ScreenShot
| Created | 2024.07.01 09:42 | Machine | s1_win7_x6403 |
| Filename | rise2806.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 32 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Save, Lazy, Attribute, HighConfidence, Kryptik, HXDB, PWSX, Stealerc, Reline, glZK8UokgrV, high, Detected, ai score=81, Sabsik, BScope, TrojanPSW, Convagent, Genetic, Static AI, Malicious PE, confidence) | ||
| md5 | 97768ab0a4837757b74de2ae892badab | ||
| sha256 | 0f88ea51a56da966d12311a4b20ea3a6c44315e00747a589f19cf535f90ced77 | ||
| ssdeep | 49152:Ktx9fJc02euDyRs7NNvZpFW3wrqirfHWZjlavwpX:Ktx9fe02beG5Nv+w+irHWZjlavwpX | ||
| imphash | bea8657593f34831fef16a15915f462d | ||
| impfuzzy | 24:+EjlpDaVjM3cpVJfK1cLtePu9uGhlJBl393PLOovbO3gv9FZYGMAkEZX:/3cpVJJLteZGnpN63y9FZR | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x42515c OffsetRect
KERNEL32.dll
0x425000 CreateFileW
0x425004 HeapSize
0x425008 GetProcessHeap
0x42500c SetStdHandle
0x425010 WaitForSingleObject
0x425014 CreateThread
0x425018 VirtualAlloc
0x42501c GetModuleHandleA
0x425020 GetProcAddress
0x425024 GetConsoleWindow
0x425028 CloseHandle
0x42502c WaitForSingleObjectEx
0x425030 GetCurrentThreadId
0x425034 GetExitCodeThread
0x425038 WideCharToMultiByte
0x42503c EnterCriticalSection
0x425040 LeaveCriticalSection
0x425044 InitializeCriticalSectionEx
0x425048 DeleteCriticalSection
0x42504c QueryPerformanceCounter
0x425050 ReleaseSRWLockExclusive
0x425054 WakeAllConditionVariable
0x425058 EncodePointer
0x42505c DecodePointer
0x425060 MultiByteToWideChar
0x425064 LCMapStringEx
0x425068 GetSystemTimeAsFileTime
0x42506c GetModuleHandleW
0x425070 GetStringTypeW
0x425074 GetCPInfo
0x425078 IsProcessorFeaturePresent
0x42507c UnhandledExceptionFilter
0x425080 SetUnhandledExceptionFilter
0x425084 GetCurrentProcess
0x425088 TerminateProcess
0x42508c GetCurrentProcessId
0x425090 InitializeSListHead
0x425094 IsDebuggerPresent
0x425098 GetStartupInfoW
0x42509c SetEnvironmentVariableW
0x4250a0 RaiseException
0x4250a4 RtlUnwind
0x4250a8 GetLastError
0x4250ac SetLastError
0x4250b0 InitializeCriticalSectionAndSpinCount
0x4250b4 TlsAlloc
0x4250b8 TlsGetValue
0x4250bc TlsSetValue
0x4250c0 TlsFree
0x4250c4 FreeLibrary
0x4250c8 LoadLibraryExW
0x4250cc ExitThread
0x4250d0 FreeLibraryAndExitThread
0x4250d4 GetModuleHandleExW
0x4250d8 GetStdHandle
0x4250dc WriteFile
0x4250e0 GetModuleFileNameW
0x4250e4 ExitProcess
0x4250e8 GetCommandLineA
0x4250ec GetCommandLineW
0x4250f0 HeapAlloc
0x4250f4 HeapFree
0x4250f8 GetFileType
0x4250fc CompareStringW
0x425100 LCMapStringW
0x425104 GetLocaleInfoW
0x425108 IsValidLocale
0x42510c GetUserDefaultLCID
0x425110 EnumSystemLocalesW
0x425114 FlushFileBuffers
0x425118 GetConsoleOutputCP
