ScreenShot
| Created | 2024.07.09 18:49 | Machine | s1_win7_x6401 |
| Filename | DS_Store.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 7 detected (AIDetectMalware, Malicious, Generic@AI, RDMK, cmRtazrnF3, GKE8zsnw4G, aqjuRR, confidence) | ||
| md5 | 14df06539b72837adb9f8d13cfcea6db | ||
| sha256 | f77f73ebd9efa0dc88a9e1b013c36a5567fc9f39157645912cbd7900f177eb8b | ||
| ssdeep | 3072:Yz/dDSMbWDhILjyCvJqxEm4x1ESuQG+3SeyRS6CSfKVu1xgCAWUMZSD:YLdDSMbWDeLjyCvoxEvTEPp/F | ||
| imphash | a9ad717307c7a48543497b647526c77a | ||
| impfuzzy | 96:oxT9ICXXE7i1NGT/atqId9EjVFjVqiqj0eX+QNiQp1pDTLSsM3bR:oxT/XXEO2zKNdW7gxj0eX+Q8QpTms2 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x411000 RegOpenKeyExW
0x411004 RegQueryValueExW
0x411008 RegCloseKey
0x41100c EventWrite
0x411010 EventRegister
0x411014 EventUnregister
0x411018 RegCreateKeyExW
0x41101c AllocateAndInitializeSid
0x411020 GetLengthSid
0x411024 InitializeAcl
0x411028 AddAccessAllowedAceEx
0x41102c SetSecurityInfo
0x411030 RegSetValueExW
KERNEL32.dll
0x4110ac LocalFree
0x4110b0 LocalAlloc
0x4110b4 GetCurrentProcess
0x4110b8 IsWow64Process
0x4110bc HeapFree
0x4110c0 GetProcessHeap
0x4110c4 HeapAlloc
0x4110c8 CloseHandle
0x4110cc CreateMutexW
0x4110d0 GetLastError
0x4110d4 GetStartupInfoA
0x4110d8 MulDiv
0x4110dc VerSetConditionMask
0x4110e0 VerifyVersionInfoW
0x4110e4 GetTickCount64
GDI32.dll
0x411050 SetBkColor
0x411054 Polyline
0x411058 CreatePen
0x41105c GetTextMetricsW
0x411060 SetBkMode
0x411064 StretchBlt
0x411068 SetStretchBltMode
0x41106c CreateCompatibleBitmap
0x411070 DeleteObject
0x411074 GetDeviceCaps
0x411078 CreateFontIndirectW
0x41107c GetObjectW
0x411080 CreateCompatibleDC
0x411084 SelectObject
0x411088 GdiAlphaBlend
0x41108c BitBlt
0x411090 DeleteDC
0x411094 GetStockObject
0x411098 GdiSetBatchLimit
0x41109c SetTextColor
0x4110a0 CreateSolidBrush
0x4110a4 PatBlt
USER32.dll
0x411130 TrackMouseEvent
0x411134 DefWindowProcW
0x411138 LoadCursorW
0x41113c RegisterClassExW
0x411140 FindWindowW
0x411144 SetForegroundWindow
0x411148 EndDialog
0x41114c SetTimer
0x411150 KillTimer
0x411154 DialogBoxParamW
0x411158 ShowWindow
0x41115c EnableWindow
0x411160 CheckDlgButton
0x411164 IsDlgButtonChecked
0x411168 CheckRadioButton
0x41116c SendMessageW
0x411170 EnumDisplayDevicesW
0x411174 ChangeDisplaySettingsExW
0x411178 GetSysColor
0x41117c CopyImage
0x411180 LoadImageW
0x411184 DestroyWindow
0x411188 CreateWindowExW
0x41118c LoadBitmapW
0x411190 DrawTextW
0x411194 GetFocus
0x411198 MapWindowPoints
0x41119c FillRect
0x4111a0 RedrawWindow
0x4111a4 IsCharAlphaNumericW
0x4111a8 EndPaint
0x4111ac GetSysColorBrush
0x4111b0 FrameRect
0x4111b4 BeginPaint
