ScreenShot
| Created | 2024.07.07 19:26 | Machine | s1_win7_x6401 |
| Filename | EU.file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 63 detected (AIDetectMalware, StopCrypt, malicious, high confidence, score, Lockbit, Midie, Unsafe, Save, Ransomware, Tepfer, Attribute, HighConfidence, Kryptik, HXBC, Artemis, RansomX, Chapak, SmokeLoader, CLASSIC, AceCrypter, gtsog, Packed2, R03BC0DEG24, Real Protect, high, Krypt, Danabot, Windigo, Detected, ai score=80, STOP, 1V2RK4Q, Eldorado, R648426, ZexaF, uq0@aaj9VTjG, Azorult, GdSda, Obfuscated, Static AI, Malicious PE, susgen, GenCBL, confidence, 100%, AMF2XJC) | ||
| md5 | 84d89662f4329f2fa4a36cfd32974eef | ||
| sha256 | 00ca90e01fedb9c290e30a733e1dd9a7642f57bbdde830c7a5be114f731e3382 | ||
| ssdeep | 6144:McZkS1WEzlC8hQjGRpvt5AMyHfZvvz5Xiw5Z8cyxEBw/hff:LeSoE5dCCRpvohRXzli4Z8hX5 | ||
| imphash | db835db0253e5ddc4c3195187d427607 | ||
| impfuzzy | 24:UDYkDUBY5UTgVgosdGJcDKquNsp4XysolYrOovIGNVcRMov91tRl0ISBZupuL:FY5cdDuJaYaTGHcj91tRGIS5L | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 63 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x412008 IsBadStringPtrW
0x41200c LoadLibraryExW
0x412010 GetConsoleAliasA
0x412014 InterlockedDecrement
0x412018 CreateHardLinkA
0x41201c LockFile
0x412020 GetTickCount
0x412024 ReadConsoleW
0x412028 EnumTimeFormatsW
0x41202c TzSpecificLocalTimeToSystemTime
0x412030 GetVolumeInformationA
0x412034 GlobalFindAtomA
0x412038 LoadLibraryW
0x41203c ReadConsoleInputA
0x412040 WriteConsoleW
0x412044 GetSystemDirectoryA
0x412048 SetComputerNameExW
0x41204c GetTempPathW
0x412050 InterlockedExchange
0x412054 SetFilePointer
0x412058 SetLastError
0x41205c GetProcAddress
0x412060 BackupWrite
0x412064 BuildCommDCBW
0x412068 LoadModule
0x41206c OpenMutexA
0x412070 LocalAlloc
0x412074 GetNumberFormatW
0x412078 AddAtomW
0x41207c CreateEventW
0x412080 RemoveDirectoryW
0x412084 VirtualProtect
0x412088 PurgeComm
0x41208c GetWindowsDirectoryW
0x412090 CloseHandle
0x412094 CreateFileW
0x412098 GetLastError
0x41209c GetComputerNameA
0x4120a0 IsProcessorFeaturePresent
0x4120a4 EncodePointer
0x4120a8 DecodePointer
0x4120ac ReadFile
0x4120b0 ExitProcess
0x4120b4 GetModuleHandleExW
0x4120b8 AreFileApisANSI
0x4120bc MultiByteToWideChar
0x4120c0 WideCharToMultiByte
0x4120c4 GetCommandLineA
0x4120c8 RaiseException
0x4120cc RtlUnwind
0x4120d0 IsDebuggerPresent
0x4120d4 HeapFree
0x4120d8 HeapAlloc
0x4120dc HeapSize
0x4120e0 EnterCriticalSection
0x4120e4 LeaveCriticalSection
0x4120e8 SetFilePointerEx
0x4120ec GetConsoleMode
0x4120f0 GetStdHandle
0x4120f4 GetFileType
0x4120f8 DeleteCriticalSection
0x4120fc GetStartupInfoW
0x412100 UnhandledExceptionFilter
0x412104 SetUnhandledExceptionFilter
0x412108 InitializeCriticalSectionAndSpinCount
0x41210c Sleep
0x412110 GetCurrentProcess
0x412114 TerminateProcess
0x412118 TlsAlloc
0x41211c TlsGetValue
0x412120 TlsSetValue
0x412124 TlsFree
0x412128 GetModuleHandleW
0x41212c WriteFile
0x412130 GetModuleFileNameW
0x412134 IsValidCodePage
0x412138 GetACP
0x41213c GetOEMCP
