ScreenShot
| Created | 2024.07.09 10:04 | Machine | s1_win7_x6401 |
| Filename | persona.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (Crysan, Malicious, score, Unsafe, Save, Attribute, HighConfidence, high confidence, HacktoolX, GenericKD, AGEN, Detected, COBEACON, YXEGGZ, Static AI, Suspicious PE, susgen, confidence, 100%) | ||
| md5 | a0f4dea92c2045c7da2664345e4e5edf | ||
| sha256 | ece5d03dbc48cc6126fb1757b3951b9aedfad5a007ebddd4e5f98eb1ff230946 | ||
| ssdeep | 12288:nfl2OJJ4RvmAyh5do9Py4AOh7/djAUWbkM:nflQmB5du5/FAnb | ||
| imphash | 215cf1a59bd12daf653334890217070b | ||
| impfuzzy | 24:2Tsu9QH/xFzjDYc+WZD02thTBg3JBl39RGLOovbOxv4GM+9RFZxCbk:jxFzQc+eHthTBgPpe63RdFZWk | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14002f000 VirtualFree
0x14002f008 WriteFile
0x14002f010 VirtualAlloc
0x14002f018 MultiByteToWideChar
0x14002f020 GetLastError
0x14002f028 CreateFileA
0x14002f030 CloseHandle
0x14002f038 SetEndOfFile
0x14002f040 WriteConsoleW
0x14002f048 HeapSize
0x14002f050 CreateFileW
0x14002f058 GetProcessHeap
0x14002f060 SetStdHandle
0x14002f068 SetEnvironmentVariableW
0x14002f070 FreeEnvironmentStringsW
0x14002f078 GetEnvironmentStringsW
0x14002f080 GetOEMCP
0x14002f088 GetACP
0x14002f090 IsValidCodePage
0x14002f098 FindNextFileW
0x14002f0a0 QueryPerformanceCounter
0x14002f0a8 QueryPerformanceFrequency
0x14002f0b0 WideCharToMultiByte
0x14002f0b8 Sleep
0x14002f0c0 GetCurrentThreadId
0x14002f0c8 InitializeCriticalSectionEx
0x14002f0d0 GetSystemTimeAsFileTime
0x14002f0d8 GetModuleHandleW
0x14002f0e0 GetProcAddress
0x14002f0e8 EnterCriticalSection
0x14002f0f0 LeaveCriticalSection
0x14002f0f8 DeleteCriticalSection
0x14002f100 EncodePointer
0x14002f108 DecodePointer
0x14002f110 LCMapStringEx
0x14002f118 GetStringTypeW
0x14002f120 GetCPInfo
0x14002f128 RtlCaptureContext
0x14002f130 RtlLookupFunctionEntry
0x14002f138 RtlVirtualUnwind
0x14002f140 UnhandledExceptionFilter
0x14002f148 SetUnhandledExceptionFilter
0x14002f150 GetCurrentProcess
0x14002f158 TerminateProcess
0x14002f160 IsProcessorFeaturePresent
0x14002f168 GetCurrentProcessId
0x14002f170 InitializeSListHead
0x14002f178 IsDebuggerPresent
0x14002f180 GetStartupInfoW
0x14002f188 RtlUnwindEx
0x14002f190 RtlPcToFileHeader
0x14002f198 RaiseException
0x14002f1a0 SetLastError
0x14002f1a8 InitializeCriticalSectionAndSpinCount
0x14002f1b0 TlsAlloc
0x14002f1b8 TlsGetValue
0x14002f1c0 TlsSetValue
0x14002f1c8 TlsFree
0x14002f1d0 FreeLibrary
0x14002f1d8 LoadLibraryExW
0x14002f1e0 GetModuleHandleExW
0x14002f1e8 GetStdHandle
0x14002f1f0 GetModuleFileNameW
0x14002f1f8 ExitProcess
0x14002f200 GetCommandLineA
0x14002f208 GetCommandLineW
0x14002f210 GetFileSizeEx
0x14002f218 SetFilePointerEx
0x14002f220 GetFileType
0x14002f228 HeapAlloc
0x14002f230 FlushFileBuffers
0x14002f238 GetConsoleOutputCP
0x14002f240 GetConsoleMode
0x14002f248 HeapFree
0x14002f250 FlsAlloc
0x14002f258 FlsGetValue
0x14002f260 FlsSetValue
0x14002f268 FlsFree
0x14002f270 CompareStringW
0x14002f278 LCMapStringW
0x14002f280 GetLocaleInfoW
0x14002f288 IsValidLocale
