ScreenShot
| Created | 2024.07.08 17:06 | Machine | s1_win7_x6403 |
| Filename | gold.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 55 detected (AIDetectMalware, malicious, high confidence, score, Jaik, Unsafe, Save, Mikey, Attribute, HighConfidence, Kryptik, HXIV, Artemis, PWSX, Lazy, Injuke, Q7ey5PgVEjE, RedLineSteal, qtruk, RedLineNET, REDLINE, YXEGGZ, high, LummaStealer, Detected, ai score=86, Wacatac, Sabsik, Eldorado, ZexaF, HuW@aWzmc, BScope, TrojanPSW, Convagent, Genkryptik, Dkjl, Static AI, Malicious PE, susgen, PossibleThreat, confidence, HDET) | ||
| md5 | e72e3e0f37eddc11e9003053604c7ab6 | ||
| sha256 | 6ccec07e798b1400fdb5c6d059b4a7421333c12ec60c566d599e556cd74e53b2 | ||
| ssdeep | 12288:GlPvulyUTwW9U9ybMSDttya3WfwsUXo0gIteVvfL/T+jtx:GlPmlyU82Df3NsUTgsCvfL6 | ||
| imphash | 55c0acf36986dbee7526009f420c04cb | ||
| impfuzzy | 24:+9jlxE7jMaKAWJkbJcpVJ+ZQDvt8CbJBl39R9OovbO3kFZMv5GMACEZHu9U:KJCWccpVJ2kt8C7pPo30FZGK | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x42c17c OffsetRect
KERNEL32.dll
0x42c000 CreateFileW
0x42c004 HeapSize
0x42c008 SetStdHandle
0x42c00c WaitForSingleObject
0x42c010 CreateThread
0x42c014 VirtualAlloc
0x42c018 FreeConsole
0x42c01c RaiseException
0x42c020 InitOnceBeginInitialize
0x42c024 InitOnceComplete
0x42c028 CloseHandle
0x42c02c WaitForSingleObjectEx
0x42c030 GetCurrentThreadId
0x42c034 GetExitCodeThread
0x42c038 ReleaseSRWLockExclusive
0x42c03c AcquireSRWLockExclusive
0x42c040 TryAcquireSRWLockExclusive
0x42c044 WakeAllConditionVariable
0x42c048 SleepConditionVariableSRW
0x42c04c WideCharToMultiByte
0x42c050 MultiByteToWideChar
0x42c054 GetStringTypeW
0x42c058 GetLastError
0x42c05c FreeLibraryWhenCallbackReturns
0x42c060 CreateThreadpoolWork
0x42c064 SubmitThreadpoolWork
0x42c068 CloseThreadpoolWork
0x42c06c GetModuleHandleExW
0x42c070 IsProcessorFeaturePresent
0x42c074 EnterCriticalSection
0x42c078 LeaveCriticalSection
0x42c07c InitializeCriticalSectionEx
0x42c080 DeleteCriticalSection
0x42c084 QueryPerformanceCounter
0x42c088 EncodePointer
0x42c08c DecodePointer
0x42c090 LCMapStringEx
0x42c094 GetSystemTimeAsFileTime
0x42c098 GetModuleHandleW
0x42c09c GetProcAddress
0x42c0a0 GetCPInfo
0x42c0a4 IsDebuggerPresent
0x42c0a8 UnhandledExceptionFilter
0x42c0ac SetUnhandledExceptionFilter
0x42c0b0 GetStartupInfoW
0x42c0b4 GetCurrentProcess
0x42c0b8 TerminateProcess
0x42c0bc GetCurrentProcessId
0x42c0c0 InitializeSListHead
0x42c0c4 GetProcessHeap
0x42c0c8 RtlUnwind
0x42c0cc SetLastError
0x42c0d0 InitializeCriticalSectionAndSpinCount
0x42c0d4 TlsAlloc
0x42c0d8 TlsGetValue
0x42c0dc TlsSetValue
0x42c0e0 TlsFree
0x42c0e4 FreeLibrary
0x42c0e8 LoadLibraryExW
0x42c0ec ExitThread
0x42c0f0 FreeLibraryAndExitThread
0x42c0f4 ExitProcess
0x42c0f8 GetModuleFileNameW
0x42c0fc GetStdHandle
0x42c100 WriteFile
0x42c104 GetCommandLineA
0x42c108 GetCommandLineW
0x42c10c HeapAlloc
0x42c110 HeapFree
0x42c114 CompareStringW
0x42c118 LCMapStringW
0x42c11c GetLocaleInfoW
0x42c120 IsValidLocale
0x42c124 GetUserDefaultLCID
0x42c128 EnumSystemLocalesW
0x42c12c GetFileType
