ScreenShot
| Created | 2024.06.14 10:16 | Machine | s1_win7_x6403 |
| Filename | theporndude.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 47 detected (AIDetectMalware, malicious, high confidence, score, GenericKD, Unsafe, Vny3, Genric, Genus, Attribute, HighConfidence, a variant of WinGo, Artemis, qwitqt, CLASSIC, AGEN, Packed2, WinGo, ai score=80, Phonzy, Malware@#3nehm6oa64x5m, TrojanPSW, Lumma, Loader, PRIVATELOADER, YXEFKZ, Vdkl, Chgt, confidence, 100%) | ||
| md5 | 97b47da3b16adb27c0ad00f1d5f7e112 | ||
| sha256 | 8c6384d028d05c46050dbc8c30fc7d5987c6be9545f9d688eab6baed96970fa5 | ||
| ssdeep | 98304:jEnPZfEoGSw7crw7x9j0PuDCXtfE4BK/epa2BJLl:2KoGorw7SuDCX24zJL | ||
| imphash | 5929190c8765f5bc37b052ab5c6c53e7 | ||
| impfuzzy | 48:qJrKxMCy9cmwKeFR+2u42xQ2HpdXiX1PJOmSnlTJGfYJ861k1vcqTjz:qJexMCyamCRHu42xQ2HPXiX1PgblTJGh | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140a7c47c AddAtomA
0x140a7c484 AddVectoredExceptionHandler
0x140a7c48c CloseHandle
0x140a7c494 CreateEventA
0x140a7c49c CreateFileA
0x140a7c4a4 CreateIoCompletionPort
0x140a7c4ac CreateMutexA
0x140a7c4b4 CreateSemaphoreA
0x140a7c4bc CreateThread
0x140a7c4c4 CreateWaitableTimerExW
0x140a7c4cc DeleteAtom
0x140a7c4d4 DeleteCriticalSection
0x140a7c4dc DuplicateHandle
0x140a7c4e4 EnterCriticalSection
0x140a7c4ec ExitProcess
0x140a7c4f4 FindAtomA
0x140a7c4fc FormatMessageA
0x140a7c504 FreeEnvironmentStringsW
0x140a7c50c GetAtomNameA
0x140a7c514 GetConsoleMode
0x140a7c51c GetCurrentProcess
0x140a7c524 GetCurrentProcessId
0x140a7c52c GetCurrentThread
0x140a7c534 GetCurrentThreadId
0x140a7c53c GetEnvironmentStringsW
0x140a7c544 GetErrorMode
0x140a7c54c GetHandleInformation
0x140a7c554 GetLastError
0x140a7c55c GetProcAddress
0x140a7c564 GetProcessAffinityMask
0x140a7c56c GetQueuedCompletionStatusEx
0x140a7c574 GetStartupInfoA
0x140a7c57c GetStdHandle
0x140a7c584 GetSystemDirectoryA
0x140a7c58c GetSystemInfo
0x140a7c594 GetSystemTimeAsFileTime
0x140a7c59c GetThreadContext
0x140a7c5a4 GetThreadPriority
0x140a7c5ac GetTickCount
0x140a7c5b4 InitializeCriticalSection
0x140a7c5bc IsDBCSLeadByteEx
0x140a7c5c4 IsDebuggerPresent
0x140a7c5cc LeaveCriticalSection
0x140a7c5d4 LoadLibraryExW
0x140a7c5dc LoadLibraryW
0x140a7c5e4 LocalFree
0x140a7c5ec MultiByteToWideChar
0x140a7c5f4 OpenProcess
0x140a7c5fc OutputDebugStringA
0x140a7c604 PostQueuedCompletionStatus
0x140a7c60c QueryPerformanceCounter
0x140a7c614 QueryPerformanceFrequency
0x140a7c61c RaiseException
0x140a7c624 RaiseFailFastException
0x140a7c62c ReleaseMutex
0x140a7c634 ReleaseSemaphore
0x140a7c63c RemoveVectoredExceptionHandler
0x140a7c644 ResetEvent
0x140a7c64c ResumeThread
0x140a7c654 SetConsoleCtrlHandler
0x140a7c65c SetErrorMode
