ScreenShot
| Created | 2024.06.26 07:52 | Machine | s1_win7_x6401 |
| Filename | 1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 28 detected (AIDetectMalware, malicious, high confidence, Lockbit, Unsafe, Attribute, HighConfidence, Convagent, Generic@AI, RDMK, cmRtazrFFv8zENIGoIOCuVSeWb3Y, Real Protect, high, score, Stealc, Detected, Wacapew, Kryptik, Eldorado, ZexaF, tq0@amlGlrjG, BScope, Static AI, Suspicious PE, susgen, HBBY, confidence, 100%) | ||
| md5 | 97175eb8e852354cefb670f6863bb703 | ||
| sha256 | cded5b7ba6b257bcbea829cd06dbab1d97ca9f72b41f82526cfbcf8b99ba68f0 | ||
| ssdeep | 3072:a6SLDd01WNOGMb1T1tsy05Zt4Lt3oS1Ek1EfxTEqS:8L50kWpYym83ZNt | ||
| imphash | be6c5f1f4b8a20803995dd7430395ac0 | ||
| impfuzzy | 24:jlTk1qiskrNdJDojG/CjxvsYykPFp4zqcLjMCh/J3ISjHuOZyvnlRSFislW1PSLr:2NdwF5sYsqcLjj1uHSFvIFSey3 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40f010 GetCommProperties
0x40f014 GetModuleHandleW
0x40f018 GetTickCount
0x40f01c EnumCalendarInfoExW
0x40f020 GetConsoleTitleA
0x40f024 ReadConsoleOutputA
0x40f028 GlobalAlloc
0x40f02c LoadLibraryW
0x40f030 SetVolumeMountPointA
0x40f034 lstrcpynW
0x40f038 LocalReAlloc
0x40f03c WriteConsoleW
0x40f040 GetModuleFileNameW
0x40f044 GetConsoleAliasesW
0x40f048 InterlockedExchange
0x40f04c CreateJobObjectW
0x40f050 GetProcAddress
0x40f054 LoadLibraryA
0x40f058 UnhandledExceptionFilter
0x40f05c AddAtomA
0x40f060 FoldStringW
0x40f064 lstrcatW
0x40f068 BuildCommDCBA
0x40f06c PurgeComm
0x40f070 FindFirstVolumeW
0x40f074 GlobalAddAtomW
0x40f078 OpenFileMappingA
0x40f07c AreFileApisANSI
0x40f080 GetNumaNodeProcessorMask
0x40f084 GetConsoleAliasExesLengthA
0x40f088 GetLastError
0x40f08c GetComputerNameA
0x40f090 GetStartupInfoW
0x40f094 TerminateProcess
0x40f098 GetCurrentProcess
0x40f09c SetUnhandledExceptionFilter
0x40f0a0 IsDebuggerPresent
0x40f0a4 HeapAlloc
0x40f0a8 EnterCriticalSection
0x40f0ac LeaveCriticalSection
0x40f0b0 WriteFile
0x40f0b4 WideCharToMultiByte
0x40f0b8 GetConsoleCP
0x40f0bc GetConsoleMode
0x40f0c0 FlushFileBuffers
0x40f0c4 DeleteCriticalSection
0x40f0c8 TlsGetValue
0x40f0cc TlsAlloc
0x40f0d0 TlsSetValue
0x40f0d4 TlsFree
0x40f0d8 InterlockedIncrement
0x40f0dc SetLastError
0x40f0e0 GetCurrentThreadId
0x40f0e4 InterlockedDecrement
0x40f0e8 Sleep
0x40f0ec HeapSize
0x40f0f0 ExitProcess
0x40f0f4 GetStdHandle
0x40f0f8 GetModuleFileNameA
0x40f0fc FreeEnvironmentStringsW
0x40f100 GetEnvironmentStringsW
0x40f104 GetCommandLineW
0x40f108 SetHandleCount
0x40f10c GetFileType
0x40f110 GetStartupInfoA
0x40f114 HeapCreate
0x40f118 VirtualFree
0x40f11c HeapFree
0x40f120 QueryPerformanceCounter
0x40f124 GetCurrentProcessId
0x40f128 GetSystemTimeAsFileTime
0x40f12c VirtualAlloc
0x40f130 HeapReAlloc
0x40f134 RtlUnwind
0x40f138 GetCPInfo
0x40f13c GetACP
0x40f140 GetOEMCP
0x40f144 IsValidCodePage
0x40f148 MultiByteToWideChar
0x40f14c WriteConsoleA
0x40f150 GetConsoleOutputCP
0x40f154 SetFilePointer
0x40f158 SetStdHandle
