ScreenShot
| Created | 2024.05.28 09:57 | Machine | s1_win7_x6401 |
| Filename | 3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 25 detected (AIDetectMalware, malicious, high confidence, score, InfoStealerStealc, unsafe, Save, Attribute, HighConfidence, Fareit, Androm, Generic@AI, RDML, pxIQOD2, A4QPlSZCmv3fow, Real Protect, high, Krypt, Detected, ZexaF, qq0@aOyr, Static AI, Suspicious PE, Kryptik, HBBY, confidence, 100%) | ||
| md5 | dba41f91114792a95067817ad837f4ab | ||
| sha256 | 483dc5797003680e390b8e6a1bc1dc0f235f12ec5821f53c53e9e2b03eaa3d99 | ||
| ssdeep | 3072:eoWsY7YVa5N8uOfhD95UO3UQi/5urLu/e:eoiLgJDh3UXArLUe | ||
| imphash | 0dcd95181cf42aa1ed0116b90e68d265 | ||
| impfuzzy | 24:MbG2YWkrkRNDeTMHgr1IjkrIJcDSpjgjnOova/QlnchQFBRyvuhuRT4ljMMl79L:vbiiqkYtmOv/QchlY6cBzL | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40d000 SetDefaultCommConfigA
0x40d004 GlobalDeleteAtom
0x40d008 InterlockedDecrement
0x40d00c GetModuleHandleW
0x40d010 GetConsoleAliasesLengthA
0x40d014 EnumTimeFormatsA
0x40d018 ActivateActCtx
0x40d01c ReadFileScatter
0x40d020 WriteConsoleOutputA
0x40d024 InterlockedPopEntrySList
0x40d028 GetFileAttributesA
0x40d02c SetConsoleMode
0x40d030 LocalReAlloc
0x40d034 GetModuleFileNameW
0x40d038 CompareStringW
0x40d03c SetConsoleTitleA
0x40d040 RaiseException
0x40d044 GetConsoleAliasesW
0x40d048 SetLastError
0x40d04c GetProcAddress
0x40d050 GetProcessHeaps
0x40d054 BuildCommDCBW
0x40d058 LoadLibraryA
0x40d05c UnhandledExceptionFilter
0x40d060 FreeEnvironmentStringsW
0x40d064 DeleteCriticalSection
0x40d068 GetShortPathNameW
0x40d06c SetCalendarInfoA
0x40d070 LocalFileTimeToFileTime
0x40d074 GetCommandLineA
0x40d078 GetStartupInfoA
0x40d07c RtlUnwind
0x40d080 TerminateProcess
0x40d084 GetCurrentProcess
0x40d088 SetUnhandledExceptionFilter
0x40d08c IsDebuggerPresent
0x40d090 HeapAlloc
0x40d094 GetLastError
0x40d098 HeapFree
0x40d09c EnterCriticalSection
0x40d0a0 LeaveCriticalSection
0x40d0a4 Sleep
0x40d0a8 ExitProcess
0x40d0ac WriteFile
0x40d0b0 GetStdHandle
0x40d0b4 GetModuleFileNameA
0x40d0b8 FreeEnvironmentStringsA
0x40d0bc GetEnvironmentStrings
0x40d0c0 WideCharToMultiByte
0x40d0c4 GetEnvironmentStringsW
0x40d0c8 SetHandleCount
0x40d0cc GetFileType
0x40d0d0 TlsGetValue
0x40d0d4 TlsAlloc
0x40d0d8 TlsSetValue
0x40d0dc TlsFree
0x40d0e0 InterlockedIncrement
0x40d0e4 GetCurrentThreadId
0x40d0e8 HeapCreate
0x40d0ec VirtualFree
0x40d0f0 QueryPerformanceCounter
0x40d0f4 GetTickCount
0x40d0f8 GetCurrentProcessId
0x40d0fc GetSystemTimeAsFileTime
0x40d100 SetFilePointer
0x40d104 GetConsoleCP
0x40d108 GetConsoleMode
0x40d10c GetCPInfo
0x40d110 GetACP
0x40d114 GetOEMCP
0x40d118 IsValidCodePage
0x40d11c VirtualAlloc
0x40d120 HeapReAlloc
