ScreenShot
| Created | 2024.07.04 07:43 | Machine | s1_win7_x6401 |
| Filename | loader.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 46 detected (AIDetectMalware, Penguish, tsyI, malicious, high confidence, score, Artemis, Unsafe, Reflo, Vzjn, GenX, Kryptik, HXIB, Nanocore, Convagent, GfvFgqX8ZiM, Redcap, jebdn, Siggen29, R002C0DG124, VMProtect, Detected, yismw, Injuke, Vigorf, T1C5DT, ABRisk, TOXG, R576673, R002H01G124, susgen, confidence) | ||
| md5 | edc8dc2a71af650c1c6272efa564adc3 | ||
| sha256 | 18f456bc4bc4f55266f7456bfabe1f343560b6a59a3f5a68e995a34c0563a760 | ||
| ssdeep | 393216:8htgAGCnsGz3SN1Xg97zShawHV+Cck7hHV:+6AD53SbkzQawHb9pV | ||
| imphash | e8a30656287fe831c9782204ed10cd68 | ||
| impfuzzy | 48:S9FpdOocLbc1XFjn6ZevTptccpebXyGBsP:SVdpcLbc1XFLfptccpebXyGBsP | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | Drops a binary and executes it |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14003b000 LocalFree
0x14003b008 GetLastError
0x14003b010 SetLastError
0x14003b018 FormatMessageW
0x14003b020 GetFileType
0x14003b028 GetStdHandle
0x14003b030 WriteFile
0x14003b038 ReadFile
0x14003b040 FlushFileBuffers
0x14003b048 SetEndOfFile
0x14003b050 SetFilePointer
0x14003b058 SetFileTime
0x14003b060 CloseHandle
0x14003b068 CreateFileW
0x14003b070 GetCurrentProcessId
0x14003b078 CreateDirectoryW
0x14003b080 RemoveDirectoryW
0x14003b088 SetFileAttributesW
0x14003b090 GetFileAttributesW
0x14003b098 DeleteFileW
0x14003b0a0 MoveFileW
0x14003b0a8 FindClose
0x14003b0b0 FindFirstFileW
0x14003b0b8 FindNextFileW
0x14003b0c0 GetVersionExW
0x14003b0c8 GetModuleFileNameW
0x14003b0d0 SetCurrentDirectoryW
0x14003b0d8 GetCurrentDirectoryW
0x14003b0e0 GetFullPathNameW
0x14003b0e8 FoldStringW
0x14003b0f0 GetModuleHandleW
0x14003b0f8 FindResourceW
0x14003b100 FreeLibrary
0x14003b108 GetProcAddress
0x14003b110 ExpandEnvironmentStringsW
0x14003b118 ExitProcess
0x14003b120 SetThreadExecutionState
0x14003b128 Sleep
0x14003b130 LoadLibraryW
0x14003b138 GetSystemDirectoryW
0x14003b140 CompareStringW
0x14003b148 AllocConsole
0x14003b150 FreeConsole
0x14003b158 AttachConsole
0x14003b160 WriteConsoleW
0x14003b168 SystemTimeToTzSpecificLocalTime
0x14003b170 TzSpecificLocalTimeToSystemTime
0x14003b178 SystemTimeToFileTime
0x14003b180 LocalFileTimeToFileTime
0x14003b188 FileTimeToSystemTime
0x14003b190 GetCPInfo
0x14003b198 IsDBCSLeadByte
0x14003b1a0 MultiByteToWideChar
0x14003b1a8 WideCharToMultiByte
0x14003b1b0 GlobalAlloc
0x14003b1b8 LockResource
0x14003b1c0 GlobalLock
0x14003b1c8 GlobalUnlock
0x14003b1d0 GlobalFree
0x14003b1d8 LoadResource
0x14003b1e0 SizeofResource
0x14003b1e8 GetTimeFormatW
0x14003b1f0 GetDateFormatW
0x14003b1f8 GetCurrentProcess
0x14003b200 GetExitCodeProcess
0x14003b208 WaitForSingleObject
0x14003b210 GetLocalTime
0x14003b218 GetTickCount
0x14003b220 MapViewOfFile
0x14003b228 UnmapViewOfFile
0x14003b230 CreateFileMappingW
0x14003b238 OpenFileMappingW
0x14003b240 GetCommandLineW
0x14003b248 SetEnvironmentVariableW
0x14003b250 GetTempPathW
0x14003b258 MoveFileExW
0x14003b260 GetLocaleInfoW
