ScreenShot
| Created | 2024.04.30 07:37 | Machine | s1_win7_x6401 |
| Filename | Iss.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (AIDetectMalware, Strab, Malicious, score, Lockbit, FakeAlert, unsafe, Save, Attribute, HighConfidence, high confidence, Kryptik, HWYM, Artemis, PWSX, Windigo, Redcap, Generic@AI, RDML, 8m1Bs2KzPaoFl2shXi9BeA, taqao, Siggen3, SMOKELOADER, YXED3Z, moderate, Krypt, Detected, ai score=87, Convagent, Sabsik, Znyonm, 1LAM9V, Eldorado, R646608, ZexaF, xq0@aOSU, Static AI, Suspicious PE, susgen, HCOV) | ||
| md5 | 955211d8050bb619846140050fe5b6da | ||
| sha256 | 2a516f2c1ae4b409339a9e1e32ebc5938cbfd1d9dddcbdd4c0743c99610dcba2 | ||
| ssdeep | 6144:svcjKhk/i+a/jkgxDyLoxUcIIYteyvV//4NOxNxDiIMPUZIN:WUa/j1FHUfIsYgNDfMPH | ||
| imphash | bf1070ba79872e55c98c6b1c44ebbf3c | ||
| impfuzzy | 24:NuRsOSF9bD7LT5+uEPvbzztOovEG1tQlpQFBRyv9h/J3ISRT4ljMCc1l79oFZE:xOSFTOPXkVG1tgl9jTcDc1zoF6 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40c008 SetFirmwareEnvironmentVariableA
0x40c00c GetModuleHandleW
0x40c010 GetProcessHeap
0x40c014 ReadConsoleW
0x40c018 GetDateFormatA
0x40c01c SetCommState
0x40c020 GetSystemTimes
0x40c024 GetVolumeInformationA
0x40c028 IsBadCodePtr
0x40c02c lstrcpynW
0x40c030 GetModuleFileNameW
0x40c034 FindFirstFileExA
0x40c038 GetProcAddress
0x40c03c GetLocaleInfoA
0x40c040 LoadLibraryA
0x40c044 LocalAlloc
0x40c048 SetConsoleCtrlHandler
0x40c04c SetCurrentDirectoryW
0x40c050 SetConsoleTitleW
0x40c054 FreeEnvironmentStringsW
0x40c058 BuildCommDCBA
0x40c05c GetCurrentDirectoryA
0x40c060 ScrollConsoleScreenBufferA
0x40c064 FindAtomW
0x40c068 SetFileAttributesW
0x40c06c SetFileApisToOEM
0x40c070 EnumCalendarInfoA
0x40c074 GetCommandLineA
0x40c078 GetStartupInfoA
0x40c07c RaiseException
0x40c080 RtlUnwind
0x40c084 TerminateProcess
0x40c088 GetCurrentProcess
0x40c08c UnhandledExceptionFilter
0x40c090 SetUnhandledExceptionFilter
0x40c094 IsDebuggerPresent
0x40c098 HeapAlloc
0x40c09c GetLastError
0x40c0a0 HeapFree
0x40c0a4 Sleep
0x40c0a8 ExitProcess
0x40c0ac WriteFile
0x40c0b0 GetStdHandle
0x40c0b4 GetModuleFileNameA
0x40c0b8 FreeEnvironmentStringsA
0x40c0bc GetEnvironmentStrings
0x40c0c0 WideCharToMultiByte
0x40c0c4 GetEnvironmentStringsW
0x40c0c8 SetHandleCount
0x40c0cc GetFileType
0x40c0d0 DeleteCriticalSection
0x40c0d4 TlsGetValue
0x40c0d8 TlsAlloc
0x40c0dc TlsSetValue
0x40c0e0 TlsFree
0x40c0e4 InterlockedIncrement
0x40c0e8 SetLastError
0x40c0ec GetCurrentThreadId
0x40c0f0 InterlockedDecrement
0x40c0f4 HeapCreate
0x40c0f8 VirtualFree
0x40c0fc QueryPerformanceCounter
0x40c100 GetTickCount
0x40c104 GetCurrentProcessId
0x40c108 GetSystemTimeAsFileTime
0x40c10c SetFilePointer
0x40c110 GetConsoleCP
0x40c114 GetConsoleMode
0x40c118 EnterCriticalSection
0x40c11c LeaveCriticalSection
0x40c120 GetCPInfo
0x40c124 GetACP
0x40c128 GetOEMCP
0x40c12c IsValidCodePage
0x40c130 VirtualAlloc