0x40d124 HeapSize
0x40d128 InitializeCriticalSectionAndSpinCount
0x40d12c SetStdHandle
0x40d130 WriteConsoleA
0x40d134 GetConsoleOutputCP
0x40d138 WriteConsoleW
0x40d13c MultiByteToWideChar
0x40d140 LCMapStringA
0x40d144 LCMapStringW
0x40d148 GetStringTypeA
0x40d14c GetStringTypeW
0x40d150 GetLocaleInfoA
0x40d154 FlushFileBuffers
0x40d158 CreateFileA
0x40d15c CloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x40d000 SetDefaultCommConfigA
0x40d004 GlobalDeleteAtom
0x40d008 InterlockedDecrement
0x40d00c GetModuleHandleW
0x40d010 GetConsoleAliasesLengthA
0x40d014 EnumTimeFormatsA
0x40d018 ActivateActCtx
0x40d01c ReadFileScatter
0x40d020 WriteConsoleOutputA
0x40d024 InterlockedPopEntrySList
0x40d028 GetFileAttributesA
0x40d02c SetConsoleMode
0x40d030 LocalReAlloc
0x40d034 GetModuleFileNameW
0x40d038 CompareStringW
0x40d03c SetConsoleTitleA
0x40d040 RaiseException
0x40d044 GetConsoleAliasesW
0x40d048 SetLastError
0x40d04c GetProcAddress
0x40d050 GetProcessHeaps
0x40d054 BuildCommDCBW
0x40d058 LoadLibraryA
0x40d05c UnhandledExceptionFilter
0x40d060 FreeEnvironmentStringsW
0x40d064 DeleteCriticalSection
0x40d068 GetShortPathNameW
0x40d06c SetCalendarInfoA
0x40d070 LocalFileTimeToFileTime
0x40d074 GetCommandLineA
0x40d078 GetStartupInfoA
0x40d07c RtlUnwind
0x40d080 TerminateProcess
0x40d084 GetCurrentProcess
0x40d088 SetUnhandledExceptionFilter
0x40d08c IsDebuggerPresent
0x40d090 HeapAlloc
0x40d094 GetLastError
0x40d098 HeapFree
0x40d09c EnterCriticalSection
0x40d0a0 LeaveCriticalSection
0x40d0a4 Sleep
0x40d0a8 ExitProcess
0x40d0ac WriteFile
0x40d0b0 GetStdHandle
0x40d0b4 GetModuleFileNameA
0x40d0b8 FreeEnvironmentStringsA
0x40d0bc GetEnvironmentStrings
0x40d0c0 WideCharToMultiByte
0x40d0c4 GetEnvironmentStringsW
0x40d0c8 SetHandleCount
0x40d0cc GetFileType
0x40d0d0 TlsGetValue
0x40d0d4 TlsAlloc
0x40d0d8 TlsSetValue
0x40d0dc TlsFree
0x40d0e0 InterlockedIncrement
0x40d0e4 GetCurrentThreadId
0x40d0e8 HeapCreate
0x40d0ec VirtualFree
0x40d0f0 QueryPerformanceCounter
0x40d0f4 GetTickCount
0x40d0f8 GetCurrentProcessId
0x40d0fc GetSystemTimeAsFileTime
0x40d100 SetFilePointer
0x40d104 GetConsoleCP
0x40d108 GetConsoleMode
0x40d10c GetCPInfo
0x40d110 GetACP
0x40d114 GetOEMCP
0x40d118 IsValidCodePage
0x40d11c VirtualAlloc
0x40d120 HeapReAlloc
0x40d124 HeapSize
0x40d128 InitializeCriticalSectionAndSpinCount
0x40d12c SetStdHandle
0x40d130 WriteConsoleA
0x40d134 GetConsoleOutputCP
0x40d138 WriteConsoleW
0x40d13c MultiByteToWideChar
0x40d140 LCMapStringA
0x40d144 LCMapStringW
0x40d148 GetStringTypeA
0x40d14c GetStringTypeW
0x40d150 GetLocaleInfoA
0x40d154 FlushFileBuffers
0x40d158 CreateFileA
0x40d15c CloseHandle
EAT(Export Address Table) is none