0x4111b8 EnumDisplaySettingsW
0x4111bc DrawFocusRect
0x4111c0 InvalidateRect
0x4111c4 SetWindowTextW
0x4111c8 MessageBoxW
0x4111cc SystemParametersInfoW
0x4111d0 GetParent
0x4111d4 PostMessageW
0x4111d8 SetWindowLongW
0x4111dc SetDlgItemTextW
0x4111e0 GetDlgItem
0x4111e4 GetClientRect
0x4111e8 MapDialogRect
0x4111ec SendDlgItemMessageW
0x4111f0 SendMessageTimeoutW
0x4111f4 SetWindowPos
0x4111f8 PtInRect
0x4111fc GetWindowRect
0x411200 GetSystemMetrics
0x411204 GetProcessDefaultLayout
0x411208 ReleaseDC
0x41120c LoadStringW
0x411210 GetDC
0x411214 GetWindowLongW
0x411218 SetFocus
msvcrt.dll
0x4112a0 _cexit
0x4112a4 __set_app_type
0x4112a8 _exit
0x4112ac exit
0x4112b0 __p__fmode
0x4112b4 _onexit
0x4112b8 _initterm
0x4112bc __setusermatherr
0x4112c0 _acmdln
0x4112c4 __getmainargs
0x4112c8 _amsg_exit
0x4112cc __p__commode
0x4112d0 _XcptFilter
0x4112d4 _CxxThrowException
0x4112d8 _callnewh
0x4112dc ?what@exception@@UBEPBDXZ
0x4112e0 ??1exception@@UAE@XZ
0x4112e4 _ftol2_sse
0x4112e8 _ftol2
0x4112ec _lock
0x4112f0 _unlock
0x4112f4 __dllonexit
0x4112f8 ??0exception@@QAE@ABV0@@Z
0x4112fc ??0exception@@QAE@XZ
0x411300 malloc
0x411304 wcschr
0x411308 realloc
0x41130c free
0x411310 _purecall
0x411314 _vsnwprintf
0x411318 _wtoi
0x41131c _except_handler4_common
0x411320 _controlfp
0x411324 ?terminate@@YAXXZ
0x411328 ??1type_info@@UAE@XZ
0x41132c _ismbblead
0x411330 memset
OLEAUT32.dll
0x4110f8 VariantClear
0x4110fc VariantInit
0x411100 SafeArrayGetElement
0x411104 SysAllocString
0x411108 SafeArrayGetUBound
0x41110c SafeArrayGetLBound
0x411110 SysFreeString
api-ms-win-core-com-l1-1-1.dll
0x411244 CoUninitialize
0x411248 StringFromGUID2
0x41124c CoInitializeEx
0x411250 CoCreateInstance
0x411254 CoSetProxyBlanket
0x411258 CoInitializeSecurity
api-ms-win-core-synch-l1-2-0.dll
0x41128c Sleep
api-ms-win-core-errorhandling-l1-1-1.dll
0x411260 SetUnhandledExceptionFilter
0x411264 UnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-2.dll
0x411274 GetCurrentProcessId
0x411278 GetCurrentThreadId
0x41127c TerminateProcess
api-ms-win-core-libraryloader-l1-2-0.dll
0x41126c GetModuleHandleA
api-ms-win-core-profile-l1-1-0.dll
0x411284 QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-2-1.dll
0x411294 GetTickCount
0x411298 GetSystemTimeAsFileTime
COMCTL32.dll
0x411038 None
0x41103c PropertySheetW
0x411040 InitCommonControlsEx
DWrite.dll
0x411048 DWriteCreateFactory
ntdll.dll
0x411338 WinSqmIncrementDWORD
0x41133c WinSqmAddToStream
ole32.dll
0x411344 CoGetObject
OLEACC.dll
0x4110ec CreateStdAccessibleObject
0x4110f0 LresultFromObject
SETUPAPI.dll
0x411118 SetupDiGetClassDevsW
0x41111c SetupDiGetDeviceInterfaceDetailW
0x411120 SetupDiGetDeviceInstanceIdW
