ScreenShot
| Created | 2024.06.28 12:50 | Machine | s1_win7_x6401 |
| Filename | alex5555555.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 56 detected (AIDetectMalware, Redline, malicious, high confidence, score, Unsafe, Zusy, Save, Attribute, HighConfidence, Kryptik, HXIB, CrypterX, Lazy, Injuke, Convagent, GfvFgqX8ZiM, ybvkl, YXEF1Z, Real Protect, high, Detected, ai score=83, Malware@#1uumxijexdftt, AMAI, Eldorado, ZexaF, VvW@aGc@lo, BScope, TrojanPSW, Vidar, Static AI, Malicious PE, susgen, HXDB, confidence, 100%, HDEJ) | ||
| md5 | a80a86c701801cbd77cf7406be6d11f0 | ||
| sha256 | 2f25790b3368b6afd35007dfe873e90a288cfce9d19758756b71fa6952a675f2 | ||
| ssdeep | 49152:5X0aKtI+mD9Mndc9wZ54vQyo7V6OQgDsn8pSk5e:5XEI1DSdJqIQOQepl | ||
| imphash | f136198aaa89a879cedc68aa43887034 | ||
| impfuzzy | 24:iegAEjlKEkBKAWLkbJcpVJ+jQD0GtIu9EbJBl39LLOovbOIHFZMv5GMACEZX:rgGv/W+cpVJIxGtE7pJ63gFZGU | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x423000 Polyline
USER32.dll
0x423170 OffsetRect
KERNEL32.dll
0x423008 CreateFileW
0x42300c HeapSize
0x423010 GetProcessHeap
0x423014 SetStdHandle
0x423018 WaitForSingleObject
0x42301c CreateThread
0x423020 VirtualAlloc
0x423024 RaiseException
0x423028 InitOnceBeginInitialize
0x42302c InitOnceComplete
0x423030 CloseHandle
0x423034 GetCurrentThreadId
0x423038 ReleaseSRWLockExclusive
0x42303c AcquireSRWLockExclusive
0x423040 TryAcquireSRWLockExclusive
0x423044 WakeAllConditionVariable
0x423048 SleepConditionVariableSRW
0x42304c GetLastError
0x423050 FreeLibraryWhenCallbackReturns
0x423054 CreateThreadpoolWork
0x423058 SubmitThreadpoolWork
0x42305c CloseThreadpoolWork
0x423060 GetModuleHandleExW
0x423064 IsProcessorFeaturePresent
0x423068 EnterCriticalSection
0x42306c LeaveCriticalSection
0x423070 InitializeCriticalSectionEx
0x423074 DeleteCriticalSection
0x423078 QueryPerformanceCounter
0x42307c EncodePointer
0x423080 DecodePointer
0x423084 MultiByteToWideChar
0x423088 WideCharToMultiByte
0x42308c LCMapStringEx
0x423090 GetSystemTimeAsFileTime
0x423094 GetModuleHandleW
0x423098 GetProcAddress
0x42309c GetStringTypeW
0x4230a0 GetCPInfo
0x4230a4 GetCurrentProcessId
0x4230a8 InitializeSListHead
0x4230ac IsDebuggerPresent
0x4230b0 UnhandledExceptionFilter
0x4230b4 SetUnhandledExceptionFilter
0x4230b8 GetStartupInfoW
0x4230bc GetCurrentProcess
0x4230c0 TerminateProcess
0x4230c4 SetEnvironmentVariableW
0x4230c8 RtlUnwind
0x4230cc SetLastError
0x4230d0 InitializeCriticalSectionAndSpinCount
0x4230d4 TlsAlloc
0x4230d8 TlsGetValue
0x4230dc TlsSetValue
0x4230e0 TlsFree
0x4230e4 FreeLibrary
0x4230e8 LoadLibraryExW
0x4230ec GetStdHandle
0x4230f0 WriteFile
0x4230f4 GetModuleFileNameW
0x4230f8 ExitProcess
0x4230fc GetCommandLineA
0x423100 GetCommandLineW
0x423104 HeapFree
0x423108 HeapAlloc
0x42310c CompareStringW
0x423110 LCMapStringW
0x423114 GetLocaleInfoW
0x423118 IsValidLocale
0x42311c GetUserDefaultLCID