0x14003b268 GetNumberFormatW
0x14003b270 SetFilePointerEx
0x14003b278 GetConsoleMode
0x14003b280 GetConsoleCP
0x14003b288 HeapReAlloc
0x14003b290 HeapSize
0x14003b298 SetStdHandle
0x14003b2a0 GetProcessHeap
0x14003b2a8 FreeEnvironmentStringsW
0x14003b2b0 GetEnvironmentStringsW
0x14003b2b8 GetCommandLineA
0x14003b2c0 RaiseException
0x14003b2c8 GetSystemInfo
0x14003b2d0 VirtualProtect
0x14003b2d8 VirtualQuery
0x14003b2e0 LoadLibraryExA
0x14003b2e8 RtlCaptureContext
0x14003b2f0 RtlLookupFunctionEntry
0x14003b2f8 RtlVirtualUnwind
0x14003b300 UnhandledExceptionFilter
0x14003b308 SetUnhandledExceptionFilter
0x14003b310 TerminateProcess
0x14003b318 IsProcessorFeaturePresent
0x14003b320 EnterCriticalSection
0x14003b328 LeaveCriticalSection
0x14003b330 InitializeCriticalSectionAndSpinCount
0x14003b338 DeleteCriticalSection
0x14003b340 SetEvent
0x14003b348 ResetEvent
0x14003b350 WaitForSingleObjectEx
0x14003b358 CreateEventW
0x14003b360 IsDebuggerPresent
0x14003b368 GetStartupInfoW
0x14003b370 QueryPerformanceCounter
0x14003b378 GetCurrentThreadId
0x14003b380 GetSystemTimeAsFileTime
0x14003b388 InitializeSListHead
0x14003b390 RtlPcToFileHeader
0x14003b398 RtlUnwindEx
0x14003b3a0 EncodePointer
0x14003b3a8 TlsAlloc
0x14003b3b0 TlsGetValue
0x14003b3b8 TlsSetValue
0x14003b3c0 TlsFree
0x14003b3c8 LoadLibraryExW
0x14003b3d0 QueryPerformanceFrequency
0x14003b3d8 GetModuleHandleExW
0x14003b3e0 GetModuleFileNameA
0x14003b3e8 GetACP
0x14003b3f0 HeapFree
0x14003b3f8 HeapAlloc
0x14003b400 GetStringTypeW
0x14003b408 LCMapStringW
0x14003b410 FindFirstFileExA
0x14003b418 FindNextFileA
0x14003b420 IsValidCodePage
0x14003b428 GetOEMCP
OLEAUT32.dll
0x14003b438 SysAllocString
0x14003b440 SysFreeString
0x14003b448 VariantClear
gdiplus.dll
0x14003b458 GdipCloneImage
0x14003b460 GdipAlloc
0x14003b468 GdipDisposeImage
0x14003b470 GdipCreateBitmapFromStream
0x14003b478 GdipCreateHBITMAPFromBitmap
0x14003b480 GdiplusStartup
0x14003b488 GdiplusShutdown
0x14003b490 GdipFree
EAT(Export Address Table) Library
KERNEL32.dll
0x14003b000 LocalFree
0x14003b008 GetLastError
0x14003b010 SetLastError
0x14003b018 FormatMessageW
0x14003b020 GetFileType
0x14003b028 GetStdHandle
0x14003b030 WriteFile
0x14003b038 ReadFile
0x14003b040 FlushFileBuffers
0x14003b048 SetEndOfFile
0x14003b050 SetFilePointer
0x14003b058 SetFileTime
0x14003b060 CloseHandle
0x14003b068 CreateFileW
0x14003b070 GetCurrentProcessId
0x14003b078 CreateDirectoryW
0x14003b080 RemoveDirectoryW
0x14003b088 SetFileAttributesW
0x14003b090 GetFileAttributesW
0x14003b098 DeleteFileW
0x14003b0a0 MoveFileW
0x14003b0a8 FindClose
0x14003b0b0 FindFirstFileW
0x14003b0b8 FindNextFileW
0x14003b0c0 GetVersionExW
0x14003b0c8 GetModuleFileNameW
0x14003b0d0 SetCurrentDirectoryW
0x14003b0d8 GetCurrentDirectoryW
0x14003b0e0 GetFullPathNameW
0x14003b0e8 FoldStringW
0x14003b0f0 GetModuleHandleW
0x14003b0f8 FindResourceW
0x14003b100 FreeLibrary
0x14003b108 GetProcAddress
0x14003b110 ExpandEnvironmentStringsW
0x14003b118 ExitProcess
0x14003b120 SetThreadExecutionState
0x14003b128 Sleep
0x14003b130 LoadLibraryW
0x14003b138 GetSystemDirectoryW
