ScreenShot
| Created | 2024.07.04 10:05 | Machine | s1_win7_x6401 |
| Filename | streamer.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 36 detected (AIDetectMalware, malicious, high confidence, Ransomblackbyte, Unsafe, Save, Attribute, HighConfidence, a variant of WinGo, Artemis, score, qwitzf, CLASSIC, AGEN, LUMMASTEALER, YXEGCZ, WinGo, Detected, Wacatac, Chgt, confidence) | ||
| md5 | 2502f2fb88c1ea569c0b4287ae0613f3 | ||
| sha256 | 6c3496832cdffffedde13f9c75138ee62dd968eaa26bc23e1cbc082e638c3513 | ||
| ssdeep | 49152:HwWM2zE1fkrLilu5l55F+QjEcEAGjz5Ep+8YTpuQynVoj28OBpclaYC4Ihign93:QWlzE1fyLi61kE7piK93 | ||
| imphash | 5929190c8765f5bc37b052ab5c6c53e7 | ||
| impfuzzy | 48:qJrKxMCy9cmwKeFR+2u42xQ2HpdXiX1PJOmSnlTJGfYJ861k1vcqTjz:qJexMCyamCRHu42xQ2HPXiX1PgblTJGh | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14053947c AddAtomA
0x140539484 AddVectoredExceptionHandler
0x14053948c CloseHandle
0x140539494 CreateEventA
0x14053949c CreateFileA
0x1405394a4 CreateIoCompletionPort
0x1405394ac CreateMutexA
0x1405394b4 CreateSemaphoreA
0x1405394bc CreateThread
0x1405394c4 CreateWaitableTimerExW
0x1405394cc DeleteAtom
0x1405394d4 DeleteCriticalSection
0x1405394dc DuplicateHandle
0x1405394e4 EnterCriticalSection
0x1405394ec ExitProcess
0x1405394f4 FindAtomA
0x1405394fc FormatMessageA
0x140539504 FreeEnvironmentStringsW
0x14053950c GetAtomNameA
0x140539514 GetConsoleMode
0x14053951c GetCurrentProcess
0x140539524 GetCurrentProcessId
0x14053952c GetCurrentThread
0x140539534 GetCurrentThreadId
0x14053953c GetEnvironmentStringsW
0x140539544 GetErrorMode
0x14053954c GetHandleInformation
0x140539554 GetLastError
0x14053955c GetProcAddress
0x140539564 GetProcessAffinityMask
0x14053956c GetQueuedCompletionStatusEx
0x140539574 GetStartupInfoA
0x14053957c GetStdHandle
0x140539584 GetSystemDirectoryA
0x14053958c GetSystemInfo
0x140539594 GetSystemTimeAsFileTime
0x14053959c GetThreadContext
0x1405395a4 GetThreadPriority
0x1405395ac GetTickCount
0x1405395b4 InitializeCriticalSection
0x1405395bc IsDBCSLeadByteEx
0x1405395c4 IsDebuggerPresent
0x1405395cc LeaveCriticalSection
0x1405395d4 LoadLibraryExW
0x1405395dc LoadLibraryW
0x1405395e4 LocalFree
0x1405395ec MultiByteToWideChar
0x1405395f4 OpenProcess
0x1405395fc OutputDebugStringA
0x140539604 PostQueuedCompletionStatus
0x14053960c QueryPerformanceCounter
0x140539614 QueryPerformanceFrequency
0x14053961c RaiseException
0x140539624 RaiseFailFastException
0x14053962c ReleaseMutex
0x140539634 ReleaseSemaphore
0x14053963c RemoveVectoredExceptionHandler
0x140539644 ResetEvent
0x14053964c ResumeThread
0x140539654 SetConsoleCtrlHandler
0x14053965c SetErrorMode
0x140539664 SetEvent
0x14053966c SetLastError
0x140539674 SetProcessAffinityMask
0x14053967c SetProcessPriorityBoost
0x140539684 SetThreadContext
0x14053968c SetThreadPriority
0x140539694 SetUnhandledExceptionFilter
0x14053969c SetWaitableTimer
0x1405396a4 Sleep
0x1405396ac SuspendThread
0x1405396b4 SwitchToThread
0x1405396bc TlsAlloc
0x1405396c4 TlsGetValue
0x1405396cc TlsSetValue
0x1405396d4 TryEnterCriticalSection
0x1405396dc VirtualAlloc
0x1405396e4 VirtualFree
0x1405396ec VirtualProtect
0x1405396f4 VirtualQuery
0x1405396fc WaitForMultipleObjects
0x140539704 WaitForSingleObject
0x14053970c WerGetFlags
0x140539714 WerSetFlags
0x14053971c WideCharToMultiByte
0x140539724 WriteConsoleW
0x14053972c WriteFile
0x140539734 __C_specific_handler
msvcrt.dll
0x140539744 ___lc_codepage_func
0x14053974c ___mb_cur_max_func
0x140539754 __getmainargs
0x14053975c __initenv
0x140539764 __iob_func
0x14053976c __lconv_init
0x140539774 __set_app_type
0x14053977c __setusermatherr
0x140539784 _acmdln
0x14053978c _amsg_exit
0x140539794 _beginthread
0x14053979c _beginthreadex
0x1405397a4 _cexit
0x1405397ac _commode
0x1405397b4 _endthreadex
0x1405397bc _errno
0x1405397c4 _fmode
0x1405397cc _initterm
0x1405397d4 _lock
0x1405397dc _memccpy
0x1405397e4 _onexit
0x1405397ec _setjmp
0x1405397f4 _strdup
0x1405397fc _ultoa
0x140539804 _unlock
0x14053980c abort
0x140539814 calloc
0x14053981c exit
