ScreenShot
| Created | 2024.06.16 10:33 | Machine | s1_win7_x6403 |
| Filename | output_64.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 62 detected (AIDetectMalware, SpywareX, malicious, high confidence, score, NetLoader, GenericKDZ, Unsafe, Winos, swkaa, CHMY, Attribute, HighConfidence, Artemis, BDWA, Inject5, klvpvh, PoisonMouse, CLASSIC, euxsk, R002C0XDP24, moderate, Detected, ai score=80, Multiverze, Eldorado, R639846, Chgt, RfYMdKDpDuk, Static AI, Suspicious PE, susgen, confidence) | ||
| md5 | 8018029cb32fd2517865b0145dea21e7 | ||
| sha256 | c519b7508e750fefd49510b9ec8eb44cec5822f3704e1de5c252a8da3c5f079e | ||
| ssdeep | 3072:lO55k/y5dAj+BMTYlgEQnB+Y+pek7+3OrFZeUqe6oM:lO5n5d56TYZQnB+Dpekyyqm | ||
| imphash | fb51ede541a9ad63bf23d302e319d2a0 | ||
| impfuzzy | 48:t+aOaBOfVSXtWV3UXIVU++punEpJn1d4GEKY+/TTei0en:t+aOaIfUXtU3UXIVNcunEP5TH0e | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 62 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140018038 HeapCreate
0x140018040 EnterCriticalSection
0x140018048 DeleteCriticalSection
0x140018050 WaitForSingleObject
0x140018058 SetEvent
0x140018060 Sleep
0x140018068 CreateEventA
0x140018070 GetLastError
0x140018078 CloseHandle
0x140018080 GetCurrentThreadId
0x140018088 SwitchToThread
0x140018090 SetLastError
0x140018098 WideCharToMultiByte
0x1400180a0 lstrlenW
0x1400180a8 ResetEvent
0x1400180b0 CreateEventW
0x1400180b8 CancelIo
0x1400180c0 TryEnterCriticalSection
0x1400180c8 SetWaitableTimer
0x1400180d0 CreateWaitableTimerW
0x1400180d8 GetThreadContext
0x1400180e0 SetThreadContext
0x1400180e8 LeaveCriticalSection
0x1400180f0 GetExitCodeProcess
0x1400180f8 CreateProcessA
0x140018100 GetSystemDirectoryA
0x140018108 VirtualAllocEx
0x140018110 WriteProcessMemory
0x140018118 ResumeThread
0x140018120 FreeLibrary
0x140018128 SetUnhandledExceptionFilter
0x140018130 GetCurrentProcess
0x140018138 LoadLibraryW
0x140018140 GetConsoleWindow
0x140018148 CreateFileW
0x140018150 GetProcAddress
0x140018158 GetLocalTime
0x140018160 IsDebuggerPresent
0x140018168 GetCurrentProcessId
0x140018170 CreateThread
0x140018178 LCMapStringW
0x140018180 WriteConsoleW
0x140018188 SetStdHandle
0x140018190 GetStringTypeW
0x140018198 MultiByteToWideChar
0x1400181a0 HeapDestroy
0x1400181a8 InitializeCriticalSectionAndSpinCount
0x1400181b0 HeapFree
0x1400181b8 HeapAlloc
0x1400181c0 VirtualAlloc
0x1400181c8 OpenProcess
0x1400181d0 VirtualFree
0x1400181d8 IsValidCodePage
0x1400181e0 GetOEMCP
0x1400181e8 GetACP
0x1400181f0 GetCPInfo
0x1400181f8 GetConsoleMode
0x140018200 FlushFileBuffers
0x140018208 GetConsoleCP
0x140018210 SetFilePointer
0x140018218 GetSystemTimeAsFileTime
0x140018220 GetTickCount
0x140018228 QueryPerformanceCounter
