ScreenShot
| Created | 2024.04.23 11:19 | Machine | s1_win7_x6403 |
| Filename | mmfd.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetectMalware, Malicious, score, GenericKD, unsafe, Attribute, HighConfidence, high confidence, a variant of Python, AGen, GameThief, Worgtop, CLOUD, Redcap, pztbr, AMADEY, YXEDUZ, Gensteal, Znyonm, Detected, ai score=80, Wacatac, Acll, ABRisk, ZAHY, GdSda, Snkl, FBStealer, y76knCQZjNU, Static AI, Malicious PE, susgen, Python) | ||
| md5 | bbf48f853fcf1d291cfbc0dfd522e75e | ||
| sha256 | 9d7c3c799288ea3717fc76d09e84e9e2db4853f59e7b2c07b782af4a97aaaa1b | ||
| ssdeep | 196608:qsAlP3Zobseq6ERnze72k7nrWHkDC3qZqIJ/IFftp6WnXPCE7BWPRNi:qsCpoSvRnze72orWHEpqVtpGE7Bw | ||
| imphash | e44f44f1060dd800fd861c4e5ad59e21 | ||
| impfuzzy | 48:p8XOst9nR3nM+kNPlslEJGp6qJ8k3k1vkqqssXh:eXdth9nMrNPlYEJGph6k3mkqqs2 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| watch | Drops a binary and executes it |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
Rules (17cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | ftp_command | ftp command | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | wget_command | wget command | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140035360 CloseHandle
0x140035368 CopyFileW
0x140035370 CreateDirectoryW
0x140035378 CreateFileMappingW
0x140035380 CreateFileW
0x140035388 CreateProcessW
0x140035390 DeleteCriticalSection
0x140035398 DeleteFileW
0x1400353a0 EnterCriticalSection
0x1400353a8 FindResourceA
0x1400353b0 FormatMessageA
0x1400353b8 FreeLibrary
0x1400353c0 GenerateConsoleCtrlEvent
0x1400353c8 GetCommandLineW
0x1400353d0 GetCurrentProcessId
0x1400353d8 GetEnvironmentVariableW
0x1400353e0 GetExitCodeProcess
0x1400353e8 GetFileAttributesW
0x1400353f0 GetFileSize
0x1400353f8 GetLastError
0x140035400 GetModuleFileNameW
0x140035408 GetModuleHandleA
0x140035410 GetProcAddress
0x140035418 GetProcessId
0x140035420 GetStartupInfoW
0x140035428 GetSystemTimeAsFileTime
0x140035430 GetTempPathW
0x140035438 InitializeCriticalSection
0x140035440 IsDBCSLeadByteEx
0x140035448 LeaveCriticalSection
0x140035450 LoadLibraryA
0x140035458 LoadResource
0x140035460 LockResource
0x140035468 MapViewOfFile
0x140035470 MultiByteToWideChar
0x140035478 ReadFile
0x140035480 SetConsoleCtrlHandler
0x140035488 SetEnvironmentVariableW
0x140035490 SetUnhandledExceptionFilter
0x140035498 SizeofResource
0x1400354a0 Sleep
0x1400354a8 TerminateProcess
0x1400354b0 TlsGetValue
0x1400354b8 UnmapViewOfFile
0x1400354c0 VirtualProtect
0x1400354c8 VirtualQuery
0x1400354d0 WaitForSingleObject
0x1400354d8 WideCharToMultiByte
0x1400354e0 WriteFile
msvcrt.dll
0x1400354f0 __C_specific_handler
0x1400354f8 ___lc_codepage_func
0x140035500 ___mb_cur_max_func
0x140035508 __iob_func
0x140035510 __set_app_type
0x140035518 __setusermatherr
0x140035520 __wargv
0x140035528 __wgetmainargs
0x140035530 __winitenv
0x140035538 _amsg_exit
0x140035540 _cexit
0x140035548 _commode
0x140035550 _errno
0x140035558 _fmode
0x140035560 _initterm
0x140035568 _lock
0x140035570 _onexit
0x140035578 _unlock
