410030 WriteConsoleW
0x410034 GetCompressedFileSizeA
0x410038 GetTempPathW
0x41003c SetThreadLocale
0x410040 GetLastError
0x410044 SetLastError
0x410048 GetProcAddress
0x41004c CreateTimerQueueTimer
0x410050 CopyFileA
0x410054 GetLocaleInfoA
0x410058 SetFileAttributesA
0x41005c LoadLibraryA
0x410060 WriteConsoleA
0x410064 InterlockedExchangeAdd
0x410068 LocalAlloc
0x41006c SetCalendarInfoW
0x410070 GetExitCodeThread
0x410074 RemoveDirectoryW
0x410078 AddAtomA
0x41007c GlobalFindAtomW
0x410080 GetModuleFileNameA
0x410084 GetOEMCP
0x410088 GlobalUnWire
0x41008c LoadLibraryExA
0x410090 ReadConsoleInputW
0x410094 GetWindowsDirectoryW
0x410098 GetCurrentProcessId
0x41009c AddConsoleAliasA
0x4100a0 GetComputerNameA
0x4100a4 FindFirstChangeNotificationW
0x4100a8 SetStdHandle
0x4100ac GetSystemDefaultLangID
0x4100b0 OutputDebugStringW
0x4100b4 FlushFileBuffers
0x4100b8 HeapFree
0x4100bc EncodePointer
0x4100c0 DecodePointer
0x4100c4 ExitProcess
0x4100c8 GetModuleHandleExW
0x4100cc MultiByteToWideChar
0x4100d0 WideCharToMultiByte
0x4100d4 GetCommandLineA
0x4100d8 RaiseException
0x4100dc RtlUnwind
0x4100e0 IsProcessorFeaturePresent
0x4100e4 IsValidCodePage
0x4100e8 GetACP
0x4100ec GetCPInfo
0x4100f0 GetCurrentThreadId
0x4100f4 IsDebuggerPresent
0x4100f8 GetProcessHeap
0x4100fc HeapSize
0x410100 EnterCriticalSection
0x410104 LeaveCriticalSection
0x410108 ReadFile
0x41010c GetConsoleMode
0x410110 ReadConsoleW
0x410114 GetStdHandle
0x410118 GetFileType
0x41011c DeleteCriticalSection
0x410120 GetStartupInfoW
0x410124 CloseHandle
0x410128 UnhandledExceptionFilter
0x41012c SetUnhandledExceptionFilter
0x410130 InitializeCriticalSectionAndSpinCount
0x410134 Sleep
0x410138 GetCurrentProcess
0x41013c TerminateProcess
0x410140 TlsAlloc
0x410144 TlsGetValue
0x410148 TlsSetValue
0x41014c TlsFree
0x410150 GetModuleHandleW
0x410154 WriteFile
0x410158 GetModuleFileNameW
0x41015c LoadLibraryExW
0x410160 HeapAlloc
0x410164 QueryPerformanceCounter
0x410168 GetSystemTimeAsFileTime
0x41016c GetEnvironmentStringsW
0x410170 FreeEnvironmentStringsW
0x410174 GetStringTypeW
0x410178 HeapReAlloc
0x41017c SetFilePointerEx
0x410180 LCMapStringW
0x410184 GetConsoleCP
0x410188 CreateFileW
GDI32.dll
0x410008 GetCharacterPlacementW
ADVAPI32.dll
0x410000 DeregisterEventSource
WINHTTP.dll
0x410190 WinHttpConnect
EAT(Export Address Table) is none