ScreenShot
| Created | 2024.06.03 09:36 | Machine | s1_win7_x6401 |
| Filename | 2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 29 detected (AIDetectMalware, malicious, high confidence, score, Lockbit, Unsafe, Save, Fareit, Racealer, Generic@AI, RDML, 82phhBIqWtj+HigyVd74PA, Real Protect, high, Detected, Caynamer, ZexaF, Eu0@aK2rsFmG, MachineLearning, Anomalous, Static AI, Suspicious PE, susgen, Kryptik, HBBY, confidence, 100%) | ||
| md5 | fd75736f30d58471359129fe5bb6d452 | ||
| sha256 | 4905dd237e442b4e382852f68cf065274809d023e75b55ef53d3c1a432fd9e1c | ||
| ssdeep | 6144:FdiLAmsgsiIKMY9Qq+ZcT7Sx9jThbqrlYgfojIKlcBCeiZtkuUm0y:3i8msMoYeo7SHBbqa5jXlc8Z/50 | ||
| imphash | 120ba7bb85687acfe32c4ec5264bcb00 | ||
| impfuzzy | 24:sa03E9GktmGkr5D/szURisJp4h7tLiJkfdY5lOHuOZyvuT4QjMBsm9DJ:90E9HEmOiV7tm6fIYuucZssJ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40f008 InterlockedDecrement
0x40f00c GetTimeFormatA
0x40f010 FreeEnvironmentStringsA
0x40f014 GetModuleHandleW
0x40f018 EnumTimeFormatsA
0x40f01c FormatMessageW
0x40f020 GetConsoleAliasW
0x40f024 GetFileAttributesW
0x40f028 GetModuleFileNameW
0x40f02c CompareStringW
0x40f030 GetStringTypeExA
0x40f034 GetConsoleOutputCP
0x40f038 GetConsoleAliasesW
0x40f03c WriteConsoleOutputW
0x40f040 GetProcAddress
0x40f044 FindVolumeMountPointClose
0x40f048 CreateMemoryResourceNotification
0x40f04c LoadLibraryA
0x40f050 HeapWalk
0x40f054 ConvertDefaultLocale
0x40f058 EnumDateFormatsA
0x40f05c SetConsoleTitleW
0x40f060 BuildCommDCBA
0x40f064 DeleteCriticalSection
0x40f068 GetShortPathNameW
0x40f06c DeleteAtom
0x40f070 LocalFileTimeToFileTime
0x40f074 SetLastError
0x40f078 GetComputerNameA
0x40f07c MultiByteToWideChar
0x40f080 HeapAlloc
0x40f084 Sleep
0x40f088 ExitProcess
0x40f08c GetStartupInfoW
0x40f090 TerminateProcess
0x40f094 GetCurrentProcess
0x40f098 UnhandledExceptionFilter
0x40f09c SetUnhandledExceptionFilter
0x40f0a0 IsDebuggerPresent
0x40f0a4 GetCPInfo
0x40f0a8 InterlockedIncrement
0x40f0ac GetACP
0x40f0b0 GetOEMCP
0x40f0b4 IsValidCodePage
0x40f0b8 TlsGetValue
0x40f0bc TlsAlloc
0x40f0c0 TlsSetValue
0x40f0c4 TlsFree
0x40f0c8 GetCurrentThreadId
0x40f0cc GetLastError
0x40f0d0 LeaveCriticalSection
0x40f0d4 EnterCriticalSection
0x40f0d8 HeapFree
0x40f0dc VirtualFree
0x40f0e0 VirtualAlloc
0x40f0e4 HeapReAlloc
0x40f0e8 HeapCreate
0x40f0ec WriteFile
0x40f0f0 GetStdHandle
0x40f0f4 GetModuleFileNameA
0x40f0f8 InitializeCriticalSectionAndSpinCount
0x40f0fc FreeEnvironmentStringsW
0x40f100 GetEnvironmentStringsW
0x40f104 GetCommandLineW
0x40f108 SetHandleCount
0x40f10c GetFileType
0x40f110 GetStartupInfoA
0x40f114 QueryPerformanceCounter
0x40f118 GetTickCount
0x40f11c GetCurrentProcessId
0x40f120 GetSystemTimeAsFileTime
0x40f124 SetFilePointer
0x40f128 WideCharToMultiByte
0x40f12c GetConsoleCP
0x40f130 GetConsoleMode
