ScreenShot
| Created | 2024.07.08 17:04 | Machine | s1_win7_x6403 |
| Filename | Chrome_Password_Remover.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 56 detected (AIDetectMalware, malicious, high confidence, score, Caynamer, Artemis, GenericKD, Unsafe, V4v3, Attribute, HighConfidence, a variant of WinGo, qwitzb, Genric, CLASSIC, qjmll, AMADEY, YXEGBZ, WinGo, Detected, ai score=82, Malware@#bb6u541km4j5, Casdet, ABTrojan, IIVN, TrojanPSW, Lumma, FakeChrome, Chgt, Gencirc, Static AI, Suspicious PE, susgen) | ||
| md5 | f308be1162c86c3d72ad06c4c85a67d4 | ||
| sha256 | 842e6467d3f6bddb484929a8dba9757920e0b484d8addf40a8fe69f8b205f174 | ||
| ssdeep | 49152:EfMhc7XOayJj55BNcU0KA///skFyE6OjBuXVBw5yyk0+fNH4YxVjM5EmOj1Ggdap:Osc7XL4JNgB01XVKkuFEmBhIGFH | ||
| imphash | 5929190c8765f5bc37b052ab5c6c53e7 | ||
| impfuzzy | 48:qJrKxMCy9cmwKeFR+2u42xQ2HpdXiX1PJOmSnlTJGfYJ861k1vcqTjz:qJexMCyamCRHu42xQ2HPXiX1PgblTJGh | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14075a47c AddAtomA
0x14075a484 AddVectoredExceptionHandler
0x14075a48c CloseHandle
0x14075a494 CreateEventA
0x14075a49c CreateFileA
0x14075a4a4 CreateIoCompletionPort
0x14075a4ac CreateMutexA
0x14075a4b4 CreateSemaphoreA
0x14075a4bc CreateThread
0x14075a4c4 CreateWaitableTimerExW
0x14075a4cc DeleteAtom
0x14075a4d4 DeleteCriticalSection
0x14075a4dc DuplicateHandle
0x14075a4e4 EnterCriticalSection
0x14075a4ec ExitProcess
0x14075a4f4 FindAtomA
0x14075a4fc FormatMessageA
0x14075a504 FreeEnvironmentStringsW
0x14075a50c GetAtomNameA
0x14075a514 GetConsoleMode
0x14075a51c GetCurrentProcess
0x14075a524 GetCurrentProcessId
0x14075a52c GetCurrentThread
0x14075a534 GetCurrentThreadId
0x14075a53c GetEnvironmentStringsW
0x14075a544 GetErrorMode
0x14075a54c GetHandleInformation
0x14075a554 GetLastError
0x14075a55c GetProcAddress
0x14075a564 GetProcessAffinityMask
0x14075a56c GetQueuedCompletionStatusEx
0x14075a574 GetStartupInfoA
0x14075a57c GetStdHandle
0x14075a584 GetSystemDirectoryA
0x14075a58c GetSystemInfo
0x14075a594 GetSystemTimeAsFileTime
0x14075a59c GetThreadContext
0x14075a5a4 GetThreadPriority
0x14075a5ac GetTickCount
0x14075a5b4 InitializeCriticalSection
0x14075a5bc IsDBCSLeadByteEx
0x14075a5c4 IsDebuggerPresent
0x14075a5cc LeaveCriticalSection
0x14075a5d4 LoadLibraryExW
0x14075a5dc LoadLibraryW
0x14075a5e4 LocalFree
0x14075a5ec MultiByteToWideChar
0x14075a5f4 OpenProcess
0x14075a5fc OutputDebugStringA
0x14075a604 PostQueuedCompletionStatus
0x14075a60c QueryPerformanceCounter
0x14075a614 QueryPerformanceFrequency
0x14075a61c RaiseException
0x14075a624 RaiseFailFastException
0x14075a62c ReleaseMutex
0x14075a634 ReleaseSemaphore
0x14075a63c RemoveVectoredExceptionHandler
0x14075a644 ResetEvent
0x14075a64c ResumeThread