0x40c134 HeapReAlloc
0x40c138 HeapSize
0x40c13c InitializeCriticalSectionAndSpinCount
0x40c140 SetStdHandle
0x40c144 WriteConsoleA
0x40c148 GetConsoleOutputCP
0x40c14c WriteConsoleW
0x40c150 MultiByteToWideChar
0x40c154 LCMapStringA
0x40c158 LCMapStringW
0x40c15c GetStringTypeA
0x40c160 GetStringTypeW
0x40c164 CreateFileA
0x40c168 CloseHandle
0x40c16c FlushFileBuffers
USER32.dll
0x40c174 GetProcessDefaultLayout
ADVAPI32.dll
0x40c000 ReadEventLogA
EAT(Export Address Table) is none
KERNEL32.dll
0x40c008 SetFirmwareEnvironmentVariableA
0x40c00c GetModuleHandleW
0x40c010 GetProcessHeap
0x40c014 ReadConsoleW
0x40c018 GetDateFormatA
0x40c01c SetCommState
0x40c020 GetSystemTimes
0x40c024 GetVolumeInformationA
0x40c028 IsBadCodePtr
0x40c02c lstrcpynW
0x40c030 GetModuleFileNameW
0x40c034 FindFirstFileExA
0x40c038 GetProcAddress
0x40c03c GetLocaleInfoA
0x40c040 LoadLibraryA
0x40c044 LocalAlloc
0x40c048 SetConsoleCtrlHandler
0x40c04c SetCurrentDirectoryW
0x40c050 SetConsoleTitleW
0x40c054 FreeEnvironmentStringsW
0x40c058 BuildCommDCBA
0x40c05c GetCurrentDirectoryA
0x40c060 ScrollConsoleScreenBufferA
0x40c064 FindAtomW
0x40c068 SetFileAttributesW
0x40c06c SetFileApisToOEM
0x40c070 EnumCalendarInfoA
0x40c074 GetCommandLineA
0x40c078 GetStartupInfoA
0x40c07c RaiseException
0x40c080 RtlUnwind
0x40c084 TerminateProcess
0x40c088 GetCurrentProcess
0x40c08c UnhandledExceptionFilter
0x40c090 SetUnhandledExceptionFilter
0x40c094 IsDebuggerPresent
0x40c098 HeapAlloc
0x40c09c GetLastError
0x40c0a0 HeapFree
0x40c0a4 Sleep
0x40c0a8 ExitProcess
0x40c0ac WriteFile
0x40c0b0 GetStdHandle
0x40c0b4 GetModuleFileNameA
0x40c0b8 FreeEnvironmentStringsA
0x40c0bc GetEnvironmentStrings
0x40c0c0 WideCharToMultiByte
0x40c0c4 GetEnvironmentStringsW
0x40c0c8 SetHandleCount
0x40c0cc GetFileType
0x40c0d0 DeleteCriticalSection
0x40c0d4 TlsGetValue
0x40c0d8 TlsAlloc
0x40c0dc TlsSetValue
0x40c0e0 TlsFree
0x40c0e4 InterlockedIncrement
0x40c0e8 SetLastError
0x40c0ec GetCurrentThreadId
0x40c0f0 InterlockedDecrement
0x40c0f4 HeapCreate
0x40c0f8 VirtualFree
0x40c0fc QueryPerformanceCounter
0x40c100 GetTickCount
0x40c104 GetCurrentProcessId
0x40c108 GetSystemTimeAsFileTime
0x40c10c SetFilePointer
0x40c110 GetConsoleCP
0x40c114 GetConsoleMode
0x40c118 EnterCriticalSection
0x40c11c LeaveCriticalSection
0x40c120 GetCPInfo
0x40c124 GetACP
0x40c128 GetOEMCP
0x40c12c IsValidCodePage
0x40c130 VirtualAlloc
0x40c134 HeapReAlloc
0x40c138 HeapSize
0x40c13c InitializeCriticalSectionAndSpinCount
0x40c140 SetStdHandle
0x40c144 WriteConsoleA
0x40c148 GetConsoleOutputCP
0x40c14c WriteConsoleW
0x40c150 MultiByteToWideChar
0x40c154 LCMapStringA
0x40c158 LCMapStringW
0x40c15c GetStringTypeA
0x40c160 GetStringTypeW
0x40c164 CreateFileA
0x40c168 CloseHandle
0x40c16c FlushFileBuffers
USER32.dll
0x40c174 GetProcessDefaultLayout
ADVAPI32.dll
0x40c000 ReadEventLogA
EAT(Export Address Table) is none