ScreenShot
| Created | 2024.06.25 07:48 | Machine | s1_win7_x6401 |
| Filename | e0cbefcb1af40c7d4aff4aca26621a98.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 66 detected (AIDetectMalware, Smokeloader, malicious, high confidence, score, Lockbit, Zusy, Unsafe, Save, Genus, Attribute, HighConfidence, Kryptik, HWLJ, Artemis, PWSX, Tofsee, Windigo, CloudGenRKIT, kkdvwg, CLASSIC, dneew, Inject4, R03BC0DC724, moderate, Krypt, Detected, ai score=89, hwle, STOP, Malware@#1yyq9157jcm7d, StealC, SPXC, Eldorado, Amadey, R578960, ZexaF, @t1@aSz2JnB, Klubdepa, Obfuscated, U4FyTvM7dWI, Static AI, Malicious PE, susgen, HWLF, confidence, 100%) | ||
| md5 | 78a9e69486fa214a1af7dc245ab3ec06 | ||
| sha256 | 502e18361730ced7e40e00a36d11de51a07a05f29d5b5c9ea54c662260a5d47c | ||
| ssdeep | 98304:dwYpq65PX7G0lKZQA6S/odjsKFGzL17vqhAWe1eQ3I:FpH7GDt6t5E17vTWeY7 | ||
| imphash | 3409878def83bdb246ddfafca1d1bf27 | ||
| impfuzzy | 24:bpZH9jktLJFudQBDwvCO9dsirleiOOtEDkZcBRnlyv95hIjT47FjMuBhhRii:bpZH+ud9sOtNZcPK97Mc7ZBvRii | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 66 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x806010 SystemTimeToTzSpecificLocalTime
0x806014 HeapAlloc
0x806018 GetUserDefaultLCID
0x80601c WideCharToMultiByte
0x806020 GetVolumeInformationA
0x806024 LoadLibraryW
0x806028 GetConsoleAliasExesLengthW
0x80602c GetFileAttributesW
0x806030 ReplaceFileA
0x806034 GetStdHandle
0x806038 SetLastError
0x80603c GetProcessHeaps
0x806040 CreateNamedPipeA
0x806044 BuildCommDCBW
0x806048 InterlockedExchangeAdd
0x80604c LocalAlloc
0x806050 MoveFileExA
0x806054 GetModuleFileNameA
0x806058 lstrcatW
0x80605c FreeEnvironmentStringsW
0x806060 VirtualProtect
0x806064 GetCurrentDirectoryA
0x806068 FatalAppExitA
0x80606c ReleaseMutex
0x806070 EndUpdateResourceA
0x806074 FileTimeToLocalFileTime
0x806078 DeleteTimerQueueTimer
0x80607c CreateFileW
0x806080 SetStdHandle
0x806084 WriteConsoleW
0x806088 WriteConsoleOutputCharacterW
0x80608c GetLocaleInfoA
0x806090 AddAtomA
0x806094 GetFileSize
0x806098 CloseHandle
0x80609c SetFilePointer
0x8060a0 GetLastError
0x8060a4 HeapFree
0x8060a8 EncodePointer
0x8060ac DecodePointer
0x8060b0 GetCommandLineW
0x8060b4 HeapSetInformation
0x8060b8 GetStartupInfoW
0x8060bc TerminateProcess
0x8060c0 GetCurrentProcess
0x8060c4 UnhandledExceptionFilter
0x8060c8 SetUnhandledExceptionFilter
0x8060cc IsDebuggerPresent
0x8060d0 HeapCreate
0x8060d4 Sleep
0x8060d8 HeapSize
0x8060dc GetProcAddress
0x8060e0 GetModuleHandleW
0x8060e4 ExitProcess
0x8060e8 EnterCriticalSection
0x8060ec LeaveCriticalSection
0x8060f0 WriteFile
0x8060f4 GetModuleFileNameW
0x8060f8 GetEnvironmentStringsW
0x8060fc SetHandleCount
0x806100 InitializeCriticalSectionAndSpinCount
0x806104 GetFileType
0x806108 DeleteCriticalSection
0x80610c TlsAlloc
0x806110 TlsGetValue
0x806114 TlsSetValue
0x806118 TlsFree
0x80611c InterlockedIncrement
0x806120 GetCurrentThreadId
0x806124 InterlockedDecrement
0x806128 QueryPerformanceCounter
0x80612c GetTickCount
0x806130 GetCurrentProcessId
0x806134 GetSystemTimeAsFileTime
