ScreenShot
| Created | 2024.05.02 07:20 | Machine | s1_win7_x6403 |
| Filename | scg.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 44 detected (AIDetectMalware, Scrop, Malicious, score, unsafe, Vqxk, altk, iawam, USBLDM24, Hershell, Detected, ai score=86, Wacatac, ABRisk, BEWG, Chgt, Gencirc) | ||
| md5 | 9e5e6b8901f999088856e0eb04746864 | ||
| sha256 | 5579422f33e7ffecc0d8f51954a223f8a939c515f07c157221bea021fa492117 | ||
| ssdeep | 98304:3pAONHlGqrX/cjk0Kd3nzw0tcWPaWBzoct/ipANRxI1RvYN/gu1H:3pA+M2vok0KFnzw0tzPocBd6BggGH | ||
| imphash | 1cd364a9e949d5ecebd6c614e64bc545 | ||
| impfuzzy | 12:5ObVj7NkOREXPXJHeOAThTAqAGIR6kW0mDruMzTZGHrYXOeUP:UbVjhkO+VuTdLS6kNmDruMztir6UP | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to create or modify system certificates |
| watch | Detects the presence of Wine emulator |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Collects information to fingerprint the system (MachineGuid |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x8b3020 WriteFile
0x8b3028 WriteConsoleW
0x8b3030 WaitForMultipleObjects
0x8b3038 WaitForSingleObject
0x8b3040 VirtualQuery
0x8b3048 VirtualFree
0x8b3050 VirtualAlloc
0x8b3058 SwitchToThread
0x8b3060 SetWaitableTimer
0x8b3068 SetUnhandledExceptionFilter
0x8b3070 SetProcessPriorityBoost
0x8b3078 SetEvent
0x8b3080 SetErrorMode
0x8b3088 SetConsoleCtrlHandler
0x8b3090 LoadLibraryA
0x8b3098 LoadLibraryW
0x8b30a0 GetSystemInfo
0x8b30a8 GetSystemDirectoryA
0x8b30b0 GetStdHandle
0x8b30b8 GetQueuedCompletionStatus
0x8b30c0 GetProcessAffinityMask
0x8b30c8 GetProcAddress
0x8b30d0 GetEnvironmentStringsW
0x8b30d8 GetConsoleMode
0x8b30e0 FreeEnvironmentStringsW
0x8b30e8 ExitProcess
0x8b30f0 DuplicateHandle
0x8b30f8 CreateThread
0x8b3100 CreateIoCompletionPort
0x8b3108 CreateEventA
0x8b3110 CloseHandle
0x8b3118 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x8b3020 WriteFile
0x8b3028 WriteConsoleW
0x8b3030 WaitForMultipleObjects
0x8b3038 WaitForSingleObject
0x8b3040 VirtualQuery
0x8b3048 VirtualFree
0x8b3050 VirtualAlloc
0x8b3058 SwitchToThread
0x8b3060 SetWaitableTimer
0x8b3068 SetUnhandledExceptionFilter
0x8b3070 SetProcessPriorityBoost
0x8b3078 SetEvent
0x8b3080 SetErrorMode
0x8b3088 SetConsoleCtrlHandler
0x8b3090 LoadLibraryA
0x8b3098 LoadLibraryW
0x8b30a0 GetSystemInfo
0x8b30a8 GetSystemDirectoryA
0x8b30b0 GetStdHandle
0x8b30b8 GetQueuedCompletionStatus
0x8b30c0 GetProcessAffinityMask
0x8b30c8 GetProcAddress
0x8b30d0 GetEnvironmentStringsW
0x8b30d8 GetConsoleMode
0x8b30e0 FreeEnvironmentStringsW
0x8b30e8 ExitProcess
0x8b30f0 DuplicateHandle
0x8b30f8 CreateThread
0x8b3100 CreateIoCompletionPort
0x8b3108 CreateEventA
0x8b3110 CloseHandle
0x8b3118 AddVectoredExceptionHandler
EAT(Export Address Table) is none