ScreenShot
| Created | 2024.06.27 10:20 | Machine | s1_win7_x6401 |
| Filename | O3B6wY7ZkFhh.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 27 detected (AIDetectMalware, malicious, high confidence, score, Artemis, Unsafe, Vzo1, Attribute, HighConfidence, a variant of WinGo, CLASSIC, AGEN, Outbreak, Detected, ABTrojan, USCU, Static AI, Suspicious PE, confidence) | ||
| md5 | 9b297a1485665aef1a926f7cd322c932 | ||
| sha256 | 8c75f8e94486f5bbf461505823f5779f328c5b37f1387c18791e0c21f3fdd576 | ||
| ssdeep | 49152:uOSBrypr/j6bvhEJNDZMMMZc/cftjn1zAkbQNDFG6jO5E90QS/NkW+cD3wxv+vps:RqrD8NN//un1ckEsU5Xi1S | ||
| imphash | 5929190c8765f5bc37b052ab5c6c53e7 | ||
| impfuzzy | 48:qJrKxMCy9cmwKeFR+2u42xQ2HpdXiX1PJOmSnlTJGfYJ861k1vcqTjz:qJexMCyamCRHu42xQ2HPXiX1PgblTJGh | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1405ce47c AddAtomA
0x1405ce484 AddVectoredExceptionHandler
0x1405ce48c CloseHandle
0x1405ce494 CreateEventA
0x1405ce49c CreateFileA
0x1405ce4a4 CreateIoCompletionPort
0x1405ce4ac CreateMutexA
0x1405ce4b4 CreateSemaphoreA
0x1405ce4bc CreateThread
0x1405ce4c4 CreateWaitableTimerExW
0x1405ce4cc DeleteAtom
0x1405ce4d4 DeleteCriticalSection
0x1405ce4dc DuplicateHandle
0x1405ce4e4 EnterCriticalSection
0x1405ce4ec ExitProcess
0x1405ce4f4 FindAtomA
0x1405ce4fc FormatMessageA
0x1405ce504 FreeEnvironmentStringsW
0x1405ce50c GetAtomNameA
0x1405ce514 GetConsoleMode
0x1405ce51c GetCurrentProcess
0x1405ce524 GetCurrentProcessId
0x1405ce52c GetCurrentThread
0x1405ce534 GetCurrentThreadId
0x1405ce53c GetEnvironmentStringsW
0x1405ce544 GetErrorMode
0x1405ce54c GetHandleInformation
0x1405ce554 GetLastError
0x1405ce55c GetProcAddress
0x1405ce564 GetProcessAffinityMask
0x1405ce56c GetQueuedCompletionStatusEx
0x1405ce574 GetStartupInfoA
0x1405ce57c GetStdHandle
0x1405ce584 GetSystemDirectoryA
0x1405ce58c GetSystemInfo
0x1405ce594 GetSystemTimeAsFileTime
0x1405ce59c GetThreadContext
0x1405ce5a4 GetThreadPriority
0x1405ce5ac GetTickCount
0x1405ce5b4 InitializeCriticalSection
0x1405ce5bc IsDBCSLeadByteEx
0x1405ce5c4 IsDebuggerPresent
0x1405ce5cc LeaveCriticalSection
0x1405ce5d4 LoadLibraryExW
0x1405ce5dc LoadLibraryW
0x1405ce5e4 LocalFree
0x1405ce5ec MultiByteToWideChar
0x1405ce5f4 OpenProcess
0x1405ce5fc OutputDebugStringA
0x1405ce604 PostQueuedCompletionStatus
0x1405ce60c QueryPerformanceCounter
0x1405ce614 QueryPerformanceFrequency
0x1405ce61c RaiseException
0x1405ce624 RaiseFailFastException
0x1405ce62c ReleaseMutex
0x1405ce634 ReleaseSemaphore
0x1405ce63c RemoveVectoredExceptionHandler
0x1405ce644 ResetEvent
0x1405ce64c ResumeThread
0x1405ce654 SetConsoleCtrlHandler
0x1405ce65c SetErrorMode
0x1405ce664 SetEvent
0x1405ce66c SetLastError
