ScreenShot
| Created | 2024.05.16 07:37 | Machine | s1_win7_x6401 |
| Filename | crypted.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 36 detected (AIDetectMalware, malicious, high confidence, score, Lazy, unsafe, Save, Attribute, HighConfidence, GenKryptik, GXQX, FileRepMalware, Generic@AI, RDML, xYpJhyjSejDkgFhhPUh31g, moderate, Generic ML PUA, Krypt, Detected, ai score=82, Sabsik, ZexaF, KqW@aKN17Im, BScope, Static AI, Malicious PE, susgen) | ||
| md5 | 8246f422d28415bbb58d8fa3e2891817 | ||
| sha256 | 9f38ec0ae60879931f99054695285b54f0d2454990249d4672acfb568905bf91 | ||
| ssdeep | 12288:es7vnRmS7+nqB3visIP1z20lBoLhaByXOh7OWMsIaHqZm+Ps6:XvQSUq0sIPB20UVasX07isFHqZm+Ps6 | ||
| imphash | e7d84217ed3b03453ae701fc1a0a956b | ||
| impfuzzy | 24:WjlpDEjMacpVJfK1ZXte4GhlJBl393PLOovbOIHFZMv1GMAkEZHu9J:IacpVJOXte4GnpN63gFZGb | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x420000 WaitForSingleObject
0x420004 CreateThread
0x420008 VirtualAlloc
0x42000c GetModuleHandleA
0x420010 GetProcAddress
0x420014 FreeConsole
0x420018 CloseHandle
0x42001c WaitForSingleObjectEx
0x420020 GetCurrentThreadId
0x420024 GetExitCodeThread
0x420028 WideCharToMultiByte
0x42002c MultiByteToWideChar
0x420030 GetStringTypeW
0x420034 EnterCriticalSection
0x420038 LeaveCriticalSection
0x42003c InitializeCriticalSectionEx
0x420040 DeleteCriticalSection
0x420044 QueryPerformanceCounter
0x420048 ReleaseSRWLockExclusive
0x42004c WakeAllConditionVariable
0x420050 EncodePointer
0x420054 DecodePointer
0x420058 LCMapStringEx
0x42005c GetSystemTimeAsFileTime
0x420060 GetModuleHandleW
0x420064 GetCPInfo
0x420068 IsProcessorFeaturePresent
0x42006c UnhandledExceptionFilter
0x420070 SetUnhandledExceptionFilter
0x420074 GetCurrentProcess
0x420078 TerminateProcess
0x42007c GetCurrentProcessId
0x420080 InitializeSListHead
0x420084 IsDebuggerPresent
0x420088 GetStartupInfoW
0x42008c CreateFileW
0x420090 RaiseException
0x420094 RtlUnwind
0x420098 GetLastError
0x42009c SetLastError
0x4200a0 InitializeCriticalSectionAndSpinCount
0x4200a4 TlsAlloc
0x4200a8 TlsGetValue
0x4200ac TlsSetValue
0x4200b0 TlsFree
0x4200b4 FreeLibrary
0x4200b8 LoadLibraryExW
0x4200bc ExitThread
0x4200c0 FreeLibraryAndExitThread
0x4200c4 GetModuleHandleExW
0x4200c8 GetStdHandle
0x4200cc WriteFile
0x4200d0 GetModuleFileNameW
0x4200d4 ExitProcess
0x4200d8 GetCommandLineA
0x4200dc GetCommandLineW
0x4200e0 HeapFree
0x4200e4 HeapAlloc
0x4200e8 CompareStringW
0x4200ec LCMapStringW
0x4200f0 GetLocaleInfoW
0x4200f4 IsValidLocale
0x4200f8 GetUserDefaultLCID
0x4200fc EnumSystemLocalesW
0x420100 GetFileType
0x420104 FlushFileBuffers
0x420108 GetConsoleOutputCP
0x42010c GetConsoleMode
0x420110 ReadFile