0x140539824 fprintf
0x14053982c fputc
0x140539834 free
0x14053983c fwrite
0x140539844 localeconv
0x14053984c longjmp
0x140539854 malloc
0x14053985c memcpy
0x140539864 memmove
0x14053986c memset
0x140539874 printf
0x14053987c realloc
0x140539884 signal
0x14053988c strerror
0x140539894 strlen
0x14053989c strncmp
0x1405398a4 vfprintf
0x1405398ac wcslen
EAT(Export Address Table) Library
0x1405370b0 _cgo_dummy_export
KERNEL32.dll
0x14053947c AddAtomA
0x140539484 AddVectoredExceptionHandler
0x14053948c CloseHandle
0x140539494 CreateEventA
0x14053949c CreateFileA
0x1405394a4 CreateIoCompletionPort
0x1405394ac CreateMutexA
0x1405394b4 CreateSemaphoreA
0x1405394bc CreateThread
0x1405394c4 CreateWaitableTimerExW
0x1405394cc DeleteAtom
0x1405394d4 DeleteCriticalSection
0x1405394dc DuplicateHandle
0x1405394e4 EnterCriticalSection
0x1405394ec ExitProcess
0x1405394f4 FindAtomA
0x1405394fc FormatMessageA
0x140539504 FreeEnvironmentStringsW
0x14053950c GetAtomNameA
0x140539514 GetConsoleMode
0x14053951c GetCurrentProcess
0x140539524 GetCurrentProcessId
0x14053952c GetCurrentThread
0x140539534 GetCurrentThreadId
0x14053953c GetEnvironmentStringsW
0x140539544 GetErrorMode
0x14053954c GetHandleInformation
0x140539554 GetLastError
0x14053955c GetProcAddress
0x140539564 GetProcessAffinityMask
0x14053956c GetQueuedCompletionStatusEx
0x140539574 GetStartupInfoA
0x14053957c GetStdHandle
0x140539584 GetSystemDirectoryA
0x14053958c GetSystemInfo
0x140539594 GetSystemTimeAsFileTime
0x14053959c GetThreadContext
0x1405395a4 GetThreadPriority
0x1405395ac GetTickCount
0x1405395b4 InitializeCriticalSection
0x1405395bc IsDBCSLeadByteEx
0x1405395c4 IsDebuggerPresent
0x1405395cc LeaveCriticalSection
0x1405395d4 LoadLibraryExW
0x1405395dc LoadLibraryW
0x1405395e4 LocalFree
0x1405395ec MultiByteToWideChar
0x1405395f4 OpenProcess
0x1405395fc OutputDebugStringA
0x140539604 PostQueuedCompletionStatus
0x14053960c QueryPerformanceCounter
0x140539614 QueryPerformanceFrequency
0x14053961c RaiseException
0x140539624 RaiseFailFastException
0x14053962c ReleaseMutex
0x140539634 ReleaseSemaphore
0x14053963c RemoveVectoredExceptionHandler
0x140539644 ResetEvent
0x14053964c ResumeThread
0x140539654 SetConsoleCtrlHandler
0x14053965c SetErrorMode
0x140539664 SetEvent
0x14053966c SetLastError
0x140539674 SetProcessAffinityMask
0x14053967c SetProcessPriorityBoost
0x140539684 SetThreadContext
0x14053968c SetThreadPriority
0x140539694 SetUnhandledExceptionFilter
0x14053969c SetWaitableTimer
0x1405396a4 Sleep
0x1405396ac SuspendThread
0x1405396b4 SwitchToThread
0x1405396bc TlsAlloc
0x1405396c4 TlsGetValue
0x1405396cc TlsSetValue
0x1405396d4 TryEnterCriticalSection
0x1405396dc VirtualAlloc
0x1405396e4 VirtualFree
0x1405396ec VirtualProtect
0x1405396f4 VirtualQuery
0x1405396fc WaitForMultipleObjects
0x140539704 WaitForSingleObject
0x14053970c WerGetFlags
0x140539714 WerSetFlags
0x14053971c WideCharToMultiByte
0x140539724 WriteConsoleW
0x14053972c WriteFile
0x140539734 __C_specific_handler
msvcrt.dll
0x140539744 ___lc_codepage_func
0x14053974c ___mb_cur_max_func
0x140539754 __getmainargs
0x14053975c __initenv
0x140539764 __iob_func
0x14053976c __lconv_init
0x140539774 __set_app_type
0x14053977c __setusermatherr
0x140539784 _acmdln
0x14053978c _amsg_exit
0x140539794 _beginthread
0x14053979c _beginthreadex
0x1405397a4 _cexit
0x1405397ac _commode
0x1405397b4 _endthreadex
0x1405397bc _errno
0x1405397c4 _fmode
0x1405397cc _initterm
0x1405397d4 _lock
0x1405397dc _memccpy
0x1405397e4 _onexit
0x1405397ec _setjmp
0x1405397f4 _strdup
0x1405397fc _ultoa
0x140539804 _unlock
0x14053980c abort
0x140539814 calloc
0x14053981c exit
0x140539824 fprintf
0x14053982c fputc
0x140539834 free
0x14053983c fwrite
0x140539844 localeconv
0x14053984c longjmp
0x140539854 malloc
0x14053985c memcpy
0x140539864 memmove
0x14053986c memset
0x140539874 printf
0x14053987c realloc
0x140539884 signal
0x14053988c strerror
0x140539894 strlen
0x14053989c strncmp
0x1405398a4 vfprintf
0x1405398ac wcslen
EAT(Export Address Table) Library
0x1405370b0 _cgo_dummy_export