0x140a7c664 SetEvent
0x140a7c66c SetLastError
0x140a7c674 SetProcessAffinityMask
0x140a7c67c SetProcessPriorityBoost
0x140a7c684 SetThreadContext
0x140a7c68c SetThreadPriority
0x140a7c694 SetUnhandledExceptionFilter
0x140a7c69c SetWaitableTimer
0x140a7c6a4 Sleep
0x140a7c6ac SuspendThread
0x140a7c6b4 SwitchToThread
0x140a7c6bc TlsAlloc
0x140a7c6c4 TlsGetValue
0x140a7c6cc TlsSetValue
0x140a7c6d4 TryEnterCriticalSection
0x140a7c6dc VirtualAlloc
0x140a7c6e4 VirtualFree
0x140a7c6ec VirtualProtect
0x140a7c6f4 VirtualQuery
0x140a7c6fc WaitForMultipleObjects
0x140a7c704 WaitForSingleObject
0x140a7c70c WerGetFlags
0x140a7c714 WerSetFlags
0x140a7c71c WideCharToMultiByte
0x140a7c724 WriteConsoleW
0x140a7c72c WriteFile
0x140a7c734 __C_specific_handler
msvcrt.dll
0x140a7c744 ___lc_codepage_func
0x140a7c74c ___mb_cur_max_func
0x140a7c754 __getmainargs
0x140a7c75c __initenv
0x140a7c764 __iob_func
0x140a7c76c __lconv_init
0x140a7c774 __set_app_type
0x140a7c77c __setusermatherr
0x140a7c784 _acmdln
0x140a7c78c _amsg_exit
0x140a7c794 _beginthread
0x140a7c79c _beginthreadex
0x140a7c7a4 _cexit
0x140a7c7ac _commode
0x140a7c7b4 _endthreadex
0x140a7c7bc _errno
0x140a7c7c4 _fmode
0x140a7c7cc _initterm
0x140a7c7d4 _lock
0x140a7c7dc _memccpy
0x140a7c7e4 _onexit
0x140a7c7ec _setjmp
0x140a7c7f4 _strdup
0x140a7c7fc _ultoa
0x140a7c804 _unlock
0x140a7c80c abort
0x140a7c814 calloc
0x140a7c81c exit
0x140a7c824 fprintf
0x140a7c82c fputc
0x140a7c834 free
0x140a7c83c fwrite
0x140a7c844 localeconv
0x140a7c84c longjmp
0x140a7c854 malloc
0x140a7c85c memcpy
0x140a7c864 memmove
0x140a7c86c memset
0x140a7c874 printf
0x140a7c87c realloc
0x140a7c884 signal
0x140a7c88c strerror
0x140a7c894 strlen
0x140a7c89c strncmp
0x140a7c8a4 vfprintf
0x140a7c8ac wcslen
EAT(Export Address Table) Library
0x140a79550 _cgo_dummy_export
KERNEL32.dll
0x140a7c47c AddAtomA
0x140a7c484 AddVectoredExceptionHandler
0x140a7c48c CloseHandle
0x140a7c494 CreateEventA
0x140a7c49c CreateFileA
0x140a7c4a4 CreateIoCompletionPort
0x140a7c4ac CreateMutexA
0x140a7c4b4 CreateSemaphoreA
0x140a7c4bc CreateThread
0x140a7c4c4 CreateWaitableTimerExW
0x140a7c4cc DeleteAtom
0x140a7c4d4 DeleteCriticalSection
0x140a7c4dc DuplicateHandle
0x140a7c4e4 EnterCriticalSection
0x140a7c4ec ExitProcess
0x140a7c4f4 FindAtomA
0x140a7c4fc FormatMessageA
0x140a7c504 FreeEnvironmentStringsW
0x140a7c50c GetAtomNameA
0x140a7c514 GetConsoleMode
0x140a7c51c GetCurrentProcess
0x140a7c524 GetCurrentProcessId
0x140a7c52c GetCurrentThread
0x140a7c534 GetCurrentThreadId
0x140a7c53c GetEnvironmentStringsW
0x140a7c544 GetErrorMode
0x140a7c54c GetHandleInformation
0x140a7c554 GetLastError
0x140a7c55c GetProcAddress
0x140a7c564 GetProcessAffinityMask
0x140a7c56c GetQueuedCompletionStatusEx