0x42511c GetConsoleMode
0x425120 ReadFile
0x425124 GetFileSizeEx
0x425128 SetFilePointerEx
0x42512c ReadConsoleW
0x425130 HeapReAlloc
0x425134 FindClose
0x425138 FindFirstFileExW
0x42513c FindNextFileW
0x425140 IsValidCodePage
0x425144 GetACP
0x425148 GetOEMCP
0x42514c GetEnvironmentStringsW
0x425150 FreeEnvironmentStringsW
0x425154 WriteConsoleW
EAT(Export Address Table) Library
0x424d00 IUAhsiuchniuohAIU
USER32.dll
0x42515c OffsetRect
KERNEL32.dll
0x425000 CreateFileW
0x425004 HeapSize
0x425008 GetProcessHeap
0x42500c SetStdHandle
0x425010 WaitForSingleObject
0x425014 CreateThread
0x425018 VirtualAlloc
0x42501c GetModuleHandleA
0x425020 GetProcAddress
0x425024 GetConsoleWindow
0x425028 CloseHandle
0x42502c WaitForSingleObjectEx
0x425030 GetCurrentThreadId
0x425034 GetExitCodeThread
0x425038 WideCharToMultiByte
0x42503c EnterCriticalSection
0x425040 LeaveCriticalSection
0x425044 InitializeCriticalSectionEx
0x425048 DeleteCriticalSection
0x42504c QueryPerformanceCounter
0x425050 ReleaseSRWLockExclusive
0x425054 WakeAllConditionVariable
0x425058 EncodePointer
0x42505c DecodePointer
0x425060 MultiByteToWideChar
0x425064 LCMapStringEx
0x425068 GetSystemTimeAsFileTime
0x42506c GetModuleHandleW
0x425070 GetStringTypeW
0x425074 GetCPInfo
0x425078 IsProcessorFeaturePresent
0x42507c UnhandledExceptionFilter
0x425080 SetUnhandledExceptionFilter
0x425084 GetCurrentProcess
0x425088 TerminateProcess
0x42508c GetCurrentProcessId
0x425090 InitializeSListHead
0x425094 IsDebuggerPresent
0x425098 GetStartupInfoW
0x42509c SetEnvironmentVariableW
0x4250a0 RaiseException
0x4250a4 RtlUnwind
0x4250a8 GetLastError
0x4250ac SetLastError
0x4250b0 InitializeCriticalSectionAndSpinCount
0x4250b4 TlsAlloc
0x4250b8 TlsGetValue
0x4250bc TlsSetValue
0x4250c0 TlsFree
0x4250c4 FreeLibrary
0x4250c8 LoadLibraryExW
0x4250cc ExitThread
0x4250d0 FreeLibraryAndExitThread
0x4250d4 GetModuleHandleExW
0x4250d8 GetStdHandle
0x4250dc WriteFile
0x4250e0 GetModuleFileNameW
0x4250e4 ExitProcess
0x4250e8 GetCommandLineA
0x4250ec GetCommandLineW
0x4250f0 HeapAlloc
0x4250f4 HeapFree
0x4250f8 GetFileType
0x4250fc CompareStringW
0x425100 LCMapStringW
0x425104 GetLocaleInfoW
0x425108 IsValidLocale
0x42510c GetUserDefaultLCID
0x425110 EnumSystemLocalesW
0x425114 FlushFileBuffers
0x425118 GetConsoleOutputCP
0x42511c GetConsoleMode
0x425120 ReadFile
0x425124 GetFileSizeEx
0x425128 SetFilePointerEx
0x42512c ReadConsoleW
0x425130 HeapReAlloc
0x425134 FindClose
0x425138 FindFirstFileExW
0x42513c FindNextFileW
0x425140 IsValidCodePage
0x425144 GetACP
0x425148 GetOEMCP
0x42514c GetEnvironmentStringsW
0x425150 FreeEnvironmentStringsW
0x425154 WriteConsoleW
EAT(Export Address Table) Library
0x424d00 IUAhsiuchniuohAIU