ScreenShot
Created | 2024.06.27 10:18 | Machine | s1_win7_x6401 |
Filename | cp.exe | ||
Type | PE32 executable (console) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 59 detected (AIDetectMalware, Deyma, malicious, high confidence, score, GenericKD, Unsafe, Amadey, Vga4, Whispergate, GenKryptik, GTBH, DropperX, kitovd, ShellCodeRunner, CLASSIC, taejb, MulDrop25, ZexaF, 1v2@aGl02oii, YXEBMZ, Krypt, Detected, ai score=100, Sabsik, Malware@#3lgesni5ehpcg, ABTrojan, QSEZ, R640291, Artemis, BScope, Chgt, Gencirc, egl2eP42lyQ, Static AI, Malicious PE, confidence, 100%) | ||
md5 | 97256cf11c9109c24fde65395fef1306 | ||
sha256 | 21c23083404349dbc8e7094338acaa07ea5a7e3a442bb81a528e06c175b8d934 | ||
ssdeep | 24576:rGpVQOAoqyDshVag6Vu4luUR/oF1av5H/BNMVMmFTMqITdpE4bTJ5/kOG01N74:rBoqyDBVZAoCyQzITdpBvJ5U01K | ||
imphash | 30ca3ef40f58b346fdf8b0c3248813a9 | ||
impfuzzy | 24:DAIJFiT3G/DoYzteS1GMndlJeDc+pl37oEOovbOrRZHu93vB3l1:0IJF8IzteS1xic+pp7c3gBV1 |
Network IP location
Signature (6cnts)
Level | Description |
---|---|
danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
watch | Installs itself for autorun at Windows startup |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Drops an executable to the user AppData folder |
notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (14cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (download) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x50712c TranslateMessage
0x507130 KillTimer
0x507134 DispatchMessageW
0x507138 GetMessageW
0x50713c SetTimer
KERNEL32.dll
0x507000 LoadLibraryExW
0x507004 WriteConsoleW
0x507008 CloseHandle
0x50700c CreateFileW
0x507010 GetDiskFreeSpaceExA
0x507014 GetTempFileNameW
0x507018 HeapAlloc
0x50701c HeapFree
0x507020 GetCurrentProcess
0x507024 GetSystemTime
0x507028 VirtualProtect
0x50702c GetModuleHandleA
0x507030 GetProcAddress
0x507034 LoadLibraryA
0x507038 lstrcmpiA
0x50703c lstrlenA
0x507040 FreeConsole
0x507044 UnhandledExceptionFilter
0x507048 SetUnhandledExceptionFilter
0x50704c TerminateProcess
0x507050 IsProcessorFeaturePresent
0x507054 QueryPerformanceCounter
0x507058 GetCurrentProcessId
0x50705c GetCurrentThreadId
0x507060 GetSystemTimeAsFileTime
0x507064 InitializeSListHead
0x507068 IsDebuggerPresent
0x50706c GetStartupInfoW
0x507070 GetModuleHandleW
0x507074 SetFilePointerEx
0x507078 GetConsoleMode
0x50707c RaiseException
0x507080 GetLastError
0x507084 SetLastError
0x507088 EncodePointer
0x50708c EnterCriticalSection
0x507090 LeaveCriticalSection
0x507094 DeleteCriticalSection
0x507098 InitializeCriticalSectionAndSpinCount
0x50709c TlsAlloc
0x5070a0 TlsGetValue
0x5070a4 TlsSetValue
0x5070a8 TlsFree
0x5070ac FreeLibrary
0x5070b0 DecodePointer
0x5070b4 GetStdHandle
0x5070b8 WriteFile
0x5070bc GetModuleFileNameW
