ScreenShot
| Created | 2024.06.16 10:11 | Machine | s1_win7_x6401 |
| Filename | ewwe.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 48 detected (AIDetectMalware, Goshell, malicious, high confidence, score, PUPXTH, Artemis, Unsafe, GenericKD, Save, Attribute, HighConfidence, CobaltSC, aekgm, WinGo, Detected, ai score=87, Wacatac, ABTrojan, VREU, Chgt, R002H0CFE24, Hkjl, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 58f8e96f834d5d882046bd503ee83b18 | ||
| sha256 | 97ba9760d2b5c0ea8931ef386e725eb57bf190960895b37e98166559c5f49c84 | ||
| ssdeep | 98304:8+LJ9ieU4RXEf8pXU3Kr8LbEpLpoPL4a8hoo8lrg:84J0yRU2L82CPL4aeoP | ||
| imphash | 4f2f006e2ecf7172ad368f8289dc96c1 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6tP:AwO+VUjXOmokx0oP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x51e200 WriteFile
0x51e208 WriteConsoleW
0x51e210 WerSetFlags
0x51e218 WerGetFlags
0x51e220 WaitForMultipleObjects
0x51e228 WaitForSingleObject
0x51e230 VirtualQuery
0x51e238 VirtualFree
0x51e240 VirtualAlloc
0x51e248 TlsAlloc
0x51e250 SwitchToThread
0x51e258 SuspendThread
0x51e260 SetWaitableTimer
0x51e268 SetUnhandledExceptionFilter
0x51e270 SetProcessPriorityBoost
0x51e278 SetEvent
0x51e280 SetErrorMode
0x51e288 SetConsoleCtrlHandler
0x51e290 ResumeThread
0x51e298 RaiseFailFastException
0x51e2a0 PostQueuedCompletionStatus
0x51e2a8 LoadLibraryW
0x51e2b0 LoadLibraryExW
0x51e2b8 SetThreadContext
0x51e2c0 GetThreadContext
0x51e2c8 GetSystemInfo
0x51e2d0 GetSystemDirectoryA
0x51e2d8 GetStdHandle
0x51e2e0 GetQueuedCompletionStatusEx
0x51e2e8 GetProcessAffinityMask
0x51e2f0 GetProcAddress
0x51e2f8 GetErrorMode
0x51e300 GetEnvironmentStringsW
0x51e308 GetCurrentThreadId
0x51e310 GetConsoleMode
0x51e318 FreeEnvironmentStringsW
0x51e320 ExitProcess
0x51e328 DuplicateHandle
0x51e330 CreateWaitableTimerExW
0x51e338 CreateThread
0x51e340 CreateIoCompletionPort
0x51e348 CreateFileA
0x51e350 CreateEventA
0x51e358 CloseHandle
0x51e360 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x51e200 WriteFile
0x51e208 WriteConsoleW
0x51e210 WerSetFlags
0x51e218 WerGetFlags
0x51e220 WaitForMultipleObjects
0x51e228 WaitForSingleObject
0x51e230 VirtualQuery
0x51e238 VirtualFree
0x51e240 VirtualAlloc
0x51e248 TlsAlloc
0x51e250 SwitchToThread
0x51e258 SuspendThread
0x51e260 SetWaitableTimer
0x51e268 SetUnhandledExceptionFilter
0x51e270 SetProcessPriorityBoost
0x51e278 SetEvent
0x51e280 SetErrorMode
0x51e288 SetConsoleCtrlHandler
0x51e290 ResumeThread
0x51e298 RaiseFailFastException
0x51e2a0 PostQueuedCompletionStatus
0x51e2a8 LoadLibraryW
0x51e2b0 LoadLibraryExW
0x51e2b8 SetThreadContext
0x51e2c0 GetThreadContext
0x51e2c8 GetSystemInfo
0x51e2d0 GetSystemDirectoryA
0x51e2d8 GetStdHandle
0x51e2e0 GetQueuedCompletionStatusEx
0x51e2e8 GetProcessAffinityMask
0x51e2f0 GetProcAddress
0x51e2f8 GetErrorMode
0x51e300 GetEnvironmentStringsW
0x51e308 GetCurrentThreadId
0x51e310 GetConsoleMode
0x51e318 FreeEnvironmentStringsW
0x51e320 ExitProcess
0x51e328 DuplicateHandle
0x51e330 CreateWaitableTimerExW
0x51e338 CreateThread
0x51e340 CreateIoCompletionPort
0x51e348 CreateFileA
0x51e350 CreateEventA
0x51e358 CloseHandle
0x51e360 AddVectoredExceptionHandler
EAT(Export Address Table) is none