0x14003b140 CompareStringW
0x14003b148 AllocConsole
0x14003b150 FreeConsole
0x14003b158 AttachConsole
0x14003b160 WriteConsoleW
0x14003b168 SystemTimeToTzSpecificLocalTime
0x14003b170 TzSpecificLocalTimeToSystemTime
0x14003b178 SystemTimeToFileTime
0x14003b180 LocalFileTimeToFileTime
0x14003b188 FileTimeToSystemTime
0x14003b190 GetCPInfo
0x14003b198 IsDBCSLeadByte
0x14003b1a0 MultiByteToWideChar
0x14003b1a8 WideCharToMultiByte
0x14003b1b0 GlobalAlloc
0x14003b1b8 LockResource
0x14003b1c0 GlobalLock
0x14003b1c8 GlobalUnlock
0x14003b1d0 GlobalFree
0x14003b1d8 LoadResource
0x14003b1e0 SizeofResource
0x14003b1e8 GetTimeFormatW
0x14003b1f0 GetDateFormatW
0x14003b1f8 GetCurrentProcess
0x14003b200 GetExitCodeProcess
0x14003b208 WaitForSingleObject
0x14003b210 GetLocalTime
0x14003b218 GetTickCount
0x14003b220 MapViewOfFile
0x14003b228 UnmapViewOfFile
0x14003b230 CreateFileMappingW
0x14003b238 OpenFileMappingW
0x14003b240 GetCommandLineW
0x14003b248 SetEnvironmentVariableW
0x14003b250 GetTempPathW
0x14003b258 MoveFileExW
0x14003b260 GetLocaleInfoW
0x14003b268 GetNumberFormatW
0x14003b270 SetFilePointerEx
0x14003b278 GetConsoleMode
0x14003b280 GetConsoleCP
0x14003b288 HeapReAlloc
0x14003b290 HeapSize
0x14003b298 SetStdHandle
0x14003b2a0 GetProcessHeap
0x14003b2a8 FreeEnvironmentStringsW
0x14003b2b0 GetEnvironmentStringsW
0x14003b2b8 GetCommandLineA
0x14003b2c0 RaiseException
0x14003b2c8 GetSystemInfo
0x14003b2d0 VirtualProtect
0x14003b2d8 VirtualQuery
0x14003b2e0 LoadLibraryExA
0x14003b2e8 RtlCaptureContext
0x14003b2f0 RtlLookupFunctionEntry
0x14003b2f8 RtlVirtualUnwind
0x14003b300 UnhandledExceptionFilter
0x14003b308 SetUnhandledExceptionFilter
0x14003b310 TerminateProcess
0x14003b318 IsProcessorFeaturePresent
0x14003b320 EnterCriticalSection
0x14003b328 LeaveCriticalSection
0x14003b330 InitializeCriticalSectionAndSpinCount
0x14003b338 DeleteCriticalSection
0x14003b340 SetEvent
0x14003b348 ResetEvent
0x14003b350 WaitForSingleObjectEx
0x14003b358 CreateEventW
0x14003b360 IsDebuggerPresent
0x14003b368 GetStartupInfoW
0x14003b370 QueryPerformanceCounter
0x14003b378 GetCurrentThreadId
0x14003b380 GetSystemTimeAsFileTime
0x14003b388 InitializeSListHead
0x14003b390 RtlPcToFileHeader
0x14003b398 RtlUnwindEx
0x14003b3a0 EncodePointer
0x14003b3a8 TlsAlloc
0x14003b3b0 TlsGetValue
0x14003b3b8 TlsSetValue
0x14003b3c0 TlsFree
0x14003b3c8 LoadLibraryExW
0x14003b3d0 QueryPerformanceFrequency
0x14003b3d8 GetModuleHandleExW
0x14003b3e0 GetModuleFileNameA
0x14003b3e8 GetACP
0x14003b3f0 HeapFree
0x14003b3f8 HeapAlloc
0x14003b400 GetStringTypeW
0x14003b408 LCMapStringW
0x14003b410 FindFirstFileExA
0x14003b418 FindNextFileA
0x14003b420 IsValidCodePage
0x14003b428 GetOEMCP
OLEAUT32.dll
0x14003b438 SysAllocString
0x14003b440 SysFreeString
0x14003b448 VariantClear
gdiplus.dll
0x14003b458 GdipCloneImage
0x14003b460 GdipAlloc
0x14003b468 GdipDisposeImage
0x14003b470 GdipCreateBitmapFromStream
0x14003b478 GdipCreateHBITMAPFromBitmap
0x14003b480 GdiplusStartup
0x14003b488 GdiplusShutdown
0x14003b490 GdipFree
EAT(Export Address Table) Library