0x420114 GetFileSizeEx
0x420118 SetFilePointerEx
0x42011c ReadConsoleW
0x420120 HeapReAlloc
0x420124 FindClose
0x420128 FindFirstFileExW
0x42012c FindNextFileW
0x420130 IsValidCodePage
0x420134 GetACP
0x420138 GetOEMCP
0x42013c GetEnvironmentStringsW
0x420140 FreeEnvironmentStringsW
0x420144 SetEnvironmentVariableW
0x420148 SetStdHandle
0x42014c GetProcessHeap
0x420150 HeapSize
0x420154 WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x420000 WaitForSingleObject
0x420004 CreateThread
0x420008 VirtualAlloc
0x42000c GetModuleHandleA
0x420010 GetProcAddress
0x420014 FreeConsole
0x420018 CloseHandle
0x42001c WaitForSingleObjectEx
0x420020 GetCurrentThreadId
0x420024 GetExitCodeThread
0x420028 WideCharToMultiByte
0x42002c MultiByteToWideChar
0x420030 GetStringTypeW
0x420034 EnterCriticalSection
0x420038 LeaveCriticalSection
0x42003c InitializeCriticalSectionEx
0x420040 DeleteCriticalSection
0x420044 QueryPerformanceCounter
0x420048 ReleaseSRWLockExclusive
0x42004c WakeAllConditionVariable
0x420050 EncodePointer
0x420054 DecodePointer
0x420058 LCMapStringEx
0x42005c GetSystemTimeAsFileTime
0x420060 GetModuleHandleW
0x420064 GetCPInfo
0x420068 IsProcessorFeaturePresent
0x42006c UnhandledExceptionFilter
0x420070 SetUnhandledExceptionFilter
0x420074 GetCurrentProcess
0x420078 TerminateProcess
0x42007c GetCurrentProcessId
0x420080 InitializeSListHead
0x420084 IsDebuggerPresent
0x420088 GetStartupInfoW
0x42008c CreateFileW
0x420090 RaiseException
0x420094 RtlUnwind
0x420098 GetLastError
0x42009c SetLastError
0x4200a0 InitializeCriticalSectionAndSpinCount
0x4200a4 TlsAlloc
0x4200a8 TlsGetValue
0x4200ac TlsSetValue
0x4200b0 TlsFree
0x4200b4 FreeLibrary
0x4200b8 LoadLibraryExW
0x4200bc ExitThread
0x4200c0 FreeLibraryAndExitThread
0x4200c4 GetModuleHandleExW
0x4200c8 GetStdHandle
0x4200cc WriteFile
0x4200d0 GetModuleFileNameW
0x4200d4 ExitProcess
0x4200d8 GetCommandLineA
0x4200dc GetCommandLineW
0x4200e0 HeapFree
0x4200e4 HeapAlloc
0x4200e8 CompareStringW
0x4200ec LCMapStringW
0x4200f0 GetLocaleInfoW
0x4200f4 IsValidLocale
0x4200f8 GetUserDefaultLCID
0x4200fc EnumSystemLocalesW
0x420100 GetFileType
0x420104 FlushFileBuffers
0x420108 GetConsoleOutputCP
0x42010c GetConsoleMode
0x420110 ReadFile
0x420114 GetFileSizeEx
0x420118 SetFilePointerEx
0x42011c ReadConsoleW
0x420120 HeapReAlloc
0x420124 FindClose
0x420128 FindFirstFileExW
0x42012c FindNextFileW
0x420130 IsValidCodePage
0x420134 GetACP
0x420138 GetOEMCP
0x42013c GetEnvironmentStringsW
0x420140 FreeEnvironmentStringsW
0x420144 SetEnvironmentVariableW
0x420148 SetStdHandle
0x42014c GetProcessHeap
0x420150 HeapSize
0x420154 WriteConsoleW
EAT(Export Address Table) is none