ScreenShot
| Created | 2024.06.26 07:54 | Machine | s1_win7_x6403 |
| Filename | 200.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 43 detected (AIDetectMalware, Tepfer, malicious, high confidence, score, Lockbit, Unsafe, Save, Attribute, HighConfidence, Kryptik, HXJG, Artemis, CrypterX, BeGGptzFDXU, DownLoader47, Real Protect, moderate, Stealc, Detected, Pitou, wxqmh, Yakes, Convagent, SPON, 5RU3WT, Eldorado, R653711, ZexaF, Oq0@aSdecQgG, Static AI, Suspicious PE, susgen, HBBY, confidence, 100%) | ||
| md5 | bd8816b95ee5ec22fc9782e15f45e11a | ||
| sha256 | 8f7efb2c989320078d074f627c67fb9abff960f6a99f890280f4b4702baef866 | ||
| ssdeep | 12288:0BCZZGg/HsOLMxU6vjUAFecneA0j4cO5Q9l9ou7i:dk8Mxj1FR70j47QdB7i | ||
| imphash | fde7c135efd39d715500bc398c9eb624 | ||
| impfuzzy | 24:tTkkrkR5r1iijkrNdTcDJ2Iw+cRMYWlyt4H1tDRkeJ3QcfwXUjMnHuOZyvuSBJlq:FirjkNdZMYWy21tTQcfaVuuSBJpSey3 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40e010 GetTickCount
0x40e014 EnumCalendarInfoExW
0x40e018 GetConsoleAliasesLengthA
0x40e01c ReadConsoleOutputA
0x40e020 GetUserDefaultLangID
0x40e024 GlobalAlloc
0x40e028 LoadLibraryW
0x40e02c SetVolumeMountPointA
0x40e030 lstrcpynW
0x40e034 LocalReAlloc
0x40e038 GetModuleFileNameW
0x40e03c RaiseException
0x40e040 GetConsoleAliasesW
0x40e044 InterlockedExchange
0x40e048 GetLastError
0x40e04c GetProcAddress
0x40e050 GetModuleHandleW
0x40e054 LoadLibraryA
0x40e058 WriteConsoleA
0x40e05c AddAtomW
0x40e060 OpenJobObjectW
0x40e064 FoldStringW
0x40e068 GetCommTimeouts
0x40e06c lstrcatW
0x40e070 OpenFileMappingW
0x40e074 GetConsoleTitleW
0x40e078 BuildCommDCBA
0x40e07c FindFirstVolumeW
0x40e080 GlobalAddAtomW
0x40e084 AreFileApisANSI
0x40e088 CreateJobObjectW
0x40e08c GetCommProperties
0x40e090 GetNumaHighestNodeNumber
0x40e094 GetComputerNameA
0x40e098 CloseHandle
0x40e09c CreateFileA
0x40e0a0 MultiByteToWideChar
0x40e0a4 HeapAlloc
0x40e0a8 GetStartupInfoW
0x40e0ac RtlUnwind
0x40e0b0 TerminateProcess
0x40e0b4 GetCurrentProcess
0x40e0b8 UnhandledExceptionFilter
0x40e0bc SetUnhandledExceptionFilter
0x40e0c0 IsDebuggerPresent
0x40e0c4 HeapFree
0x40e0c8 GetCPInfo
0x40e0cc InterlockedIncrement
0x40e0d0 InterlockedDecrement
0x40e0d4 GetACP
0x40e0d8 GetOEMCP
0x40e0dc IsValidCodePage
0x40e0e0 TlsGetValue
0x40e0e4 TlsAlloc
0x40e0e8 TlsSetValue
0x40e0ec TlsFree
0x40e0f0 SetLastError
0x40e0f4 GetCurrentThreadId
0x40e0f8 DeleteCriticalSection
0x40e0fc LeaveCriticalSection
0x40e100 EnterCriticalSection
0x40e104 VirtualFree
0x40e108 VirtualAlloc
0x40e10c HeapReAlloc
0x40e110 HeapCreate
0x40e114 Sleep
0x40e118 ExitProcess
0x40e11c WriteFile
0x40e120 GetStdHandle
0x40e124 GetModuleFileNameA
0x40e128 WideCharToMultiByte
0x40e12c GetConsoleCP
0x40e130 GetConsoleMode
0x40e134 FlushFileBuffers
0x40e138 HeapSize
0x40e13c FreeEnvironmentStringsW
0x40e140 GetEnvironmentStringsW
0x40e144 GetCommandLineW
0x40e148 SetHandleCount
0x40e14c GetFileType
0x40e150 GetStartupInfoA
0x40e154 QueryPerformanceCounter
0x40e158 GetCurrentProcessId
0x40e15c GetSystemTimeAsFileTime
