ScreenShot
| Created | 2024.07.09 12:06 | Machine | s1_win7_x6401 |
| Filename | download.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Attribute, HighConfidence, CrypterX, Tepfer, Generic@AI, RDMK, cmRtazrZIZAMms6xzydGsCmls4Mj, Real Protect, high, Krypt, Detected, Wacapew, PWSX, R648805, ZexaF, nG0@auAdGFmG, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 019defe59b733d4d86a895702873ff07 | ||
| sha256 | 1da5c6b2f789ad6d84e4b9bf57c3094b416e0449f5ccb6f5709a90e3ba3f0eb5 | ||
| ssdeep | 3072:z6L6xx02vclrn6XY/+CwjemnXzvznzeD8B5rCvZMt/2PE9w:GL6xu2ez6XY/+NxbelasP | ||
| imphash | 61aeaa8ec5698536c7a8f0b1ac00ff47 | ||
| impfuzzy | 24:jkrkY7krM1VV4W8JcDYSi8dQBOQeTalLe2cfLki7QHuOZyvuT4QjM2luqQ99E2z:k8Dz8dn3Ovcfh7wuucesqWuo | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x426000 GetConsoleAliasesLengthW
0x426004 CreateJobObjectW
0x426008 SleepEx
0x42600c GetCommProperties
0x426010 GetModuleHandleW
0x426014 GetConsoleAliasesA
0x426018 GlobalAlloc
0x42601c SetVolumeMountPointA
0x426020 lstrcpynW
0x426024 GetModuleFileNameW
0x426028 SetConsoleTitleA
0x42602c WritePrivateProfileStringW
0x426030 ReleaseActCtx
0x426034 SetLastError
0x426038 GetProcAddress
0x42603c BuildCommDCBW
0x426040 GetAtomNameA
0x426044 LoadLibraryA
0x426048 WriteConsoleA
0x42604c UnhandledExceptionFilter
0x426050 InterlockedExchangeAdd
0x426054 SetFileApisToANSI
0x426058 AddAtomA
0x42605c OpenJobObjectW
0x426060 FoldStringW
0x426064 EnumDateFormatsA
0x426068 lstrcatW
0x42606c FindFirstVolumeW
0x426070 LocalFree
0x426074 FlushFileBuffers
0x426078 CloseHandle
0x42607c GetLastError
0x426080 HeapFree
0x426084 MultiByteToWideChar
0x426088 HeapAlloc
0x42608c GetStartupInfoW
0x426090 TerminateProcess
0x426094 GetCurrentProcess
0x426098 SetUnhandledExceptionFilter
0x42609c IsDebuggerPresent
0x4260a0 HeapCreate
0x4260a4 VirtualFree
0x4260a8 DeleteCriticalSection
0x4260ac LeaveCriticalSection
0x4260b0 EnterCriticalSection
0x4260b4 VirtualAlloc
0x4260b8 HeapReAlloc
0x4260bc GetCPInfo
0x4260c0 InterlockedIncrement
0x4260c4 InterlockedDecrement
0x4260c8 GetACP
0x4260cc GetOEMCP
0x4260d0 IsValidCodePage
0x4260d4 TlsGetValue
0x4260d8 TlsAlloc
0x4260dc TlsSetValue
0x4260e0 TlsFree
0x4260e4 GetCurrentThreadId
0x4260e8 Sleep
0x4260ec ExitProcess
0x4260f0 WriteFile
0x4260f4 GetStdHandle
0x4260f8 GetModuleFileNameA
0x4260fc FreeEnvironmentStringsW
0x426100 GetEnvironmentStringsW
0x426104 GetCommandLineW
0x426108 SetHandleCount
0x42610c GetFileType
0x426110 GetStartupInfoA
0x426114 QueryPerformanceCounter
0x426118 GetTickCount
0x42611c GetCurrentProcessId
0x426120 GetSystemTimeAsFileTime
0x426124 SetFilePointer
0x426128 WideCharToMultiByte
0x42612c GetConsoleCP
0x426130 GetConsoleMode
0x426134 InitializeCriticalSectionAndSpinCount
