ScreenShot
| Created | 2024.05.16 07:34 | Machine | s1_win7_x6403 |
| Filename | kub54.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 35 detected (AIDetectMalware, malicious, high confidence, score, PUPXAC, unsafe, Save, Stealc, Attribute, HighConfidence, Artemis, TrojanX, Ransomware, Stop, Mokes, Generic@AI, RDML, 3ZFpLrZ1TuHY9al7AcY, high, Krypt, Raccoon, Detected, Caynamer, FakeAlert, Eldorado, ZexaF, mq0@aClY1LaG, BScope, Convagent, Static AI, Suspicious PE, susgen, Kryptik, GYYS) | ||
| md5 | f5db5ea5dc2a7675f2060a03dc46b49a | ||
| sha256 | 31d4ac5b0f1068f18c1d627a90db41f63094d3cb4921b1eed02450c7c8b84fe2 | ||
| ssdeep | 3072:bM6Vzzphxp3OKorZTAGUctD8IWobX5QMJ601jtd:rhEKGAQII9SUL | ||
| imphash | a2acb5ca17c091b2cf1bb128938cbf30 | ||
| impfuzzy | 24:rKkbG2SF+fR+r1JvGzJcDaXgdpgmEppLOovttgcfdYYJKXlOFBRyv0T4ljMIdYbI:S1oZ+LOBgApp6ktgcfxCt0c9G8j | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40c000 EnumCalendarInfoA
0x40c004 InterlockedIncrement
0x40c008 SetDefaultCommConfigW
0x40c00c SetConsoleScreenBufferSize
0x40c010 GetModuleHandleW
0x40c014 GetProcessHeap
0x40c018 IsBadReadPtr
0x40c01c GetSystemTimes
0x40c020 GlobalAlloc
0x40c024 Sleep
0x40c028 GetFileAttributesA
0x40c02c lstrcpynW
0x40c030 CompareStringW
0x40c034 SetConsoleTitleA
0x40c038 SetCurrentDirectoryA
0x40c03c GetCurrentDirectoryW
0x40c040 GetLongPathNameW
0x40c044 SetLastError
0x40c048 GetProcAddress
0x40c04c GetConsoleDisplayMode
0x40c050 BuildCommDCBW
0x40c054 SetFileApisToOEM
0x40c058 LoadLibraryA
0x40c05c WriteConsoleA
0x40c060 AddAtomW
0x40c064 FindNextChangeNotification
0x40c068 OpenJobObjectW
0x40c06c FindAtomA
0x40c070 FreeEnvironmentStringsW
0x40c074 BuildCommDCBA
0x40c078 PurgeComm
0x40c07c EnumDateFormatsW
0x40c080 SetCalendarInfoA
0x40c084 GetSystemTime
0x40c088 HeapAlloc
0x40c08c ExitProcess
0x40c090 GetCommandLineA
0x40c094 GetStartupInfoA
0x40c098 TerminateProcess
0x40c09c GetCurrentProcess
0x40c0a0 UnhandledExceptionFilter
0x40c0a4 SetUnhandledExceptionFilter
0x40c0a8 IsDebuggerPresent
0x40c0ac DeleteCriticalSection
0x40c0b0 LeaveCriticalSection
0x40c0b4 EnterCriticalSection
0x40c0b8 HeapFree
0x40c0bc VirtualFree
0x40c0c0 VirtualAlloc
0x40c0c4 HeapReAlloc
0x40c0c8 HeapCreate
0x40c0cc WriteFile
0x40c0d0 GetStdHandle
0x40c0d4 GetModuleFileNameA
0x40c0d8 TlsGetValue
0x40c0dc TlsAlloc
0x40c0e0 TlsSetValue
0x40c0e4 TlsFree
0x40c0e8 GetCurrentThreadId
0x40c0ec GetLastError
0x40c0f0 InterlockedDecrement
0x40c0f4 InitializeCriticalSectionAndSpinCount
0x40c0f8 FreeEnvironmentStringsA
0x40c0fc GetEnvironmentStrings
0x40c100 WideCharToMultiByte
0x40c104 GetEnvironmentStringsW
0x40c108 SetHandleCount
0x40c10c GetFileType
0x40c110 QueryPerformanceCounter
0x40c114 GetTickCount
0x40c118 GetCurrentProcessId
0x40c11c GetSystemTimeAsFileTime
0x40c120 SetFilePointer
0x40c124 GetConsoleCP
0x40c128 GetConsoleMode
0x40c12c GetCPInfo
0x40c130 GetACP
