ScreenShot
| Created | 2024.05.16 09:08 | Machine | s1_win7_x6401 |
| Filename | cmd.ps1 | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 40 detected (AIDetectMalware, Marte, malicious, high confidence, score, Artemis, Scars, unsafe, Save, Attribute, HighConfidence, a variant of WinGo, Scarecrow, GoShell, AGEN, WinGo, Detected, ai score=86, CobaltStrike, AMBG, Eldorado, R606188, Static AI, Malicious PE, GoDownloader, AZHW3DGW) | ||
| md5 | 7801b02953637126c9012fd6e630f790 | ||
| sha256 | 8456cbb869c382a7d7454a2493d571a6d836559c7e406c67a81e29713f14ca5d | ||
| ssdeep | 24576:EDNMN0Jj/ayV7yLInjprq+JFp2DeIhjBX1tL:qqsTRV7lnjpJLChjJL | ||
| imphash | 4f2f006e2ecf7172ad368f8289dc96c1 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6tP:AwO+VUjXOmokx0oP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x589200 WriteFile
0x589208 WriteConsoleW
0x589210 WerSetFlags
0x589218 WerGetFlags
0x589220 WaitForMultipleObjects
0x589228 WaitForSingleObject
0x589230 VirtualQuery
0x589238 VirtualFree
0x589240 VirtualAlloc
0x589248 TlsAlloc
0x589250 SwitchToThread
0x589258 SuspendThread
0x589260 SetWaitableTimer
0x589268 SetUnhandledExceptionFilter
0x589270 SetProcessPriorityBoost
0x589278 SetEvent
0x589280 SetErrorMode
0x589288 SetConsoleCtrlHandler
0x589290 ResumeThread
0x589298 RaiseFailFastException
0x5892a0 PostQueuedCompletionStatus
0x5892a8 LoadLibraryW
0x5892b0 LoadLibraryExW
0x5892b8 SetThreadContext
0x5892c0 GetThreadContext
0x5892c8 GetSystemInfo
0x5892d0 GetSystemDirectoryA
0x5892d8 GetStdHandle
0x5892e0 GetQueuedCompletionStatusEx
0x5892e8 GetProcessAffinityMask
0x5892f0 GetProcAddress
0x5892f8 GetErrorMode
0x589300 GetEnvironmentStringsW
0x589308 GetCurrentThreadId
0x589310 GetConsoleMode
0x589318 FreeEnvironmentStringsW
0x589320 ExitProcess
0x589328 DuplicateHandle
0x589330 CreateWaitableTimerExW
0x589338 CreateThread
0x589340 CreateIoCompletionPort
0x589348 CreateFileA
0x589350 CreateEventA
0x589358 CloseHandle
0x589360 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x589200 WriteFile
0x589208 WriteConsoleW
0x589210 WerSetFlags
0x589218 WerGetFlags
0x589220 WaitForMultipleObjects
0x589228 WaitForSingleObject
0x589230 VirtualQuery
0x589238 VirtualFree
0x589240 VirtualAlloc
0x589248 TlsAlloc
0x589250 SwitchToThread
0x589258 SuspendThread
0x589260 SetWaitableTimer
0x589268 SetUnhandledExceptionFilter
0x589270 SetProcessPriorityBoost
0x589278 SetEvent
0x589280 SetErrorMode
0x589288 SetConsoleCtrlHandler
0x589290 ResumeThread
0x589298 RaiseFailFastException
0x5892a0 PostQueuedCompletionStatus
0x5892a8 LoadLibraryW
0x5892b0 LoadLibraryExW
0x5892b8 SetThreadContext
0x5892c0 GetThreadContext
0x5892c8 GetSystemInfo
0x5892d0 GetSystemDirectoryA
0x5892d8 GetStdHandle
0x5892e0 GetQueuedCompletionStatusEx
0x5892e8 GetProcessAffinityMask
0x5892f0 GetProcAddress
0x5892f8 GetErrorMode
0x589300 GetEnvironmentStringsW
0x589308 GetCurrentThreadId
0x589310 GetConsoleMode
0x589318 FreeEnvironmentStringsW
0x589320 ExitProcess
0x589328 DuplicateHandle
0x589330 CreateWaitableTimerExW
0x589338 CreateThread
0x589340 CreateIoCompletionPort
0x589348 CreateFileA
0x589350 CreateEventA
0x589358 CloseHandle
0x589360 AddVectoredExceptionHandler
EAT(Export Address Table) is none