ScreenShot
| Created | 2024.07.10 07:38 | Machine | s1_win7_x6403 |
| Filename | 200.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 32 detected (AIDetectMalware, malicious, high confidence, score, Lockbit, Unsafe, Save, Attribute, HighConfidence, Convagent, Generic@AI, RDMK, cmRtazqcHB5YS+bwuLNTWOjAN7, Real Protect, moderate, Krypt, Detected, Wacapew, Kryptik, Eldorado, ZexaF, Mq0@aiHkOLeG, MachineLearning, Anomalous, Obfuscated, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 74454c0916108ed9de037798dd9fb948 | ||
| sha256 | bd4747e4883aba61b72ac0e22278006865056b5e94e542821f5470645889230e | ||
| ssdeep | 12288:uTD1J47RD8QjNs71eNeIQ1rTgWeoIuUP4AUuUd:uffL2eUNci/H7Uuw | ||
| imphash | b18351593449506f4a27066556c25f68 | ||
| impfuzzy | 24:KESxGMTgV+9gMEDhnxv/J0ypOovu/L8Rnlyv9WlhIjT4IdfmBQFc2lWX0GqxDOMx:FboQ9a5B/AK9aMcIdfmBQe2oX0/xki | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x469008 FindResourceA
0x46900c IsBadStringPtrW
0x469010 CommConfigDialogA
0x469014 SetEndOfFile
0x469018 FindResourceW
0x46901c LocalCompact
0x469020 WriteConsoleInputA
0x469024 GetComputerNameW
0x469028 SetProcessPriorityBoost
0x46902c GlobalFindAtomA
0x469030 LoadLibraryW
0x469034 FreeConsole
0x469038 CreateEventA
0x46903c GetModuleFileNameW
0x469040 CreateFileW
0x469044 GetACP
0x469048 ReplaceFileA
0x46904c CreateDirectoryA
0x469050 GetLastError
0x469054 RemoveVectoredExceptionHandler
0x469058 GetProcAddress
0x46905c GlobalFree
0x469060 LocalAlloc
0x469064 EnumResourceTypesW
0x469068 GetModuleHandleA
0x46906c CancelIo
0x469070 GetWindowsDirectoryW
0x469074 OpenFileMappingA
0x469078 SetFileAttributesW
0x46907c HeapReAlloc
0x469080 HeapAlloc
0x469084 HeapSize
0x469088 GetStringTypeW
0x46908c SetLastError
0x469090 GetDateFormatW
0x469094 MultiByteToWideChar
0x469098 LCMapStringW
0x46909c RtlUnwind
0x4690a0 Sleep
0x4690a4 HeapFree
0x4690a8 GetCommandLineA
0x4690ac HeapSetInformation
0x4690b0 GetStartupInfoW
0x4690b4 IsProcessorFeaturePresent
0x4690b8 HeapCreate
0x4690bc SetUnhandledExceptionFilter
0x4690c0 GetModuleHandleW
0x4690c4 ExitProcess
0x4690c8 DecodePointer
0x4690cc WriteFile
0x4690d0 GetStdHandle
0x4690d4 GetModuleFileNameA
0x4690d8 FreeEnvironmentStringsW
0x4690dc WideCharToMultiByte
0x4690e0 GetEnvironmentStringsW
0x4690e4 SetHandleCount
0x4690e8 InitializeCriticalSectionAndSpinCount
0x4690ec GetFileType
0x4690f0 DeleteCriticalSection
0x4690f4 EncodePointer
0x4690f8 TlsAlloc
0x4690fc TlsGetValue
0x469100 TlsSetValue
0x469104 TlsFree
0x469108 InterlockedIncrement
0x46910c GetCurrentThreadId
0x469110 InterlockedDecrement
0x469114 QueryPerformanceCounter
0x469118 GetTickCount
0x46911c GetCurrentProcessId
0x469120 GetSystemTimeAsFileTime
0x469124 UnhandledExceptionFilter
0x469128 IsDebuggerPresent
0x46912c TerminateProcess
0x469130 GetCurrentProcess
0x469134 GetCPInfo
0x469138 GetOEMCP
0x46913c IsValidCodePage