0x1405ce674 SetProcessAffinityMask
0x1405ce67c SetProcessPriorityBoost
0x1405ce684 SetThreadContext
0x1405ce68c SetThreadPriority
0x1405ce694 SetUnhandledExceptionFilter
0x1405ce69c SetWaitableTimer
0x1405ce6a4 Sleep
0x1405ce6ac SuspendThread
0x1405ce6b4 SwitchToThread
0x1405ce6bc TlsAlloc
0x1405ce6c4 TlsGetValue
0x1405ce6cc TlsSetValue
0x1405ce6d4 TryEnterCriticalSection
0x1405ce6dc VirtualAlloc
0x1405ce6e4 VirtualFree
0x1405ce6ec VirtualProtect
0x1405ce6f4 VirtualQuery
0x1405ce6fc WaitForMultipleObjects
0x1405ce704 WaitForSingleObject
0x1405ce70c WerGetFlags
0x1405ce714 WerSetFlags
0x1405ce71c WideCharToMultiByte
0x1405ce724 WriteConsoleW
0x1405ce72c WriteFile
0x1405ce734 __C_specific_handler
msvcrt.dll
0x1405ce744 ___lc_codepage_func
0x1405ce74c ___mb_cur_max_func
0x1405ce754 __getmainargs
0x1405ce75c __initenv
0x1405ce764 __iob_func
0x1405ce76c __lconv_init
0x1405ce774 __set_app_type
0x1405ce77c __setusermatherr
0x1405ce784 _acmdln
0x1405ce78c _amsg_exit
0x1405ce794 _beginthread
0x1405ce79c _beginthreadex
0x1405ce7a4 _cexit
0x1405ce7ac _commode
0x1405ce7b4 _endthreadex
0x1405ce7bc _errno
0x1405ce7c4 _fmode
0x1405ce7cc _initterm
0x1405ce7d4 _lock
0x1405ce7dc _memccpy
0x1405ce7e4 _onexit
0x1405ce7ec _setjmp
0x1405ce7f4 _strdup
0x1405ce7fc _ultoa
0x1405ce804 _unlock
0x1405ce80c abort
0x1405ce814 calloc
0x1405ce81c exit
0x1405ce824 fprintf
0x1405ce82c fputc
0x1405ce834 free
0x1405ce83c fwrite
0x1405ce844 localeconv
0x1405ce84c longjmp
0x1405ce854 malloc
0x1405ce85c memcpy
0x1405ce864 memmove
0x1405ce86c memset
0x1405ce874 printf
0x1405ce87c realloc
0x1405ce884 signal
0x1405ce88c strerror
0x1405ce894 strlen
0x1405ce89c strncmp
0x1405ce8a4 vfprintf
0x1405ce8ac wcslen
EAT(Export Address Table) Library
0x1405cb790 _cgo_dummy_export
KERNEL32.dll
0x1405ce47c AddAtomA
0x1405ce484 AddVectoredExceptionHandler
0x1405ce48c CloseHandle
0x1405ce494 CreateEventA
0x1405ce49c CreateFileA
0x1405ce4a4 CreateIoCompletionPort
0x1405ce4ac CreateMutexA
0x1405ce4b4 CreateSemaphoreA
0x1405ce4bc CreateThread
0x1405ce4c4 CreateWaitableTimerExW
0x1405ce4cc DeleteAtom
0x1405ce4d4 DeleteCriticalSection
0x1405ce4dc DuplicateHandle
0x1405ce4e4 EnterCriticalSection
0x1405ce4ec ExitProcess
0x1405ce4f4 FindAtomA
0x1405ce4fc FormatMessageA
0x1405ce504 FreeEnvironmentStringsW
0x1405ce50c GetAtomNameA
0x1405ce514 GetConsoleMode
0x1405ce51c GetCurrentProcess
0x1405ce524 GetCurrentProcessId
0x1405ce52c GetCurrentThread
0x1405ce534 GetCurrentThreadId
0x1405ce53c GetEnvironmentStringsW
0x1405ce544 GetErrorMode
0x1405ce54c GetHandleInformation
0x1405ce554 GetLastError
0x1405ce55c GetProcAddress
0x1405ce564 GetProcessAffinityMask
0x1405ce56c GetQueuedCompletionStatusEx
0x1405ce574 GetStartupInfoA