0x412140 GetCPInfo
0x412144 GetCurrentThreadId
0x412148 GetProcessHeap
0x41214c GetModuleFileNameA
0x412150 QueryPerformanceCounter
0x412154 GetCurrentProcessId
0x412158 GetSystemTimeAsFileTime
0x41215c GetEnvironmentStringsW
0x412160 FreeEnvironmentStringsW
0x412164 HeapReAlloc
0x412168 LCMapStringW
0x41216c SetStdHandle
0x412170 GetConsoleCP
0x412174 FlushFileBuffers
0x412178 OutputDebugStringW
0x41217c GetStringTypeW
0x412180 SetEndOfFile
USER32.dll
0x412188 SetCaretPos
GDI32.dll
0x412000 GetCharABCWidthsI
EAT(Export Address Table) is none
KERNEL32.dll
0x412008 IsBadStringPtrW
0x41200c LoadLibraryExW
0x412010 GetConsoleAliasA
0x412014 InterlockedDecrement
0x412018 CreateHardLinkA
0x41201c LockFile
0x412020 GetTickCount
0x412024 ReadConsoleW
0x412028 EnumTimeFormatsW
0x41202c TzSpecificLocalTimeToSystemTime
0x412030 GetVolumeInformationA
0x412034 GlobalFindAtomA
0x412038 LoadLibraryW
0x41203c ReadConsoleInputA
0x412040 WriteConsoleW
0x412044 GetSystemDirectoryA
0x412048 SetComputerNameExW
0x41204c GetTempPathW
0x412050 InterlockedExchange
0x412054 SetFilePointer
0x412058 SetLastError
0x41205c GetProcAddress
0x412060 BackupWrite
0x412064 BuildCommDCBW
0x412068 LoadModule
0x41206c OpenMutexA
0x412070 LocalAlloc
0x412074 GetNumberFormatW
0x412078 AddAtomW
0x41207c CreateEventW
0x412080 RemoveDirectoryW
0x412084 VirtualProtect
0x412088 PurgeComm
0x41208c GetWindowsDirectoryW
0x412090 CloseHandle
0x412094 CreateFileW
0x412098 GetLastError
0x41209c GetComputerNameA
0x4120a0 IsProcessorFeaturePresent
0x4120a4 EncodePointer
0x4120a8 DecodePointer
0x4120ac ReadFile
0x4120b0 ExitProcess
0x4120b4 GetModuleHandleExW
0x4120b8 AreFileApisANSI
0x4120bc MultiByteToWideChar
0x4120c0 WideCharToMultiByte
0x4120c4 GetCommandLineA
0x4120c8 RaiseException
0x4120cc RtlUnwind
0x4120d0 IsDebuggerPresent
0x4120d4 HeapFree
0x4120d8 HeapAlloc
0x4120dc HeapSize
0x4120e0 EnterCriticalSection
0x4120e4 LeaveCriticalSection
0x4120e8 SetFilePointerEx
0x4120ec GetConsoleMode
0x4120f0 GetStdHandle
0x4120f4 GetFileType
0x4120f8 DeleteCriticalSection
0x4120fc GetStartupInfoW
0x412100 UnhandledExceptionFilter
0x412104 SetUnhandledExceptionFilter
0x412108 InitializeCriticalSectionAndSpinCount
0x41210c Sleep
0x412110 GetCurrentProcess
0x412114 TerminateProcess
0x412118 TlsAlloc
0x41211c TlsGetValue
0x412120 TlsSetValue
0x412124 TlsFree
0x412128 GetModuleHandleW
0x41212c WriteFile
0x412130 GetModuleFileNameW
0x412134 IsValidCodePage
0x412138 GetACP
0x41213c GetOEMCP
0x412140 GetCPInfo
0x412144 GetCurrentThreadId
0x412148 GetProcessHeap
0x41214c GetModuleFileNameA
0x412150 QueryPerformanceCounter
0x412154 GetCurrentProcessId
0x412158 GetSystemTimeAsFileTime
0x41215c GetEnvironmentStringsW
0x412160 FreeEnvironmentStringsW
0x412164 HeapReAlloc
0x412168 LCMapStringW
0x41216c SetStdHandle
0x412170 GetConsoleCP
0x412174 FlushFileBuffers
0x412178 OutputDebugStringW
0x41217c GetStringTypeW
0x412180 SetEndOfFile
USER32.dll
0x412188 SetCaretPos
GDI32.dll
0x412000 GetCharABCWidthsI
EAT(Export Address Table) is none