0x40f15c InitializeCriticalSectionAndSpinCount
0x40f160 LCMapStringA
0x40f164 LCMapStringW
0x40f168 GetStringTypeA
0x40f16c GetStringTypeW
0x40f170 GetLocaleInfoA
0x40f174 ReadFile
0x40f178 CreateFileA
0x40f17c CloseHandle
0x40f180 GetModuleHandleA
USER32.dll
0x40f188 LoadIconA
GDI32.dll
0x40f008 GetCharWidth32W
ADVAPI32.dll
0x40f000 EnumDependentServicesW
ole32.dll
0x40f190 CoTaskMemFree
EAT(Export Address Table) is none
KERNEL32.dll
0x40f010 GetCommProperties
0x40f014 GetModuleHandleW
0x40f018 GetTickCount
0x40f01c EnumCalendarInfoExW
0x40f020 GetConsoleTitleA
0x40f024 ReadConsoleOutputA
0x40f028 GlobalAlloc
0x40f02c LoadLibraryW
0x40f030 SetVolumeMountPointA
0x40f034 lstrcpynW
0x40f038 LocalReAlloc
0x40f03c WriteConsoleW
0x40f040 GetModuleFileNameW
0x40f044 GetConsoleAliasesW
0x40f048 InterlockedExchange
0x40f04c CreateJobObjectW
0x40f050 GetProcAddress
0x40f054 LoadLibraryA
0x40f058 UnhandledExceptionFilter
0x40f05c AddAtomA
0x40f060 FoldStringW
0x40f064 lstrcatW
0x40f068 BuildCommDCBA
0x40f06c PurgeComm
0x40f070 FindFirstVolumeW
0x40f074 GlobalAddAtomW
0x40f078 OpenFileMappingA
0x40f07c AreFileApisANSI
0x40f080 GetNumaNodeProcessorMask
0x40f084 GetConsoleAliasExesLengthA
0x40f088 GetLastError
0x40f08c GetComputerNameA
0x40f090 GetStartupInfoW
0x40f094 TerminateProcess
0x40f098 GetCurrentProcess
0x40f09c SetUnhandledExceptionFilter
0x40f0a0 IsDebuggerPresent
0x40f0a4 HeapAlloc
0x40f0a8 EnterCriticalSection
0x40f0ac LeaveCriticalSection
0x40f0b0 WriteFile
0x40f0b4 WideCharToMultiByte
0x40f0b8 GetConsoleCP
0x40f0bc GetConsoleMode
0x40f0c0 FlushFileBuffers
0x40f0c4 DeleteCriticalSection
0x40f0c8 TlsGetValue
0x40f0cc TlsAlloc
0x40f0d0 TlsSetValue
0x40f0d4 TlsFree
0x40f0d8 InterlockedIncrement
0x40f0dc SetLastError
0x40f0e0 GetCurrentThreadId
0x40f0e4 InterlockedDecrement
0x40f0e8 Sleep
0x40f0ec HeapSize
0x40f0f0 ExitProcess
0x40f0f4 GetStdHandle
0x40f0f8 GetModuleFileNameA
0x40f0fc FreeEnvironmentStringsW
0x40f100 GetEnvironmentStringsW
0x40f104 GetCommandLineW
0x40f108 SetHandleCount
0x40f10c GetFileType
0x40f110 GetStartupInfoA
0x40f114 HeapCreate
0x40f118 VirtualFree
0x40f11c HeapFree
0x40f120 QueryPerformanceCounter
0x40f124 GetCurrentProcessId
0x40f128 GetSystemTimeAsFileTime
0x40f12c VirtualAlloc
0x40f130 HeapReAlloc
0x40f134 RtlUnwind
0x40f138 GetCPInfo
0x40f13c GetACP
0x40f140 GetOEMCP
0x40f144 IsValidCodePage
0x40f148 MultiByteToWideChar
0x40f14c WriteConsoleA
0x40f150 GetConsoleOutputCP
0x40f154 SetFilePointer
0x40f158 SetStdHandle
0x40f15c InitializeCriticalSectionAndSpinCount
0x40f160 LCMapStringA
0x40f164 LCMapStringW
0x40f168 GetStringTypeA
0x40f16c GetStringTypeW
0x40f170 GetLocaleInfoA
0x40f174 ReadFile
0x40f178 CreateFileA
0x40f17c CloseHandle
0x40f180 GetModuleHandleA
USER32.dll
0x40f188 LoadIconA
GDI32.dll
0x40f008 GetCharWidth32W
ADVAPI32.dll
0x40f000 EnumDependentServicesW
ole32.dll
0x40f190 CoTaskMemFree
EAT(Export Address Table) is none