ScreenShot
| Created | 2024.07.04 09:47 | Machine | s1_win7_x6401 |
| Filename | crypted.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 59 detected (AIDetectMalware, Locky, malicious, high confidence, score, Trojanpws, Zusy, Unsafe, Save, Attribute, HighConfidence, Kryptik, HXDB, Artemis, PWSX, Lazy, Reline, Packed2, kpclrj, Convagent, niRPZnl53BP, ahopx, Real Protect, high, Krypt, Detected, ai score=88, RedLine, Eldorado, R656787, BScope, TrojanPSW, GdSda, QQPass, QQRob, Fkjl, Static AI, Malicious PE, susgen, confidence, 100%, HD#J) | ||
| md5 | efb9f7b4e6703ad5d5b179992a6c44f8 | ||
| sha256 | 6ea5dc63bda788cd58bcbc5d9c736f7ba1d01371a9d05c53134616c2776c6314 | ||
| ssdeep | 12288:yJ8TOT7hr3MBm3CCkf3HHhBjM14MqLNyjK3h//8wr+kv:yEU7hDMg3bkf3nbjZR//8kT | ||
| imphash | 9d5b9d61589b83a7f2c3d41f757e8ae0 | ||
| impfuzzy | 24:iegAEjlyjMacpVJfK1ZQDzGtIu9uGhlJBl393PLOovbO3gv9FZYGMAkEZX:rgracpVJOcGtuGnpN63y9FZR | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x428000 Polyline
USER32.dll
0x42815c OffsetRect
KERNEL32.dll
0x428008 CreateFileW
0x42800c HeapSize
0x428010 GetProcessHeap
0x428014 SetStdHandle
0x428018 WaitForSingleObject
0x42801c CreateThread
0x428020 VirtualAlloc
0x428024 CloseHandle
0x428028 WaitForSingleObjectEx
0x42802c GetCurrentThreadId
0x428030 GetExitCodeThread
0x428034 WideCharToMultiByte
0x428038 MultiByteToWideChar
0x42803c GetStringTypeW
0x428040 EnterCriticalSection
0x428044 LeaveCriticalSection
0x428048 InitializeCriticalSectionEx
0x42804c DeleteCriticalSection
0x428050 QueryPerformanceCounter
0x428054 ReleaseSRWLockExclusive
0x428058 WakeAllConditionVariable
0x42805c EncodePointer
0x428060 DecodePointer
0x428064 LCMapStringEx
0x428068 GetSystemTimeAsFileTime
0x42806c GetModuleHandleW
0x428070 GetProcAddress
0x428074 GetCPInfo
0x428078 IsProcessorFeaturePresent
0x42807c GetCurrentProcessId
0x428080 InitializeSListHead
0x428084 IsDebuggerPresent
0x428088 UnhandledExceptionFilter
0x42808c SetUnhandledExceptionFilter
0x428090 GetStartupInfoW
0x428094 GetCurrentProcess
0x428098 TerminateProcess
0x42809c SetEnvironmentVariableW
0x4280a0 RaiseException
0x4280a4 RtlUnwind
0x4280a8 GetLastError
0x4280ac SetLastError
0x4280b0 InitializeCriticalSectionAndSpinCount
0x4280b4 TlsAlloc
0x4280b8 TlsGetValue
0x4280bc TlsSetValue
0x4280c0 TlsFree
0x4280c4 FreeLibrary
0x4280c8 LoadLibraryExW
0x4280cc ExitThread
0x4280d0 FreeLibraryAndExitThread
0x4280d4 GetModuleHandleExW
0x4280d8 GetStdHandle
0x4280dc WriteFile
0x4280e0 GetModuleFileNameW
0x4280e4 ExitProcess
0x4280e8 GetCommandLineA
0x4280ec GetCommandLineW
0x4280f0 HeapAlloc
0x4280f4 HeapFree
0x4280f8 GetFileType
0x4280fc CompareStringW
0x428100 LCMapStringW
0x428104 GetLocaleInfoW
0x428108 IsValidLocale
0x42810c GetUserDefaultLCID
