ScreenShot
| Created | 2024.07.09 17:08 | Machine | s1_win7_x6401 |
| Filename | trc.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 28 detected (AIDetectMalware, malicious, high confidence, Artemis, Vf1k, Attribute, HighConfidence, a variant of WinGo, FileRepMalware, Misc, CLASSIC, AMADEY, YXEGIZ, WinGo, Detected, Coins, Phonzy, Chgt, Static AI, Suspicious PE) | ||
| md5 | 74758f61067ea9fa0e2a4593920ed0f2 | ||
| sha256 | f0c3e45b96e2fa1bcd7f39a9a80337314cc27ea3df30a90c594b43fa8487adc6 | ||
| ssdeep | 98304:o/y61b9wu3zcEWzjWFcgO/B8Px3DwGVMbalzWaPCE3s61u3:qRwgzc0TucxDwGjXPP3C | ||
| imphash | 5929190c8765f5bc37b052ab5c6c53e7 | ||
| impfuzzy | 48:qJrKxMCy9cmwKeFR+2u42xQ2HpdXiX1PJOmSnlTJGfYJ861k1vcqTjz:qJexMCyamCRHu42xQ2HPXiX1PgblTJGh | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1408a847c AddAtomA
0x1408a8484 AddVectoredExceptionHandler
0x1408a848c CloseHandle
0x1408a8494 CreateEventA
0x1408a849c CreateFileA
0x1408a84a4 CreateIoCompletionPort
0x1408a84ac CreateMutexA
0x1408a84b4 CreateSemaphoreA
0x1408a84bc CreateThread
0x1408a84c4 CreateWaitableTimerExW
0x1408a84cc DeleteAtom
0x1408a84d4 DeleteCriticalSection
0x1408a84dc DuplicateHandle
0x1408a84e4 EnterCriticalSection
0x1408a84ec ExitProcess
0x1408a84f4 FindAtomA
0x1408a84fc FormatMessageA
0x1408a8504 FreeEnvironmentStringsW
0x1408a850c GetAtomNameA
0x1408a8514 GetConsoleMode
0x1408a851c GetCurrentProcess
0x1408a8524 GetCurrentProcessId
0x1408a852c GetCurrentThread
0x1408a8534 GetCurrentThreadId
0x1408a853c GetEnvironmentStringsW
0x1408a8544 GetErrorMode
0x1408a854c GetHandleInformation
0x1408a8554 GetLastError
0x1408a855c GetProcAddress
0x1408a8564 GetProcessAffinityMask
0x1408a856c GetQueuedCompletionStatusEx
0x1408a8574 GetStartupInfoA
0x1408a857c GetStdHandle
0x1408a8584 GetSystemDirectoryA
0x1408a858c GetSystemInfo
0x1408a8594 GetSystemTimeAsFileTime
0x1408a859c GetThreadContext
0x1408a85a4 GetThreadPriority
0x1408a85ac GetTickCount
0x1408a85b4 InitializeCriticalSection
0x1408a85bc IsDBCSLeadByteEx
0x1408a85c4 IsDebuggerPresent
0x1408a85cc LeaveCriticalSection
0x1408a85d4 LoadLibraryExW
0x1408a85dc LoadLibraryW
0x1408a85e4 LocalFree
0x1408a85ec MultiByteToWideChar
0x1408a85f4 OpenProcess
0x1408a85fc OutputDebugStringA
0x1408a8604 PostQueuedCompletionStatus
0x1408a860c QueryPerformanceCounter
0x1408a8614 QueryPerformanceFrequency
0x1408a861c RaiseException
0x1408a8624 RaiseFailFastException
0x1408a862c ReleaseMutex
0x1408a8634 ReleaseSemaphore
0x1408a863c RemoveVectoredExceptionHandler
0x1408a8644 ResetEvent
0x1408a864c ResumeThread
0x1408a8654 SetConsoleCtrlHandler
0x1408a865c SetErrorMode
0x1408a8664 SetEvent
0x1408a866c SetLastError
0x1408a8674 SetProcessAffinityMask
