ScreenShot
| Created | 2024.05.31 10:15 | Machine | s1_win7_x6403 |
| Filename | dl.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 37 detected (AIDetectMalware, malicious, high confidence, score, Lockbit, Unsafe, Save, Ransomware, Tepfer, Attribute, HighConfidence, Convagent, SmokeLoader, CLASSIC, XPACK, Gen4, HPGen, high, Krypt, Detected, STOP, Kryptik, Eldorado, R651058, ZexaE, yq0@ay9U8qcG, Obfuscated, Static AI, Malicious PE, susgen, GenKryptik, GXVJ, confidence, 100%) | ||
| md5 | 27818a4fe57d322127c3311959c5af69 | ||
| sha256 | 56c8dadefb7be471568c38f7c60c89220b3f1ec24f9899d7576ead45d817fce6 | ||
| ssdeep | 6144:O5S9X2/BnftXOjXJWFkWZ+xKVU1V2ZEW7qJhvMTVXnd3:+S9G/BftXK5WF5koVksZET0Tdn | ||
| imphash | 5608b5e25a7505b4514f9e0627e29ef5 | ||
| impfuzzy | 24:dlJfprLXh49n2mEz8DGc+WsuGHOov3tRl1ZeolYxtvfSBZLYjMcgGA6lWAFE:FZpc++GuOtRzZeaYxFfShGA6op | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41b008 GetLastError
0x41b00c SetLastError
0x41b010 ReadProcessMemory
0x41b014 _lopen
0x41b018 OpenEventA
0x41b01c LoadLibraryA
0x41b020 LoadLibraryExW
0x41b024 GetModuleFileNameA
0x41b028 GetModuleHandleA
0x41b02c GetSystemDirectoryW
0x41b030 CreateDirectoryW
0x41b034 SetFileAttributesW
0x41b038 GetVolumeInformationW
0x41b03c LocalAlloc
0x41b040 BuildCommDCBA
0x41b044 SetComputerNameA
0x41b048 SetInformationJobObject
0x41b04c FindNextVolumeMountPointW
0x41b050 GetOEMCP
0x41b054 GetCalendarInfoA
0x41b058 GetNumberFormatA
0x41b05c GetStringTypeA
0x41b060 SetConsoleCursorInfo
0x41b064 SetConsoleWindowInfo
0x41b068 AddConsoleAliasA
0x41b06c ReadConsoleW
0x41b070 ReadFile
0x41b074 SetEndOfFile
0x41b078 WriteConsoleW
0x41b07c IsBadStringPtrW
0x41b080 GetProcAddress
0x41b084 WideCharToMultiByte
0x41b088 MultiByteToWideChar
0x41b08c GetStringTypeW
0x41b090 EnterCriticalSection
0x41b094 LeaveCriticalSection
0x41b098 DeleteCriticalSection
0x41b09c EncodePointer
0x41b0a0 DecodePointer
0x41b0a4 HeapFree
0x41b0a8 RaiseException
0x41b0ac RtlUnwind
0x41b0b0 GetCommandLineA
0x41b0b4 GetCPInfo
0x41b0b8 HeapAlloc
0x41b0bc UnhandledExceptionFilter
0x41b0c0 SetUnhandledExceptionFilter
0x41b0c4 InitializeCriticalSectionAndSpinCount
0x41b0c8 Sleep
0x41b0cc GetCurrentProcess
0x41b0d0 TerminateProcess
0x41b0d4 TlsAlloc
0x41b0d8 TlsGetValue
0x41b0dc TlsSetValue
0x41b0e0 TlsFree
0x41b0e4 GetStartupInfoW
0x41b0e8 GetModuleHandleW
0x41b0ec IsProcessorFeaturePresent
0x41b0f0 LCMapStringW
0x41b0f4 GetLocaleInfoW
0x41b0f8 IsValidLocale
0x41b0fc GetUserDefaultLCID
0x41b100 EnumSystemLocalesW
0x41b104 ExitProcess
0x41b108 GetModuleHandleExW
0x41b10c AreFileApisANSI
0x41b110 HeapSize
0x41b114 GetProcessHeap
0x41b118 IsDebuggerPresent
0x41b11c GetCurrentThreadId
0x41b120 GetStdHandle
0x41b124 GetFileType
0x41b128 WriteFile
0x41b12c GetModuleFileNameW
0x41b130 QueryPerformanceCounter
0x41b134 GetCurrentProcessId
0x41b138 GetSystemTimeAsFileTime
0x41b13c GetEnvironmentStringsW
