ScreenShot
| Created | 2024.06.25 07:46 | Machine | s1_win7_x6403 |
| Filename | Videopro02.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 63 detected (AIDetectMalware, Chapak, malicious, high confidence, score, Tofsee, Upatre, unsafe, Save, Attribute, HighConfidence, Kryptik, HWRU, Artemis, TrojanX, Glupteba, figw, StopCrypt, kkwgld, DownloaderUpatre, SmokeLoader, CLASSIC, hemdk, DownLoader46, AMADEY, YXECZZ, high, Krypt, wspu, Detected, ai score=88, Vidar, Malware@#3cdjzut0mj6o1, CCIA, Eldorado, PWSX, R641567, ZexaF, uq0@ayPzDcG, TrojanPSW, Stealerc, Chgt, Gencirc, Static AI, Suspicious PE, susgen, GenKryptik, GVRW, confidence, 100%) | ||
| md5 | 7d91ac0d3852641715e5248d384d27c7 | ||
| sha256 | 6c407858e1b9f4e38224a6bc700fe186ab6e43722dbf2f1c7818a2580862adf6 | ||
| ssdeep | 6144:tm60ukGNaA02dT5itb2ElHSQadhGwtR/:c60ukGN3P52iElHjf | ||
| imphash | 238dd58c74b98d1ded18d7f368ef8a85 | ||
| impfuzzy | 24:4kP3OOj3Xi9E51ajTDSBg8TtvWMOovLjOpcdy8Rnlyv9EJ3IjSljMLR0BxWS9Rl:zrKGmuypcLK98MSMaBxbp | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 63 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40f008 GetNumaProcessorNode
0x40f00c GetConsoleAliasExesLengthA
0x40f010 SetUnhandledExceptionFilter
0x40f014 InterlockedIncrement
0x40f018 WaitForSingleObject
0x40f01c SetComputerNameW
0x40f020 ConnectNamedPipe
0x40f024 GetModuleHandleW
0x40f028 GetTickCount
0x40f02c FindNextVolumeMountPointA
0x40f030 LoadLibraryW
0x40f034 GetLocaleInfoW
0x40f038 HeapCreate
0x40f03c HeapValidate
0x40f040 GetFileAttributesW
0x40f044 GetModuleFileNameW
0x40f048 SetConsoleTitleA
0x40f04c TryEnterCriticalSection
0x40f050 GetLastError
0x40f054 GetLongPathNameW
0x40f058 GetProcAddress
0x40f05c HeapSize
0x40f060 GetAtomNameA
0x40f064 LoadLibraryA
0x40f068 CreateHardLinkW
0x40f06c FindAtomA
0x40f070 GlobalFindAtomW
0x40f074 ConvertDefaultLocale
0x40f078 GetModuleHandleA
0x40f07c HeapSetInformation
0x40f080 GetCurrentDirectoryA
0x40f084 SetCalendarInfoA
0x40f088 CloseHandle
0x40f08c CreateFileW
0x40f090 GetConsoleOutputCP
0x40f094 CreateFileA
0x40f098 HeapAlloc
0x40f09c HeapReAlloc
0x40f0a0 GetCommandLineA
0x40f0a4 GetStartupInfoW
0x40f0a8 TerminateProcess
0x40f0ac GetCurrentProcess
0x40f0b0 UnhandledExceptionFilter
0x40f0b4 IsDebuggerPresent
0x40f0b8 DecodePointer
0x40f0bc EncodePointer
0x40f0c0 ExitProcess
0x40f0c4 WriteFile
0x40f0c8 GetStdHandle
0x40f0cc EnterCriticalSection
0x40f0d0 LeaveCriticalSection
0x40f0d4 HeapFree
0x40f0d8 GetModuleFileNameA
0x40f0dc FreeEnvironmentStringsW
0x40f0e0 WideCharToMultiByte
0x40f0e4 GetEnvironmentStringsW
0x40f0e8 SetHandleCount
0x40f0ec InitializeCriticalSectionAndSpinCount
0x40f0f0 GetFileType
0x40f0f4 DeleteCriticalSection
0x40f0f8 TlsAlloc
0x40f0fc TlsGetValue
0x40f100 TlsSetValue
0x40f104 TlsFree
0x40f108 SetLastError
0x40f10c GetCurrentThreadId
0x40f110 InterlockedDecrement
0x40f114 QueryPerformanceCounter
0x40f118 GetCurrentProcessId
0x40f11c GetSystemTimeAsFileTime
0x40f120 SetFilePointer