0x469140 LeaveCriticalSection
0x469144 EnterCriticalSection
0x469148 RaiseException
USER32.dll
0x469150 GetKeyboardLayoutNameA
0x469154 SetMessageExtraInfo
0x469158 GetCaretPos
0x46915c DdeCmpStringHandles
0x469160 GetClassInfoW
0x469164 InsertMenuItemW
0x469168 CharUpperBuffA
ADVAPI32.dll
0x469000 GetLengthSid
ole32.dll
0x469178 CoSuspendClassObjects
0x46917c CoMarshalHresult
WINHTTP.dll
0x469170 WinHttpWriteData
EAT(Export Address Table) is none
KERNEL32.dll
0x469008 FindResourceA
0x46900c IsBadStringPtrW
0x469010 CommConfigDialogA
0x469014 SetEndOfFile
0x469018 FindResourceW
0x46901c LocalCompact
0x469020 WriteConsoleInputA
0x469024 GetComputerNameW
0x469028 SetProcessPriorityBoost
0x46902c GlobalFindAtomA
0x469030 LoadLibraryW
0x469034 FreeConsole
0x469038 CreateEventA
0x46903c GetModuleFileNameW
0x469040 CreateFileW
0x469044 GetACP
0x469048 ReplaceFileA
0x46904c CreateDirectoryA
0x469050 GetLastError
0x469054 RemoveVectoredExceptionHandler
0x469058 GetProcAddress
0x46905c GlobalFree
0x469060 LocalAlloc
0x469064 EnumResourceTypesW
0x469068 GetModuleHandleA
0x46906c CancelIo
0x469070 GetWindowsDirectoryW
0x469074 OpenFileMappingA
0x469078 SetFileAttributesW
0x46907c HeapReAlloc
0x469080 HeapAlloc
0x469084 HeapSize
0x469088 GetStringTypeW
0x46908c SetLastError
0x469090 GetDateFormatW
0x469094 MultiByteToWideChar
0x469098 LCMapStringW
0x46909c RtlUnwind
0x4690a0 Sleep
0x4690a4 HeapFree
0x4690a8 GetCommandLineA
0x4690ac HeapSetInformation
0x4690b0 GetStartupInfoW
0x4690b4 IsProcessorFeaturePresent
0x4690b8 HeapCreate
0x4690bc SetUnhandledExceptionFilter
0x4690c0 GetModuleHandleW
0x4690c4 ExitProcess
0x4690c8 DecodePointer
0x4690cc WriteFile
0x4690d0 GetStdHandle
0x4690d4 GetModuleFileNameA
0x4690d8 FreeEnvironmentStringsW
0x4690dc WideCharToMultiByte
0x4690e0 GetEnvironmentStringsW
0x4690e4 SetHandleCount
0x4690e8 InitializeCriticalSectionAndSpinCount
0x4690ec GetFileType
0x4690f0 DeleteCriticalSection
0x4690f4 EncodePointer
0x4690f8 TlsAlloc
0x4690fc TlsGetValue
0x469100 TlsSetValue
0x469104 TlsFree
0x469108 InterlockedIncrement
0x46910c GetCurrentThreadId
0x469110 InterlockedDecrement
0x469114 QueryPerformanceCounter
0x469118 GetTickCount
0x46911c GetCurrentProcessId
0x469120 GetSystemTimeAsFileTime
0x469124 UnhandledExceptionFilter
0x469128 IsDebuggerPresent
0x46912c TerminateProcess
0x469130 GetCurrentProcess
0x469134 GetCPInfo
0x469138 GetOEMCP
0x46913c IsValidCodePage
0x469140 LeaveCriticalSection
0x469144 EnterCriticalSection
0x469148 RaiseException
USER32.dll
0x469150 GetKeyboardLayoutNameA
0x469154 SetMessageExtraInfo
0x469158 GetCaretPos
0x46915c DdeCmpStringHandles
0x469160 GetClassInfoW
0x469164 InsertMenuItemW
0x469168 CharUpperBuffA
ADVAPI32.dll
0x469000 GetLengthSid
ole32.dll
0x469178 CoSuspendClassObjects
0x46917c CoMarshalHresult
WINHTTP.dll
0x469170 WinHttpWriteData
EAT(Export Address Table) is none