0x41b140 FreeEnvironmentStringsW
0x41b144 IsValidCodePage
0x41b148 GetACP
0x41b14c HeapReAlloc
0x41b150 OutputDebugStringW
0x41b154 GetConsoleCP
0x41b158 GetConsoleMode
0x41b15c SetFilePointerEx
0x41b160 FlushFileBuffers
0x41b164 CreateFileW
0x41b168 CloseHandle
0x41b16c SetStdHandle
USER32.dll
0x41b174 GetSysColorBrush
0x41b178 GetMenu
0x41b17c DdeCmpStringHandles
ADVAPI32.dll
0x41b000 ClearEventLogA
EAT(Export Address Table) is none
KERNEL32.dll
0x41b008 GetLastError
0x41b00c SetLastError
0x41b010 ReadProcessMemory
0x41b014 _lopen
0x41b018 OpenEventA
0x41b01c LoadLibraryA
0x41b020 LoadLibraryExW
0x41b024 GetModuleFileNameA
0x41b028 GetModuleHandleA
0x41b02c GetSystemDirectoryW
0x41b030 CreateDirectoryW
0x41b034 SetFileAttributesW
0x41b038 GetVolumeInformationW
0x41b03c LocalAlloc
0x41b040 BuildCommDCBA
0x41b044 SetComputerNameA
0x41b048 SetInformationJobObject
0x41b04c FindNextVolumeMountPointW
0x41b050 GetOEMCP
0x41b054 GetCalendarInfoA
0x41b058 GetNumberFormatA
0x41b05c GetStringTypeA
0x41b060 SetConsoleCursorInfo
0x41b064 SetConsoleWindowInfo
0x41b068 AddConsoleAliasA
0x41b06c ReadConsoleW
0x41b070 ReadFile
0x41b074 SetEndOfFile
0x41b078 WriteConsoleW
0x41b07c IsBadStringPtrW
0x41b080 GetProcAddress
0x41b084 WideCharToMultiByte
0x41b088 MultiByteToWideChar
0x41b08c GetStringTypeW
0x41b090 EnterCriticalSection
0x41b094 LeaveCriticalSection
0x41b098 DeleteCriticalSection
0x41b09c EncodePointer
0x41b0a0 DecodePointer
0x41b0a4 HeapFree
0x41b0a8 RaiseException
0x41b0ac RtlUnwind
0x41b0b0 GetCommandLineA
0x41b0b4 GetCPInfo
0x41b0b8 HeapAlloc
0x41b0bc UnhandledExceptionFilter
0x41b0c0 SetUnhandledExceptionFilter
0x41b0c4 InitializeCriticalSectionAndSpinCount
0x41b0c8 Sleep
0x41b0cc GetCurrentProcess
0x41b0d0 TerminateProcess
0x41b0d4 TlsAlloc
0x41b0d8 TlsGetValue
0x41b0dc TlsSetValue
0x41b0e0 TlsFree
0x41b0e4 GetStartupInfoW
0x41b0e8 GetModuleHandleW
0x41b0ec IsProcessorFeaturePresent
0x41b0f0 LCMapStringW
0x41b0f4 GetLocaleInfoW
0x41b0f8 IsValidLocale
0x41b0fc GetUserDefaultLCID
0x41b100 EnumSystemLocalesW
0x41b104 ExitProcess
0x41b108 GetModuleHandleExW
0x41b10c AreFileApisANSI
0x41b110 HeapSize
0x41b114 GetProcessHeap
0x41b118 IsDebuggerPresent
0x41b11c GetCurrentThreadId
0x41b120 GetStdHandle
0x41b124 GetFileType
0x41b128 WriteFile
0x41b12c GetModuleFileNameW
0x41b130 QueryPerformanceCounter
0x41b134 GetCurrentProcessId
0x41b138 GetSystemTimeAsFileTime
0x41b13c GetEnvironmentStringsW
0x41b140 FreeEnvironmentStringsW
0x41b144 IsValidCodePage
0x41b148 GetACP
0x41b14c HeapReAlloc
0x41b150 OutputDebugStringW
0x41b154 GetConsoleCP
0x41b158 GetConsoleMode
0x41b15c SetFilePointerEx
0x41b160 FlushFileBuffers
0x41b164 CreateFileW
0x41b168 CloseHandle
0x41b16c SetStdHandle
USER32.dll
0x41b174 GetSysColorBrush
0x41b178 GetMenu
0x41b17c DdeCmpStringHandles
ADVAPI32.dll
0x41b000 ClearEventLogA
EAT(Export Address Table) is none