ScreenShot
| Created | 2024.06.25 07:44 | Machine | s1_win7_x6401 |
| Filename | 3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (AIDetectMalware, malicious, high confidence, score, Lockbit, Unsafe, Tepfer, Attribute, HighConfidence, GenKryptik, GYFX, Fareit, Convagent, Generic@AI, RDMK, cmRtazpZ0veyCbiie5NDFBU6Qxva, Real Protect, high, Stealc, Detected, Wacapew, Kryptik, Eldorado, R653711, ZexaF, tq0@a0s3vUiG, Static AI, Suspicious PE, susgen, HBBY, confidence, 100%) | ||
| md5 | 62ae0796c580559b876ecd052ddf80c4 | ||
| sha256 | 3ffb523b138092c020c800303331a3e6497738c18a5ac9e00d9ed8f5e7f6fc13 | ||
| ssdeep | 3072:25x7XLaymwe4XLzPnoQw2ATgCP88fQ5fQzPrhY7iid7Arji7u:2zjLTmD2Hnm24gCP88f+Qz1Y7i27Ani | ||
| imphash | 41dfda56d33f4ba57e8c7adc587be905 | ||
| impfuzzy | 48:gatFDirj9GkNdQyvmvYXI1tTQcfLYuuSBESw:Grj0oQyvfXI1tTQcfL4SBy | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40e000 GetComputerNameA
0x40e004 SetDefaultCommConfigA
0x40e008 GetConsoleAliasesLengthW
0x40e00c GlobalAddAtomA
0x40e010 CreateJobObjectW
0x40e014 GetNamedPipeHandleStateA
0x40e018 SetVolumeMountPointW
0x40e01c GetTimeFormatA
0x40e020 GetCommProperties
0x40e024 GetModuleHandleW
0x40e028 GetTickCount
0x40e02c EnumCalendarInfoExW
0x40e030 GetConsoleAliasesLengthA
0x40e034 ReadConsoleOutputA
0x40e038 GetUserDefaultLangID
0x40e03c GlobalAlloc
0x40e040 LoadLibraryW
0x40e044 GetLocaleInfoW
0x40e048 GetCalendarInfoW
0x40e04c FormatMessageW
0x40e050 lstrcpynW
0x40e054 LocalReAlloc
0x40e058 GetModuleFileNameW
0x40e05c RaiseException
0x40e060 GetConsoleAliasesW
0x40e064 InterlockedExchange
0x40e068 GetLastError
0x40e06c GetProcAddress
0x40e070 GetNumaHighestNodeNumber
0x40e074 LoadLibraryA
0x40e078 WriteConsoleA
0x40e07c RegisterWaitForSingleObject
0x40e080 AddAtomW
0x40e084 OpenJobObjectW
0x40e088 FoldStringW
0x40e08c GetCommTimeouts
0x40e090 lstrcatW
0x40e094 OpenFileMappingW
0x40e098 GetConsoleTitleW
0x40e09c BuildCommDCBA
0x40e0a0 GetShortPathNameW
0x40e0a4 FindFirstVolumeW
0x40e0a8 AreFileApisANSI
0x40e0ac LocalFileTimeToFileTime
0x40e0b0 MultiByteToWideChar
0x40e0b4 HeapAlloc
0x40e0b8 Sleep
0x40e0bc ExitProcess
0x40e0c0 GetStartupInfoW
0x40e0c4 RtlUnwind
0x40e0c8 TerminateProcess
0x40e0cc GetCurrentProcess
0x40e0d0 UnhandledExceptionFilter
0x40e0d4 SetUnhandledExceptionFilter
0x40e0d8 IsDebuggerPresent
0x40e0dc HeapFree
0x40e0e0 GetCPInfo
0x40e0e4 InterlockedIncrement
0x40e0e8 InterlockedDecrement
0x40e0ec GetACP
0x40e0f0 GetOEMCP
0x40e0f4 IsValidCodePage
0x40e0f8 TlsGetValue
0x40e0fc TlsAlloc
0x40e100 TlsSetValue
0x40e104 TlsFree
0x40e108 SetLastError
0x40e10c GetCurrentThreadId
0x40e110 DeleteCriticalSection
0x40e114 LeaveCriticalSection
0x40e118 EnterCriticalSection
0x40e11c VirtualFree
0x40e120 VirtualAlloc
0x40e124 HeapReAlloc
0x40e128 HeapCreate
0x40e12c WriteFile
0x40e130 GetStdHandle
0x40e134 GetModuleFileNameA
0x40e138 WideCharToMultiByte
0x40e13c GetConsoleCP
0x40e140 GetConsoleMode
0x40e144 FlushFileBuffers
0x40e148 HeapSize
0x40e14c InitializeCriticalSectionAndSpinCount
0x40e150 FreeEnvironmentStringsW
0x40e154 GetEnvironmentStringsW
0x40e158 GetCommandLineW
0x40e15c SetHandleCount
0x40e160 GetFileType
0x40e164 GetStartupInfoA
