ScreenShot
| Created | 2024.06.26 10:11 | Machine | s1_win7_x6403 |
| Filename | umOKKIbUBdaJ.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 45 detected (AIDetectMalware, malicious, high confidence, score, Ransomblackbyte, Artemis, Vr3p, GenericKD, Attribute, HighConfidence, a variant of WinGo, qwitvv, Genric, CLASSIC, AGEN, PRIVATELOADER, YXEFYZ, WinGo, Detected, ai score=84, Caynamer, Sabsik, Casdet, H15ZQ7, MxResIcn, confidence, 100%) | ||
| md5 | 608321f2d1044c6c22eeb66205e53650 | ||
| sha256 | efa8c6ecd88a7c400ff0b28ec7e5d2052943546f4c41dc41c3702dc73e9d0756 | ||
| ssdeep | 49152:YzmL+zbXEoqq1OQmf/csUgUk0WgwH20j9e7Esrp4AjE5EjwMh49cA0fAVXr15Tdy:YmLEbMIqPH20RvEW3TY | ||
| imphash | 5929190c8765f5bc37b052ab5c6c53e7 | ||
| impfuzzy | 48:qJrKxMCy9cmwKeFR+2u42xQ2HpdXiX1PJOmSnlTJGfYJ861k1vcqTjz:qJexMCyamCRHu42xQ2HPXiX1PgblTJGh | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1405e947c AddAtomA
0x1405e9484 AddVectoredExceptionHandler
0x1405e948c CloseHandle
0x1405e9494 CreateEventA
0x1405e949c CreateFileA
0x1405e94a4 CreateIoCompletionPort
0x1405e94ac CreateMutexA
0x1405e94b4 CreateSemaphoreA
0x1405e94bc CreateThread
0x1405e94c4 CreateWaitableTimerExW
0x1405e94cc DeleteAtom
0x1405e94d4 DeleteCriticalSection
0x1405e94dc DuplicateHandle
0x1405e94e4 EnterCriticalSection
0x1405e94ec ExitProcess
0x1405e94f4 FindAtomA
0x1405e94fc FormatMessageA
0x1405e9504 FreeEnvironmentStringsW
0x1405e950c GetAtomNameA
0x1405e9514 GetConsoleMode
0x1405e951c GetCurrentProcess
0x1405e9524 GetCurrentProcessId
0x1405e952c GetCurrentThread
0x1405e9534 GetCurrentThreadId
0x1405e953c GetEnvironmentStringsW
0x1405e9544 GetErrorMode
0x1405e954c GetHandleInformation
0x1405e9554 GetLastError
0x1405e955c GetProcAddress
0x1405e9564 GetProcessAffinityMask
0x1405e956c GetQueuedCompletionStatusEx
0x1405e9574 GetStartupInfoA
0x1405e957c GetStdHandle
0x1405e9584 GetSystemDirectoryA
0x1405e958c GetSystemInfo
0x1405e9594 GetSystemTimeAsFileTime
0x1405e959c GetThreadContext
0x1405e95a4 GetThreadPriority
0x1405e95ac GetTickCount
0x1405e95b4 InitializeCriticalSection
0x1405e95bc IsDBCSLeadByteEx
0x1405e95c4 IsDebuggerPresent
0x1405e95cc LeaveCriticalSection
0x1405e95d4 LoadLibraryExW
0x1405e95dc LoadLibraryW
0x1405e95e4 LocalFree
0x1405e95ec MultiByteToWideChar
0x1405e95f4 OpenProcess
0x1405e95fc OutputDebugStringA
0x1405e9604 PostQueuedCompletionStatus
0x1405e960c QueryPerformanceCounter
0x1405e9614 QueryPerformanceFrequency
0x1405e961c RaiseException
0x1405e9624 RaiseFailFastException
0x1405e962c ReleaseMutex
0x1405e9634 ReleaseSemaphore
0x1405e963c RemoveVectoredExceptionHandler
0x1405e9644 ResetEvent
0x1405e964c ResumeThread
0x1405e9654 SetConsoleCtrlHandler
0x1405e965c SetErrorMode
