ScreenShot
| Created | 2024.06.01 08:32 | Machine | s1_win7_x6401 |
| Filename | CapSimple.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 50 detected (AIDetectMalware, malicious, high confidence, score, Zusy, Unsafe, Save, Attribute, HighConfidence, Kryptik, HXDB, PWSX, Androm, QLYemQAVPNF, ajagh, PRIVATELOADER, YXEE5Z, Real Protect, high, Krypt, ai score=89, PSWTroj, RisePro, Redline, ABRisk, PFZG, Locky, R651216, ZexaF, JwW@aKETcEp, BScope, TrojanPSW, GdSda, Kcnw, Static AI, Malicious PE, susgen, confidence) | ||
| md5 | d86ff3c02aefcd74ece7eb45ee226806 | ||
| sha256 | cb67a188bafea0fd5f5e9725881c88a1c494763c094f76df73914bd8cadce170 | ||
| ssdeep | 49152:dI1+AV/nH+LZTiRDmIzov0aEEWXr/m0ce6XjX04LbfQyXhZzByPfP11X/RaPWJhq:dI1+Q/HgliRD1C0a925ceIjX/bfQyXzg | ||
| imphash | fec98778e46bf1d6aed3f9ad74a5bb8d | ||
| impfuzzy | 24:R2j1TxsBK2jDYc+WcqGtXGhlJBl393PLOovbO3kFZMv1GMAkEZHu9J:kxstQc+5qGtXGnpN630FZGb | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x425000 GetNumberOfEventLogRecords
KERNEL32.dll
0x425008 VirtualAlloc
0x42500c WaitForSingleObjectEx
0x425010 CloseHandle
0x425014 FreeConsole
0x425018 CreateThread
0x42501c QueryPerformanceCounter
0x425020 QueryPerformanceFrequency
0x425024 WideCharToMultiByte
0x425028 GetCurrentThreadId
0x42502c ReleaseSRWLockExclusive
0x425030 Sleep
0x425034 GetExitCodeThread
0x425038 InitializeCriticalSectionEx
0x42503c GetSystemTimeAsFileTime
0x425040 GetModuleHandleW
0x425044 GetProcAddress
0x425048 EnterCriticalSection
0x42504c LeaveCriticalSection
0x425050 DeleteCriticalSection
0x425054 EncodePointer
0x425058 DecodePointer
0x42505c MultiByteToWideChar
0x425060 LCMapStringEx
0x425064 WakeAllConditionVariable
0x425068 GetStringTypeW
0x42506c GetCPInfo
0x425070 IsProcessorFeaturePresent
0x425074 GetCurrentProcessId
0x425078 InitializeSListHead
0x42507c IsDebuggerPresent
0x425080 UnhandledExceptionFilter
0x425084 SetUnhandledExceptionFilter
0x425088 GetStartupInfoW
0x42508c GetCurrentProcess
0x425090 TerminateProcess
0x425094 CreateFileW
0x425098 RaiseException
0x42509c RtlUnwind
0x4250a0 GetLastError
0x4250a4 SetLastError
0x4250a8 InitializeCriticalSectionAndSpinCount
0x4250ac TlsAlloc
0x4250b0 TlsGetValue
0x4250b4 TlsSetValue
0x4250b8 TlsFree
0x4250bc FreeLibrary
0x4250c0 LoadLibraryExW
0x4250c4 ExitThread
0x4250c8 FreeLibraryAndExitThread
0x4250cc GetModuleHandleExW
0x4250d0 GetStdHandle
0x4250d4 WriteFile
0x4250d8 GetModuleFileNameW
0x4250dc ExitProcess
0x4250e0 GetCommandLineA
0x4250e4 GetCommandLineW
0x4250e8 HeapAlloc
0x4250ec HeapFree
0x4250f0 CompareStringW
0x4250f4 LCMapStringW
0x4250f8 GetLocaleInfoW
0x4250fc IsValidLocale
0x425100 GetUserDefaultLCID
0x425104 EnumSystemLocalesW
0x425108 GetFileType
0x42510c FlushFileBuffers
0x425110 GetConsoleOutputCP
