ScreenShot
| Created | 2024.07.03 07:53 | Machine | s1_win7_x6403 |
| Filename | 1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (AIDetectMalware, malicious, high confidence, score, Lockbit, Unsafe, Save, Attribute, HighConfidence, Generic@AI, RDMK, cmRtazqPPldU+2LlwZmP5TF37k5s, Real Protect, high, Krypt, estcy, Detected, Eldorado, ZexaF, kq0@aiLTeRcG, BScope, Convagent, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | a8899bbd6c19faf3ba8afe6f853cbc46 | ||
| sha256 | db082ed10acccd376cb0b2a563174a5f12f089d67e32406d8a1ce8ebf0cd1a82 | ||
| ssdeep | 3072:Hi5QLNHPX09BR25tT7RXXmiXhPtP5NY//1KuU3:C5QLNHPknutpGoBGQ7 | ||
| imphash | a2f98760372f92ec7255c044ca187eb8 | ||
| impfuzzy | 24:pgrmlskXcDYSj8dQBOQ/C0gkrawLkeJ3NcQRvDUCljHuO2SBojluHjMJ:vY8dnT0XThNcUDUC2SB+su | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418008 CreateJobObjectW
0x41800c GetModuleHandleExW
0x418010 SetVolumeMountPointW
0x418014 GetComputerNameW
0x418018 SleepEx
0x41801c GetCommProperties
0x418020 GetModuleHandleW
0x418024 GetTickCount
0x418028 ReadConsoleOutputA
0x41802c GlobalAlloc
0x418030 GetConsoleAliasExesLengthW
0x418034 lstrcpynW
0x418038 WriteConsoleW
0x41803c GetModuleFileNameW
0x418040 ZombifyActCtx
0x418044 GetLastError
0x418048 GetProcAddress
0x41804c BuildCommDCBW
0x418050 GetAtomNameA
0x418054 LoadLibraryA
0x418058 UnhandledExceptionFilter
0x41805c InterlockedExchangeAdd
0x418060 SetFileApisToANSI
0x418064 AddAtomA
0x418068 FoldStringA
0x41806c lstrcatW
0x418070 EnumDateFormatsW
0x418074 FindFirstVolumeA
0x418078 GetConsoleAliasesW
0x41807c OpenJobObjectA
0x418080 CreateFileA
0x418084 GetConsoleOutputCP
0x418088 MultiByteToWideChar
0x41808c HeapReAlloc
0x418090 HeapAlloc
0x418094 GetStartupInfoW
0x418098 TerminateProcess
0x41809c GetCurrentProcess
0x4180a0 SetUnhandledExceptionFilter
0x4180a4 IsDebuggerPresent
0x4180a8 GetCPInfo
0x4180ac InterlockedIncrement
0x4180b0 InterlockedDecrement
0x4180b4 GetACP
0x4180b8 GetOEMCP
0x4180bc IsValidCodePage
0x4180c0 TlsGetValue
0x4180c4 TlsAlloc
0x4180c8 TlsSetValue
0x4180cc TlsFree
0x4180d0 SetLastError
0x4180d4 GetCurrentThreadId
0x4180d8 EnterCriticalSection
0x4180dc LeaveCriticalSection
0x4180e0 SetHandleCount
0x4180e4 GetStdHandle
0x4180e8 GetFileType
0x4180ec GetStartupInfoA
0x4180f0 DeleteCriticalSection
0x4180f4 Sleep
0x4180f8 HeapSize
0x4180fc ExitProcess
0x418100 HeapCreate
0x418104 VirtualFree
0x418108 HeapFree
0x41810c VirtualAlloc
0x418110 WriteFile
0x418114 GetModuleFileNameA
0x418118 FreeEnvironmentStringsW
0x41811c GetEnvironmentStringsW
0x418120 GetCommandLineW
0x418124 QueryPerformanceCounter
0x418128 GetCurrentProcessId
0x41812c GetSystemTimeAsFileTime
0x418130 LCMapStringA
0x418134 WideCharToMultiByte
0x418138 LCMapStringW