0x140018230 GetStartupInfoW
0x140018238 GetFileType
0x140018240 SetHandleCount
0x140018248 GetEnvironmentStringsW
0x140018250 FreeEnvironmentStringsW
0x140018258 RtlUnwindEx
0x140018260 FlsAlloc
0x140018268 FlsFree
0x140018270 FlsSetValue
0x140018278 FlsGetValue
0x140018280 HeapReAlloc
0x140018288 HeapSize
0x140018290 GetProcessHeap
0x140018298 ExitThread
0x1400182a0 DecodePointer
0x1400182a8 EncodePointer
0x1400182b0 GetCommandLineW
0x1400182b8 RaiseException
0x1400182c0 RtlPcToFileHeader
0x1400182c8 TerminateProcess
0x1400182d0 UnhandledExceptionFilter
0x1400182d8 RtlVirtualUnwind
0x1400182e0 RtlLookupFunctionEntry
0x1400182e8 RtlCaptureContext
0x1400182f0 HeapSetInformation
0x1400182f8 GetVersion
0x140018300 GetModuleHandleW
0x140018308 ExitProcess
0x140018310 WriteFile
0x140018318 GetStdHandle
0x140018320 GetModuleFileNameW
USER32.dll
0x140018330 DispatchMessageW
0x140018338 PostThreadMessageA
0x140018340 PeekMessageW
0x140018348 TranslateMessage
0x140018350 MsgWaitForMultipleObjects
0x140018358 ShowWindow
0x140018360 GetInputState
0x140018368 wsprintfW
ADVAPI32.dll
0x140018000 RegCloseKey
0x140018008 RegOpenKeyExW
0x140018010 RegDeleteValueW
0x140018018 RegQueryValueExW
0x140018020 RegCreateKeyW
0x140018028 RegSetValueExW
WS2_32.dll
0x140018388 WSAWaitForMultipleEvents
0x140018390 WSAIoctl
0x140018398 connect
0x1400183a0 WSAStartup
0x1400183a8 select
0x1400183b0 WSAResetEvent
0x1400183b8 setsockopt
0x1400183c0 recv
0x1400183c8 socket
0x1400183d0 closesocket
0x1400183d8 gethostbyname
0x1400183e0 send
0x1400183e8 WSASetLastError
0x1400183f0 WSACreateEvent
0x1400183f8 shutdown
0x140018400 WSAEventSelect
0x140018408 WSAEnumNetworkEvents
0x140018410 WSAGetLastError
0x140018418 WSACloseEvent
0x140018420 htons
0x140018428 WSACleanup
WINMM.dll
0x140018378 timeGetTime
EAT(Export Address Table) is none
KERNEL32.dll
0x140018038 HeapCreate
0x140018040 EnterCriticalSection
0x140018048 DeleteCriticalSection
0x140018050 WaitForSingleObject
0x140018058 SetEvent
0x140018060 Sleep
0x140018068 CreateEventA
0x140018070 GetLastError
0x140018078 CloseHandle
0x140018080 GetCurrentThreadId
0x140018088 SwitchToThread
0x140018090 SetLastError
0x140018098 WideCharToMultiByte
0x1400180a0 lstrlenW
0x1400180a8 ResetEvent
0x1400180b0 CreateEventW
0x1400180b8 CancelIo
0x1400180c0 TryEnterCriticalSection
0x1400180c8 SetWaitableTimer
0x1400180d0 CreateWaitableTimerW
0x1400180d8 GetThreadContext
0x1400180e0 SetThreadContext
0x1400180e8 LeaveCriticalSection
0x1400180f0 GetExitCodeProcess
0x1400180f8 CreateProcessA
0x140018100 GetSystemDirectoryA
0x140018108 VirtualAllocEx
0x140018110 WriteProcessMemory
0x140018118 ResumeThread
0x140018120 FreeLibrary
0x140018128 SetUnhandledExceptionFilter