0x140035580 _wcmdln
0x140035588 _wcsdup
0x140035590 _wcsicmp
0x140035598 _wrename
0x1400355a0 abort
0x1400355a8 calloc
0x1400355b0 exit
0x1400355b8 fprintf
0x1400355c0 fputc
0x1400355c8 free
0x1400355d0 fwrite
0x1400355d8 localeconv
0x1400355e0 malloc
0x1400355e8 mbstowcs
0x1400355f0 memcpy
0x1400355f8 memmove
0x140035600 memset
0x140035608 puts
0x140035610 signal
0x140035618 strerror
0x140035620 strlen
0x140035628 strncmp
0x140035630 vfprintf
0x140035638 wcscmp
0x140035640 wcslen
0x140035648 wcsncmp
SHELL32.dll
0x140035658 SHFileOperationW
0x140035660 SHGetFolderPathW
EAT(Export Address Table) is none
KERNEL32.dll
0x140035360 CloseHandle
0x140035368 CopyFileW
0x140035370 CreateDirectoryW
0x140035378 CreateFileMappingW
0x140035380 CreateFileW
0x140035388 CreateProcessW
0x140035390 DeleteCriticalSection
0x140035398 DeleteFileW
0x1400353a0 EnterCriticalSection
0x1400353a8 FindResourceA
0x1400353b0 FormatMessageA
0x1400353b8 FreeLibrary
0x1400353c0 GenerateConsoleCtrlEvent
0x1400353c8 GetCommandLineW
0x1400353d0 GetCurrentProcessId
0x1400353d8 GetEnvironmentVariableW
0x1400353e0 GetExitCodeProcess
0x1400353e8 GetFileAttributesW
0x1400353f0 GetFileSize
0x1400353f8 GetLastError
0x140035400 GetModuleFileNameW
0x140035408 GetModuleHandleA
0x140035410 GetProcAddress
0x140035418 GetProcessId
0x140035420 GetStartupInfoW
0x140035428 GetSystemTimeAsFileTime
0x140035430 GetTempPathW
0x140035438 InitializeCriticalSection
0x140035440 IsDBCSLeadByteEx
0x140035448 LeaveCriticalSection
0x140035450 LoadLibraryA
0x140035458 LoadResource
0x140035460 LockResource
0x140035468 MapViewOfFile
0x140035470 MultiByteToWideChar
0x140035478 ReadFile
0x140035480 SetConsoleCtrlHandler
0x140035488 SetEnvironmentVariableW
0x140035490 SetUnhandledExceptionFilter
0x140035498 SizeofResource
0x1400354a0 Sleep
0x1400354a8 TerminateProcess
0x1400354b0 TlsGetValue
0x1400354b8 UnmapViewOfFile
0x1400354c0 VirtualProtect
0x1400354c8 VirtualQuery
0x1400354d0 WaitForSingleObject
0x1400354d8 WideCharToMultiByte
0x1400354e0 WriteFile
msvcrt.dll
0x1400354f0 __C_specific_handler
0x1400354f8 ___lc_codepage_func
0x140035500 ___mb_cur_max_func
0x140035508 __iob_func
0x140035510 __set_app_type
0x140035518 __setusermatherr
0x140035520 __wargv
0x140035528 __wgetmainargs
0x140035530 __winitenv
0x140035538 _amsg_exit
0x140035540 _cexit
0x140035548 _commode
0x140035550 _errno
0x140035558 _fmode
0x140035560 _initterm
0x140035568 _lock
0x140035570 _onexit
0x140035578 _unlock
0x140035580 _wcmdln
0x140035588 _wcsdup
0x140035590 _wcsicmp
0x140035598 _wrename
0x1400355a0 abort
0x1400355a8 calloc
0x1400355b0 exit
0x1400355b8 fprintf
0x1400355c0 fputc
0x1400355c8 free
0x1400355d0 fwrite
0x1400355d8 localeconv
0x1400355e0 malloc
0x1400355e8 mbstowcs
0x1400355f0 memcpy
0x1400355f8 memmove
0x140035600 memset
0x140035608 puts
0x140035610 signal
0x140035618 strerror
0x140035620 strlen
0x140035628 strncmp
0x140035630 vfprintf
0x140035638 wcscmp
0x140035640 wcslen
0x140035648 wcsncmp
SHELL32.dll
0x140035658 SHFileOperationW
0x140035660 SHGetFolderPathW
EAT(Export Address Table) is none