ScreenShot
| Created | 2024.06.24 07:43 | Machine | s1_win7_x6401 |
| Filename | taskweaker.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 48 detected (AIDetectMalware, WinGo, malicious, high confidence, score, Unsafe, GenericKD, Vxdr, Attribute, HighConfidence, a variant of WinGo, qwitvg, CLASSIC, prkqf, PRIVATELOADER, YXEFVZ, Outbreak, Detected, ai score=89, Casdet, CZT72A, ABRisk, WTGC, Yylw, Static AI, Suspicious PE, MxResIcn, confidence, 100%) | ||
| md5 | 6c149b39619395a8ba117a4cae95ba6f | ||
| sha256 | c43b64c78f6ccba5cfb7de13fc39d5cc43fad9a9f5e78799b34100ab69e5e4e8 | ||
| ssdeep | 49152:IsLm1+6M1hSfHiiQsaaR6GRNxM2u8RpZAPN0E8hKfOFuyjh5EYR/xbsSrpMih44K:F8Gi57VpZqGFLEeZ8+F+5 | ||
| imphash | 5929190c8765f5bc37b052ab5c6c53e7 | ||
| impfuzzy | 48:qJrKxMCy9cmwKeFR+2u42xQ2HpdXiX1PJOmSnlTJGfYJ861k1vcqTjz:qJexMCyamCRHu42xQ2HPXiX1PgblTJGh | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14060a47c AddAtomA
0x14060a484 AddVectoredExceptionHandler
0x14060a48c CloseHandle
0x14060a494 CreateEventA
0x14060a49c CreateFileA
0x14060a4a4 CreateIoCompletionPort
0x14060a4ac CreateMutexA
0x14060a4b4 CreateSemaphoreA
0x14060a4bc CreateThread
0x14060a4c4 CreateWaitableTimerExW
0x14060a4cc DeleteAtom
0x14060a4d4 DeleteCriticalSection
0x14060a4dc DuplicateHandle
0x14060a4e4 EnterCriticalSection
0x14060a4ec ExitProcess
0x14060a4f4 FindAtomA
0x14060a4fc FormatMessageA
0x14060a504 FreeEnvironmentStringsW
0x14060a50c GetAtomNameA
0x14060a514 GetConsoleMode
0x14060a51c GetCurrentProcess
0x14060a524 GetCurrentProcessId
0x14060a52c GetCurrentThread
0x14060a534 GetCurrentThreadId
0x14060a53c GetEnvironmentStringsW
0x14060a544 GetErrorMode
0x14060a54c GetHandleInformation
0x14060a554 GetLastError
0x14060a55c GetProcAddress
0x14060a564 GetProcessAffinityMask
0x14060a56c GetQueuedCompletionStatusEx
0x14060a574 GetStartupInfoA
0x14060a57c GetStdHandle
0x14060a584 GetSystemDirectoryA
0x14060a58c GetSystemInfo
0x14060a594 GetSystemTimeAsFileTime
0x14060a59c GetThreadContext
0x14060a5a4 GetThreadPriority
0x14060a5ac GetTickCount
0x14060a5b4 InitializeCriticalSection
0x14060a5bc IsDBCSLeadByteEx
0x14060a5c4 IsDebuggerPresent
0x14060a5cc LeaveCriticalSection
0x14060a5d4 LoadLibraryExW
0x14060a5dc LoadLibraryW
0x14060a5e4 LocalFree
0x14060a5ec MultiByteToWideChar
0x14060a5f4 OpenProcess
0x14060a5fc OutputDebugStringA
0x14060a604 PostQueuedCompletionStatus
0x14060a60c QueryPerformanceCounter
0x14060a614 QueryPerformanceFrequency
0x14060a61c RaiseException
0x14060a624 RaiseFailFastException
0x14060a62c ReleaseMutex
0x14060a634 ReleaseSemaphore
0x14060a63c RemoveVectoredExceptionHandler
0x14060a644 ResetEvent
0x14060a64c ResumeThread
0x14060a654 SetConsoleCtrlHandler
0x14060a65c SetErrorMode
