ScreenShot
| Created | 2024.07.02 10:29 | Machine | s1_win7_x6401 |
| Filename | pic2.jpg.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (AIDetectMalware, malicious, high confidence, GenericKD, Unsafe, Save, Genus, Attribute, HighConfidence, LummaStealer, MalwareX, CLOUD, wkgdl, SMOKELOADER, YXEF4Z, moderate, score, Detected, ai score=84, ABTrojan, BATW, ZexaF, @J0@aeZYSJai, SScope, Hider, Neshta, FileInfector, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | bd2eac64cbded877608468d86786594a | ||
| sha256 | cae992788853230af91501546f6ead07cfd767cb8429c98a273093a90bbcb5ad | ||
| ssdeep | 98304:LqhZ67opwYckx35SF2XKgxVvHuCPU8GSbO3JAXV1LrA+ZlL9CxpzTp2:LgErupSgKORuCT43JeV1LE+/s3p | ||
| imphash | 6918ba97730e30a95b8fcd002ec1547e | ||
| impfuzzy | 24:YY173qvEQ4E5wxzTrlZ4Fk/wh3MUkka20DW:YY17hQiDlZ4Fk/eg+ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x734000 ExitProcess
0x734004 GetCurrentProcessId
0x734008 GetCurrentThreadId
0x73400c GetLogicalDrives
0x734010 GetProcessVersion
0x734014 GetSystemDirectoryW
0x734018 GlobalLock
0x73401c GlobalUnlock
OLEAUT32.dll
0x734024 SysAllocString
0x734028 SysFreeString
0x73402c SysStringLen
0x734030 VariantClear
0x734034 VariantInit
ole32.dll
0x73403c CoCreateInstance
0x734040 CoInitializeEx
0x734044 CoInitializeSecurity
0x734048 CoSetProxyBlanket
0x73404c CoUninitialize
USER32.dll
0x734054 CloseClipboard
0x734058 GetClipboardData
0x73405c GetDC
0x734060 GetSystemMetrics
0x734064 GetWindowLongW
0x734068 OpenClipboard
0x73406c ReleaseDC
GDI32.dll
0x734074 BitBlt
0x734078 CreateCompatibleBitmap
0x73407c CreateCompatibleDC
0x734080 DeleteDC
0x734084 DeleteObject
0x734088 GetCurrentObject
0x73408c GetDIBits
0x734090 GetObjectW
0x734094 SelectObject
KERNEL32.dll
0x73409c HeapAlloc
0x7340a0 HeapFree
0x7340a4 ExitProcess
0x7340a8 GetModuleHandleA
0x7340ac LoadLibraryA
0x7340b0 GetProcAddress
EAT(Export Address Table) is none
KERNEL32.dll
0x734000 ExitProcess
0x734004 GetCurrentProcessId
0x734008 GetCurrentThreadId
0x73400c GetLogicalDrives
0x734010 GetProcessVersion
0x734014 GetSystemDirectoryW
0x734018 GlobalLock
0x73401c GlobalUnlock
OLEAUT32.dll
0x734024 SysAllocString
0x734028 SysFreeString
0x73402c SysStringLen
0x734030 VariantClear
0x734034 VariantInit
ole32.dll
0x73403c CoCreateInstance
0x734040 CoInitializeEx
0x734044 CoInitializeSecurity
0x734048 CoSetProxyBlanket
0x73404c CoUninitialize
USER32.dll
0x734054 CloseClipboard
0x734058 GetClipboardData
0x73405c GetDC
0x734060 GetSystemMetrics
0x734064 GetWindowLongW
0x734068 OpenClipboard
0x73406c ReleaseDC
GDI32.dll
0x734074 BitBlt
0x734078 CreateCompatibleBitmap
0x73407c CreateCompatibleDC
0x734080 DeleteDC
0x734084 DeleteObject
0x734088 GetCurrentObject
0x73408c GetDIBits
0x734090 GetObjectW
0x734094 SelectObject
KERNEL32.dll
0x73409c HeapAlloc
0x7340a0 HeapFree
0x7340a4 ExitProcess
0x7340a8 GetModuleHandleA
0x7340ac LoadLibraryA
0x7340b0 GetProcAddress
EAT(Export Address Table) is none