0x1405e9664 SetEvent
0x1405e966c SetLastError
0x1405e9674 SetProcessAffinityMask
0x1405e967c SetProcessPriorityBoost
0x1405e9684 SetThreadContext
0x1405e968c SetThreadPriority
0x1405e9694 SetUnhandledExceptionFilter
0x1405e969c SetWaitableTimer
0x1405e96a4 Sleep
0x1405e96ac SuspendThread
0x1405e96b4 SwitchToThread
0x1405e96bc TlsAlloc
0x1405e96c4 TlsGetValue
0x1405e96cc TlsSetValue
0x1405e96d4 TryEnterCriticalSection
0x1405e96dc VirtualAlloc
0x1405e96e4 VirtualFree
0x1405e96ec VirtualProtect
0x1405e96f4 VirtualQuery
0x1405e96fc WaitForMultipleObjects
0x1405e9704 WaitForSingleObject
0x1405e970c WerGetFlags
0x1405e9714 WerSetFlags
0x1405e971c WideCharToMultiByte
0x1405e9724 WriteConsoleW
0x1405e972c WriteFile
0x1405e9734 __C_specific_handler
msvcrt.dll
0x1405e9744 ___lc_codepage_func
0x1405e974c ___mb_cur_max_func
0x1405e9754 __getmainargs
0x1405e975c __initenv
0x1405e9764 __iob_func
0x1405e976c __lconv_init
0x1405e9774 __set_app_type
0x1405e977c __setusermatherr
0x1405e9784 _acmdln
0x1405e978c _amsg_exit
0x1405e9794 _beginthread
0x1405e979c _beginthreadex
0x1405e97a4 _cexit
0x1405e97ac _commode
0x1405e97b4 _endthreadex
0x1405e97bc _errno
0x1405e97c4 _fmode
0x1405e97cc _initterm
0x1405e97d4 _lock
0x1405e97dc _memccpy
0x1405e97e4 _onexit
0x1405e97ec _setjmp
0x1405e97f4 _strdup
0x1405e97fc _ultoa
0x1405e9804 _unlock
0x1405e980c abort
0x1405e9814 calloc
0x1405e981c exit
0x1405e9824 fprintf
0x1405e982c fputc
0x1405e9834 free
0x1405e983c fwrite
0x1405e9844 localeconv
0x1405e984c longjmp
0x1405e9854 malloc
0x1405e985c memcpy
0x1405e9864 memmove
0x1405e986c memset
0x1405e9874 printf
0x1405e987c realloc
0x1405e9884 signal
0x1405e988c strerror
0x1405e9894 strlen
0x1405e989c strncmp
0x1405e98a4 vfprintf
0x1405e98ac wcslen
EAT(Export Address Table) Library
0x1405e6b90 _cgo_dummy_export
KERNEL32.dll
0x1405e947c AddAtomA
0x1405e9484 AddVectoredExceptionHandler
0x1405e948c CloseHandle
0x1405e9494 CreateEventA
0x1405e949c CreateFileA
0x1405e94a4 CreateIoCompletionPort
0x1405e94ac CreateMutexA
0x1405e94b4 CreateSemaphoreA
0x1405e94bc CreateThread
0x1405e94c4 CreateWaitableTimerExW
0x1405e94cc DeleteAtom
0x1405e94d4 DeleteCriticalSection
0x1405e94dc DuplicateHandle
0x1405e94e4 EnterCriticalSection
0x1405e94ec ExitProcess
0x1405e94f4 FindAtomA
0x1405e94fc FormatMessageA
0x1405e9504 FreeEnvironmentStringsW
0x1405e950c GetAtomNameA
0x1405e9514 GetConsoleMode
0x1405e951c GetCurrentProcess
0x1405e9524 GetCurrentProcessId
0x1405e952c GetCurrentThread
0x1405e9534 GetCurrentThreadId
0x1405e953c GetEnvironmentStringsW
0x1405e9544 GetErrorMode
0x1405e954c GetHandleInformation
0x1405e9554 GetLastError
0x1405e955c GetProcAddress
0x1405e9564 GetProcessAffinityMask
0x1405e956c GetQueuedCompletionStatusEx