0x426138 RtlUnwind
0x42613c LCMapStringA
0x426140 LCMapStringW
0x426144 GetStringTypeA
0x426148 GetStringTypeW
0x42614c GetLocaleInfoA
0x426150 SetStdHandle
0x426154 GetConsoleOutputCP
0x426158 WriteConsoleW
0x42615c HeapSize
0x426160 CreateFileA
USER32.dll
0x426168 GetProcessDefaultLayout
WINHTTP.dll
0x426170 WinHttpAddRequestHeaders
EAT(Export Address Table) is none
KERNEL32.dll
0x426000 GetConsoleAliasesLengthW
0x426004 CreateJobObjectW
0x426008 SleepEx
0x42600c GetCommProperties
0x426010 GetModuleHandleW
0x426014 GetConsoleAliasesA
0x426018 GlobalAlloc
0x42601c SetVolumeMountPointA
0x426020 lstrcpynW
0x426024 GetModuleFileNameW
0x426028 SetConsoleTitleA
0x42602c WritePrivateProfileStringW
0x426030 ReleaseActCtx
0x426034 SetLastError
0x426038 GetProcAddress
0x42603c BuildCommDCBW
0x426040 GetAtomNameA
0x426044 LoadLibraryA
0x426048 WriteConsoleA
0x42604c UnhandledExceptionFilter
0x426050 InterlockedExchangeAdd
0x426054 SetFileApisToANSI
0x426058 AddAtomA
0x42605c OpenJobObjectW
0x426060 FoldStringW
0x426064 EnumDateFormatsA
0x426068 lstrcatW
0x42606c FindFirstVolumeW
0x426070 LocalFree
0x426074 FlushFileBuffers
0x426078 CloseHandle
0x42607c GetLastError
0x426080 HeapFree
0x426084 MultiByteToWideChar
0x426088 HeapAlloc
0x42608c GetStartupInfoW
0x426090 TerminateProcess
0x426094 GetCurrentProcess
0x426098 SetUnhandledExceptionFilter
0x42609c IsDebuggerPresent
0x4260a0 HeapCreate
0x4260a4 VirtualFree
0x4260a8 DeleteCriticalSection
0x4260ac LeaveCriticalSection
0x4260b0 EnterCriticalSection
0x4260b4 VirtualAlloc
0x4260b8 HeapReAlloc
0x4260bc GetCPInfo
0x4260c0 InterlockedIncrement
0x4260c4 InterlockedDecrement
0x4260c8 GetACP
0x4260cc GetOEMCP
0x4260d0 IsValidCodePage
0x4260d4 TlsGetValue
0x4260d8 TlsAlloc
0x4260dc TlsSetValue
0x4260e0 TlsFree
0x4260e4 GetCurrentThreadId
0x4260e8 Sleep
0x4260ec ExitProcess
0x4260f0 WriteFile
0x4260f4 GetStdHandle
0x4260f8 GetModuleFileNameA
0x4260fc FreeEnvironmentStringsW
0x426100 GetEnvironmentStringsW
0x426104 GetCommandLineW
0x426108 SetHandleCount
0x42610c GetFileType
0x426110 GetStartupInfoA
0x426114 QueryPerformanceCounter
0x426118 GetTickCount
0x42611c GetCurrentProcessId
0x426120 GetSystemTimeAsFileTime
0x426124 SetFilePointer
0x426128 WideCharToMultiByte
0x42612c GetConsoleCP
0x426130 GetConsoleMode
0x426134 InitializeCriticalSectionAndSpinCount
0x426138 RtlUnwind
0x42613c LCMapStringA
0x426140 LCMapStringW
0x426144 GetStringTypeA
0x426148 GetStringTypeW
0x42614c GetLocaleInfoA
0x426150 SetStdHandle
0x426154 GetConsoleOutputCP
0x426158 WriteConsoleW
0x42615c HeapSize
0x426160 CreateFileA
USER32.dll
0x426168 GetProcessDefaultLayout
WINHTTP.dll
0x426170 WinHttpAddRequestHeaders
EAT(Export Address Table) is none