0x14075a654 SetConsoleCtrlHandler
0x14075a65c SetErrorMode
0x14075a664 SetEvent
0x14075a66c SetLastError
0x14075a674 SetProcessAffinityMask
0x14075a67c SetProcessPriorityBoost
0x14075a684 SetThreadContext
0x14075a68c SetThreadPriority
0x14075a694 SetUnhandledExceptionFilter
0x14075a69c SetWaitableTimer
0x14075a6a4 Sleep
0x14075a6ac SuspendThread
0x14075a6b4 SwitchToThread
0x14075a6bc TlsAlloc
0x14075a6c4 TlsGetValue
0x14075a6cc TlsSetValue
0x14075a6d4 TryEnterCriticalSection
0x14075a6dc VirtualAlloc
0x14075a6e4 VirtualFree
0x14075a6ec VirtualProtect
0x14075a6f4 VirtualQuery
0x14075a6fc WaitForMultipleObjects
0x14075a704 WaitForSingleObject
0x14075a70c WerGetFlags
0x14075a714 WerSetFlags
0x14075a71c WideCharToMultiByte
0x14075a724 WriteConsoleW
0x14075a72c WriteFile
0x14075a734 __C_specific_handler
msvcrt.dll
0x14075a744 ___lc_codepage_func
0x14075a74c ___mb_cur_max_func
0x14075a754 __getmainargs
0x14075a75c __initenv
0x14075a764 __iob_func
0x14075a76c __lconv_init
0x14075a774 __set_app_type
0x14075a77c __setusermatherr
0x14075a784 _acmdln
0x14075a78c _amsg_exit
0x14075a794 _beginthread
0x14075a79c _beginthreadex
0x14075a7a4 _cexit
0x14075a7ac _commode
0x14075a7b4 _endthreadex
0x14075a7bc _errno
0x14075a7c4 _fmode
0x14075a7cc _initterm
0x14075a7d4 _lock
0x14075a7dc _memccpy
0x14075a7e4 _onexit
0x14075a7ec _setjmp
0x14075a7f4 _strdup
0x14075a7fc _ultoa
0x14075a804 _unlock
0x14075a80c abort
0x14075a814 calloc
0x14075a81c exit
0x14075a824 fprintf
0x14075a82c fputc
0x14075a834 free
0x14075a83c fwrite
0x14075a844 localeconv
0x14075a84c longjmp
0x14075a854 malloc
0x14075a85c memcpy
0x14075a864 memmove
0x14075a86c memset
0x14075a874 printf
0x14075a87c realloc
0x14075a884 signal
0x14075a88c strerror
0x14075a894 strlen
0x14075a89c strncmp
0x14075a8a4 vfprintf
0x14075a8ac wcslen
EAT(Export Address Table) Library
0x140758090 _cgo_dummy_export
KERNEL32.dll
0x14075a47c AddAtomA
0x14075a484 AddVectoredExceptionHandler
0x14075a48c CloseHandle
0x14075a494 CreateEventA
0x14075a49c CreateFileA
0x14075a4a4 CreateIoCompletionPort
0x14075a4ac CreateMutexA
0x14075a4b4 CreateSemaphoreA
0x14075a4bc CreateThread
0x14075a4c4 CreateWaitableTimerExW
0x14075a4cc DeleteAtom
0x14075a4d4 DeleteCriticalSection
0x14075a4dc DuplicateHandle
0x14075a4e4 EnterCriticalSection
0x14075a4ec ExitProcess
0x14075a4f4 FindAtomA
0x14075a4fc FormatMessageA
0x14075a504 FreeEnvironmentStringsW
0x14075a50c GetAtomNameA
0x14075a514 GetConsoleMode
0x14075a51c GetCurrentProcess
0x14075a524 GetCurrentProcessId
0x14075a52c GetCurrentThread
0x14075a534 GetCurrentThreadId
0x14075a53c GetEnvironmentStringsW
0x14075a544 GetErrorMode
0x14075a54c GetHandleInformation
0x14075a554 GetLastError
0x14075a55c GetProcAddress
0x14075a564 GetProcessAffinityMask
