ScreenShot
| Created | 2024.06.29 15:18 | Machine | s1_win7_x6401 |
| Filename | qNVQKFyM.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetectMalware, malicious, high confidence, score, Artemis, Unsafe, Vjgn, CLOUD, Nekark, pmoet, Rozena, Detected, Casdet, Quasar, 24VKWK, ABRisk, URQM, confidence) | ||
| md5 | 78a7612603af19fb92d614af1e769f2a | ||
| sha256 | 73399ca48340bd7a31da27d573966f23371fe4ea82625ee3b7ce2772386b9e04 | ||
| ssdeep | 49152:LdbIKJzytEyM67fYoiJTwC/rMIqLwRjwVofSOtGhpGjyxqRlEBPPmgtPXVMNmIqK:RfgEy7755yrkwVwVWSqjePZ9Xg5cI | ||
| imphash | ed4962dc6d69982d0af6070ed1241520 | ||
| impfuzzy | 24:C1d+0mB+YgMyWNwyWPWi+Yh29ocAD4Tg9bzATKZhihAJCJLBSfB6LSQJBb+u5F3:C1diB1Ng+3XEZf4DLSQJBSM | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400663e8 GetCurrentProcess
0x1400663f0 GetCurrentProcessId
0x1400663f8 GetCurrentThreadId
0x140066400 GetModuleHandleW
0x140066408 GetSystemTimeAsFileTime
0x140066410 InitializeSListHead
0x140066418 IsDebuggerPresent
0x140066420 IsProcessorFeaturePresent
0x140066428 QueryPerformanceCounter
0x140066430 RtlCaptureContext
0x140066438 RtlLookupFunctionEntry
0x140066440 RtlVirtualUnwind
0x140066448 SetUnhandledExceptionFilter
0x140066450 TerminateProcess
0x140066458 UnhandledExceptionFilter
VCRUNTIME140.dll
0x140066468 __C_specific_handler
0x140066470 __current_exception
0x140066478 __current_exception_context
0x140066480 memcpy
0x140066488 memset
api-ms-win-crt-runtime-l1-1-0.dll
0x140066498 __p___argc
0x1400664a0 __p___argv
0x1400664a8 _c_exit
0x1400664b0 _cexit
0x1400664b8 _configure_narrow_argv
0x1400664c0 _crt_atexit
0x1400664c8 _exit
0x1400664d0 _get_initial_narrow_environment
0x1400664d8 _initialize_narrow_environment
0x1400664e0 _initialize_onexit_table
0x1400664e8 _initterm
0x1400664f0 _initterm_e
0x1400664f8 _register_onexit_function
0x140066500 _register_thread_local_exe_atexit_callback
0x140066508 _seh_filter_exe
0x140066510 _set_app_type
0x140066518 exit
0x140066520 terminate
api-ms-win-crt-stdio-l1-1-0.dll
0x140066530 __p__commode
0x140066538 _set_fmode
api-ms-win-crt-math-l1-1-0.dll
0x140066548 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x140066558 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x140066568 _set_new_mode
EAT(Export Address Table) is none
KERNEL32.dll
0x1400663e8 GetCurrentProcess
0x1400663f0 GetCurrentProcessId
0x1400663f8 GetCurrentThreadId
0x140066400 GetModuleHandleW
0x140066408 GetSystemTimeAsFileTime
0x140066410 InitializeSListHead
0x140066418 IsDebuggerPresent
0x140066420 IsProcessorFeaturePresent
0x140066428 QueryPerformanceCounter
0x140066430 RtlCaptureContext
0x140066438 RtlLookupFunctionEntry
0x140066440 RtlVirtualUnwind
0x140066448 SetUnhandledExceptionFilter
0x140066450 TerminateProcess
0x140066458 UnhandledExceptionFilter
VCRUNTIME140.dll
0x140066468 __C_specific_handler
0x140066470 __current_exception
0x140066478 __current_exception_context
0x140066480 memcpy
0x140066488 memset
api-ms-win-crt-runtime-l1-1-0.dll
0x140066498 __p___argc
0x1400664a0 __p___argv
0x1400664a8 _c_exit
0x1400664b0 _cexit
0x1400664b8 _configure_narrow_argv
0x1400664c0 _crt_atexit
0x1400664c8 _exit
0x1400664d0 _get_initial_narrow_environment
0x1400664d8 _initialize_narrow_environment
0x1400664e0 _initialize_onexit_table
0x1400664e8 _initterm
0x1400664f0 _initterm_e
0x1400664f8 _register_onexit_function
0x140066500 _register_thread_local_exe_atexit_callback
0x140066508 _seh_filter_exe
0x140066510 _set_app_type
0x140066518 exit
0x140066520 terminate
api-ms-win-crt-stdio-l1-1-0.dll
0x140066530 __p__commode
0x140066538 _set_fmode
api-ms-win-crt-math-l1-1-0.dll
0x140066548 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x140066558 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x140066568 _set_new_mode
EAT(Export Address Table) is none