0x14060a664 SetEvent
0x14060a66c SetLastError
0x14060a674 SetProcessAffinityMask
0x14060a67c SetProcessPriorityBoost
0x14060a684 SetThreadContext
0x14060a68c SetThreadPriority
0x14060a694 SetUnhandledExceptionFilter
0x14060a69c SetWaitableTimer
0x14060a6a4 Sleep
0x14060a6ac SuspendThread
0x14060a6b4 SwitchToThread
0x14060a6bc TlsAlloc
0x14060a6c4 TlsGetValue
0x14060a6cc TlsSetValue
0x14060a6d4 TryEnterCriticalSection
0x14060a6dc VirtualAlloc
0x14060a6e4 VirtualFree
0x14060a6ec VirtualProtect
0x14060a6f4 VirtualQuery
0x14060a6fc WaitForMultipleObjects
0x14060a704 WaitForSingleObject
0x14060a70c WerGetFlags
0x14060a714 WerSetFlags
0x14060a71c WideCharToMultiByte
0x14060a724 WriteConsoleW
0x14060a72c WriteFile
0x14060a734 __C_specific_handler
msvcrt.dll
0x14060a744 ___lc_codepage_func
0x14060a74c ___mb_cur_max_func
0x14060a754 __getmainargs
0x14060a75c __initenv
0x14060a764 __iob_func
0x14060a76c __lconv_init
0x14060a774 __set_app_type
0x14060a77c __setusermatherr
0x14060a784 _acmdln
0x14060a78c _amsg_exit
0x14060a794 _beginthread
0x14060a79c _beginthreadex
0x14060a7a4 _cexit
0x14060a7ac _commode
0x14060a7b4 _endthreadex
0x14060a7bc _errno
0x14060a7c4 _fmode
0x14060a7cc _initterm
0x14060a7d4 _lock
0x14060a7dc _memccpy
0x14060a7e4 _onexit
0x14060a7ec _setjmp
0x14060a7f4 _strdup
0x14060a7fc _ultoa
0x14060a804 _unlock
0x14060a80c abort
0x14060a814 calloc
0x14060a81c exit
0x14060a824 fprintf
0x14060a82c fputc
0x14060a834 free
0x14060a83c fwrite
0x14060a844 localeconv
0x14060a84c longjmp
0x14060a854 malloc
0x14060a85c memcpy
0x14060a864 memmove
0x14060a86c memset
0x14060a874 printf
0x14060a87c realloc
0x14060a884 signal
0x14060a88c strerror
0x14060a894 strlen
0x14060a89c strncmp
0x14060a8a4 vfprintf
0x14060a8ac wcslen
EAT(Export Address Table) Library
0x140607ab0 _cgo_dummy_export
KERNEL32.dll
0x14060a47c AddAtomA
0x14060a484 AddVectoredExceptionHandler
0x14060a48c CloseHandle
0x14060a494 CreateEventA
0x14060a49c CreateFileA
0x14060a4a4 CreateIoCompletionPort
0x14060a4ac CreateMutexA
0x14060a4b4 CreateSemaphoreA
0x14060a4bc CreateThread
0x14060a4c4 CreateWaitableTimerExW
0x14060a4cc DeleteAtom
0x14060a4d4 DeleteCriticalSection
0x14060a4dc DuplicateHandle
0x14060a4e4 EnterCriticalSection
0x14060a4ec ExitProcess
0x14060a4f4 FindAtomA
0x14060a4fc FormatMessageA
0x14060a504 FreeEnvironmentStringsW
0x14060a50c GetAtomNameA
0x14060a514 GetConsoleMode
0x14060a51c GetCurrentProcess
0x14060a524 GetCurrentProcessId
0x14060a52c GetCurrentThread
0x14060a534 GetCurrentThreadId
0x14060a53c GetEnvironmentStringsW
0x14060a544 GetErrorMode
0x14060a54c GetHandleInformation
0x14060a554 GetLastError
0x14060a55c GetProcAddress
0x14060a564 GetProcessAffinityMask
0x14060a56c GetQueuedCompletionStatusEx
