ScreenShot
| Created | 2024.04.30 09:52 | Machine | s1_win7_x6403 |
| Filename | LPE_ALL.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetectMalware, Artemis, unsafe, Vl8a, GenericKD, Attribute, HighConfidence, malicious, moderate confidence, CVE-2018-8639, CLASSIC, CVE-2020-1886, CVE20188639, Hacktool, Detected, ai score=88, Zpevdo, ABRisk, HKUR) | ||
| md5 | fc36ebc7382bec2df0e88995a1cec452 | ||
| sha256 | 38754abb186abcbde27381e5fe69a510152311dcfffd9afa192a4fc9ec56e9e4 | ||
| ssdeep | 12288:Er/7+R/dYRdLh2ujJmix5l2LoB0QCc0DiXhjgVBjvb9cUZt5D/:o61dYjh2ujl72LoVv3gVBJ5 | ||
| imphash | a5b8572997ccada7d65a9861acf89920 | ||
| impfuzzy | 48:jXpnLg6tyA/l0v/1jNgcIdtEO9mcAMopGW3dhuFZGN:jX9OnfgcIdtEO9mZMopGnQ | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | Creates a suspicious process |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x1401cf480 SetThreadDesktop
0x1401cf488 SetClassLongPtrA
0x1401cf490 DestroyAcceleratorTable
0x1401cf498 CreateAcceleratorTableW
0x1401cf4a0 DestroyWindow
0x1401cf4a8 CreateWindowExA
0x1401cf4b0 RegisterClassExA
0x1401cf4b8 DefWindowProcA
0x1401cf4c0 CloseDesktop
0x1401cf4c8 CreateDesktopA
GDI32.dll
0x1401cf000 GetPaletteEntries
0x1401cf008 DeleteObject
0x1401cf010 DeleteDC
0x1401cf018 CreatePalette
0x1401cf020 CreateCompatibleDC
0x1401cf028 SetPaletteEntries
KERNEL32.dll
0x1401cf090 GetConsoleCP
0x1401cf098 GetConsoleMode
0x1401cf0a0 HeapQueryInformation
0x1401cf0a8 HeapReAlloc
0x1401cf0b0 GetFileSizeEx
0x1401cf0b8 SetFilePointerEx
0x1401cf0c0 ReadFile
0x1401cf0c8 ReadConsoleW
0x1401cf0d0 CreateFileW
0x1401cf0d8 FlushFileBuffers
0x1401cf0e0 LeaveCriticalSection
0x1401cf0e8 GetCurrentProcess
0x1401cf0f0 GetCurrentProcessId
0x1401cf0f8 ExitProcess
0x1401cf100 CreateProcessA
0x1401cf108 SetPriorityClass
0x1401cf110 FreeLibrary
0x1401cf118 GetModuleHandleA
0x1401cf120 GetProcAddress
0x1401cf128 LoadLibraryA
0x1401cf130 GetStringTypeW
0x1401cf138 RtlCaptureContext
0x1401cf140 RtlLookupFunctionEntry
0x1401cf148 RtlVirtualUnwind
0x1401cf150 UnhandledExceptionFilter
0x1401cf158 SetUnhandledExceptionFilter
0x1401cf160 TerminateProcess
0x1401cf168 IsProcessorFeaturePresent
0x1401cf170 GetCurrentThreadId
0x1401cf178 IsDebuggerPresent
0x1401cf180 RaiseException
0x1401cf188 MultiByteToWideChar
0x1401cf190 WideCharToMultiByte
0x1401cf198 QueryPerformanceCounter
0x1401cf1a0 GetSystemTimeAsFileTime
0x1401cf1a8 InitializeSListHead
0x1401cf1b0 GetStartupInfoW
0x1401cf1b8 GetModuleHandleW
