ScreenShot
| Created | 2024.07.07 19:05 | Machine | s1_win7_x6401 |
| Filename | inte.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 64 detected (AIDetectMalware, Tepfer, malicious, high confidence, score, Lockbit, Zusy, Unsafe, Save, Stealc, Attribute, HighConfidence, Kryptik, HXCL, Artemis, Fareit, StopCrypt, knmghx, CLOUD, AGEN, DownLoader46, GCLEANER, YXEEUZ, Real Protect, high, Krypt, Detected, ai score=86, ABTrojan, EHMW, Ransomware, R649030, ZexaF, nu0@auBWSpnG, Chgt, Gencirc, 0V0057yNeFQ, susgen, HCOV, confidence, 100%) | ||
| md5 | cd0fd465ea4fd58cf58413dda8114989 | ||
| sha256 | a5f4270eed2a341acb58267cfaca48cfd25d5d5921b6f4d7e856ef4b5fd85dbe | ||
| ssdeep | 3072:Kj9Wt0dASUNee76IR+tXe/ZHwYjpu8lULeJQ7k7wE65/:2cgUNj2DtXe/ZQKu7k7W | ||
| imphash | 5a8728b723b0530e453fdd22443260ae | ||
| impfuzzy | 24:gkrkcZX+fDrkrTRkrr1nWkrIJcDoqpYZv9KiSvGOovttdcklwQFBRyvuhvSJFlrC:XHEoTENZ5e1tsktdcrlYvSJFRGj | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 64 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40c000 SetLocaleInfoA
0x40c004 GetConsoleAliasesLengthW
0x40c008 GetNumaProcessorNode
0x40c00c DebugActiveProcessStop
0x40c010 SetErrorMode
0x40c014 InterlockedDecrement
0x40c018 SetConsoleScreenBufferSize
0x40c01c GetModuleHandleW
0x40c020 GetTickCount
0x40c024 GetConsoleAliasesA
0x40c028 ReadConsoleOutputA
0x40c02c EnumTimeFormatsW
0x40c030 ActivateActCtx
0x40c034 LoadLibraryW
0x40c038 Sleep
0x40c03c FindNextVolumeW
0x40c040 WriteConsoleW
0x40c044 CompareStringW
0x40c048 SetConsoleTitleA
0x40c04c VirtualUnlock
0x40c050 RaiseException
0x40c054 GetShortPathNameA
0x40c058 GetConsoleAliasesW
0x40c05c SetLastError
0x40c060 GetProcAddress
0x40c064 VerLanguageNameW
0x40c068 BuildCommDCBW
0x40c06c LoadLibraryA
0x40c070 FreeEnvironmentStringsW
0x40c074 PurgeComm
0x40c078 GetCurrentDirectoryA
0x40c07c DeleteCriticalSection
0x40c080 SetCalendarInfoA
0x40c084 FindAtomW
0x40c088 GlobalReAlloc
0x40c08c CommConfigDialogW
0x40c090 CreateFileA
0x40c094 GetLastError
0x40c098 HeapReAlloc
0x40c09c HeapAlloc
0x40c0a0 GetCommandLineA
0x40c0a4 GetStartupInfoA
0x40c0a8 TerminateProcess
0x40c0ac GetCurrentProcess
0x40c0b0 UnhandledExceptionFilter
0x40c0b4 SetUnhandledExceptionFilter
0x40c0b8 IsDebuggerPresent
0x40c0bc EnterCriticalSection
0x40c0c0 LeaveCriticalSection
0x40c0c4 HeapCreate
0x40c0c8 VirtualFree
0x40c0cc HeapFree
0x40c0d0 VirtualAlloc
0x40c0d4 ExitProcess
0x40c0d8 WriteFile
0x40c0dc GetStdHandle
0x40c0e0 GetModuleFileNameA
0x40c0e4 FreeEnvironmentStringsA
0x40c0e8 GetEnvironmentStrings
0x40c0ec WideCharToMultiByte
0x40c0f0 GetEnvironmentStringsW
0x40c0f4 SetHandleCount
0x40c0f8 GetFileType
0x40c0fc TlsGetValue
0x40c100 TlsAlloc
0x40c104 TlsSetValue
0x40c108 TlsFree
0x40c10c InterlockedIncrement
0x40c110 GetCurrentThreadId
0x40c114 QueryPerformanceCounter
0x40c118 GetCurrentProcessId
0x40c11c GetSystemTimeAsFileTime
0x40c120 RtlUnwind
0x40c124 GetCPInfo
0x40c128 GetACP
0x40c12c GetOEMCP