0x806138 HeapReAlloc
0x80613c RtlUnwind
0x806140 GetCPInfo
0x806144 GetACP
0x806148 GetOEMCP
0x80614c IsValidCodePage
0x806150 IsProcessorFeaturePresent
0x806154 GetConsoleCP
0x806158 GetConsoleMode
0x80615c FlushFileBuffers
0x806160 LCMapStringW
0x806164 MultiByteToWideChar
0x806168 GetStringTypeW
0x80616c RaiseException
USER32.dll
0x806174 SetActiveWindow
0x806178 SetKeyboardState
0x80617c CreateIcon
0x806180 GetClassLongA
GDI32.dll
0x806008 GetCharWidthW
ADVAPI32.dll
0x806000 GetAce
ole32.dll
0x806188 CoTaskMemFree
EAT(Export Address Table) is none
KERNEL32.dll
0x806010 SystemTimeToTzSpecificLocalTime
0x806014 HeapAlloc
0x806018 GetUserDefaultLCID
0x80601c WideCharToMultiByte
0x806020 GetVolumeInformationA
0x806024 LoadLibraryW
0x806028 GetConsoleAliasExesLengthW
0x80602c GetFileAttributesW
0x806030 ReplaceFileA
0x806034 GetStdHandle
0x806038 SetLastError
0x80603c GetProcessHeaps
0x806040 CreateNamedPipeA
0x806044 BuildCommDCBW
0x806048 InterlockedExchangeAdd
0x80604c LocalAlloc
0x806050 MoveFileExA
0x806054 GetModuleFileNameA
0x806058 lstrcatW
0x80605c FreeEnvironmentStringsW
0x806060 VirtualProtect
0x806064 GetCurrentDirectoryA
0x806068 FatalAppExitA
0x80606c ReleaseMutex
0x806070 EndUpdateResourceA
0x806074 FileTimeToLocalFileTime
0x806078 DeleteTimerQueueTimer
0x80607c CreateFileW
0x806080 SetStdHandle
0x806084 WriteConsoleW
0x806088 WriteConsoleOutputCharacterW
0x80608c GetLocaleInfoA
0x806090 AddAtomA
0x806094 GetFileSize
0x806098 CloseHandle
0x80609c SetFilePointer
0x8060a0 GetLastError
0x8060a4 HeapFree
0x8060a8 EncodePointer
0x8060ac DecodePointer
0x8060b0 GetCommandLineW
0x8060b4 HeapSetInformation
0x8060b8 GetStartupInfoW
0x8060bc TerminateProcess
0x8060c0 GetCurrentProcess
0x8060c4 UnhandledExceptionFilter
0x8060c8 SetUnhandledExceptionFilter
0x8060cc IsDebuggerPresent
0x8060d0 HeapCreate
0x8060d4 Sleep
0x8060d8 HeapSize
0x8060dc GetProcAddress
0x8060e0 GetModuleHandleW
0x8060e4 ExitProcess
0x8060e8 EnterCriticalSection
0x8060ec LeaveCriticalSection
0x8060f0 WriteFile
0x8060f4 GetModuleFileNameW
0x8060f8 GetEnvironmentStringsW
0x8060fc SetHandleCount
0x806100 InitializeCriticalSectionAndSpinCount
0x806104 GetFileType
0x806108 DeleteCriticalSection
0x80610c TlsAlloc
0x806110 TlsGetValue
0x806114 TlsSetValue
0x806118 TlsFree
0x80611c InterlockedIncrement
0x806120 GetCurrentThreadId
0x806124 InterlockedDecrement
0x806128 QueryPerformanceCounter
0x80612c GetTickCount
0x806130 GetCurrentProcessId
0x806134 GetSystemTimeAsFileTime
0x806138 HeapReAlloc
0x80613c RtlUnwind
0x806140 GetCPInfo
0x806144 GetACP
0x806148 GetOEMCP
0x80614c IsValidCodePage
0x806150 IsProcessorFeaturePresent
0x806154 GetConsoleCP
0x806158 GetConsoleMode
0x80615c FlushFileBuffers
0x806160 LCMapStringW
0x806164 MultiByteToWideChar
0x806168 GetStringTypeW
0x80616c RaiseException
USER32.dll
0x806174 SetActiveWindow
0x806178 SetKeyboardState
0x80617c CreateIcon
0x806180 GetClassLongA
GDI32.dll
0x806008 GetCharWidthW
ADVAPI32.dll
0x806000 GetAce
ole32.dll
0x806188 CoTaskMemFree
EAT(Export Address Table) is none