ScreenShot
| Created | 2024.07.04 09:39 | Machine | s1_win7_x6403 |
| Filename | systemd.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 44 detected (AIDetectMalware, malicious, moderate confidence, score, Babar, Unsafe, Save, GenericKD, Attribute, HighConfidence, Artemis, MalwareX, Diztakun, CLOUD, PovertyStealer, byoon, Poverty, moderate, Generic Reputation PUA, Detected, ai score=85, GenericML, xnet, Wacatac, 0HRBN5, ZexaF, JqW@aCGlmgf, Chgt, R002H09G224, Static AI, Malicious PE, susgen, PossibleThreat, confidence) | ||
| md5 | da4b6f39fc024d2383d4bfe7f67f1ee1 | ||
| sha256 | 544697a024abaea1b24eaa3d89869b2c8a4c1acf96d4e152f5632d338d054c9e | ||
| ssdeep | 12288:No4ykJuqlLJop9G3/AmAGWn7sfPJYQIMt8KHsTH:NoBsLaDKAmAbUJ+M2K2 | ||
| imphash | 35504252928d496732012120d2a694cf | ||
| impfuzzy | 24:WjzKDDojBcpVWZjS1jtZhlJBlmLouhvuZ6GMAkpOovbOPZG:f2BcpVejS1jtZnuDuZb3w | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x479000 WaitForSingleObject
0x479004 GetCurrentProcess
0x479008 CreateThread
0x47900c VirtualAlloc
0x479010 VirtualProtect
0x479014 FreeLibrary
0x479018 GetModuleHandleA
0x47901c GetProcAddress
0x479020 LoadLibraryA
0x479024 MultiByteToWideChar
0x479028 CreateFileW
0x47902c WideCharToMultiByte
0x479030 GetStringTypeW
0x479034 RaiseException
0x479038 EnterCriticalSection
0x47903c LeaveCriticalSection
0x479040 InitializeCriticalSectionEx
0x479044 DeleteCriticalSection
0x479048 EncodePointer
0x47904c DecodePointer
0x479050 LCMapStringEx
0x479054 GetCPInfo
0x479058 IsProcessorFeaturePresent
0x47905c QueryPerformanceCounter
0x479060 GetCurrentProcessId
0x479064 GetCurrentThreadId
0x479068 GetSystemTimeAsFileTime
0x47906c InitializeSListHead
0x479070 IsDebuggerPresent
0x479074 UnhandledExceptionFilter
0x479078 SetUnhandledExceptionFilter
0x47907c GetStartupInfoW
0x479080 GetModuleHandleW
0x479084 TerminateProcess
0x479088 RtlUnwind
0x47908c GetLastError
0x479090 SetLastError
0x479094 InitializeCriticalSectionAndSpinCount
0x479098 TlsAlloc
0x47909c TlsGetValue
0x4790a0 TlsSetValue
0x4790a4 TlsFree
0x4790a8 LoadLibraryExW
0x4790ac GetStdHandle
0x4790b0 WriteFile
0x4790b4 GetModuleFileNameW
0x4790b8 ExitProcess
0x4790bc GetModuleHandleExW
0x4790c0 HeapFree
0x4790c4 HeapAlloc
0x4790c8 GetFileType
0x4790cc LCMapStringW
0x4790d0 GetLocaleInfoW
0x4790d4 IsValidLocale
0x4790d8 GetUserDefaultLCID
0x4790dc EnumSystemLocalesW
0x4790e0 CloseHandle
0x4790e4 FlushFileBuffers
0x4790e8 GetConsoleOutputCP
0x4790ec GetConsoleMode
0x4790f0 ReadFile
0x4790f4 GetFileSizeEx
0x4790f8 SetFilePointerEx
0x4790fc ReadConsoleW
0x479100 HeapReAlloc
0x479104 FindClose
0x479108 FindFirstFileExW
0x47910c FindNextFileW
0x479110 IsValidCodePage
0x479114 GetACP
0x479118 GetOEMCP
0x47911c GetCommandLineA
0x479120 GetCommandLineW
0x479124 GetEnvironmentStringsW
0x479128 FreeEnvironmentStringsW
0x47912c SetStdHandle
0x479130 GetProcessHeap
0x479134 HeapSize
0x479138 WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x479000 WaitForSingleObject
0x479004 GetCurrentProcess
0x479008 CreateThread
0x47900c VirtualAlloc
0x479010 VirtualProtect
0x479014 FreeLibrary
0x479018 GetModuleHandleA
0x47901c GetProcAddress
0x479020 LoadLibraryA
0x479024 MultiByteToWideChar
0x479028 CreateFileW
0x47902c WideCharToMultiByte
0x479030 GetStringTypeW
0x479034 RaiseException
0x479038 EnterCriticalSection
0x47903c LeaveCriticalSection
0x479040 InitializeCriticalSectionEx
0x479044 DeleteCriticalSection
0x479048 EncodePointer
0x47904c DecodePointer
0x479050 LCMapStringEx
0x479054 GetCPInfo
0x479058 IsProcessorFeaturePresent
0x47905c QueryPerformanceCounter
0x479060 GetCurrentProcessId
0x479064 GetCurrentThreadId
0x479068 GetSystemTimeAsFileTime
0x47906c InitializeSListHead
0x479070 IsDebuggerPresent
0x479074 UnhandledExceptionFilter
0x479078 SetUnhandledExceptionFilter
0x47907c GetStartupInfoW
0x479080 GetModuleHandleW
0x479084 TerminateProcess
0x479088 RtlUnwind
0x47908c GetLastError
0x479090 SetLastError
0x479094 InitializeCriticalSectionAndSpinCount
0x479098 TlsAlloc
0x47909c TlsGetValue
0x4790a0 TlsSetValue
0x4790a4 TlsFree
0x4790a8 LoadLibraryExW
0x4790ac GetStdHandle
0x4790b0 WriteFile
0x4790b4 GetModuleFileNameW
0x4790b8 ExitProcess
0x4790bc GetModuleHandleExW
0x4790c0 HeapFree
0x4790c4 HeapAlloc
0x4790c8 GetFileType
0x4790cc LCMapStringW
0x4790d0 GetLocaleInfoW
0x4790d4 IsValidLocale
0x4790d8 GetUserDefaultLCID
0x4790dc EnumSystemLocalesW
0x4790e0 CloseHandle
0x4790e4 FlushFileBuffers
0x4790e8 GetConsoleOutputCP
0x4790ec GetConsoleMode
0x4790f0 ReadFile
0x4790f4 GetFileSizeEx
0x4790f8 SetFilePointerEx
0x4790fc ReadConsoleW
0x479100 HeapReAlloc
0x479104 FindClose
0x479108 FindFirstFileExW
0x47910c FindNextFileW
0x479110 IsValidCodePage
0x479114 GetACP
0x479118 GetOEMCP
0x47911c GetCommandLineA
0x479120 GetCommandLineW
0x479124 GetEnvironmentStringsW
0x479128 FreeEnvironmentStringsW
0x47912c SetStdHandle
0x479130 GetProcessHeap
0x479134 HeapSize
0x479138 WriteConsoleW
EAT(Export Address Table) is none