0x1401cf1c0 GetLastError
0x1401cf1c8 HeapAlloc
0x1401cf1d0 HeapFree
0x1401cf1d8 GetProcessHeap
0x1401cf1e0 VirtualQuery
0x1401cf1e8 RtlUnwindEx
0x1401cf1f0 InterlockedPushEntrySList
0x1401cf1f8 InterlockedFlushSList
0x1401cf200 GetModuleFileNameW
0x1401cf208 LoadLibraryExW
0x1401cf210 SetLastError
0x1401cf218 EnterCriticalSection
0x1401cf220 RtlUnwind
0x1401cf228 DeleteCriticalSection
0x1401cf230 InitializeCriticalSectionAndSpinCount
0x1401cf238 TlsAlloc
0x1401cf240 TlsGetValue
0x1401cf248 TlsSetValue
0x1401cf250 TlsFree
0x1401cf258 EncodePointer
0x1401cf260 RtlPcToFileHeader
0x1401cf268 GetModuleHandleExW
0x1401cf270 GetStdHandle
0x1401cf278 WriteFile
0x1401cf280 GetCommandLineA
0x1401cf288 GetCommandLineW
0x1401cf290 HeapSize
0x1401cf298 HeapValidate
0x1401cf2a0 GetSystemInfo
0x1401cf2a8 GetDateFormatW
0x1401cf2b0 GetTimeFormatW
0x1401cf2b8 CompareStringW
0x1401cf2c0 LCMapStringW
0x1401cf2c8 GetLocaleInfoW
0x1401cf2d0 IsValidLocale
0x1401cf2d8 GetUserDefaultLCID
0x1401cf2e0 EnumSystemLocalesW
0x1401cf2e8 GetFileType
0x1401cf2f0 GetCurrentThread
0x1401cf2f8 CloseHandle
0x1401cf300 WaitForSingleObject
0x1401cf308 GetExitCodeProcess
0x1401cf310 CreateProcessW
0x1401cf318 GetFileAttributesExW
0x1401cf320 OutputDebugStringW
0x1401cf328 WriteConsoleW
0x1401cf330 SetConsoleCtrlHandler
0x1401cf338 FindClose
0x1401cf340 FindFirstFileExW
0x1401cf348 FindNextFileW
0x1401cf350 IsValidCodePage
0x1401cf358 GetACP
0x1401cf360 GetOEMCP
0x1401cf368 GetCPInfo
0x1401cf370 GetEnvironmentStringsW
0x1401cf378 FreeEnvironmentStringsW
0x1401cf380 SetEnvironmentVariableW
0x1401cf388 SetStdHandle
EAT(Export Address Table) is none
USER32.dll
0x1401cf480 SetThreadDesktop
0x1401cf488 SetClassLongPtrA
0x1401cf490 DestroyAcceleratorTable
0x1401cf498 CreateAcceleratorTableW
0x1401cf4a0 DestroyWindow
0x1401cf4a8 CreateWindowExA
0x1401cf4b0 RegisterClassExA
0x1401cf4b8 DefWindowProcA
0x1401cf4c0 CloseDesktop
0x1401cf4c8 CreateDesktopA
GDI32.dll
0x1401cf000 GetPaletteEntries
0x1401cf008 DeleteObject
0x1401cf010 DeleteDC
0x1401cf018 CreatePalette
0x1401cf020 CreateCompatibleDC
0x1401cf028 SetPaletteEntries
KERNEL32.dll
0x1401cf090 GetConsoleCP
0x1401cf098 GetConsoleMode
0x1401cf0a0 HeapQueryInformation
0x1401cf0a8 HeapReAlloc
0x1401cf0b0 GetFileSizeEx
0x1401cf0b8 SetFilePointerEx
0x1401cf0c0 ReadFile
0x1401cf0c8 ReadConsoleW
0x1401cf0d0 CreateFileW
0x1401cf0d8 FlushFileBuffers
0x1401cf0e0 LeaveCriticalSection