0x425114 GetConsoleMode
0x425118 ReadFile
0x42511c GetFileSizeEx
0x425120 SetFilePointerEx
0x425124 ReadConsoleW
0x425128 HeapReAlloc
0x42512c FindClose
0x425130 FindFirstFileExW
0x425134 FindNextFileW
0x425138 IsValidCodePage
0x42513c GetACP
0x425140 GetOEMCP
0x425144 GetEnvironmentStringsW
0x425148 FreeEnvironmentStringsW
0x42514c SetEnvironmentVariableW
0x425150 SetStdHandle
0x425154 GetProcessHeap
0x425158 HeapSize
0x42515c WriteConsoleW
EAT(Export Address Table) is none
ADVAPI32.dll
0x425000 GetNumberOfEventLogRecords
KERNEL32.dll
0x425008 VirtualAlloc
0x42500c WaitForSingleObjectEx
0x425010 CloseHandle
0x425014 FreeConsole
0x425018 CreateThread
0x42501c QueryPerformanceCounter
0x425020 QueryPerformanceFrequency
0x425024 WideCharToMultiByte
0x425028 GetCurrentThreadId
0x42502c ReleaseSRWLockExclusive
0x425030 Sleep
0x425034 GetExitCodeThread
0x425038 InitializeCriticalSectionEx
0x42503c GetSystemTimeAsFileTime
0x425040 GetModuleHandleW
0x425044 GetProcAddress
0x425048 EnterCriticalSection
0x42504c LeaveCriticalSection
0x425050 DeleteCriticalSection
0x425054 EncodePointer
0x425058 DecodePointer
0x42505c MultiByteToWideChar
0x425060 LCMapStringEx
0x425064 WakeAllConditionVariable
0x425068 GetStringTypeW
0x42506c GetCPInfo
0x425070 IsProcessorFeaturePresent
0x425074 GetCurrentProcessId
0x425078 InitializeSListHead
0x42507c IsDebuggerPresent
0x425080 UnhandledExceptionFilter
0x425084 SetUnhandledExceptionFilter
0x425088 GetStartupInfoW
0x42508c GetCurrentProcess
0x425090 TerminateProcess
0x425094 CreateFileW
0x425098 RaiseException
0x42509c RtlUnwind
0x4250a0 GetLastError
0x4250a4 SetLastError
0x4250a8 InitializeCriticalSectionAndSpinCount
0x4250ac TlsAlloc
0x4250b0 TlsGetValue
0x4250b4 TlsSetValue
0x4250b8 TlsFree
0x4250bc FreeLibrary
0x4250c0 LoadLibraryExW
0x4250c4 ExitThread
0x4250c8 FreeLibraryAndExitThread
0x4250cc GetModuleHandleExW
0x4250d0 GetStdHandle
0x4250d4 WriteFile
0x4250d8 GetModuleFileNameW
0x4250dc ExitProcess
0x4250e0 GetCommandLineA
0x4250e4 GetCommandLineW
0x4250e8 HeapAlloc
0x4250ec HeapFree
0x4250f0 CompareStringW
0x4250f4 LCMapStringW
0x4250f8 GetLocaleInfoW
0x4250fc IsValidLocale
0x425100 GetUserDefaultLCID
0x425104 EnumSystemLocalesW
0x425108 GetFileType
0x42510c FlushFileBuffers
0x425110 GetConsoleOutputCP
0x425114 GetConsoleMode
0x425118 ReadFile
0x42511c GetFileSizeEx
0x425120 SetFilePointerEx
0x425124 ReadConsoleW
0x425128 HeapReAlloc
0x42512c FindClose
0x425130 FindFirstFileExW
0x425134 FindNextFileW
0x425138 IsValidCodePage
0x42513c GetACP
0x425140 GetOEMCP
0x425144 GetEnvironmentStringsW
0x425148 FreeEnvironmentStringsW
0x42514c SetEnvironmentVariableW
0x425150 SetStdHandle
0x425154 GetProcessHeap
0x425158 HeapSize
0x42515c WriteConsoleW
EAT(Export Address Table) is none