0x1405e9574 GetStartupInfoA
0x1405e957c GetStdHandle
0x1405e9584 GetSystemDirectoryA
0x1405e958c GetSystemInfo
0x1405e9594 GetSystemTimeAsFileTime
0x1405e959c GetThreadContext
0x1405e95a4 GetThreadPriority
0x1405e95ac GetTickCount
0x1405e95b4 InitializeCriticalSection
0x1405e95bc IsDBCSLeadByteEx
0x1405e95c4 IsDebuggerPresent
0x1405e95cc LeaveCriticalSection
0x1405e95d4 LoadLibraryExW
0x1405e95dc LoadLibraryW
0x1405e95e4 LocalFree
0x1405e95ec MultiByteToWideChar
0x1405e95f4 OpenProcess
0x1405e95fc OutputDebugStringA
0x1405e9604 PostQueuedCompletionStatus
0x1405e960c QueryPerformanceCounter
0x1405e9614 QueryPerformanceFrequency
0x1405e961c RaiseException
0x1405e9624 RaiseFailFastException
0x1405e962c ReleaseMutex
0x1405e9634 ReleaseSemaphore
0x1405e963c RemoveVectoredExceptionHandler
0x1405e9644 ResetEvent
0x1405e964c ResumeThread
0x1405e9654 SetConsoleCtrlHandler
0x1405e965c SetErrorMode
0x1405e9664 SetEvent
0x1405e966c SetLastError
0x1405e9674 SetProcessAffinityMask
0x1405e967c SetProcessPriorityBoost
0x1405e9684 SetThreadContext
0x1405e968c SetThreadPriority
0x1405e9694 SetUnhandledExceptionFilter
0x1405e969c SetWaitableTimer
0x1405e96a4 Sleep
0x1405e96ac SuspendThread
0x1405e96b4 SwitchToThread
0x1405e96bc TlsAlloc
0x1405e96c4 TlsGetValue
0x1405e96cc TlsSetValue
0x1405e96d4 TryEnterCriticalSection
0x1405e96dc VirtualAlloc
0x1405e96e4 VirtualFree
0x1405e96ec VirtualProtect
0x1405e96f4 VirtualQuery
0x1405e96fc WaitForMultipleObjects
0x1405e9704 WaitForSingleObject
0x1405e970c WerGetFlags
0x1405e9714 WerSetFlags
0x1405e971c WideCharToMultiByte
0x1405e9724 WriteConsoleW
0x1405e972c WriteFile
0x1405e9734 __C_specific_handler
msvcrt.dll
0x1405e9744 ___lc_codepage_func
0x1405e974c ___mb_cur_max_func
0x1405e9754 __getmainargs
0x1405e975c __initenv
0x1405e9764 __iob_func
0x1405e976c __lconv_init
0x1405e9774 __set_app_type
0x1405e977c __setusermatherr
0x1405e9784 _acmdln
0x1405e978c _amsg_exit
0x1405e9794 _beginthread
0x1405e979c _beginthreadex
0x1405e97a4 _cexit
0x1405e97ac _commode
0x1405e97b4 _endthreadex
0x1405e97bc _errno
0x1405e97c4 _fmode
0x1405e97cc _initterm
0x1405e97d4 _lock
0x1405e97dc _memccpy
0x1405e97e4 _onexit
0x1405e97ec _setjmp
0x1405e97f4 _strdup
0x1405e97fc _ultoa
0x1405e9804 _unlock
0x1405e980c abort
0x1405e9814 calloc
0x1405e981c exit
0x1405e9824 fprintf
0x1405e982c fputc
0x1405e9834 free
0x1405e983c fwrite
0x1405e9844 localeconv
0x1405e984c longjmp
0x1405e9854 malloc
0x1405e985c memcpy
0x1405e9864 memmove
0x1405e986c memset
0x1405e9874 printf
0x1405e987c realloc
0x1405e9884 signal
0x1405e988c strerror
0x1405e9894 strlen
0x1405e989c strncmp
0x1405e98a4 vfprintf
0x1405e98ac wcslen
EAT(Export Address Table) Library
0x1405e6b90 _cgo_dummy_export