0x411124 SetupDiDestroyDeviceInfoList
0x411128 SetupDiOpenDeviceInterfaceW
UxTheme.dll
0x411220 GetThemeSysFont
0x411224 GetThemeSysColor
0x411228 GetThemeColor
0x41122c GetThemeFont
0x411230 OpenThemeData
0x411234 IsThemeActive
0x411238 CloseThemeData
0x41123c DrawThemeParentBackground
EAT(Export Address Table) is none
ADVAPI32.dll
0x411000 RegOpenKeyExW
0x411004 RegQueryValueExW
0x411008 RegCloseKey
0x41100c EventWrite
0x411010 EventRegister
0x411014 EventUnregister
0x411018 RegCreateKeyExW
0x41101c AllocateAndInitializeSid
0x411020 GetLengthSid
0x411024 InitializeAcl
0x411028 AddAccessAllowedAceEx
0x41102c SetSecurityInfo
0x411030 RegSetValueExW
KERNEL32.dll
0x4110ac LocalFree
0x4110b0 LocalAlloc
0x4110b4 GetCurrentProcess
0x4110b8 IsWow64Process
0x4110bc HeapFree
0x4110c0 GetProcessHeap
0x4110c4 HeapAlloc
0x4110c8 CloseHandle
0x4110cc CreateMutexW
0x4110d0 GetLastError
0x4110d4 GetStartupInfoA
0x4110d8 MulDiv
0x4110dc VerSetConditionMask
0x4110e0 VerifyVersionInfoW
0x4110e4 GetTickCount64
GDI32.dll
0x411050 SetBkColor
0x411054 Polyline
0x411058 CreatePen
0x41105c GetTextMetricsW
0x411060 SetBkMode
0x411064 StretchBlt
0x411068 SetStretchBltMode
0x41106c CreateCompatibleBitmap
0x411070 DeleteObject
0x411074 GetDeviceCaps
0x411078 CreateFontIndirectW
0x41107c GetObjectW
0x411080 CreateCompatibleDC
0x411084 SelectObject
0x411088 GdiAlphaBlend
0x41108c BitBlt
0x411090 DeleteDC
0x411094 GetStockObject
0x411098 GdiSetBatchLimit
0x41109c SetTextColor
0x4110a0 CreateSolidBrush
0x4110a4 PatBlt
USER32.dll
0x411130 TrackMouseEvent
0x411134 DefWindowProcW
0x411138 LoadCursorW
0x41113c RegisterClassExW
0x411140 FindWindowW
0x411144 SetForegroundWindow
0x411148 EndDialog
0x41114c SetTimer
0x411150 KillTimer
0x411154 DialogBoxParamW
0x411158 ShowWindow
0x41115c EnableWindow
0x411160 CheckDlgButton
0x411164 IsDlgButtonChecked
0x411168 CheckRadioButton
0x41116c SendMessageW
0x411170 EnumDisplayDevicesW
0x411174 ChangeDisplaySettingsExW
0x411178 GetSysColor
0x41117c CopyImage
0x411180 LoadImageW
0x411184 DestroyWindow
0x411188 CreateWindowExW
0x41118c LoadBitmapW
0x411190 DrawTextW
0x411194 GetFocus
0x411198 MapWindowPoints
0x41119c FillRect
0x4111a0 RedrawWindow
0x4111a4 IsCharAlphaNumericW
0x4111a8 EndPaint
0x4111ac GetSysColorBrush
0x4111b0 FrameRect
0x4111b4 BeginPaint
0x4111b8 EnumDisplaySettingsW
0x4111bc DrawFocusRect
0x4111c0 InvalidateRect
0x4111c4 SetWindowTextW
0x4111c8 MessageBoxW
0x4111cc SystemParametersInfoW
0x4111d0 GetParent
0x4111d4 PostMessageW
0x4111d8 SetWindowLongW
0x4111dc SetDlgItemTextW
0x4111e0 GetDlgItem
0x4111e4 GetClientRect
0x4111e8 MapDialogRect
0x4111ec SendDlgItemMessageW