0x40e168 QueryPerformanceCounter
0x40e16c GetCurrentProcessId
0x40e170 GetSystemTimeAsFileTime
0x40e174 LCMapStringA
0x40e178 LCMapStringW
0x40e17c GetStringTypeA
0x40e180 GetStringTypeW
0x40e184 GetLocaleInfoA
0x40e188 GetConsoleOutputCP
0x40e18c WriteConsoleW
0x40e190 SetFilePointer
0x40e194 SetStdHandle
0x40e198 ReadFile
0x40e19c CreateFileA
0x40e1a0 CloseHandle
USER32.dll
0x40e1a8 LoadIconA
EAT(Export Address Table) is none
KERNEL32.dll
0x40e000 GetComputerNameA
0x40e004 SetDefaultCommConfigA
0x40e008 GetConsoleAliasesLengthW
0x40e00c GlobalAddAtomA
0x40e010 CreateJobObjectW
0x40e014 GetNamedPipeHandleStateA
0x40e018 SetVolumeMountPointW
0x40e01c GetTimeFormatA
0x40e020 GetCommProperties
0x40e024 GetModuleHandleW
0x40e028 GetTickCount
0x40e02c EnumCalendarInfoExW
0x40e030 GetConsoleAliasesLengthA
0x40e034 ReadConsoleOutputA
0x40e038 GetUserDefaultLangID
0x40e03c GlobalAlloc
0x40e040 LoadLibraryW
0x40e044 GetLocaleInfoW
0x40e048 GetCalendarInfoW
0x40e04c FormatMessageW
0x40e050 lstrcpynW
0x40e054 LocalReAlloc
0x40e058 GetModuleFileNameW
0x40e05c RaiseException
0x40e060 GetConsoleAliasesW
0x40e064 InterlockedExchange
0x40e068 GetLastError
0x40e06c GetProcAddress
0x40e070 GetNumaHighestNodeNumber
0x40e074 LoadLibraryA
0x40e078 WriteConsoleA
0x40e07c RegisterWaitForSingleObject
0x40e080 AddAtomW
0x40e084 OpenJobObjectW
0x40e088 FoldStringW
0x40e08c GetCommTimeouts
0x40e090 lstrcatW
0x40e094 OpenFileMappingW
0x40e098 GetConsoleTitleW
0x40e09c BuildCommDCBA
0x40e0a0 GetShortPathNameW
0x40e0a4 FindFirstVolumeW
0x40e0a8 AreFileApisANSI
0x40e0ac LocalFileTimeToFileTime
0x40e0b0 MultiByteToWideChar
0x40e0b4 HeapAlloc
0x40e0b8 Sleep
0x40e0bc ExitProcess
0x40e0c0 GetStartupInfoW
0x40e0c4 RtlUnwind
0x40e0c8 TerminateProcess
0x40e0cc GetCurrentProcess
0x40e0d0 UnhandledExceptionFilter
0x40e0d4 SetUnhandledExceptionFilter
0x40e0d8 IsDebuggerPresent
0x40e0dc HeapFree
0x40e0e0 GetCPInfo
0x40e0e4 InterlockedIncrement
0x40e0e8 InterlockedDecrement
0x40e0ec GetACP
0x40e0f0 GetOEMCP
0x40e0f4 IsValidCodePage
0x40e0f8 TlsGetValue
0x40e0fc TlsAlloc
0x40e100 TlsSetValue
0x40e104 TlsFree
0x40e108 SetLastError
0x40e10c GetCurrentThreadId
0x40e110 DeleteCriticalSection
0x40e114 LeaveCriticalSection
0x40e118 EnterCriticalSection
0x40e11c VirtualFree
0x40e120 VirtualAlloc
0x40e124 HeapReAlloc
0x40e128 HeapCreate
0x40e12c WriteFile
0x40e130 GetStdHandle
0x40e134 GetModuleFileNameA
0x40e138 WideCharToMultiByte
0x40e13c GetConsoleCP
0x40e140 GetConsoleMode
0x40e144 FlushFileBuffers
0x40e148 HeapSize
0x40e14c InitializeCriticalSectionAndSpinCount
0x40e150 FreeEnvironmentStringsW
0x40e154 GetEnvironmentStringsW
0x40e158 GetCommandLineW
0x40e15c SetHandleCount
0x40e160 GetFileType
0x40e164 GetStartupInfoA
0x40e168 QueryPerformanceCounter
0x40e16c GetCurrentProcessId
0x40e170 GetSystemTimeAsFileTime
0x40e174 LCMapStringA
0x40e178 LCMapStringW
0x40e17c GetStringTypeA
0x40e180 GetStringTypeW
0x40e184 GetLocaleInfoA
0x40e188 GetConsoleOutputCP
0x40e18c WriteConsoleW
0x40e190 SetFilePointer
0x40e194 SetStdHandle
0x40e198 ReadFile
0x40e19c CreateFileA
0x40e1a0 CloseHandle
USER32.dll
0x40e1a8 LoadIconA
EAT(Export Address Table) is none