0x41813c GetStringTypeA
0x418140 GetStringTypeW
0x418144 GetLocaleInfoA
0x418148 ReadFile
0x41814c InitializeCriticalSectionAndSpinCount
0x418150 RtlUnwind
0x418154 GetConsoleCP
0x418158 GetConsoleMode
0x41815c FlushFileBuffers
0x418160 SetFilePointer
0x418164 SetStdHandle
0x418168 CloseHandle
0x41816c WriteConsoleA
GDI32.dll
0x418000 GetBoundsRect
ole32.dll
0x418174 CoTaskMemRealloc
EAT(Export Address Table) is none
KERNEL32.dll
0x418008 CreateJobObjectW
0x41800c GetModuleHandleExW
0x418010 SetVolumeMountPointW
0x418014 GetComputerNameW
0x418018 SleepEx
0x41801c GetCommProperties
0x418020 GetModuleHandleW
0x418024 GetTickCount
0x418028 ReadConsoleOutputA
0x41802c GlobalAlloc
0x418030 GetConsoleAliasExesLengthW
0x418034 lstrcpynW
0x418038 WriteConsoleW
0x41803c GetModuleFileNameW
0x418040 ZombifyActCtx
0x418044 GetLastError
0x418048 GetProcAddress
0x41804c BuildCommDCBW
0x418050 GetAtomNameA
0x418054 LoadLibraryA
0x418058 UnhandledExceptionFilter
0x41805c InterlockedExchangeAdd
0x418060 SetFileApisToANSI
0x418064 AddAtomA
0x418068 FoldStringA
0x41806c lstrcatW
0x418070 EnumDateFormatsW
0x418074 FindFirstVolumeA
0x418078 GetConsoleAliasesW
0x41807c OpenJobObjectA
0x418080 CreateFileA
0x418084 GetConsoleOutputCP
0x418088 MultiByteToWideChar
0x41808c HeapReAlloc
0x418090 HeapAlloc
0x418094 GetStartupInfoW
0x418098 TerminateProcess
0x41809c GetCurrentProcess
0x4180a0 SetUnhandledExceptionFilter
0x4180a4 IsDebuggerPresent
0x4180a8 GetCPInfo
0x4180ac InterlockedIncrement
0x4180b0 InterlockedDecrement
0x4180b4 GetACP
0x4180b8 GetOEMCP
0x4180bc IsValidCodePage
0x4180c0 TlsGetValue
0x4180c4 TlsAlloc
0x4180c8 TlsSetValue
0x4180cc TlsFree
0x4180d0 SetLastError
0x4180d4 GetCurrentThreadId
0x4180d8 EnterCriticalSection
0x4180dc LeaveCriticalSection
0x4180e0 SetHandleCount
0x4180e4 GetStdHandle
0x4180e8 GetFileType
0x4180ec GetStartupInfoA
0x4180f0 DeleteCriticalSection
0x4180f4 Sleep
0x4180f8 HeapSize
0x4180fc ExitProcess
0x418100 HeapCreate
0x418104 VirtualFree
0x418108 HeapFree
0x41810c VirtualAlloc
0x418110 WriteFile
0x418114 GetModuleFileNameA
0x418118 FreeEnvironmentStringsW
0x41811c GetEnvironmentStringsW
0x418120 GetCommandLineW
0x418124 QueryPerformanceCounter
0x418128 GetCurrentProcessId
0x41812c GetSystemTimeAsFileTime
0x418130 LCMapStringA
0x418134 WideCharToMultiByte
0x418138 LCMapStringW
0x41813c GetStringTypeA
0x418140 GetStringTypeW
0x418144 GetLocaleInfoA
0x418148 ReadFile
0x41814c InitializeCriticalSectionAndSpinCount
0x418150 RtlUnwind
0x418154 GetConsoleCP
0x418158 GetConsoleMode
0x41815c FlushFileBuffers
0x418160 SetFilePointer
0x418164 SetStdHandle
0x418168 CloseHandle
0x41816c WriteConsoleA
GDI32.dll
0x418000 GetBoundsRect
ole32.dll
0x418174 CoTaskMemRealloc
EAT(Export Address Table) is none