0x5070c0 ExitProcess
0x5070c4 GetModuleHandleExW
0x5070c8 GetCommandLineA
0x5070cc GetCommandLineW
0x5070d0 FindClose
0x5070d4 FindFirstFileExW
0x5070d8 FindNextFileW
0x5070dc IsValidCodePage
0x5070e0 GetACP
0x5070e4 GetOEMCP
0x5070e8 GetCPInfo
0x5070ec MultiByteToWideChar
0x5070f0 WideCharToMultiByte
0x5070f4 GetEnvironmentStringsW
0x5070f8 FreeEnvironmentStringsW
0x5070fc SetEnvironmentVariableW
0x507100 SetStdHandle
0x507104 GetFileType
0x507108 GetStringTypeW
0x50710c CompareStringW
0x507110 LCMapStringW
0x507114 GetProcessHeap
0x507118 HeapSize
0x50711c HeapReAlloc
0x507120 FlushFileBuffers
0x507124 GetConsoleOutputCP
ntdll.dll
0x507144 RtlUnwind
EAT(Export Address Table) is none
USER32.dll
0x50712c TranslateMessage
0x507130 KillTimer
0x507134 DispatchMessageW
0x507138 GetMessageW
0x50713c SetTimer
KERNEL32.dll
0x507000 LoadLibraryExW
0x507004 WriteConsoleW
0x507008 CloseHandle
0x50700c CreateFileW
0x507010 GetDiskFreeSpaceExA
0x507014 GetTempFileNameW
0x507018 HeapAlloc
0x50701c HeapFree
0x507020 GetCurrentProcess
0x507024 GetSystemTime
0x507028 VirtualProtect
0x50702c GetModuleHandleA
0x507030 GetProcAddress
0x507034 LoadLibraryA
0x507038 lstrcmpiA
0x50703c lstrlenA
0x507040 FreeConsole
0x507044 UnhandledExceptionFilter
0x507048 SetUnhandledExceptionFilter
0x50704c TerminateProcess
0x507050 IsProcessorFeaturePresent
0x507054 QueryPerformanceCounter
0x507058 GetCurrentProcessId
0x50705c GetCurrentThreadId
0x507060 GetSystemTimeAsFileTime
0x507064 InitializeSListHead
0x507068 IsDebuggerPresent
0x50706c GetStartupInfoW
0x507070 GetModuleHandleW
0x507074 SetFilePointerEx
0x507078 GetConsoleMode
0x50707c RaiseException
0x507080 GetLastError
0x507084 SetLastError
0x507088 EncodePointer
0x50708c EnterCriticalSection
0x507090 LeaveCriticalSection
0x507094 DeleteCriticalSection
0x507098 InitializeCriticalSectionAndSpinCount
0x50709c TlsAlloc
0x5070a0 TlsGetValue
0x5070a4 TlsSetValue
0x5070a8 TlsFree
0x5070ac FreeLibrary
0x5070b0 DecodePointer
0x5070b4 GetStdHandle
0x5070b8 WriteFile
0x5070bc GetModuleFileNameW
0x5070c0 ExitProcess
0x5070c4 GetModuleHandleExW
0x5070c8 GetCommandLineA
0x5070cc GetCommandLineW
0x5070d0 FindClose
0x5070d4 FindFirstFileExW
0x5070d8 FindNextFileW
0x5070dc IsValidCodePage
0x5070e0 GetACP
0x5070e4 GetOEMCP
0x5070e8 GetCPInfo
0x5070ec MultiByteToWideChar
0x5070f0 WideCharToMultiByte
0x5070f4 GetEnvironmentStringsW
0x5070f8 FreeEnvironmentStringsW
0x5070fc SetEnvironmentVariableW
0x507100 SetStdHandle
0x507104 GetFileType
0x507108 GetStringTypeW
0x50710c CompareStringW
0x507110 LCMapStringW
0x507114 GetProcessHeap
0x507118 HeapSize
0x50711c HeapReAlloc
0x507120 FlushFileBuffers
0x507124 GetConsoleOutputCP
ntdll.dll
0x507144 RtlUnwind
EAT(Export Address Table) is none