ScreenShot
| Created | 2024.06.16 10:43 | Machine | s1_win7_x6401 |
| Filename | ticket2c.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 14 detected (AIDetectMalware, Malicious, score, Unsafe, Generic@AI, RDMK, cmRtazpsAihbzSKk7GZdxrYd0gxt, Outbreak, Detected, Casdet, PossibleThreat) | ||
| md5 | ce4737e2002d128dea02d50d2ab010cb | ||
| sha256 | 45890cc1b9546fc7cc5ede206525457f75dfedb9c8c772729d962816b43e7b05 | ||
| ssdeep | 3072:38aQs4BSCpikIp8PwzjdIC0fyEixcHw2m45UpXMhv8XWaOKHmv1z0oo0KXDDlxG+:3TDOHnSP9IRfypSsX500oHKXXGLBBC | ||
| imphash | 98102634a9db833c562a4aa3a434666d | ||
| impfuzzy | 96:oO4nYo3Me5cj2wiI+p/v2UCV1r++mvOStPEbNDwPbOQTv:oN3MP2wiIl51VSOaPbOQTv | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x430410 SysFreeString
0x430414 SysReAllocStringLen
0x430418 SysAllocStringLen
advapi32.dll
0x430420 RegQueryValueExA
0x430424 RegOpenKeyExA
0x430428 RegCloseKey
user32.dll
0x430430 GetKeyboardType
0x430434 DestroyWindow
0x430438 LoadStringA
0x43043c MessageBoxA
0x430440 CharNextA
kernel32.dll
0x430448 GetACP
0x43044c Sleep
0x430450 VirtualFree
0x430454 VirtualAlloc
0x430458 GetCurrentThreadId
0x43045c InterlockedDecrement
0x430460 InterlockedIncrement
0x430464 VirtualQuery
0x430468 WideCharToMultiByte
0x43046c MultiByteToWideChar
0x430470 lstrlenA
0x430474 lstrcpynA
0x430478 LoadLibraryExA
0x43047c GetThreadLocale
0x430480 GetStartupInfoA
0x430484 GetProcAddress
0x430488 GetModuleHandleA
0x43048c GetModuleFileNameA
0x430490 GetLocaleInfoA
0x430494 GetLastError
0x430498 GetCommandLineA
0x43049c FreeLibrary
0x4304a0 FindFirstFileA
0x4304a4 FindClose
0x4304a8 ExitProcess
0x4304ac CompareStringA
0x4304b0 WriteFile
0x4304b4 UnhandledExceptionFilter
0x4304b8 SetFilePointer
0x4304bc SetEndOfFile
0x4304c0 RtlUnwind
0x4304c4 ReadFile
0x4304c8 RaiseException
0x4304cc GetStdHandle
0x4304d0 GetFileSize
0x4304d4 GetFileType
0x4304d8 CreateFileA
0x4304dc CloseHandle
kernel32.dll
0x4304e4 TlsSetValue
0x4304e8 TlsGetValue
0x4304ec LocalAlloc
0x4304f0 GetModuleHandleA
user32.dll
0x4304f8 CreateWindowExA
0x4304fc UnregisterClassA
0x430500 TranslateMessage
0x430504 SetWindowLongA
0x430508 SetTimer
0x43050c RegisterClassA
0x430510 PostThreadMessageA
0x430514 PeekMessageA
0x430518 MessageBoxA
0x43051c LoadStringA
0x430520 KillTimer
0x430524 GetWindowLongA
0x430528 GetSystemMetrics
0x43052c GetClassInfoA
0x430530 DispatchMessageA
0x430534 DestroyWindow
0x430538 DefWindowProcA
0x43053c CharNextA
0x430540 CharUpperBuffA
0x430544 CharToOemA
version.dll
0x43054c VerQueryValueA
0x430550 GetFileVersionInfoSizeA
0x430554 GetFileVersionInfoA
kernel32.dll
0x43055c WriteFile
0x430560 WaitForSingleObject
0x430564 VirtualQuery
0x430568 VirtualAlloc
0x43056c SizeofResource
0x430570 SetFilePointer
0x430574 SetEvent
0x430578 SetErrorMode
0x43057c SetEndOfFile
0x430580 ResetEvent
0x430584 ReadFile
0x430588 MultiByteToWideChar
0x43058c LockResource
0x430590 LoadResource
0x430594 LoadLibraryA
0x430598 LeaveCriticalSection
0x43059c InitializeCriticalSection
0x4305a0 GetVersionExA