0x40f124 GetConsoleCP
0x40f128 GetConsoleMode
0x40f12c GetCPInfo
0x40f130 GetACP
0x40f134 GetOEMCP
0x40f138 IsValidCodePage
0x40f13c Sleep
0x40f140 RtlUnwind
0x40f144 MultiByteToWideChar
0x40f148 SetStdHandle
0x40f14c WriteConsoleW
0x40f150 LCMapStringW
0x40f154 GetStringTypeW
0x40f158 IsProcessorFeaturePresent
0x40f15c FlushFileBuffers
0x40f160 ReadFile
0x40f164 RaiseException
USER32.dll
0x40f16c GetMonitorInfoA
ADVAPI32.dll
0x40f000 RegCreateKeyW
ole32.dll
0x40f17c CoTaskMemFree
WINHTTP.dll
0x40f174 WinHttpOpen
EAT(Export Address Table) is none
KERNEL32.dll
0x40f008 GetNumaProcessorNode
0x40f00c GetConsoleAliasExesLengthA
0x40f010 SetUnhandledExceptionFilter
0x40f014 InterlockedIncrement
0x40f018 WaitForSingleObject
0x40f01c SetComputerNameW
0x40f020 ConnectNamedPipe
0x40f024 GetModuleHandleW
0x40f028 GetTickCount
0x40f02c FindNextVolumeMountPointA
0x40f030 LoadLibraryW
0x40f034 GetLocaleInfoW
0x40f038 HeapCreate
0x40f03c HeapValidate
0x40f040 GetFileAttributesW
0x40f044 GetModuleFileNameW
0x40f048 SetConsoleTitleA
0x40f04c TryEnterCriticalSection
0x40f050 GetLastError
0x40f054 GetLongPathNameW
0x40f058 GetProcAddress
0x40f05c HeapSize
0x40f060 GetAtomNameA
0x40f064 LoadLibraryA
0x40f068 CreateHardLinkW
0x40f06c FindAtomA
0x40f070 GlobalFindAtomW
0x40f074 ConvertDefaultLocale
0x40f078 GetModuleHandleA
0x40f07c HeapSetInformation
0x40f080 GetCurrentDirectoryA
0x40f084 SetCalendarInfoA
0x40f088 CloseHandle
0x40f08c CreateFileW
0x40f090 GetConsoleOutputCP
0x40f094 CreateFileA
0x40f098 HeapAlloc
0x40f09c HeapReAlloc
0x40f0a0 GetCommandLineA
0x40f0a4 GetStartupInfoW
0x40f0a8 TerminateProcess
0x40f0ac GetCurrentProcess
0x40f0b0 UnhandledExceptionFilter
0x40f0b4 IsDebuggerPresent
0x40f0b8 DecodePointer
0x40f0bc EncodePointer
0x40f0c0 ExitProcess
0x40f0c4 WriteFile
0x40f0c8 GetStdHandle
0x40f0cc EnterCriticalSection
0x40f0d0 LeaveCriticalSection
0x40f0d4 HeapFree
0x40f0d8 GetModuleFileNameA
0x40f0dc FreeEnvironmentStringsW
0x40f0e0 WideCharToMultiByte
0x40f0e4 GetEnvironmentStringsW
0x40f0e8 SetHandleCount
0x40f0ec InitializeCriticalSectionAndSpinCount
0x40f0f0 GetFileType
0x40f0f4 DeleteCriticalSection
0x40f0f8 TlsAlloc
0x40f0fc TlsGetValue
0x40f100 TlsSetValue
0x40f104 TlsFree
0x40f108 SetLastError
0x40f10c GetCurrentThreadId
0x40f110 InterlockedDecrement
0x40f114 QueryPerformanceCounter
0x40f118 GetCurrentProcessId
0x40f11c GetSystemTimeAsFileTime
0x40f120 SetFilePointer
0x40f124 GetConsoleCP
0x40f128 GetConsoleMode
0x40f12c GetCPInfo
0x40f130 GetACP
0x40f134 GetOEMCP
0x40f138 IsValidCodePage
0x40f13c Sleep
0x40f140 RtlUnwind
0x40f144 MultiByteToWideChar
0x40f148 SetStdHandle
0x40f14c WriteConsoleW
0x40f150 LCMapStringW
0x40f154 GetStringTypeW
0x40f158 IsProcessorFeaturePresent
0x40f15c FlushFileBuffers
0x40f160 ReadFile
0x40f164 RaiseException
USER32.dll
0x40f16c GetMonitorInfoA
ADVAPI32.dll
0x40f000 RegCreateKeyW
ole32.dll
0x40f17c CoTaskMemFree
WINHTTP.dll
0x40f174 WinHttpOpen
EAT(Export Address Table) is none