0x40f134 LCMapStringA
0x40f138 LCMapStringW
0x40f13c GetStringTypeA
0x40f140 GetStringTypeW
0x40f144 GetLocaleInfoA
0x40f148 RtlUnwind
0x40f14c HeapSize
0x40f150 SetStdHandle
0x40f154 WriteConsoleA
0x40f158 WriteConsoleW
0x40f15c FlushFileBuffers
0x40f160 ReadFile
0x40f164 CreateFileA
0x40f168 CloseHandle
0x40f16c GetModuleHandleA
ADVAPI32.dll
0x40f000 DuplicateToken
WINHTTP.dll
0x40f174 WinHttpReadData
EAT(Export Address Table) is none
KERNEL32.dll
0x40f008 InterlockedDecrement
0x40f00c GetTimeFormatA
0x40f010 FreeEnvironmentStringsA
0x40f014 GetModuleHandleW
0x40f018 EnumTimeFormatsA
0x40f01c FormatMessageW
0x40f020 GetConsoleAliasW
0x40f024 GetFileAttributesW
0x40f028 GetModuleFileNameW
0x40f02c CompareStringW
0x40f030 GetStringTypeExA
0x40f034 GetConsoleOutputCP
0x40f038 GetConsoleAliasesW
0x40f03c WriteConsoleOutputW
0x40f040 GetProcAddress
0x40f044 FindVolumeMountPointClose
0x40f048 CreateMemoryResourceNotification
0x40f04c LoadLibraryA
0x40f050 HeapWalk
0x40f054 ConvertDefaultLocale
0x40f058 EnumDateFormatsA
0x40f05c SetConsoleTitleW
0x40f060 BuildCommDCBA
0x40f064 DeleteCriticalSection
0x40f068 GetShortPathNameW
0x40f06c DeleteAtom
0x40f070 LocalFileTimeToFileTime
0x40f074 SetLastError
0x40f078 GetComputerNameA
0x40f07c MultiByteToWideChar
0x40f080 HeapAlloc
0x40f084 Sleep
0x40f088 ExitProcess
0x40f08c GetStartupInfoW
0x40f090 TerminateProcess
0x40f094 GetCurrentProcess
0x40f098 UnhandledExceptionFilter
0x40f09c SetUnhandledExceptionFilter
0x40f0a0 IsDebuggerPresent
0x40f0a4 GetCPInfo
0x40f0a8 InterlockedIncrement
0x40f0ac GetACP
0x40f0b0 GetOEMCP
0x40f0b4 IsValidCodePage
0x40f0b8 TlsGetValue
0x40f0bc TlsAlloc
0x40f0c0 TlsSetValue
0x40f0c4 TlsFree
0x40f0c8 GetCurrentThreadId
0x40f0cc GetLastError
0x40f0d0 LeaveCriticalSection
0x40f0d4 EnterCriticalSection
0x40f0d8 HeapFree
0x40f0dc VirtualFree
0x40f0e0 VirtualAlloc
0x40f0e4 HeapReAlloc
0x40f0e8 HeapCreate
0x40f0ec WriteFile
0x40f0f0 GetStdHandle
0x40f0f4 GetModuleFileNameA
0x40f0f8 InitializeCriticalSectionAndSpinCount
0x40f0fc FreeEnvironmentStringsW
0x40f100 GetEnvironmentStringsW
0x40f104 GetCommandLineW
0x40f108 SetHandleCount
0x40f10c GetFileType
0x40f110 GetStartupInfoA
0x40f114 QueryPerformanceCounter
0x40f118 GetTickCount
0x40f11c GetCurrentProcessId
0x40f120 GetSystemTimeAsFileTime
0x40f124 SetFilePointer
0x40f128 WideCharToMultiByte
0x40f12c GetConsoleCP
0x40f130 GetConsoleMode
0x40f134 LCMapStringA
0x40f138 LCMapStringW
0x40f13c GetStringTypeA
0x40f140 GetStringTypeW
0x40f144 GetLocaleInfoA
0x40f148 RtlUnwind
0x40f14c HeapSize
0x40f150 SetStdHandle
0x40f154 WriteConsoleA
0x40f158 WriteConsoleW
0x40f15c FlushFileBuffers
0x40f160 ReadFile
0x40f164 CreateFileA
0x40f168 CloseHandle
0x40f16c GetModuleHandleA
ADVAPI32.dll
0x40f000 DuplicateToken
WINHTTP.dll
0x40f174 WinHttpReadData
EAT(Export Address Table) is none