0x1408a867c SetProcessPriorityBoost
0x1408a8684 SetThreadContext
0x1408a868c SetThreadPriority
0x1408a8694 SetUnhandledExceptionFilter
0x1408a869c SetWaitableTimer
0x1408a86a4 Sleep
0x1408a86ac SuspendThread
0x1408a86b4 SwitchToThread
0x1408a86bc TlsAlloc
0x1408a86c4 TlsGetValue
0x1408a86cc TlsSetValue
0x1408a86d4 TryEnterCriticalSection
0x1408a86dc VirtualAlloc
0x1408a86e4 VirtualFree
0x1408a86ec VirtualProtect
0x1408a86f4 VirtualQuery
0x1408a86fc WaitForMultipleObjects
0x1408a8704 WaitForSingleObject
0x1408a870c WerGetFlags
0x1408a8714 WerSetFlags
0x1408a871c WideCharToMultiByte
0x1408a8724 WriteConsoleW
0x1408a872c WriteFile
0x1408a8734 __C_specific_handler
msvcrt.dll
0x1408a8744 ___lc_codepage_func
0x1408a874c ___mb_cur_max_func
0x1408a8754 __getmainargs
0x1408a875c __initenv
0x1408a8764 __iob_func
0x1408a876c __lconv_init
0x1408a8774 __set_app_type
0x1408a877c __setusermatherr
0x1408a8784 _acmdln
0x1408a878c _amsg_exit
0x1408a8794 _beginthread
0x1408a879c _beginthreadex
0x1408a87a4 _cexit
0x1408a87ac _commode
0x1408a87b4 _endthreadex
0x1408a87bc _errno
0x1408a87c4 _fmode
0x1408a87cc _initterm
0x1408a87d4 _lock
0x1408a87dc _memccpy
0x1408a87e4 _onexit
0x1408a87ec _setjmp
0x1408a87f4 _strdup
0x1408a87fc _ultoa
0x1408a8804 _unlock
0x1408a880c abort
0x1408a8814 calloc
0x1408a881c exit
0x1408a8824 fprintf
0x1408a882c fputc
0x1408a8834 free
0x1408a883c fwrite
0x1408a8844 localeconv
0x1408a884c longjmp
0x1408a8854 malloc
0x1408a885c memcpy
0x1408a8864 memmove
0x1408a886c memset
0x1408a8874 printf
0x1408a887c realloc
0x1408a8884 signal
0x1408a888c strerror
0x1408a8894 strlen
0x1408a889c strncmp
0x1408a88a4 vfprintf
0x1408a88ac wcslen
EAT(Export Address Table) Library
0x1408a5530 _cgo_dummy_export
KERNEL32.dll
0x1408a847c AddAtomA
0x1408a8484 AddVectoredExceptionHandler
0x1408a848c CloseHandle
0x1408a8494 CreateEventA
0x1408a849c CreateFileA
0x1408a84a4 CreateIoCompletionPort
0x1408a84ac CreateMutexA
0x1408a84b4 CreateSemaphoreA
0x1408a84bc CreateThread
0x1408a84c4 CreateWaitableTimerExW
0x1408a84cc DeleteAtom
0x1408a84d4 DeleteCriticalSection
0x1408a84dc DuplicateHandle
0x1408a84e4 EnterCriticalSection
0x1408a84ec ExitProcess
0x1408a84f4 FindAtomA
0x1408a84fc FormatMessageA
0x1408a8504 FreeEnvironmentStringsW
0x1408a850c GetAtomNameA
0x1408a8514 GetConsoleMode
0x1408a851c GetCurrentProcess
0x1408a8524 GetCurrentProcessId
0x1408a852c GetCurrentThread
0x1408a8534 GetCurrentThreadId
0x1408a853c GetEnvironmentStringsW
0x1408a8544 GetErrorMode
0x1408a854c GetHandleInformation
0x1408a8554 GetLastError
0x1408a855c GetProcAddress
0x1408a8564 GetProcessAffinityMask
0x1408a856c GetQueuedCompletionStatusEx
0x1408a8574 GetStartupInfoA