0x428110 EnumSystemLocalesW
0x428114 FlushFileBuffers
0x428118 GetConsoleOutputCP
0x42811c GetConsoleMode
0x428120 ReadFile
0x428124 GetFileSizeEx
0x428128 SetFilePointerEx
0x42812c ReadConsoleW
0x428130 HeapReAlloc
0x428134 FindClose
0x428138 FindFirstFileExW
0x42813c FindNextFileW
0x428140 IsValidCodePage
0x428144 GetACP
0x428148 GetOEMCP
0x42814c GetEnvironmentStringsW
0x428150 FreeEnvironmentStringsW
0x428154 WriteConsoleW
EAT(Export Address Table) Library
0x427d10 IUAhsiuchniuohAIU
GDI32.dll
0x428000 Polyline
USER32.dll
0x42815c OffsetRect
KERNEL32.dll
0x428008 CreateFileW
0x42800c HeapSize
0x428010 GetProcessHeap
0x428014 SetStdHandle
0x428018 WaitForSingleObject
0x42801c CreateThread
0x428020 VirtualAlloc
0x428024 CloseHandle
0x428028 WaitForSingleObjectEx
0x42802c GetCurrentThreadId
0x428030 GetExitCodeThread
0x428034 WideCharToMultiByte
0x428038 MultiByteToWideChar
0x42803c GetStringTypeW
0x428040 EnterCriticalSection
0x428044 LeaveCriticalSection
0x428048 InitializeCriticalSectionEx
0x42804c DeleteCriticalSection
0x428050 QueryPerformanceCounter
0x428054 ReleaseSRWLockExclusive
0x428058 WakeAllConditionVariable
0x42805c EncodePointer
0x428060 DecodePointer
0x428064 LCMapStringEx
0x428068 GetSystemTimeAsFileTime
0x42806c GetModuleHandleW
0x428070 GetProcAddress
0x428074 GetCPInfo
0x428078 IsProcessorFeaturePresent
0x42807c GetCurrentProcessId
0x428080 InitializeSListHead
0x428084 IsDebuggerPresent
0x428088 UnhandledExceptionFilter
0x42808c SetUnhandledExceptionFilter
0x428090 GetStartupInfoW
0x428094 GetCurrentProcess
0x428098 TerminateProcess
0x42809c SetEnvironmentVariableW
0x4280a0 RaiseException
0x4280a4 RtlUnwind
0x4280a8 GetLastError
0x4280ac SetLastError
0x4280b0 InitializeCriticalSectionAndSpinCount
0x4280b4 TlsAlloc
0x4280b8 TlsGetValue
0x4280bc TlsSetValue
0x4280c0 TlsFree
0x4280c4 FreeLibrary
0x4280c8 LoadLibraryExW
0x4280cc ExitThread
0x4280d0 FreeLibraryAndExitThread
0x4280d4 GetModuleHandleExW
0x4280d8 GetStdHandle
0x4280dc WriteFile
0x4280e0 GetModuleFileNameW
0x4280e4 ExitProcess
0x4280e8 GetCommandLineA
0x4280ec GetCommandLineW
0x4280f0 HeapAlloc
0x4280f4 HeapFree
0x4280f8 GetFileType
0x4280fc CompareStringW
0x428100 LCMapStringW
0x428104 GetLocaleInfoW
0x428108 IsValidLocale
0x42810c GetUserDefaultLCID
0x428110 EnumSystemLocalesW
0x428114 FlushFileBuffers
0x428118 GetConsoleOutputCP
0x42811c GetConsoleMode
0x428120 ReadFile
0x428124 GetFileSizeEx
0x428128 SetFilePointerEx
0x42812c ReadConsoleW
0x428130 HeapReAlloc
0x428134 FindClose
0x428138 FindFirstFileExW
0x42813c FindNextFileW
0x428140 IsValidCodePage
0x428144 GetACP
0x428148 GetOEMCP
0x42814c GetEnvironmentStringsW
0x428150 FreeEnvironmentStringsW
0x428154 WriteConsoleW
EAT(Export Address Table) Library
0x427d10 IUAhsiuchniuohAIU