0x423120 EnumSystemLocalesW
0x423124 GetFileType
0x423128 GetFileSizeEx
0x42312c SetFilePointerEx
0x423130 FlushFileBuffers
0x423134 GetConsoleOutputCP
0x423138 GetConsoleMode
0x42313c ReadFile
0x423140 ReadConsoleW
0x423144 HeapReAlloc
0x423148 FindClose
0x42314c FindFirstFileExW
0x423150 FindNextFileW
0x423154 IsValidCodePage
0x423158 GetACP
0x42315c GetOEMCP
0x423160 GetEnvironmentStringsW
0x423164 FreeEnvironmentStringsW
0x423168 WriteConsoleW
EAT(Export Address Table) is none
GDI32.dll
0x423000 Polyline
USER32.dll
0x423170 OffsetRect
KERNEL32.dll
0x423008 CreateFileW
0x42300c HeapSize
0x423010 GetProcessHeap
0x423014 SetStdHandle
0x423018 WaitForSingleObject
0x42301c CreateThread
0x423020 VirtualAlloc
0x423024 RaiseException
0x423028 InitOnceBeginInitialize
0x42302c InitOnceComplete
0x423030 CloseHandle
0x423034 GetCurrentThreadId
0x423038 ReleaseSRWLockExclusive
0x42303c AcquireSRWLockExclusive
0x423040 TryAcquireSRWLockExclusive
0x423044 WakeAllConditionVariable
0x423048 SleepConditionVariableSRW
0x42304c GetLastError
0x423050 FreeLibraryWhenCallbackReturns
0x423054 CreateThreadpoolWork
0x423058 SubmitThreadpoolWork
0x42305c CloseThreadpoolWork
0x423060 GetModuleHandleExW
0x423064 IsProcessorFeaturePresent
0x423068 EnterCriticalSection
0x42306c LeaveCriticalSection
0x423070 InitializeCriticalSectionEx
0x423074 DeleteCriticalSection
0x423078 QueryPerformanceCounter
0x42307c EncodePointer
0x423080 DecodePointer
0x423084 MultiByteToWideChar
0x423088 WideCharToMultiByte
0x42308c LCMapStringEx
0x423090 GetSystemTimeAsFileTime
0x423094 GetModuleHandleW
0x423098 GetProcAddress
0x42309c GetStringTypeW
0x4230a0 GetCPInfo
0x4230a4 GetCurrentProcessId
0x4230a8 InitializeSListHead
0x4230ac IsDebuggerPresent
0x4230b0 UnhandledExceptionFilter
0x4230b4 SetUnhandledExceptionFilter
0x4230b8 GetStartupInfoW
0x4230bc GetCurrentProcess
0x4230c0 TerminateProcess
0x4230c4 SetEnvironmentVariableW
0x4230c8 RtlUnwind
0x4230cc SetLastError
0x4230d0 InitializeCriticalSectionAndSpinCount
0x4230d4 TlsAlloc
0x4230d8 TlsGetValue
0x4230dc TlsSetValue
0x4230e0 TlsFree
0x4230e4 FreeLibrary
0x4230e8 LoadLibraryExW
0x4230ec GetStdHandle
0x4230f0 WriteFile
0x4230f4 GetModuleFileNameW
0x4230f8 ExitProcess
0x4230fc GetCommandLineA
0x423100 GetCommandLineW
0x423104 HeapFree
0x423108 HeapAlloc
0x42310c CompareStringW
0x423110 LCMapStringW
0x423114 GetLocaleInfoW
0x423118 IsValidLocale
0x42311c GetUserDefaultLCID
0x423120 EnumSystemLocalesW
0x423124 GetFileType
0x423128 GetFileSizeEx
0x42312c SetFilePointerEx
0x423130 FlushFileBuffers
0x423134 GetConsoleOutputCP
0x423138 GetConsoleMode
0x42313c ReadFile
0x423140 ReadConsoleW
0x423144 HeapReAlloc
0x423148 FindClose
0x42314c FindFirstFileExW
0x423150 FindNextFileW
0x423154 IsValidCodePage
0x423158 GetACP
0x42315c GetOEMCP
0x423160 GetEnvironmentStringsW
0x423164 FreeEnvironmentStringsW
0x423168 WriteConsoleW
EAT(Export Address Table) is none