0x4111f0 SendMessageTimeoutW
0x4111f4 SetWindowPos
0x4111f8 PtInRect
0x4111fc GetWindowRect
0x411200 GetSystemMetrics
0x411204 GetProcessDefaultLayout
0x411208 ReleaseDC
0x41120c LoadStringW
0x411210 GetDC
0x411214 GetWindowLongW
0x411218 SetFocus
msvcrt.dll
0x4112a0 _cexit
0x4112a4 __set_app_type
0x4112a8 _exit
0x4112ac exit
0x4112b0 __p__fmode
0x4112b4 _onexit
0x4112b8 _initterm
0x4112bc __setusermatherr
0x4112c0 _acmdln
0x4112c4 __getmainargs
0x4112c8 _amsg_exit
0x4112cc __p__commode
0x4112d0 _XcptFilter
0x4112d4 _CxxThrowException
0x4112d8 _callnewh
0x4112dc ?what@exception@@UBEPBDXZ
0x4112e0 ??1exception@@UAE@XZ
0x4112e4 _ftol2_sse
0x4112e8 _ftol2
0x4112ec _lock
0x4112f0 _unlock
0x4112f4 __dllonexit
0x4112f8 ??0exception@@QAE@ABV0@@Z
0x4112fc ??0exception@@QAE@XZ
0x411300 malloc
0x411304 wcschr
0x411308 realloc
0x41130c free
0x411310 _purecall
0x411314 _vsnwprintf
0x411318 _wtoi
0x41131c _except_handler4_common
0x411320 _controlfp
0x411324 ?terminate@@YAXXZ
0x411328 ??1type_info@@UAE@XZ
0x41132c _ismbblead
0x411330 memset
OLEAUT32.dll
0x4110f8 VariantClear
0x4110fc VariantInit
0x411100 SafeArrayGetElement
0x411104 SysAllocString
0x411108 SafeArrayGetUBound
0x41110c SafeArrayGetLBound
0x411110 SysFreeString
api-ms-win-core-com-l1-1-1.dll
0x411244 CoUninitialize
0x411248 StringFromGUID2
0x41124c CoInitializeEx
0x411250 CoCreateInstance
0x411254 CoSetProxyBlanket
0x411258 CoInitializeSecurity
api-ms-win-core-synch-l1-2-0.dll
0x41128c Sleep
api-ms-win-core-errorhandling-l1-1-1.dll
0x411260 SetUnhandledExceptionFilter
0x411264 UnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-2.dll
0x411274 GetCurrentProcessId
0x411278 GetCurrentThreadId
0x41127c TerminateProcess
api-ms-win-core-libraryloader-l1-2-0.dll
0x41126c GetModuleHandleA
api-ms-win-core-profile-l1-1-0.dll
0x411284 QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-2-1.dll
0x411294 GetTickCount
0x411298 GetSystemTimeAsFileTime
COMCTL32.dll
0x411038 None
0x41103c PropertySheetW
0x411040 InitCommonControlsEx
DWrite.dll
0x411048 DWriteCreateFactory
ntdll.dll
0x411338 WinSqmIncrementDWORD
0x41133c WinSqmAddToStream
ole32.dll
0x411344 CoGetObject
OLEACC.dll
0x4110ec CreateStdAccessibleObject
0x4110f0 LresultFromObject
SETUPAPI.dll
0x411118 SetupDiGetClassDevsW
0x41111c SetupDiGetDeviceInterfaceDetailW
0x411120 SetupDiGetDeviceInstanceIdW
0x411124 SetupDiDestroyDeviceInfoList
0x411128 SetupDiOpenDeviceInterfaceW
UxTheme.dll
0x411220 GetThemeSysFont
0x411224 GetThemeSysColor
0x411228 GetThemeColor
0x41122c GetThemeFont
0x411230 OpenThemeData
0x411234 IsThemeActive
0x411238 CloseThemeData
0x41123c DrawThemeParentBackground
EAT(Export Address Table) is none