ScreenShot
| Created | 2024.06.24 07:50 | Machine | s1_win7_x6403 |
| Filename | 1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 28 detected (AIDetectMalware, malicious, high confidence, score, Stop, Lockbit, Unsafe, Attribute, HighConfidence, CrypterX, DiskWriter, SmokeLoader, CLASSIC, high, Detected, Wacapew, ZexaF, oq0@a4cc1inG, Obfuscated, Static AI, Malicious PE, MxResIcn, confidence, 100%) | ||
| md5 | b96f0135250aab5a530906d079b178e1 | ||
| sha256 | 004eeca29e9a5bf7e40352873677e4a816e4efea504d96a3c308711fc5ada749 | ||
| ssdeep | 3072:JOUeWVWeZOOdNbJTKyvREc+2ylMUWOk1WXPoRMGIAJxp+9p0Xkv0o3V1nF23M/F:H+ODbJTKMEc+bPFLAc9+VAVVF23M | ||
| imphash | 9c5bfa67e7d676991a3150a8ccf9a3e8 | ||
| impfuzzy | 24:9DZBpsTgVjkUAfJcDfychxvCSqMW4jcrEH7LOovVt4cQIlyv9Jkg3y8OSIuj5Alb:tZ/XnCXrI62t4cHK9nOSIuVAoX2tQEJ | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424014 InterlockedCompareExchange
0x424018 CreateHardLinkA
0x42401c GetSystemDefaultLCID
0x424020 GetTickCount
0x424024 GetWindowsDirectoryA
0x424028 EnumResourceTypesA
0x42402c GlobalFindAtomA
0x424030 LoadLibraryW
0x424034 GetConsoleAliasW
0x424038 IsBadWritePtr
0x42403c IsBadStringPtrA
0x424040 SetLastError
0x424044 GetProcAddress
0x424048 SetFileAttributesA
0x42404c GetDiskFreeSpaceW
0x424050 OpenJobObjectA
0x424054 LocalAlloc
0x424058 FindFirstVolumeMountPointW
0x42405c GetNumberFormatW
0x424060 GlobalHandle
0x424064 GetOEMCP
0x424068 FindFirstVolumeMountPointA
0x42406c LoadLibraryExA
0x424070 OpenFileMappingA
0x424074 CommConfigDialogW
0x424078 SetStdHandle
0x42407c WriteConsoleW
0x424080 CloseHandle
0x424084 SetFilePointer
0x424088 FlushFileBuffers
0x42408c GetConsoleMode
0x424090 FindResourceA
0x424094 TlsGetValue
0x424098 GetComputerNameA
0x42409c LoadLibraryA
0x4240a0 GetSystemDefaultLangID
0x4240a4 MultiByteToWideChar
0x4240a8 DecodePointer
0x4240ac EncodePointer
0x4240b0 GetLastError
0x4240b4 HeapReAlloc
0x4240b8 GetModuleHandleW
0x4240bc ExitProcess
0x4240c0 GetCommandLineA
0x4240c4 HeapSetInformation
0x4240c8 GetStartupInfoW
0x4240cc UnhandledExceptionFilter
0x4240d0 SetUnhandledExceptionFilter
0x4240d4 IsDebuggerPresent
0x4240d8 TerminateProcess
0x4240dc GetCurrentProcess
0x4240e0 IsProcessorFeaturePresent
0x4240e4 EnterCriticalSection
0x4240e8 LeaveCriticalSection
0x4240ec SetHandleCount
0x4240f0 GetStdHandle
0x4240f4 InitializeCriticalSectionAndSpinCount
0x4240f8 GetFileType
0x4240fc DeleteCriticalSection
0x424100 GetCPInfo
0x424104 InterlockedIncrement
0x424108 InterlockedDecrement
0x42410c GetACP
0x424110 IsValidCodePage
0x424114 TlsAlloc
0x424118 TlsSetValue
0x42411c TlsFree
0x424120 GetCurrentThreadId
0x424124 HeapCreate
0x424128 HeapFree
0x42412c HeapAlloc
0x424130 WriteFile
0x424134 GetModuleFileNameW
0x424138 GetModuleFileNameA
0x42413c FreeEnvironmentStringsW
0x424140 WideCharToMultiByte
0x424144 GetEnvironmentStringsW
0x424148 QueryPerformanceCounter
0x42414c GetCurrentProcessId
0x424150 GetSystemTimeAsFileTime
0x424154 Sleep
