ScreenShot
| Created | 2024.07.09 09:55 | Machine | s1_win7_x6403 |
| Filename | inte.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetectMalware, Malicious, score, Unsafe, Attribute, HighConfidence, high confidence, Tepfer, dGZlOgU3XHzCotVAEg, Real Protect, high, Krypt, Detected, Smokeloader, PWSX, R648805, ZexaF, nG0@aOCaRUnG, Static AI, Malicious PE, susgen) | ||
| md5 | 91127bcbe51880375df489df4e711151 | ||
| sha256 | 914f6aba6119d9ab59e88468fe19ae30db791964c1acfd201f09a4ad11160e84 | ||
| ssdeep | 3072:razLrVHhRy/nYSh8EtGG0RA+OvHaH405PJQby9ww/Y/nm5dDebAnMy/2PE9w:qLrjEfhDP0RAfnMBoyuYYKJUP | ||
| imphash | 766d3e509eb61151a290412f76f5d34a | ||
| impfuzzy | 24:jkrkY7krM1DJcDYSi8dQBOQeTalLe2cfLki7QHuOZyvuT4QjM2luqQ99E2z:k8wz8dn3Ovcfh7wuucesqWuo | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x426000 GetConsoleAliasesLengthW
0x426004 CreateJobObjectW
0x426008 SleepEx
0x42600c GetCommProperties
0x426010 GetModuleHandleW
0x426014 GetConsoleAliasesA
0x426018 GlobalAlloc
0x42601c SetVolumeMountPointA
0x426020 lstrcpynW
0x426024 GetModuleFileNameW
0x426028 SetConsoleTitleA
0x42602c ReleaseActCtx
0x426030 SetLastError
0x426034 GetProcAddress
0x426038 BuildCommDCBW
0x42603c GetAtomNameA
0x426040 LoadLibraryA
0x426044 WriteConsoleA
0x426048 UnhandledExceptionFilter
0x42604c InterlockedExchangeAdd
0x426050 SetFileApisToANSI
0x426054 AddAtomA
0x426058 OpenJobObjectW
0x42605c FoldStringW
0x426060 EnumDateFormatsA
0x426064 lstrcatW
0x426068 FindFirstVolumeW
0x42606c LocalFree
0x426070 FlushFileBuffers
0x426074 CloseHandle
0x426078 GetLastError
0x42607c HeapFree
0x426080 MultiByteToWideChar
0x426084 HeapAlloc
0x426088 GetStartupInfoW
0x42608c TerminateProcess
0x426090 GetCurrentProcess
0x426094 SetUnhandledExceptionFilter
0x426098 IsDebuggerPresent
0x42609c HeapCreate
0x4260a0 VirtualFree
0x4260a4 DeleteCriticalSection
0x4260a8 LeaveCriticalSection
0x4260ac EnterCriticalSection
0x4260b0 VirtualAlloc
0x4260b4 HeapReAlloc
0x4260b8 GetCPInfo
0x4260bc InterlockedIncrement
0x4260c0 InterlockedDecrement
0x4260c4 GetACP
0x4260c8 GetOEMCP
0x4260cc IsValidCodePage
0x4260d0 TlsGetValue
0x4260d4 TlsAlloc
0x4260d8 TlsSetValue
0x4260dc TlsFree
0x4260e0 GetCurrentThreadId
0x4260e4 Sleep
0x4260e8 ExitProcess
0x4260ec WriteFile
0x4260f0 GetStdHandle
0x4260f4 GetModuleFileNameA
0x4260f8 FreeEnvironmentStringsW
0x4260fc GetEnvironmentStringsW
0x426100 GetCommandLineW
0x426104 SetHandleCount
0x426108 GetFileType
0x42610c GetStartupInfoA
0x426110 QueryPerformanceCounter
0x426114 GetTickCount
0x426118 GetCurrentProcessId
0x42611c GetSystemTimeAsFileTime
0x426120 SetFilePointer
0x426124 WideCharToMultiByte
0x426128 GetConsoleCP
0x42612c GetConsoleMode