0x1408a857c GetStdHandle
0x1408a8584 GetSystemDirectoryA
0x1408a858c GetSystemInfo
0x1408a8594 GetSystemTimeAsFileTime
0x1408a859c GetThreadContext
0x1408a85a4 GetThreadPriority
0x1408a85ac GetTickCount
0x1408a85b4 InitializeCriticalSection
0x1408a85bc IsDBCSLeadByteEx
0x1408a85c4 IsDebuggerPresent
0x1408a85cc LeaveCriticalSection
0x1408a85d4 LoadLibraryExW
0x1408a85dc LoadLibraryW
0x1408a85e4 LocalFree
0x1408a85ec MultiByteToWideChar
0x1408a85f4 OpenProcess
0x1408a85fc OutputDebugStringA
0x1408a8604 PostQueuedCompletionStatus
0x1408a860c QueryPerformanceCounter
0x1408a8614 QueryPerformanceFrequency
0x1408a861c RaiseException
0x1408a8624 RaiseFailFastException
0x1408a862c ReleaseMutex
0x1408a8634 ReleaseSemaphore
0x1408a863c RemoveVectoredExceptionHandler
0x1408a8644 ResetEvent
0x1408a864c ResumeThread
0x1408a8654 SetConsoleCtrlHandler
0x1408a865c SetErrorMode
0x1408a8664 SetEvent
0x1408a866c SetLastError
0x1408a8674 SetProcessAffinityMask
0x1408a867c SetProcessPriorityBoost
0x1408a8684 SetThreadContext
0x1408a868c SetThreadPriority
0x1408a8694 SetUnhandledExceptionFilter
0x1408a869c SetWaitableTimer
0x1408a86a4 Sleep
0x1408a86ac SuspendThread
0x1408a86b4 SwitchToThread
0x1408a86bc TlsAlloc
0x1408a86c4 TlsGetValue
0x1408a86cc TlsSetValue
0x1408a86d4 TryEnterCriticalSection
0x1408a86dc VirtualAlloc
0x1408a86e4 VirtualFree
0x1408a86ec VirtualProtect
0x1408a86f4 VirtualQuery
0x1408a86fc WaitForMultipleObjects
0x1408a8704 WaitForSingleObject
0x1408a870c WerGetFlags
0x1408a8714 WerSetFlags
0x1408a871c WideCharToMultiByte
0x1408a8724 WriteConsoleW
0x1408a872c WriteFile
0x1408a8734 __C_specific_handler
msvcrt.dll
0x1408a8744 ___lc_codepage_func
0x1408a874c ___mb_cur_max_func
0x1408a8754 __getmainargs
0x1408a875c __initenv
0x1408a8764 __iob_func
0x1408a876c __lconv_init
0x1408a8774 __set_app_type
0x1408a877c __setusermatherr
0x1408a8784 _acmdln
0x1408a878c _amsg_exit
0x1408a8794 _beginthread
0x1408a879c _beginthreadex
0x1408a87a4 _cexit
0x1408a87ac _commode
0x1408a87b4 _endthreadex
0x1408a87bc _errno
0x1408a87c4 _fmode
0x1408a87cc _initterm
0x1408a87d4 _lock
0x1408a87dc _memccpy
0x1408a87e4 _onexit
0x1408a87ec _setjmp
0x1408a87f4 _strdup
0x1408a87fc _ultoa
0x1408a8804 _unlock
0x1408a880c abort
0x1408a8814 calloc
0x1408a881c exit
0x1408a8824 fprintf
0x1408a882c fputc
0x1408a8834 free
0x1408a883c fwrite
0x1408a8844 localeconv
0x1408a884c longjmp
0x1408a8854 malloc
0x1408a885c memcpy
0x1408a8864 memmove
0x1408a886c memset
0x1408a8874 printf
0x1408a887c realloc
0x1408a8884 signal
0x1408a888c strerror
0x1408a8894 strlen
0x1408a889c strncmp
0x1408a88a4 vfprintf
0x1408a88ac wcslen
EAT(Export Address Table) Library
0x1408a5530 _cgo_dummy_export