ScreenShot
| Created | 2024.06.21 15:51 | Machine | s1_win7_x6403 |
| Filename | changezuhaolnk.exe | ||
| Type | MS-DOS executable, MZ for MS-DOS | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 14 detected (malicious, moderate confidence, Unsafe, high, score, Bladabindi, SGeneric, Static AI, Malicious PE, susgen, PossibleThreat, confidence) | ||
| md5 | 90f9973120104179d008e06cde39670c | ||
| sha256 | 88c32d5d4132b4d58d1b02b9d183fd954f87f449f3d51ea3eaec8f9d12f913f2 | ||
| ssdeep | 6144:rGdCAohu2CHYuZXL4HURkKd6Sq4Tk6XlC9RukP5vBH0vwr5LtOztaOaZIm09Pkfy:SuT3u5eU3kFRDHvLCa8ea | ||
| imphash | 5a8eb7c995095bbe76f458d24b691038 | ||
| impfuzzy | 6:nERGDmxdyWDTc5UxCA+auVMKhWd3XAXeEXTOvWuLpq3LtJKLbBnaZr4BeXw6v:EcDmxLTQUxC0Bd3dcOLLOL7Cor4Bxs | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | MPRESS_Zero | MPRESS packed file | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32
0x1400fd17c GetModuleHandleA
0x1400fd184 GetProcAddress
WSOCK32.dll
0x1400fd194 send
VERSION.dll
0x1400fd1a4 VerQueryValueW
WINMM.dll
0x1400fd1b4 timeGetTime
COMCTL32.dll
0x1400fd1c4 ImageList_Remove
MPR.dll
0x1400fd1d4 WNetUseConnectionW
WININET.dll
0x1400fd1e4 FtpOpenFileW
PSAPI.DLL
0x1400fd1f4 GetProcessMemoryInfo
IPHLPAPI.DLL
0x1400fd204 IcmpSendEcho
USERENV.dll
0x1400fd214 LoadUserProfileW
UxTheme.dll
0x1400fd224 IsThemeActive
USER32.dll
0x1400fd234 GetDC
GDI32.dll
0x1400fd244 LineTo
COMDLG32.dll
0x1400fd254 GetOpenFileNameW
ADVAPI32.dll
0x1400fd264 GetAce
SHELL32.dll
0x1400fd274 DragFinish
ole32.dll
0x1400fd284 CoGetObject
OLEAUT32.dll
0x1400fd294 UnRegisterTypeLib
EAT(Export Address Table) is none
KERNEL32
0x1400fd17c GetModuleHandleA
0x1400fd184 GetProcAddress
WSOCK32.dll
0x1400fd194 send
VERSION.dll
0x1400fd1a4 VerQueryValueW
WINMM.dll
0x1400fd1b4 timeGetTime
COMCTL32.dll
0x1400fd1c4 ImageList_Remove
MPR.dll
0x1400fd1d4 WNetUseConnectionW
WININET.dll
0x1400fd1e4 FtpOpenFileW
PSAPI.DLL
0x1400fd1f4 GetProcessMemoryInfo
IPHLPAPI.DLL
0x1400fd204 IcmpSendEcho
USERENV.dll
0x1400fd214 LoadUserProfileW
UxTheme.dll
0x1400fd224 IsThemeActive
USER32.dll
0x1400fd234 GetDC
GDI32.dll
0x1400fd244 LineTo
COMDLG32.dll
0x1400fd254 GetOpenFileNameW
ADVAPI32.dll
0x1400fd264 GetAce
SHELL32.dll
0x1400fd274 DragFinish
ole32.dll
0x1400fd284 CoGetObject
OLEAUT32.dll
0x1400fd294 UnRegisterTypeLib
EAT(Export Address Table) is none