ScreenShot
| Created | 2024.04.30 07:35 | Machine | s1_win7_x6401 |
| Filename | lb.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 63 detected (AIDetectMalware, Lockbit, tsu4, Malicious, score, S29768538, Infected, unsafe, Save, LockBit30, Emotet, Windows, Ransomware, Filecoder, BlackMatter, GenericRXVB, ccmw, CLASSIC, ZeroAccess, Gen7, R06FC0DDQ24, high, Crypmodng, Detected, ai score=83, ABRisk, PFJA, Kryptik, R646105, GdSda, Rr0XixrjzqM, Static AI, Malicious PE, Conwise, x1glab) | ||
| md5 | 6fd558cf3add096970e15d1e62ca1957 | ||
| sha256 | 41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898 | ||
| ssdeep | 3072:n6glyuxE4GsUPnliByocWepMhJL4BFkTGX:n6gDBGpvEByocWeyhJL4UK | ||
| imphash | 41fb8cb2943df6de998b35a9d28668e8 | ||
| impfuzzy | 12:J9WMjUYA/mlAaByBaWtJT14yFE6BJNCQ6UaJjAGtbJpOGOovC:JpAYA/KAaBSvR14yFEkJNCQ6UaJjtFpE | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 63 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | BlackMatter_Ransomware_IN | BlackMatter Ransomware | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
gdi32.dll
0x41a050 SetPixel
0x41a054 SetDCBrushColor
0x41a058 SelectPalette
0x41a05c GetTextColor
0x41a060 GetDeviceCaps
0x41a064 CreateSolidBrush
USER32.dll
0x41a020 DefWindowProcW
0x41a024 CreateMenu
0x41a028 EndDialog
0x41a02c GetDlgItem
0x41a030 GetKeyNameTextW
0x41a034 GetMessageW
0x41a038 GetWindowTextW
0x41a03c IsDlgButtonChecked
0x41a040 LoadImageW
0x41a044 LoadMenuW
0x41a048 DialogBoxParamW
KERNEL32.dll
0x41a000 SetLastError
0x41a004 LoadLibraryW
0x41a008 GetTickCount
0x41a00c GetLastError
0x41a010 GetCommandLineW
0x41a014 GetCommandLineA
0x41a018 FreeLibrary
EAT(Export Address Table) is none
gdi32.dll
0x41a050 SetPixel
0x41a054 SetDCBrushColor
0x41a058 SelectPalette
0x41a05c GetTextColor
0x41a060 GetDeviceCaps
0x41a064 CreateSolidBrush
USER32.dll
0x41a020 DefWindowProcW
0x41a024 CreateMenu
0x41a028 EndDialog
0x41a02c GetDlgItem
0x41a030 GetKeyNameTextW
0x41a034 GetMessageW
0x41a038 GetWindowTextW
0x41a03c IsDlgButtonChecked
0x41a040 LoadImageW
0x41a044 LoadMenuW
0x41a048 DialogBoxParamW
KERNEL32.dll
0x41a000 SetLastError
0x41a004 LoadLibraryW
0x41a008 GetTickCount
0x41a00c GetLastError
0x41a010 GetCommandLineW
0x41a014 GetCommandLineA
0x41a018 FreeLibrary
EAT(Export Address Table) is none