0x14060a574 GetStartupInfoA
0x14060a57c GetStdHandle
0x14060a584 GetSystemDirectoryA
0x14060a58c GetSystemInfo
0x14060a594 GetSystemTimeAsFileTime
0x14060a59c GetThreadContext
0x14060a5a4 GetThreadPriority
0x14060a5ac GetTickCount
0x14060a5b4 InitializeCriticalSection
0x14060a5bc IsDBCSLeadByteEx
0x14060a5c4 IsDebuggerPresent
0x14060a5cc LeaveCriticalSection
0x14060a5d4 LoadLibraryExW
0x14060a5dc LoadLibraryW
0x14060a5e4 LocalFree
0x14060a5ec MultiByteToWideChar
0x14060a5f4 OpenProcess
0x14060a5fc OutputDebugStringA
0x14060a604 PostQueuedCompletionStatus
0x14060a60c QueryPerformanceCounter
0x14060a614 QueryPerformanceFrequency
0x14060a61c RaiseException
0x14060a624 RaiseFailFastException
0x14060a62c ReleaseMutex
0x14060a634 ReleaseSemaphore
0x14060a63c RemoveVectoredExceptionHandler
0x14060a644 ResetEvent
0x14060a64c ResumeThread
0x14060a654 SetConsoleCtrlHandler
0x14060a65c SetErrorMode
0x14060a664 SetEvent
0x14060a66c SetLastError
0x14060a674 SetProcessAffinityMask
0x14060a67c SetProcessPriorityBoost
0x14060a684 SetThreadContext
0x14060a68c SetThreadPriority
0x14060a694 SetUnhandledExceptionFilter
0x14060a69c SetWaitableTimer
0x14060a6a4 Sleep
0x14060a6ac SuspendThread
0x14060a6b4 SwitchToThread
0x14060a6bc TlsAlloc
0x14060a6c4 TlsGetValue
0x14060a6cc TlsSetValue
0x14060a6d4 TryEnterCriticalSection
0x14060a6dc VirtualAlloc
0x14060a6e4 VirtualFree
0x14060a6ec VirtualProtect
0x14060a6f4 VirtualQuery
0x14060a6fc WaitForMultipleObjects
0x14060a704 WaitForSingleObject
0x14060a70c WerGetFlags
0x14060a714 WerSetFlags
0x14060a71c WideCharToMultiByte
0x14060a724 WriteConsoleW
0x14060a72c WriteFile
0x14060a734 __C_specific_handler
msvcrt.dll
0x14060a744 ___lc_codepage_func
0x14060a74c ___mb_cur_max_func
0x14060a754 __getmainargs
0x14060a75c __initenv
0x14060a764 __iob_func
0x14060a76c __lconv_init
0x14060a774 __set_app_type
0x14060a77c __setusermatherr
0x14060a784 _acmdln
0x14060a78c _amsg_exit
0x14060a794 _beginthread
0x14060a79c _beginthreadex
0x14060a7a4 _cexit
0x14060a7ac _commode
0x14060a7b4 _endthreadex
0x14060a7bc _errno
0x14060a7c4 _fmode
0x14060a7cc _initterm
0x14060a7d4 _lock
0x14060a7dc _memccpy
0x14060a7e4 _onexit
0x14060a7ec _setjmp
0x14060a7f4 _strdup
0x14060a7fc _ultoa
0x14060a804 _unlock
0x14060a80c abort
0x14060a814 calloc
0x14060a81c exit
0x14060a824 fprintf
0x14060a82c fputc
0x14060a834 free
0x14060a83c fwrite
0x14060a844 localeconv
0x14060a84c longjmp
0x14060a854 malloc
0x14060a85c memcpy
0x14060a864 memmove
0x14060a86c memset
0x14060a874 printf
0x14060a87c realloc
0x14060a884 signal
0x14060a88c strerror
0x14060a894 strlen
0x14060a89c strncmp
0x14060a8a4 vfprintf
0x14060a8ac wcslen
EAT(Export Address Table) Library
0x140607ab0 _cgo_dummy_export