0x424158 RtlUnwind
0x42415c LCMapStringW
0x424160 GetStringTypeW
0x424164 HeapSize
0x424168 RaiseException
0x42416c GetConsoleCP
0x424170 CreateFileW
USER32.dll
0x424178 DdeCmpStringHandles
0x42417c GetCaretPos
0x424180 CloseWindow
0x424184 GetKeyboardLayoutNameA
0x424188 GetWindowTextLengthA
GDI32.dll
0x42400c GetCharacterPlacementA
ADVAPI32.dll
0x424000 BackupEventLogA
0x424004 ClearEventLogA
EAT(Export Address Table) is none
KERNEL32.dll
0x424014 InterlockedCompareExchange
0x424018 CreateHardLinkA
0x42401c GetSystemDefaultLCID
0x424020 GetTickCount
0x424024 GetWindowsDirectoryA
0x424028 EnumResourceTypesA
0x42402c GlobalFindAtomA
0x424030 LoadLibraryW
0x424034 GetConsoleAliasW
0x424038 IsBadWritePtr
0x42403c IsBadStringPtrA
0x424040 SetLastError
0x424044 GetProcAddress
0x424048 SetFileAttributesA
0x42404c GetDiskFreeSpaceW
0x424050 OpenJobObjectA
0x424054 LocalAlloc
0x424058 FindFirstVolumeMountPointW
0x42405c GetNumberFormatW
0x424060 GlobalHandle
0x424064 GetOEMCP
0x424068 FindFirstVolumeMountPointA
0x42406c LoadLibraryExA
0x424070 OpenFileMappingA
0x424074 CommConfigDialogW
0x424078 SetStdHandle
0x42407c WriteConsoleW
0x424080 CloseHandle
0x424084 SetFilePointer
0x424088 FlushFileBuffers
0x42408c GetConsoleMode
0x424090 FindResourceA
0x424094 TlsGetValue
0x424098 GetComputerNameA
0x42409c LoadLibraryA
0x4240a0 GetSystemDefaultLangID
0x4240a4 MultiByteToWideChar
0x4240a8 DecodePointer
0x4240ac EncodePointer
0x4240b0 GetLastError
0x4240b4 HeapReAlloc
0x4240b8 GetModuleHandleW
0x4240bc ExitProcess
0x4240c0 GetCommandLineA
0x4240c4 HeapSetInformation
0x4240c8 GetStartupInfoW
0x4240cc UnhandledExceptionFilter
0x4240d0 SetUnhandledExceptionFilter
0x4240d4 IsDebuggerPresent
0x4240d8 TerminateProcess
0x4240dc GetCurrentProcess
0x4240e0 IsProcessorFeaturePresent
0x4240e4 EnterCriticalSection
0x4240e8 LeaveCriticalSection
0x4240ec SetHandleCount
0x4240f0 GetStdHandle
0x4240f4 InitializeCriticalSectionAndSpinCount
0x4240f8 GetFileType
0x4240fc DeleteCriticalSection
0x424100 GetCPInfo
0x424104 InterlockedIncrement
0x424108 InterlockedDecrement
0x42410c GetACP
0x424110 IsValidCodePage
0x424114 TlsAlloc
0x424118 TlsSetValue
0x42411c TlsFree
0x424120 GetCurrentThreadId
0x424124 HeapCreate
0x424128 HeapFree
0x42412c HeapAlloc
0x424130 WriteFile
0x424134 GetModuleFileNameW
0x424138 GetModuleFileNameA
0x42413c FreeEnvironmentStringsW
0x424140 WideCharToMultiByte
0x424144 GetEnvironmentStringsW
0x424148 QueryPerformanceCounter
0x42414c GetCurrentProcessId
0x424150 GetSystemTimeAsFileTime
0x424154 Sleep
0x424158 RtlUnwind
0x42415c LCMapStringW
0x424160 GetStringTypeW
0x424164 HeapSize
0x424168 RaiseException
0x42416c GetConsoleCP
0x424170 CreateFileW
USER32.dll
0x424178 DdeCmpStringHandles
0x42417c GetCaretPos
0x424180 CloseWindow
0x424184 GetKeyboardLayoutNameA
0x424188 GetWindowTextLengthA
GDI32.dll
0x42400c GetCharacterPlacementA
ADVAPI32.dll
0x424000 BackupEventLogA
0x424004 ClearEventLogA
EAT(Export Address Table) is none