ScreenShot
Created | 2024.06.17 10:25 | Machine | s1_win7_x6401 |
Filename | b.exe | ||
Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 39 detected (AIDetectMalware, Convagent, malicious, moderate confidence, score, Unsafe, Vzab, Attribute, HighConfidence, a variant of WinGo, Gomal, Generic@AI, RDML, y3xovI, YB4mn4C9dvZIYtQ, XPACK, Outbreak, Detected, Sabsik, Casdet, 6WPJIH, ABRisk, SYPB, CobaltStrike, BScope, Static AI, Malicious PE, susgen, confidence) | ||
md5 | ccd45a73d555f6a89b06924e150680e5 | ||
sha256 | c86218367d0caf1b3939762afbb20f97e941da48d10725eb49239126dacd2422 | ||
ssdeep | 49152:uh0L6UQC+fua+hyHdzy8XkH5DaJc9zOPoze8MoRwFS0bM1qck0zdB0VF1NVm:uyL6Uouxhf9zOPozzE0zqV | ||
imphash | 9cbefe68f395e67356e2a5d8d1b285c0 | ||
impfuzzy | 24:UbVjhNwO+VuT2oLtXOr6kwmDruMztxdEr6tP:KwO+VAXOmGx0oP |
Network IP location
Signature (5cnts)
Level | Description |
---|---|
danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
watch | Detects the presence of Wine emulator |
notice | Creates a suspicious process |
notice | Uses Windows utilities for basic Windows functionality |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
ET DROP Spamhaus DROP Listed Traffic Inbound group 15
ET USER_AGENTS Go HTTP Client User-Agent
ET USER_AGENTS Go HTTP Client User-Agent
PE API
IAT(Import Address Table) Library
kernel32.dll
0x7ea100 WriteFile
0x7ea104 WriteConsoleW
0x7ea108 WaitForMultipleObjects
0x7ea10c WaitForSingleObject
0x7ea110 VirtualQuery
0x7ea114 VirtualFree
0x7ea118 VirtualAlloc
0x7ea11c SwitchToThread
0x7ea120 SuspendThread
0x7ea124 SetWaitableTimer
0x7ea128 SetUnhandledExceptionFilter
0x7ea12c SetProcessPriorityBoost
0x7ea130 SetEvent
0x7ea134 SetErrorMode
0x7ea138 SetConsoleCtrlHandler
0x7ea13c ResumeThread
0x7ea140 PostQueuedCompletionStatus
0x7ea144 LoadLibraryA
0x7ea148 LoadLibraryW
0x7ea14c SetThreadContext
0x7ea150 GetThreadContext
0x7ea154 GetSystemInfo
0x7ea158 GetSystemDirectoryA
0x7ea15c GetStdHandle
0x7ea160 GetQueuedCompletionStatusEx
0x7ea164 GetProcessAffinityMask
0x7ea168 GetProcAddress
0x7ea16c GetEnvironmentStringsW
0x7ea170 GetConsoleMode
0x7ea174 FreeEnvironmentStringsW
0x7ea178 ExitProcess
0x7ea17c DuplicateHandle
0x7ea180 CreateWaitableTimerExW
0x7ea184 CreateThread
0x7ea188 CreateIoCompletionPort
0x7ea18c CreateFileA
0x7ea190 CreateEventA
0x7ea194 CloseHandle
0x7ea198 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x7ea100 WriteFile
0x7ea104 WriteConsoleW
0x7ea108 WaitForMultipleObjects
0x7ea10c WaitForSingleObject
0x7ea110 VirtualQuery
0x7ea114 VirtualFree
0x7ea118 VirtualAlloc
0x7ea11c SwitchToThread
0x7ea120 SuspendThread
0x7ea124 SetWaitableTimer
0x7ea128 SetUnhandledExceptionFilter
0x7ea12c SetProcessPriorityBoost
0x7ea130 SetEvent
0x7ea134 SetErrorMode
0x7ea138 SetConsoleCtrlHandler
0x7ea13c ResumeThread
0x7ea140 PostQueuedCompletionStatus
0x7ea144 LoadLibraryA
0x7ea148 LoadLibraryW
0x7ea14c SetThreadContext
0x7ea150 GetThreadContext
0x7ea154 GetSystemInfo
0x7ea158 GetSystemDirectoryA
0x7ea15c GetStdHandle
0x7ea160 GetQueuedCompletionStatusEx
0x7ea164 GetProcessAffinityMask
0x7ea168 GetProcAddress
0x7ea16c GetEnvironmentStringsW
0x7ea170 GetConsoleMode
0x7ea174 FreeEnvironmentStringsW
0x7ea178 ExitProcess
0x7ea17c DuplicateHandle
0x7ea180 CreateWaitableTimerExW
0x7ea184 CreateThread
0x7ea188 CreateIoCompletionPort
0x7ea18c CreateFileA
0x7ea190 CreateEventA
0x7ea194 CloseHandle
0x7ea198 AddVectoredExceptionHandler
EAT(Export Address Table) is none