0x140a7c574 GetStartupInfoA
0x140a7c57c GetStdHandle
0x140a7c584 GetSystemDirectoryA
0x140a7c58c GetSystemInfo
0x140a7c594 GetSystemTimeAsFileTime
0x140a7c59c GetThreadContext
0x140a7c5a4 GetThreadPriority
0x140a7c5ac GetTickCount
0x140a7c5b4 InitializeCriticalSection
0x140a7c5bc IsDBCSLeadByteEx
0x140a7c5c4 IsDebuggerPresent
0x140a7c5cc LeaveCriticalSection
0x140a7c5d4 LoadLibraryExW
0x140a7c5dc LoadLibraryW
0x140a7c5e4 LocalFree
0x140a7c5ec MultiByteToWideChar
0x140a7c5f4 OpenProcess
0x140a7c5fc OutputDebugStringA
0x140a7c604 PostQueuedCompletionStatus
0x140a7c60c QueryPerformanceCounter
0x140a7c614 QueryPerformanceFrequency
0x140a7c61c RaiseException
0x140a7c624 RaiseFailFastException
0x140a7c62c ReleaseMutex
0x140a7c634 ReleaseSemaphore
0x140a7c63c RemoveVectoredExceptionHandler
0x140a7c644 ResetEvent
0x140a7c64c ResumeThread
0x140a7c654 SetConsoleCtrlHandler
0x140a7c65c SetErrorMode
0x140a7c664 SetEvent
0x140a7c66c SetLastError
0x140a7c674 SetProcessAffinityMask
0x140a7c67c SetProcessPriorityBoost
0x140a7c684 SetThreadContext
0x140a7c68c SetThreadPriority
0x140a7c694 SetUnhandledExceptionFilter
0x140a7c69c SetWaitableTimer
0x140a7c6a4 Sleep
0x140a7c6ac SuspendThread
0x140a7c6b4 SwitchToThread
0x140a7c6bc TlsAlloc
0x140a7c6c4 TlsGetValue
0x140a7c6cc TlsSetValue
0x140a7c6d4 TryEnterCriticalSection
0x140a7c6dc VirtualAlloc
0x140a7c6e4 VirtualFree
0x140a7c6ec VirtualProtect
0x140a7c6f4 VirtualQuery
0x140a7c6fc WaitForMultipleObjects
0x140a7c704 WaitForSingleObject
0x140a7c70c WerGetFlags
0x140a7c714 WerSetFlags
0x140a7c71c WideCharToMultiByte
0x140a7c724 WriteConsoleW
0x140a7c72c WriteFile
0x140a7c734 __C_specific_handler
msvcrt.dll
0x140a7c744 ___lc_codepage_func
0x140a7c74c ___mb_cur_max_func
0x140a7c754 __getmainargs
0x140a7c75c __initenv
0x140a7c764 __iob_func
0x140a7c76c __lconv_init
0x140a7c774 __set_app_type
0x140a7c77c __setusermatherr
0x140a7c784 _acmdln
0x140a7c78c _amsg_exit
0x140a7c794 _beginthread
0x140a7c79c _beginthreadex
0x140a7c7a4 _cexit
0x140a7c7ac _commode
0x140a7c7b4 _endthreadex
0x140a7c7bc _errno
0x140a7c7c4 _fmode
0x140a7c7cc _initterm
0x140a7c7d4 _lock
0x140a7c7dc _memccpy
0x140a7c7e4 _onexit
0x140a7c7ec _setjmp
0x140a7c7f4 _strdup
0x140a7c7fc _ultoa
0x140a7c804 _unlock
0x140a7c80c abort
0x140a7c814 calloc
0x140a7c81c exit
0x140a7c824 fprintf
0x140a7c82c fputc
0x140a7c834 free
0x140a7c83c fwrite
0x140a7c844 localeconv
0x140a7c84c longjmp
0x140a7c854 malloc
0x140a7c85c memcpy
0x140a7c864 memmove
0x140a7c86c memset
0x140a7c874 printf
0x140a7c87c realloc
0x140a7c884 signal
0x140a7c88c strerror
0x140a7c894 strlen
0x140a7c89c strncmp
0x140a7c8a4 vfprintf
0x140a7c8ac wcslen
EAT(Export Address Table) Library
0x140a79550 _cgo_dummy_export