0x14002f290 GetUserDefaultLCID
0x14002f298 EnumSystemLocalesW
0x14002f2a0 ReadFile
0x14002f2a8 ReadConsoleW
0x14002f2b0 HeapReAlloc
0x14002f2b8 FindClose
0x14002f2c0 FindFirstFileExW
0x14002f2c8 RtlUnwind
WININET.dll
0x14002f2d8 InternetOpenW
0x14002f2e0 InternetCloseHandle
0x14002f2e8 InternetReadFile
0x14002f2f0 InternetOpenUrlA
EAT(Export Address Table) is none
KERNEL32.dll
0x14002f000 VirtualFree
0x14002f008 WriteFile
0x14002f010 VirtualAlloc
0x14002f018 MultiByteToWideChar
0x14002f020 GetLastError
0x14002f028 CreateFileA
0x14002f030 CloseHandle
0x14002f038 SetEndOfFile
0x14002f040 WriteConsoleW
0x14002f048 HeapSize
0x14002f050 CreateFileW
0x14002f058 GetProcessHeap
0x14002f060 SetStdHandle
0x14002f068 SetEnvironmentVariableW
0x14002f070 FreeEnvironmentStringsW
0x14002f078 GetEnvironmentStringsW
0x14002f080 GetOEMCP
0x14002f088 GetACP
0x14002f090 IsValidCodePage
0x14002f098 FindNextFileW
0x14002f0a0 QueryPerformanceCounter
0x14002f0a8 QueryPerformanceFrequency
0x14002f0b0 WideCharToMultiByte
0x14002f0b8 Sleep
0x14002f0c0 GetCurrentThreadId
0x14002f0c8 InitializeCriticalSectionEx
0x14002f0d0 GetSystemTimeAsFileTime
0x14002f0d8 GetModuleHandleW
0x14002f0e0 GetProcAddress
0x14002f0e8 EnterCriticalSection
0x14002f0f0 LeaveCriticalSection
0x14002f0f8 DeleteCriticalSection
0x14002f100 EncodePointer
0x14002f108 DecodePointer
0x14002f110 LCMapStringEx
0x14002f118 GetStringTypeW
0x14002f120 GetCPInfo
0x14002f128 RtlCaptureContext
0x14002f130 RtlLookupFunctionEntry
0x14002f138 RtlVirtualUnwind
0x14002f140 UnhandledExceptionFilter
0x14002f148 SetUnhandledExceptionFilter
0x14002f150 GetCurrentProcess
0x14002f158 TerminateProcess
0x14002f160 IsProcessorFeaturePresent
0x14002f168 GetCurrentProcessId
0x14002f170 InitializeSListHead
0x14002f178 IsDebuggerPresent
0x14002f180 GetStartupInfoW
0x14002f188 RtlUnwindEx
0x14002f190 RtlPcToFileHeader
0x14002f198 RaiseException
0x14002f1a0 SetLastError
0x14002f1a8 InitializeCriticalSectionAndSpinCount
0x14002f1b0 TlsAlloc
0x14002f1b8 TlsGetValue
0x14002f1c0 TlsSetValue
0x14002f1c8 TlsFree
0x14002f1d0 FreeLibrary
0x14002f1d8 LoadLibraryExW
0x14002f1e0 GetModuleHandleExW
0x14002f1e8 GetStdHandle
0x14002f1f0 GetModuleFileNameW
0x14002f1f8 ExitProcess
0x14002f200 GetCommandLineA
0x14002f208 GetCommandLineW
0x14002f210 GetFileSizeEx
0x14002f218 SetFilePointerEx
0x14002f220 GetFileType
0x14002f228 HeapAlloc
0x14002f230 FlushFileBuffers
0x14002f238 GetConsoleOutputCP
0x14002f240 GetConsoleMode
0x14002f248 HeapFree
0x14002f250 FlsAlloc
0x14002f258 FlsGetValue
0x14002f260 FlsSetValue
0x14002f268 FlsFree
0x14002f270 CompareStringW
0x14002f278 LCMapStringW
0x14002f280 GetLocaleInfoW
0x14002f288 IsValidLocale
0x14002f290 GetUserDefaultLCID
0x14002f298 EnumSystemLocalesW
0x14002f2a0 ReadFile
0x14002f2a8 ReadConsoleW
0x14002f2b0 HeapReAlloc
0x14002f2b8 FindClose
0x14002f2c0 FindFirstFileExW
0x14002f2c8 RtlUnwind
WININET.dll
0x14002f2d8 InternetOpenW
0x14002f2e0 InternetCloseHandle
0x14002f2e8 InternetReadFile
0x14002f2f0 InternetOpenUrlA
EAT(Export Address Table) is none