0x40c134 GetOEMCP
0x40c138 IsValidCodePage
0x40c13c RtlUnwind
0x40c140 MultiByteToWideChar
0x40c144 HeapSize
0x40c148 GetLocaleInfoA
0x40c14c SetStdHandle
0x40c150 GetConsoleOutputCP
0x40c154 WriteConsoleW
0x40c158 LCMapStringA
0x40c15c LCMapStringW
0x40c160 GetStringTypeA
0x40c164 GetStringTypeW
0x40c168 FlushFileBuffers
0x40c16c ReadFile
0x40c170 CreateFileA
0x40c174 CloseHandle
USER32.dll
0x40c17c SetActiveWindow
EAT(Export Address Table) is none
KERNEL32.dll
0x40c000 EnumCalendarInfoA
0x40c004 InterlockedIncrement
0x40c008 SetDefaultCommConfigW
0x40c00c SetConsoleScreenBufferSize
0x40c010 GetModuleHandleW
0x40c014 GetProcessHeap
0x40c018 IsBadReadPtr
0x40c01c GetSystemTimes
0x40c020 GlobalAlloc
0x40c024 Sleep
0x40c028 GetFileAttributesA
0x40c02c lstrcpynW
0x40c030 CompareStringW
0x40c034 SetConsoleTitleA
0x40c038 SetCurrentDirectoryA
0x40c03c GetCurrentDirectoryW
0x40c040 GetLongPathNameW
0x40c044 SetLastError
0x40c048 GetProcAddress
0x40c04c GetConsoleDisplayMode
0x40c050 BuildCommDCBW
0x40c054 SetFileApisToOEM
0x40c058 LoadLibraryA
0x40c05c WriteConsoleA
0x40c060 AddAtomW
0x40c064 FindNextChangeNotification
0x40c068 OpenJobObjectW
0x40c06c FindAtomA
0x40c070 FreeEnvironmentStringsW
0x40c074 BuildCommDCBA
0x40c078 PurgeComm
0x40c07c EnumDateFormatsW
0x40c080 SetCalendarInfoA
0x40c084 GetSystemTime
0x40c088 HeapAlloc
0x40c08c ExitProcess
0x40c090 GetCommandLineA
0x40c094 GetStartupInfoA
0x40c098 TerminateProcess
0x40c09c GetCurrentProcess
0x40c0a0 UnhandledExceptionFilter
0x40c0a4 SetUnhandledExceptionFilter
0x40c0a8 IsDebuggerPresent
0x40c0ac DeleteCriticalSection
0x40c0b0 LeaveCriticalSection
0x40c0b4 EnterCriticalSection
0x40c0b8 HeapFree
0x40c0bc VirtualFree
0x40c0c0 VirtualAlloc
0x40c0c4 HeapReAlloc
0x40c0c8 HeapCreate
0x40c0cc WriteFile
0x40c0d0 GetStdHandle
0x40c0d4 GetModuleFileNameA
0x40c0d8 TlsGetValue
0x40c0dc TlsAlloc
0x40c0e0 TlsSetValue
0x40c0e4 TlsFree
0x40c0e8 GetCurrentThreadId
0x40c0ec GetLastError
0x40c0f0 InterlockedDecrement
0x40c0f4 InitializeCriticalSectionAndSpinCount
0x40c0f8 FreeEnvironmentStringsA
0x40c0fc GetEnvironmentStrings
0x40c100 WideCharToMultiByte
0x40c104 GetEnvironmentStringsW
0x40c108 SetHandleCount
0x40c10c GetFileType
0x40c110 QueryPerformanceCounter
0x40c114 GetTickCount
0x40c118 GetCurrentProcessId
0x40c11c GetSystemTimeAsFileTime
0x40c120 SetFilePointer
0x40c124 GetConsoleCP
0x40c128 GetConsoleMode
0x40c12c GetCPInfo
0x40c130 GetACP
0x40c134 GetOEMCP
0x40c138 IsValidCodePage
0x40c13c RtlUnwind
0x40c140 MultiByteToWideChar
0x40c144 HeapSize
0x40c148 GetLocaleInfoA
0x40c14c SetStdHandle
0x40c150 GetConsoleOutputCP
0x40c154 WriteConsoleW
0x40c158 LCMapStringA
0x40c15c LCMapStringW
0x40c160 GetStringTypeA
0x40c164 GetStringTypeW
0x40c168 FlushFileBuffers
0x40c16c ReadFile
0x40c170 CreateFileA
0x40c174 CloseHandle
USER32.dll
0x40c17c SetActiveWindow
EAT(Export Address Table) is none