0x4305a4 GetUserDefaultLCID
0x4305a8 GetTickCount
0x4305ac GetThreadLocale
0x4305b0 GetSystemDefaultLCID
0x4305b4 GetStdHandle
0x4305b8 GetShortPathNameA
0x4305bc GetProcAddress
0x4305c0 GetModuleHandleA
0x4305c4 GetModuleFileNameA
0x4305c8 GetLocaleInfoA
0x4305cc GetLocalTime
0x4305d0 GetLastError
0x4305d4 GetFullPathNameA
0x4305d8 GetDiskFreeSpaceA
0x4305dc GetDateFormatA
0x4305e0 GetCurrentThreadId
0x4305e4 GetCPInfo
0x4305e8 FreeResource
0x4305ec InterlockedIncrement
0x4305f0 InterlockedExchange
0x4305f4 InterlockedDecrement
0x4305f8 FreeLibrary
0x4305fc FormatMessageA
0x430600 FindResourceA
0x430604 FindFirstFileA
0x430608 FindClose
0x43060c EnumCalendarInfoA
0x430610 EnterCriticalSection
0x430614 DeleteCriticalSection
0x430618 CreateFileA
0x43061c CreateEventA
0x430620 CompareStringA
0x430624 CloseHandle
advapi32.dll
0x43062c RegSetValueExA
0x430630 RegDeleteKeyA
0x430634 RegCreateKeyExA
0x430638 RegCloseKey
oleaut32.dll
0x430640 CreateErrorInfo
0x430644 GetErrorInfo
0x430648 SetErrorInfo
0x43064c DispGetIDsOfNames
0x430650 RegisterTypeLib
0x430654 LoadTypeLibEx
0x430658 SafeArrayGetElement
0x43065c SafeArrayGetLBound
0x430660 SafeArrayGetUBound
0x430664 SysFreeString
ole32.dll
0x43066c CreateBindCtx
0x430670 CoTaskMemFree
0x430674 CLSIDFromProgID
0x430678 StringFromCLSID
0x43067c CoCreateInstance
0x430680 CoLockObjectExternal
0x430684 CoDisconnectObject
0x430688 CoRevokeClassObject
0x43068c CoRegisterClassObject
0x430690 CoUninitialize
0x430694 CoInitialize
0x430698 IsEqualGUID
kernel32.dll
0x4306a0 Sleep
ole32.dll
0x4306a8 IsEqualGUID
oleaut32.dll
0x4306b0 SafeArrayPtrOfIndex
0x4306b4 SafeArrayGetUBound
0x4306b8 SafeArrayGetLBound
0x4306bc SafeArrayCreate
0x4306c0 VariantChangeType
0x4306c4 VariantCopyInd
0x4306c8 VariantCopy
0x4306cc VariantClear
0x4306d0 VariantInit
URLMON.DLL
0x4306d8 MkParseDisplayNameEx
EAT(Export Address Table) is none
oleaut32.dll
0x430410 SysFreeString
0x430414 SysReAllocStringLen
0x430418 SysAllocStringLen
advapi32.dll
0x430420 RegQueryValueExA
0x430424 RegOpenKeyExA
0x430428 RegCloseKey
user32.dll
0x430430 GetKeyboardType
0x430434 DestroyWindow
0x430438 LoadStringA
0x43043c MessageBoxA
0x430440 CharNextA
kernel32.dll
0x430448 GetACP
0x43044c Sleep
0x430450 VirtualFree
0x430454 VirtualAlloc
0x430458 GetCurrentThreadId
0x43045c InterlockedDecrement
0x430460 InterlockedIncrement
0x430464 VirtualQuery
0x430468 WideCharToMultiByte
0x43046c MultiByteToWideChar
0x430470 lstrlenA
0x430474 lstrcpynA
0x430478 LoadLibraryExA
0x43047c GetThreadLocale
0x430480 GetStartupInfoA
0x430484 GetProcAddress
0x430488 GetModuleHandleA
0x43048c GetModuleFileNameA
0x430490 GetLocaleInfoA
0x430494 GetLastError
0x430498 GetCommandLineA
0x43049c FreeLibrary
0x4304a0 FindFirstFileA
0x4304a4 FindClose
0x4304a8 ExitProcess
0x4304ac CompareStringA
0x4304b0 WriteFile
0x4304b4 UnhandledExceptionFilter
0x4304b8 SetFilePointer
0x4304bc SetEndOfFile
0x4304c0 RtlUnwind
0x4304c4 ReadFile
0x4304c8 RaiseException
0x4304cc GetStdHandle
0x4304d0 GetFileSize
0x4304d4 GetFileType