0x40e160 LCMapStringA
0x40e164 LCMapStringW
0x40e168 GetStringTypeA
0x40e16c GetStringTypeW
0x40e170 GetLocaleInfoA
0x40e174 InitializeCriticalSectionAndSpinCount
0x40e178 GetConsoleOutputCP
0x40e17c WriteConsoleW
0x40e180 SetFilePointer
0x40e184 SetStdHandle
0x40e188 ReadFile
USER32.dll
0x40e190 LoadIconA
GDI32.dll
0x40e008 GetCharWidth32W
ADVAPI32.dll
0x40e000 EnumDependentServicesW
ole32.dll
0x40e198 CoTaskMemFree
EAT(Export Address Table) is none
KERNEL32.dll
0x40e010 GetTickCount
0x40e014 EnumCalendarInfoExW
0x40e018 GetConsoleAliasesLengthA
0x40e01c ReadConsoleOutputA
0x40e020 GetUserDefaultLangID
0x40e024 GlobalAlloc
0x40e028 LoadLibraryW
0x40e02c SetVolumeMountPointA
0x40e030 lstrcpynW
0x40e034 LocalReAlloc
0x40e038 GetModuleFileNameW
0x40e03c RaiseException
0x40e040 GetConsoleAliasesW
0x40e044 InterlockedExchange
0x40e048 GetLastError
0x40e04c GetProcAddress
0x40e050 GetModuleHandleW
0x40e054 LoadLibraryA
0x40e058 WriteConsoleA
0x40e05c AddAtomW
0x40e060 OpenJobObjectW
0x40e064 FoldStringW
0x40e068 GetCommTimeouts
0x40e06c lstrcatW
0x40e070 OpenFileMappingW
0x40e074 GetConsoleTitleW
0x40e078 BuildCommDCBA
0x40e07c FindFirstVolumeW
0x40e080 GlobalAddAtomW
0x40e084 AreFileApisANSI
0x40e088 CreateJobObjectW
0x40e08c GetCommProperties
0x40e090 GetNumaHighestNodeNumber
0x40e094 GetComputerNameA
0x40e098 CloseHandle
0x40e09c CreateFileA
0x40e0a0 MultiByteToWideChar
0x40e0a4 HeapAlloc
0x40e0a8 GetStartupInfoW
0x40e0ac RtlUnwind
0x40e0b0 TerminateProcess
0x40e0b4 GetCurrentProcess
0x40e0b8 UnhandledExceptionFilter
0x40e0bc SetUnhandledExceptionFilter
0x40e0c0 IsDebuggerPresent
0x40e0c4 HeapFree
0x40e0c8 GetCPInfo
0x40e0cc InterlockedIncrement
0x40e0d0 InterlockedDecrement
0x40e0d4 GetACP
0x40e0d8 GetOEMCP
0x40e0dc IsValidCodePage
0x40e0e0 TlsGetValue
0x40e0e4 TlsAlloc
0x40e0e8 TlsSetValue
0x40e0ec TlsFree
0x40e0f0 SetLastError
0x40e0f4 GetCurrentThreadId
0x40e0f8 DeleteCriticalSection
0x40e0fc LeaveCriticalSection
0x40e100 EnterCriticalSection
0x40e104 VirtualFree
0x40e108 VirtualAlloc
0x40e10c HeapReAlloc
0x40e110 HeapCreate
0x40e114 Sleep
0x40e118 ExitProcess
0x40e11c WriteFile
0x40e120 GetStdHandle
0x40e124 GetModuleFileNameA
0x40e128 WideCharToMultiByte
0x40e12c GetConsoleCP
0x40e130 GetConsoleMode
0x40e134 FlushFileBuffers
0x40e138 HeapSize
0x40e13c FreeEnvironmentStringsW
0x40e140 GetEnvironmentStringsW
0x40e144 GetCommandLineW
0x40e148 SetHandleCount
0x40e14c GetFileType
0x40e150 GetStartupInfoA
0x40e154 QueryPerformanceCounter
0x40e158 GetCurrentProcessId
0x40e15c GetSystemTimeAsFileTime
0x40e160 LCMapStringA
0x40e164 LCMapStringW
0x40e168 GetStringTypeA
0x40e16c GetStringTypeW
0x40e170 GetLocaleInfoA
0x40e174 InitializeCriticalSectionAndSpinCount
0x40e178 GetConsoleOutputCP
0x40e17c WriteConsoleW
0x40e180 SetFilePointer
0x40e184 SetStdHandle
0x40e188 ReadFile
USER32.dll
0x40e190 LoadIconA
GDI32.dll
0x40e008 GetCharWidth32W
ADVAPI32.dll
0x40e000 EnumDependentServicesW
ole32.dll
0x40e198 CoTaskMemFree
EAT(Export Address Table) is none