ScreenShot
| Created | 2024.05.12 19:12 | Machine | s1_win7_x6403 |
| Filename | 6699.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (AIDetectMalware, Reline, malicious, high confidence, score, Artemis, Zusy, Save, GenericKD, Attribute, HighConfidence, GenKryptik, GXNO, DropperX, TrojanPSW, Generic@AI, RDML, VTYXCj6d7uArmDnkFI2wqw, Kryptik, esayn, RedLineNET, SMOKELOADER, YXEEKZ, high, Krypt, Detected, ai score=86, Stealc, Redline, ABRisk, UUNX, BScope, Genetic, FalseSign, Hplw, Static AI, Malicious PE, susgen) | ||
| md5 | 60f32465f2f1eef8d2a246e71f92497c | ||
| sha256 | b927e42b91a9d16139e8e8dc56b6550590d55a0a0a7ea7614a77ec800f5cb435 | ||
| ssdeep | 6144:t9D7v5zE9dnXgzGX1U11XXSved2HbAeZxnmC54ID23QDesp+:t57+91m1XivZAOx1DChsp+ | ||
| imphash | 7aacbffeaaddbccaf0827a1c7ec218b2 | ||
| impfuzzy | 24:cjv+DR9tMS1+GhlJnc+pl39/AEOovbO3URZHu93vB3GMM:d9tMS1+G5c+ppO3vBi | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x410000 VirtualAlloc
0x410004 WaitForSingleObject
0x410008 GetModuleHandleA
0x41000c FreeConsole
0x410010 CreateThread
0x410014 GetProcAddress
0x410018 ExitProcess
0x41001c UnhandledExceptionFilter
0x410020 SetUnhandledExceptionFilter
0x410024 GetCurrentProcess
0x410028 TerminateProcess
0x41002c IsProcessorFeaturePresent
0x410030 QueryPerformanceCounter
0x410034 GetCurrentProcessId
0x410038 GetCurrentThreadId
0x41003c GetSystemTimeAsFileTime
0x410040 InitializeSListHead
0x410044 IsDebuggerPresent
0x410048 GetStartupInfoW
0x41004c GetModuleHandleW
0x410050 WriteConsoleW
0x410054 RaiseException
0x410058 RtlUnwind
0x41005c GetLastError
0x410060 SetLastError
0x410064 EnterCriticalSection
0x410068 LeaveCriticalSection
0x41006c DeleteCriticalSection
0x410070 InitializeCriticalSectionAndSpinCount
0x410074 TlsAlloc
0x410078 TlsGetValue
0x41007c TlsSetValue
0x410080 TlsFree
0x410084 FreeLibrary
0x410088 LoadLibraryExW
0x41008c EncodePointer
0x410090 GetStdHandle
0x410094 WriteFile
0x410098 GetModuleFileNameW
0x41009c GetModuleHandleExW
0x4100a0 GetCommandLineA
0x4100a4 GetCommandLineW
0x4100a8 HeapAlloc
0x4100ac HeapFree
0x4100b0 FindClose
0x4100b4 FindFirstFileExW
0x4100b8 FindNextFileW
0x4100bc IsValidCodePage
0x4100c0 GetACP
0x4100c4 GetOEMCP
0x4100c8 GetCPInfo
0x4100cc MultiByteToWideChar
0x4100d0 WideCharToMultiByte
0x4100d4 GetEnvironmentStringsW
0x4100d8 FreeEnvironmentStringsW
0x4100dc SetEnvironmentVariableW
0x4100e0 SetStdHandle
0x4100e4 GetFileType
0x4100e8 GetStringTypeW
0x4100ec CompareStringW
0x4100f0 LCMapStringW
0x4100f4 GetProcessHeap
0x4100f8 HeapSize
0x4100fc HeapReAlloc
0x410100 FlushFileBuffers
0x410104 GetConsoleOutputCP
0x410108 GetConsoleMode
0x41010c SetFilePointerEx
0x410110 CreateFileW
0x410114 CloseHandle
0x410118 DecodePointer
EAT(Export Address Table) is none
KERNEL32.dll
0x410000 VirtualAlloc
0x410004 WaitForSingleObject
0x410008 GetModuleHandleA
0x41000c FreeConsole
0x410010 CreateThread
0x410014 GetProcAddress
0x410018 ExitProcess
0x41001c UnhandledExceptionFilter
0x410020 SetUnhandledExceptionFilter
0x410024 GetCurrentProcess
0x410028 TerminateProcess
0x41002c IsProcessorFeaturePresent
0x410030 QueryPerformanceCounter
0x410034 GetCurrentProcessId
0x410038 GetCurrentThreadId
0x41003c GetSystemTimeAsFileTime
0x410040 InitializeSListHead
0x410044 IsDebuggerPresent
0x410048 GetStartupInfoW
0x41004c GetModuleHandleW
0x410050 WriteConsoleW
0x410054 RaiseException
0x410058 RtlUnwind
0x41005c GetLastError
0x410060 SetLastError
0x410064 EnterCriticalSection
0x410068 LeaveCriticalSection
0x41006c DeleteCriticalSection
0x410070 InitializeCriticalSectionAndSpinCount
0x410074 TlsAlloc
0x410078 TlsGetValue
0x41007c TlsSetValue
0x410080 TlsFree
0x410084 FreeLibrary
0x410088 LoadLibraryExW
0x41008c EncodePointer
0x410090 GetStdHandle
0x410094 WriteFile
0x410098 GetModuleFileNameW
0x41009c GetModuleHandleExW
0x4100a0 GetCommandLineA
0x4100a4 GetCommandLineW
0x4100a8 HeapAlloc
0x4100ac HeapFree
0x4100b0 FindClose
0x4100b4 FindFirstFileExW
0x4100b8 FindNextFileW
0x4100bc IsValidCodePage
0x4100c0 GetACP
0x4100c4 GetOEMCP
0x4100c8 GetCPInfo
0x4100cc MultiByteToWideChar
0x4100d0 WideCharToMultiByte
0x4100d4 GetEnvironmentStringsW
0x4100d8 FreeEnvironmentStringsW
0x4100dc SetEnvironmentVariableW
0x4100e0 SetStdHandle
0x4100e4 GetFileType
0x4100e8 GetStringTypeW
0x4100ec CompareStringW
0x4100f0 LCMapStringW
0x4100f4 GetProcessHeap
0x4100f8 HeapSize
0x4100fc HeapReAlloc
0x410100 FlushFileBuffers
0x410104 GetConsoleOutputCP
0x410108 GetConsoleMode
0x41010c SetFilePointerEx
0x410110 CreateFileW
0x410114 CloseHandle
0x410118 DecodePointer
EAT(Export Address Table) is none