0x140018130 GetCurrentProcess
0x140018138 LoadLibraryW
0x140018140 GetConsoleWindow
0x140018148 CreateFileW
0x140018150 GetProcAddress
0x140018158 GetLocalTime
0x140018160 IsDebuggerPresent
0x140018168 GetCurrentProcessId
0x140018170 CreateThread
0x140018178 LCMapStringW
0x140018180 WriteConsoleW
0x140018188 SetStdHandle
0x140018190 GetStringTypeW
0x140018198 MultiByteToWideChar
0x1400181a0 HeapDestroy
0x1400181a8 InitializeCriticalSectionAndSpinCount
0x1400181b0 HeapFree
0x1400181b8 HeapAlloc
0x1400181c0 VirtualAlloc
0x1400181c8 OpenProcess
0x1400181d0 VirtualFree
0x1400181d8 IsValidCodePage
0x1400181e0 GetOEMCP
0x1400181e8 GetACP
0x1400181f0 GetCPInfo
0x1400181f8 GetConsoleMode
0x140018200 FlushFileBuffers
0x140018208 GetConsoleCP
0x140018210 SetFilePointer
0x140018218 GetSystemTimeAsFileTime
0x140018220 GetTickCount
0x140018228 QueryPerformanceCounter
0x140018230 GetStartupInfoW
0x140018238 GetFileType
0x140018240 SetHandleCount
0x140018248 GetEnvironmentStringsW
0x140018250 FreeEnvironmentStringsW
0x140018258 RtlUnwindEx
0x140018260 FlsAlloc
0x140018268 FlsFree
0x140018270 FlsSetValue
0x140018278 FlsGetValue
0x140018280 HeapReAlloc
0x140018288 HeapSize
0x140018290 GetProcessHeap
0x140018298 ExitThread
0x1400182a0 DecodePointer
0x1400182a8 EncodePointer
0x1400182b0 GetCommandLineW
0x1400182b8 RaiseException
0x1400182c0 RtlPcToFileHeader
0x1400182c8 TerminateProcess
0x1400182d0 UnhandledExceptionFilter
0x1400182d8 RtlVirtualUnwind
0x1400182e0 RtlLookupFunctionEntry
0x1400182e8 RtlCaptureContext
0x1400182f0 HeapSetInformation
0x1400182f8 GetVersion
0x140018300 GetModuleHandleW
0x140018308 ExitProcess
0x140018310 WriteFile
0x140018318 GetStdHandle
0x140018320 GetModuleFileNameW
USER32.dll
0x140018330 DispatchMessageW
0x140018338 PostThreadMessageA
0x140018340 PeekMessageW
0x140018348 TranslateMessage
0x140018350 MsgWaitForMultipleObjects
0x140018358 ShowWindow
0x140018360 GetInputState
0x140018368 wsprintfW
ADVAPI32.dll
0x140018000 RegCloseKey
0x140018008 RegOpenKeyExW
0x140018010 RegDeleteValueW
0x140018018 RegQueryValueExW
0x140018020 RegCreateKeyW
0x140018028 RegSetValueExW
WS2_32.dll
0x140018388 WSAWaitForMultipleEvents
0x140018390 WSAIoctl
0x140018398 connect
0x1400183a0 WSAStartup
0x1400183a8 select
0x1400183b0 WSAResetEvent
0x1400183b8 setsockopt
0x1400183c0 recv
0x1400183c8 socket
0x1400183d0 closesocket
0x1400183d8 gethostbyname
0x1400183e0 send
0x1400183e8 WSASetLastError
0x1400183f0 WSACreateEvent
0x1400183f8 shutdown
0x140018400 WSAEventSelect
0x140018408 WSAEnumNetworkEvents
0x140018410 WSAGetLastError
0x140018418 WSACloseEvent
0x140018420 htons
0x140018428 WSACleanup
WINMM.dll
0x140018378 timeGetTime
EAT(Export Address Table) is none