0x426130 InitializeCriticalSectionAndSpinCount
0x426134 RtlUnwind
0x426138 LCMapStringA
0x42613c LCMapStringW
0x426140 GetStringTypeA
0x426144 GetStringTypeW
0x426148 GetLocaleInfoA
0x42614c SetStdHandle
0x426150 GetConsoleOutputCP
0x426154 WriteConsoleW
0x426158 HeapSize
0x42615c CreateFileA
USER32.dll
0x426164 GetProcessDefaultLayout
WINHTTP.dll
0x42616c WinHttpAddRequestHeaders
EAT(Export Address Table) is none
KERNEL32.dll
0x426000 GetConsoleAliasesLengthW
0x426004 CreateJobObjectW
0x426008 SleepEx
0x42600c GetCommProperties
0x426010 GetModuleHandleW
0x426014 GetConsoleAliasesA
0x426018 GlobalAlloc
0x42601c SetVolumeMountPointA
0x426020 lstrcpynW
0x426024 GetModuleFileNameW
0x426028 SetConsoleTitleA
0x42602c ReleaseActCtx
0x426030 SetLastError
0x426034 GetProcAddress
0x426038 BuildCommDCBW
0x42603c GetAtomNameA
0x426040 LoadLibraryA
0x426044 WriteConsoleA
0x426048 UnhandledExceptionFilter
0x42604c InterlockedExchangeAdd
0x426050 SetFileApisToANSI
0x426054 AddAtomA
0x426058 OpenJobObjectW
0x42605c FoldStringW
0x426060 EnumDateFormatsA
0x426064 lstrcatW
0x426068 FindFirstVolumeW
0x42606c LocalFree
0x426070 FlushFileBuffers
0x426074 CloseHandle
0x426078 GetLastError
0x42607c HeapFree
0x426080 MultiByteToWideChar
0x426084 HeapAlloc
0x426088 GetStartupInfoW
0x42608c TerminateProcess
0x426090 GetCurrentProcess
0x426094 SetUnhandledExceptionFilter
0x426098 IsDebuggerPresent
0x42609c HeapCreate
0x4260a0 VirtualFree
0x4260a4 DeleteCriticalSection
0x4260a8 LeaveCriticalSection
0x4260ac EnterCriticalSection
0x4260b0 VirtualAlloc
0x4260b4 HeapReAlloc
0x4260b8 GetCPInfo
0x4260bc InterlockedIncrement
0x4260c0 InterlockedDecrement
0x4260c4 GetACP
0x4260c8 GetOEMCP
0x4260cc IsValidCodePage
0x4260d0 TlsGetValue
0x4260d4 TlsAlloc
0x4260d8 TlsSetValue
0x4260dc TlsFree
0x4260e0 GetCurrentThreadId
0x4260e4 Sleep
0x4260e8 ExitProcess
0x4260ec WriteFile
0x4260f0 GetStdHandle
0x4260f4 GetModuleFileNameA
0x4260f8 FreeEnvironmentStringsW
0x4260fc GetEnvironmentStringsW
0x426100 GetCommandLineW
0x426104 SetHandleCount
0x426108 GetFileType
0x42610c GetStartupInfoA
0x426110 QueryPerformanceCounter
0x426114 GetTickCount
0x426118 GetCurrentProcessId
0x42611c GetSystemTimeAsFileTime
0x426120 SetFilePointer
0x426124 WideCharToMultiByte
0x426128 GetConsoleCP
0x42612c GetConsoleMode
0x426130 InitializeCriticalSectionAndSpinCount
0x426134 RtlUnwind
0x426138 LCMapStringA
0x42613c LCMapStringW
0x426140 GetStringTypeA
0x426144 GetStringTypeW
0x426148 GetLocaleInfoA
0x42614c SetStdHandle
0x426150 GetConsoleOutputCP
0x426154 WriteConsoleW
0x426158 HeapSize
0x42615c CreateFileA
USER32.dll
0x426164 GetProcessDefaultLayout
WINHTTP.dll
0x42616c WinHttpAddRequestHeaders
EAT(Export Address Table) is none