0x42c130 GetFileSizeEx
0x42c134 SetFilePointerEx
0x42c138 FlushFileBuffers
0x42c13c GetConsoleOutputCP
0x42c140 GetConsoleMode
0x42c144 ReadFile
0x42c148 ReadConsoleW
0x42c14c HeapReAlloc
0x42c150 FindClose
0x42c154 FindFirstFileExW
0x42c158 FindNextFileW
0x42c15c IsValidCodePage
0x42c160 GetACP
0x42c164 GetOEMCP
0x42c168 GetEnvironmentStringsW
0x42c16c FreeEnvironmentStringsW
0x42c170 SetEnvironmentVariableW
0x42c174 WriteConsoleW
EAT(Export Address Table) Library
0x408891 DestroyObjects
USER32.dll
0x42c17c OffsetRect
KERNEL32.dll
0x42c000 CreateFileW
0x42c004 HeapSize
0x42c008 SetStdHandle
0x42c00c WaitForSingleObject
0x42c010 CreateThread
0x42c014 VirtualAlloc
0x42c018 FreeConsole
0x42c01c RaiseException
0x42c020 InitOnceBeginInitialize
0x42c024 InitOnceComplete
0x42c028 CloseHandle
0x42c02c WaitForSingleObjectEx
0x42c030 GetCurrentThreadId
0x42c034 GetExitCodeThread
0x42c038 ReleaseSRWLockExclusive
0x42c03c AcquireSRWLockExclusive
0x42c040 TryAcquireSRWLockExclusive
0x42c044 WakeAllConditionVariable
0x42c048 SleepConditionVariableSRW
0x42c04c WideCharToMultiByte
0x42c050 MultiByteToWideChar
0x42c054 GetStringTypeW
0x42c058 GetLastError
0x42c05c FreeLibraryWhenCallbackReturns
0x42c060 CreateThreadpoolWork
0x42c064 SubmitThreadpoolWork
0x42c068 CloseThreadpoolWork
0x42c06c GetModuleHandleExW
0x42c070 IsProcessorFeaturePresent
0x42c074 EnterCriticalSection
0x42c078 LeaveCriticalSection
0x42c07c InitializeCriticalSectionEx
0x42c080 DeleteCriticalSection
0x42c084 QueryPerformanceCounter
0x42c088 EncodePointer
0x42c08c DecodePointer
0x42c090 LCMapStringEx
0x42c094 GetSystemTimeAsFileTime
0x42c098 GetModuleHandleW
0x42c09c GetProcAddress
0x42c0a0 GetCPInfo
0x42c0a4 IsDebuggerPresent
0x42c0a8 UnhandledExceptionFilter
0x42c0ac SetUnhandledExceptionFilter
0x42c0b0 GetStartupInfoW
0x42c0b4 GetCurrentProcess
0x42c0b8 TerminateProcess
0x42c0bc GetCurrentProcessId
0x42c0c0 InitializeSListHead
0x42c0c4 GetProcessHeap
0x42c0c8 RtlUnwind
0x42c0cc SetLastError
0x42c0d0 InitializeCriticalSectionAndSpinCount
0x42c0d4 TlsAlloc
0x42c0d8 TlsGetValue
0x42c0dc TlsSetValue
0x42c0e0 TlsFree
0x42c0e4 FreeLibrary
0x42c0e8 LoadLibraryExW
0x42c0ec ExitThread
0x42c0f0 FreeLibraryAndExitThread
0x42c0f4 ExitProcess
0x42c0f8 GetModuleFileNameW
0x42c0fc GetStdHandle
0x42c100 WriteFile
0x42c104 GetCommandLineA
0x42c108 GetCommandLineW
0x42c10c HeapAlloc
0x42c110 HeapFree
0x42c114 CompareStringW
0x42c118 LCMapStringW
0x42c11c GetLocaleInfoW
0x42c120 IsValidLocale
0x42c124 GetUserDefaultLCID
0x42c128 EnumSystemLocalesW
0x42c12c GetFileType
0x42c130 GetFileSizeEx
0x42c134 SetFilePointerEx
0x42c138 FlushFileBuffers
0x42c13c GetConsoleOutputCP
0x42c140 GetConsoleMode
0x42c144 ReadFile
0x42c148 ReadConsoleW
0x42c14c HeapReAlloc
0x42c150 FindClose
0x42c154 FindFirstFileExW
0x42c158 FindNextFileW
0x42c15c IsValidCodePage
0x42c160 GetACP
0x42c164 GetOEMCP
0x42c168 GetEnvironmentStringsW
0x42c16c FreeEnvironmentStringsW
0x42c170 SetEnvironmentVariableW
0x42c174 WriteConsoleW
EAT(Export Address Table) Library
0x408891 DestroyObjects