0x14075a56c GetQueuedCompletionStatusEx
0x14075a574 GetStartupInfoA
0x14075a57c GetStdHandle
0x14075a584 GetSystemDirectoryA
0x14075a58c GetSystemInfo
0x14075a594 GetSystemTimeAsFileTime
0x14075a59c GetThreadContext
0x14075a5a4 GetThreadPriority
0x14075a5ac GetTickCount
0x14075a5b4 InitializeCriticalSection
0x14075a5bc IsDBCSLeadByteEx
0x14075a5c4 IsDebuggerPresent
0x14075a5cc LeaveCriticalSection
0x14075a5d4 LoadLibraryExW
0x14075a5dc LoadLibraryW
0x14075a5e4 LocalFree
0x14075a5ec MultiByteToWideChar
0x14075a5f4 OpenProcess
0x14075a5fc OutputDebugStringA
0x14075a604 PostQueuedCompletionStatus
0x14075a60c QueryPerformanceCounter
0x14075a614 QueryPerformanceFrequency
0x14075a61c RaiseException
0x14075a624 RaiseFailFastException
0x14075a62c ReleaseMutex
0x14075a634 ReleaseSemaphore
0x14075a63c RemoveVectoredExceptionHandler
0x14075a644 ResetEvent
0x14075a64c ResumeThread
0x14075a654 SetConsoleCtrlHandler
0x14075a65c SetErrorMode
0x14075a664 SetEvent
0x14075a66c SetLastError
0x14075a674 SetProcessAffinityMask
0x14075a67c SetProcessPriorityBoost
0x14075a684 SetThreadContext
0x14075a68c SetThreadPriority
0x14075a694 SetUnhandledExceptionFilter
0x14075a69c SetWaitableTimer
0x14075a6a4 Sleep
0x14075a6ac SuspendThread
0x14075a6b4 SwitchToThread
0x14075a6bc TlsAlloc
0x14075a6c4 TlsGetValue
0x14075a6cc TlsSetValue
0x14075a6d4 TryEnterCriticalSection
0x14075a6dc VirtualAlloc
0x14075a6e4 VirtualFree
0x14075a6ec VirtualProtect
0x14075a6f4 VirtualQuery
0x14075a6fc WaitForMultipleObjects
0x14075a704 WaitForSingleObject
0x14075a70c WerGetFlags
0x14075a714 WerSetFlags
0x14075a71c WideCharToMultiByte
0x14075a724 WriteConsoleW
0x14075a72c WriteFile
0x14075a734 __C_specific_handler
msvcrt.dll
0x14075a744 ___lc_codepage_func
0x14075a74c ___mb_cur_max_func
0x14075a754 __getmainargs
0x14075a75c __initenv
0x14075a764 __iob_func
0x14075a76c __lconv_init
0x14075a774 __set_app_type
0x14075a77c __setusermatherr
0x14075a784 _acmdln
0x14075a78c _amsg_exit
0x14075a794 _beginthread
0x14075a79c _beginthreadex
0x14075a7a4 _cexit
0x14075a7ac _commode
0x14075a7b4 _endthreadex
0x14075a7bc _errno
0x14075a7c4 _fmode
0x14075a7cc _initterm
0x14075a7d4 _lock
0x14075a7dc _memccpy
0x14075a7e4 _onexit
0x14075a7ec _setjmp
0x14075a7f4 _strdup
0x14075a7fc _ultoa
0x14075a804 _unlock
0x14075a80c abort
0x14075a814 calloc
0x14075a81c exit
0x14075a824 fprintf
0x14075a82c fputc
0x14075a834 free
0x14075a83c fwrite
0x14075a844 localeconv
0x14075a84c longjmp
0x14075a854 malloc
0x14075a85c memcpy
0x14075a864 memmove
0x14075a86c memset
0x14075a874 printf
0x14075a87c realloc
0x14075a884 signal
0x14075a88c strerror
0x14075a894 strlen
0x14075a89c strncmp
0x14075a8a4 vfprintf
0x14075a8ac wcslen
EAT(Export Address Table) Library
0x140758090 _cgo_dummy_export