0x1405ce57c GetStdHandle
0x1405ce584 GetSystemDirectoryA
0x1405ce58c GetSystemInfo
0x1405ce594 GetSystemTimeAsFileTime
0x1405ce59c GetThreadContext
0x1405ce5a4 GetThreadPriority
0x1405ce5ac GetTickCount
0x1405ce5b4 InitializeCriticalSection
0x1405ce5bc IsDBCSLeadByteEx
0x1405ce5c4 IsDebuggerPresent
0x1405ce5cc LeaveCriticalSection
0x1405ce5d4 LoadLibraryExW
0x1405ce5dc LoadLibraryW
0x1405ce5e4 LocalFree
0x1405ce5ec MultiByteToWideChar
0x1405ce5f4 OpenProcess
0x1405ce5fc OutputDebugStringA
0x1405ce604 PostQueuedCompletionStatus
0x1405ce60c QueryPerformanceCounter
0x1405ce614 QueryPerformanceFrequency
0x1405ce61c RaiseException
0x1405ce624 RaiseFailFastException
0x1405ce62c ReleaseMutex
0x1405ce634 ReleaseSemaphore
0x1405ce63c RemoveVectoredExceptionHandler
0x1405ce644 ResetEvent
0x1405ce64c ResumeThread
0x1405ce654 SetConsoleCtrlHandler
0x1405ce65c SetErrorMode
0x1405ce664 SetEvent
0x1405ce66c SetLastError
0x1405ce674 SetProcessAffinityMask
0x1405ce67c SetProcessPriorityBoost
0x1405ce684 SetThreadContext
0x1405ce68c SetThreadPriority
0x1405ce694 SetUnhandledExceptionFilter
0x1405ce69c SetWaitableTimer
0x1405ce6a4 Sleep
0x1405ce6ac SuspendThread
0x1405ce6b4 SwitchToThread
0x1405ce6bc TlsAlloc
0x1405ce6c4 TlsGetValue
0x1405ce6cc TlsSetValue
0x1405ce6d4 TryEnterCriticalSection
0x1405ce6dc VirtualAlloc
0x1405ce6e4 VirtualFree
0x1405ce6ec VirtualProtect
0x1405ce6f4 VirtualQuery
0x1405ce6fc WaitForMultipleObjects
0x1405ce704 WaitForSingleObject
0x1405ce70c WerGetFlags
0x1405ce714 WerSetFlags
0x1405ce71c WideCharToMultiByte
0x1405ce724 WriteConsoleW
0x1405ce72c WriteFile
0x1405ce734 __C_specific_handler
msvcrt.dll
0x1405ce744 ___lc_codepage_func
0x1405ce74c ___mb_cur_max_func
0x1405ce754 __getmainargs
0x1405ce75c __initenv
0x1405ce764 __iob_func
0x1405ce76c __lconv_init
0x1405ce774 __set_app_type
0x1405ce77c __setusermatherr
0x1405ce784 _acmdln
0x1405ce78c _amsg_exit
0x1405ce794 _beginthread
0x1405ce79c _beginthreadex
0x1405ce7a4 _cexit
0x1405ce7ac _commode
0x1405ce7b4 _endthreadex
0x1405ce7bc _errno
0x1405ce7c4 _fmode
0x1405ce7cc _initterm
0x1405ce7d4 _lock
0x1405ce7dc _memccpy
0x1405ce7e4 _onexit
0x1405ce7ec _setjmp
0x1405ce7f4 _strdup
0x1405ce7fc _ultoa
0x1405ce804 _unlock
0x1405ce80c abort
0x1405ce814 calloc
0x1405ce81c exit
0x1405ce824 fprintf
0x1405ce82c fputc
0x1405ce834 free
0x1405ce83c fwrite
0x1405ce844 localeconv
0x1405ce84c longjmp
0x1405ce854 malloc
0x1405ce85c memcpy
0x1405ce864 memmove
0x1405ce86c memset
0x1405ce874 printf
0x1405ce87c realloc
0x1405ce884 signal
0x1405ce88c strerror
0x1405ce894 strlen
0x1405ce89c strncmp
0x1405ce8a4 vfprintf
0x1405ce8ac wcslen
EAT(Export Address Table) Library
0x1405cb790 _cgo_dummy_export