0x1401cf0e8 GetCurrentProcess
0x1401cf0f0 GetCurrentProcessId
0x1401cf0f8 ExitProcess
0x1401cf100 CreateProcessA
0x1401cf108 SetPriorityClass
0x1401cf110 FreeLibrary
0x1401cf118 GetModuleHandleA
0x1401cf120 GetProcAddress
0x1401cf128 LoadLibraryA
0x1401cf130 GetStringTypeW
0x1401cf138 RtlCaptureContext
0x1401cf140 RtlLookupFunctionEntry
0x1401cf148 RtlVirtualUnwind
0x1401cf150 UnhandledExceptionFilter
0x1401cf158 SetUnhandledExceptionFilter
0x1401cf160 TerminateProcess
0x1401cf168 IsProcessorFeaturePresent
0x1401cf170 GetCurrentThreadId
0x1401cf178 IsDebuggerPresent
0x1401cf180 RaiseException
0x1401cf188 MultiByteToWideChar
0x1401cf190 WideCharToMultiByte
0x1401cf198 QueryPerformanceCounter
0x1401cf1a0 GetSystemTimeAsFileTime
0x1401cf1a8 InitializeSListHead
0x1401cf1b0 GetStartupInfoW
0x1401cf1b8 GetModuleHandleW
0x1401cf1c0 GetLastError
0x1401cf1c8 HeapAlloc
0x1401cf1d0 HeapFree
0x1401cf1d8 GetProcessHeap
0x1401cf1e0 VirtualQuery
0x1401cf1e8 RtlUnwindEx
0x1401cf1f0 InterlockedPushEntrySList
0x1401cf1f8 InterlockedFlushSList
0x1401cf200 GetModuleFileNameW
0x1401cf208 LoadLibraryExW
0x1401cf210 SetLastError
0x1401cf218 EnterCriticalSection
0x1401cf220 RtlUnwind
0x1401cf228 DeleteCriticalSection
0x1401cf230 InitializeCriticalSectionAndSpinCount
0x1401cf238 TlsAlloc
0x1401cf240 TlsGetValue
0x1401cf248 TlsSetValue
0x1401cf250 TlsFree
0x1401cf258 EncodePointer
0x1401cf260 RtlPcToFileHeader
0x1401cf268 GetModuleHandleExW
0x1401cf270 GetStdHandle
0x1401cf278 WriteFile
0x1401cf280 GetCommandLineA
0x1401cf288 GetCommandLineW
0x1401cf290 HeapSize
0x1401cf298 HeapValidate
0x1401cf2a0 GetSystemInfo
0x1401cf2a8 GetDateFormatW
0x1401cf2b0 GetTimeFormatW
0x1401cf2b8 CompareStringW
0x1401cf2c0 LCMapStringW
0x1401cf2c8 GetLocaleInfoW
0x1401cf2d0 IsValidLocale
0x1401cf2d8 GetUserDefaultLCID
0x1401cf2e0 EnumSystemLocalesW
0x1401cf2e8 GetFileType
0x1401cf2f0 GetCurrentThread
0x1401cf2f8 CloseHandle
0x1401cf300 WaitForSingleObject
0x1401cf308 GetExitCodeProcess
0x1401cf310 CreateProcessW
0x1401cf318 GetFileAttributesExW
0x1401cf320 OutputDebugStringW
0x1401cf328 WriteConsoleW
0x1401cf330 SetConsoleCtrlHandler
0x1401cf338 FindClose
0x1401cf340 FindFirstFileExW
0x1401cf348 FindNextFileW
0x1401cf350 IsValidCodePage
0x1401cf358 GetACP
0x1401cf360 GetOEMCP
0x1401cf368 GetCPInfo
0x1401cf370 GetEnvironmentStringsW
0x1401cf378 FreeEnvironmentStringsW
0x1401cf380 SetEnvironmentVariableW
0x1401cf388 SetStdHandle
EAT(Export Address Table) is none