0x40c130 IsValidCodePage
0x40c134 MultiByteToWideChar
0x40c138 InitializeCriticalSectionAndSpinCount
0x40c13c GetConsoleCP
0x40c140 GetConsoleMode
0x40c144 FlushFileBuffers
0x40c148 LCMapStringA
0x40c14c LCMapStringW
0x40c150 GetStringTypeA
0x40c154 GetStringTypeW
0x40c158 GetLocaleInfoA
0x40c15c ReadFile
0x40c160 SetFilePointer
0x40c164 HeapSize
0x40c168 CloseHandle
0x40c16c WriteConsoleA
0x40c170 GetConsoleOutputCP
0x40c174 SetStdHandle
USER32.dll
0x40c17c SetActiveWindow
EAT(Export Address Table) is none
KERNEL32.dll
0x40c000 SetLocaleInfoA
0x40c004 GetConsoleAliasesLengthW
0x40c008 GetNumaProcessorNode
0x40c00c DebugActiveProcessStop
0x40c010 SetErrorMode
0x40c014 InterlockedDecrement
0x40c018 SetConsoleScreenBufferSize
0x40c01c GetModuleHandleW
0x40c020 GetTickCount
0x40c024 GetConsoleAliasesA
0x40c028 ReadConsoleOutputA
0x40c02c EnumTimeFormatsW
0x40c030 ActivateActCtx
0x40c034 LoadLibraryW
0x40c038 Sleep
0x40c03c FindNextVolumeW
0x40c040 WriteConsoleW
0x40c044 CompareStringW
0x40c048 SetConsoleTitleA
0x40c04c VirtualUnlock
0x40c050 RaiseException
0x40c054 GetShortPathNameA
0x40c058 GetConsoleAliasesW
0x40c05c SetLastError
0x40c060 GetProcAddress
0x40c064 VerLanguageNameW
0x40c068 BuildCommDCBW
0x40c06c LoadLibraryA
0x40c070 FreeEnvironmentStringsW
0x40c074 PurgeComm
0x40c078 GetCurrentDirectoryA
0x40c07c DeleteCriticalSection
0x40c080 SetCalendarInfoA
0x40c084 FindAtomW
0x40c088 GlobalReAlloc
0x40c08c CommConfigDialogW
0x40c090 CreateFileA
0x40c094 GetLastError
0x40c098 HeapReAlloc
0x40c09c HeapAlloc
0x40c0a0 GetCommandLineA
0x40c0a4 GetStartupInfoA
0x40c0a8 TerminateProcess
0x40c0ac GetCurrentProcess
0x40c0b0 UnhandledExceptionFilter
0x40c0b4 SetUnhandledExceptionFilter
0x40c0b8 IsDebuggerPresent
0x40c0bc EnterCriticalSection
0x40c0c0 LeaveCriticalSection
0x40c0c4 HeapCreate
0x40c0c8 VirtualFree
0x40c0cc HeapFree
0x40c0d0 VirtualAlloc
0x40c0d4 ExitProcess
0x40c0d8 WriteFile
0x40c0dc GetStdHandle
0x40c0e0 GetModuleFileNameA
0x40c0e4 FreeEnvironmentStringsA
0x40c0e8 GetEnvironmentStrings
0x40c0ec WideCharToMultiByte
0x40c0f0 GetEnvironmentStringsW
0x40c0f4 SetHandleCount
0x40c0f8 GetFileType
0x40c0fc TlsGetValue
0x40c100 TlsAlloc
0x40c104 TlsSetValue
0x40c108 TlsFree
0x40c10c InterlockedIncrement
0x40c110 GetCurrentThreadId
0x40c114 QueryPerformanceCounter
0x40c118 GetCurrentProcessId
0x40c11c GetSystemTimeAsFileTime
0x40c120 RtlUnwind
0x40c124 GetCPInfo
0x40c128 GetACP
0x40c12c GetOEMCP
0x40c130 IsValidCodePage
0x40c134 MultiByteToWideChar
0x40c138 InitializeCriticalSectionAndSpinCount
0x40c13c GetConsoleCP
0x40c140 GetConsoleMode
0x40c144 FlushFileBuffers
0x40c148 LCMapStringA
0x40c14c LCMapStringW
0x40c150 GetStringTypeA
0x40c154 GetStringTypeW
0x40c158 GetLocaleInfoA
0x40c15c ReadFile
0x40c160 SetFilePointer
0x40c164 HeapSize
0x40c168 CloseHandle
0x40c16c WriteConsoleA
0x40c170 GetConsoleOutputCP
0x40c174 SetStdHandle
USER32.dll
0x40c17c SetActiveWindow
EAT(Export Address Table) is none