0x4304d8 CreateFileA
0x4304dc CloseHandle
kernel32.dll
0x4304e4 TlsSetValue
0x4304e8 TlsGetValue
0x4304ec LocalAlloc
0x4304f0 GetModuleHandleA
user32.dll
0x4304f8 CreateWindowExA
0x4304fc UnregisterClassA
0x430500 TranslateMessage
0x430504 SetWindowLongA
0x430508 SetTimer
0x43050c RegisterClassA
0x430510 PostThreadMessageA
0x430514 PeekMessageA
0x430518 MessageBoxA
0x43051c LoadStringA
0x430520 KillTimer
0x430524 GetWindowLongA
0x430528 GetSystemMetrics
0x43052c GetClassInfoA
0x430530 DispatchMessageA
0x430534 DestroyWindow
0x430538 DefWindowProcA
0x43053c CharNextA
0x430540 CharUpperBuffA
0x430544 CharToOemA
version.dll
0x43054c VerQueryValueA
0x430550 GetFileVersionInfoSizeA
0x430554 GetFileVersionInfoA
kernel32.dll
0x43055c WriteFile
0x430560 WaitForSingleObject
0x430564 VirtualQuery
0x430568 VirtualAlloc
0x43056c SizeofResource
0x430570 SetFilePointer
0x430574 SetEvent
0x430578 SetErrorMode
0x43057c SetEndOfFile
0x430580 ResetEvent
0x430584 ReadFile
0x430588 MultiByteToWideChar
0x43058c LockResource
0x430590 LoadResource
0x430594 LoadLibraryA
0x430598 LeaveCriticalSection
0x43059c InitializeCriticalSection
0x4305a0 GetVersionExA
0x4305a4 GetUserDefaultLCID
0x4305a8 GetTickCount
0x4305ac GetThreadLocale
0x4305b0 GetSystemDefaultLCID
0x4305b4 GetStdHandle
0x4305b8 GetShortPathNameA
0x4305bc GetProcAddress
0x4305c0 GetModuleHandleA
0x4305c4 GetModuleFileNameA
0x4305c8 GetLocaleInfoA
0x4305cc GetLocalTime
0x4305d0 GetLastError
0x4305d4 GetFullPathNameA
0x4305d8 GetDiskFreeSpaceA
0x4305dc GetDateFormatA
0x4305e0 GetCurrentThreadId
0x4305e4 GetCPInfo
0x4305e8 FreeResource
0x4305ec InterlockedIncrement
0x4305f0 InterlockedExchange
0x4305f4 InterlockedDecrement
0x4305f8 FreeLibrary
0x4305fc FormatMessageA
0x430600 FindResourceA
0x430604 FindFirstFileA
0x430608 FindClose
0x43060c EnumCalendarInfoA
0x430610 EnterCriticalSection
0x430614 DeleteCriticalSection
0x430618 CreateFileA
0x43061c CreateEventA
0x430620 CompareStringA
0x430624 CloseHandle
advapi32.dll
0x43062c RegSetValueExA
0x430630 RegDeleteKeyA
0x430634 RegCreateKeyExA
0x430638 RegCloseKey
oleaut32.dll
0x430640 CreateErrorInfo
0x430644 GetErrorInfo
0x430648 SetErrorInfo
0x43064c DispGetIDsOfNames
0x430650 RegisterTypeLib
0x430654 LoadTypeLibEx
0x430658 SafeArrayGetElement
0x43065c SafeArrayGetLBound
0x430660 SafeArrayGetUBound
0x430664 SysFreeString
ole32.dll
0x43066c CreateBindCtx
0x430670 CoTaskMemFree
0x430674 CLSIDFromProgID
0x430678 StringFromCLSID
0x43067c CoCreateInstance
0x430680 CoLockObjectExternal
0x430684 CoDisconnectObject
0x430688 CoRevokeClassObject
0x43068c CoRegisterClassObject
0x430690 CoUninitialize
0x430694 CoInitialize
0x430698 IsEqualGUID
kernel32.dll
0x4306a0 Sleep
ole32.dll
0x4306a8 IsEqualGUID
oleaut32.dll
0x4306b0 SafeArrayPtrOfIndex
0x4306b4 SafeArrayGetUBound
0x4306b8 SafeArrayGetLBound
0x4306bc SafeArrayCreate
0x4306c0 VariantChangeType
0x4306c4 VariantCopyInd
0x4306c8 VariantCopy
0x4306cc VariantClear
0x4306d0 VariantInit
URLMON.DLL
0x4306d8 MkParseDisplayNameEx
EAT(Export Address Table) is none