ScreenShot
| Created | 2024.07.11 09:22 | Machine | s1_win7_x6401 |
| Filename | 3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (AIDetectMalware, Tofsee, malicious, high confidence, score, Lockbit, Unsafe, Save, Midie, Attribute, HighConfidence, Kryptik, HXLR, Artemis, CrypterX, Smokeloader, K9grGyeiw1K, vsnuk, PRIVATELOADER, YXEGJZ, Real Protect, high, Krypt, Detected, ai score=88, SPXV, NRWNJM, Eldorado, R657819, ZexaF, nq0@aqZwQljG, Chgt, Obfuscated, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 293460728c83e7be2fccc67283815c03 | ||
| sha256 | 9f0237df3b14e310cc7a2347b2b852d3af93f81b81c6f8bed1dc522a8d24d50c | ||
| ssdeep | 3072:pupGHxcfc19fyqVsEK3YoX+hmj8ZFcxPVjKNIWJgXfcTizyGUmwp8J2I:KGHxcEuqu33ePCduaWJgbyGUJp8wI | ||
| imphash | ae6ae0f575f5bb1db94bcba94b27b8df | ||
| impfuzzy | 24:KESNqlMTgVjeNJcDRnxvn0ypOovuKL8Rnlyv9WlhIjT4IdfmBQFc2lWXR0GKHi:FZ4m905BKAK9aMcIdfmBQe2oXR01i | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d008 FindResourceA
0x41d00c IsBadStringPtrW
0x41d010 CommConfigDialogA
0x41d014 SetEndOfFile
0x41d018 FindResourceW
0x41d01c CreateDirectoryW
0x41d020 WriteConsoleInputA
0x41d024 GetComputerNameW
0x41d028 GetModuleHandleW
0x41d02c VirtualFree
0x41d030 SetProcessPriorityBoost
0x41d034 GlobalFindAtomA
0x41d038 LoadLibraryW
0x41d03c CreateEventA
0x41d040 GetModuleFileNameW
0x41d044 CreateFileW
0x41d048 GetACP
0x41d04c ReplaceFileA
0x41d050 GlobalUnlock
0x41d054 RemoveVectoredExceptionHandler
0x41d058 SetLastError
0x41d05c GetProcAddress
0x41d060 AttachConsole
0x41d064 SetFileAttributesA
0x41d068 LocalAlloc
0x41d06c EnumResourceTypesW
0x41d070 CancelIo
0x41d074 GetWindowsDirectoryW
0x41d078 OpenFileMappingA
0x41d07c HeapReAlloc
0x41d080 HeapAlloc
0x41d084 HeapSize
0x41d088 GetStringTypeW
0x41d08c GetLastError
0x41d090 GetDateFormatW
0x41d094 MultiByteToWideChar
0x41d098 LCMapStringW
0x41d09c RtlUnwind
0x41d0a0 Sleep
0x41d0a4 HeapFree
0x41d0a8 GetCommandLineA
0x41d0ac HeapSetInformation
0x41d0b0 GetStartupInfoW
0x41d0b4 IsProcessorFeaturePresent
0x41d0b8 HeapCreate
0x41d0bc SetUnhandledExceptionFilter
0x41d0c0 ExitProcess
0x41d0c4 DecodePointer
0x41d0c8 WriteFile
0x41d0cc GetStdHandle
0x41d0d0 GetModuleFileNameA
0x41d0d4 FreeEnvironmentStringsW
0x41d0d8 WideCharToMultiByte
0x41d0dc GetEnvironmentStringsW
0x41d0e0 SetHandleCount
0x41d0e4 InitializeCriticalSectionAndSpinCount
0x41d0e8 GetFileType
0x41d0ec DeleteCriticalSection
0x41d0f0 EncodePointer
0x41d0f4 TlsAlloc
0x41d0f8 TlsGetValue
0x41d0fc TlsSetValue
0x41d100 TlsFree
0x41d104 InterlockedIncrement
0x41d108 GetCurrentThreadId
0x41d10c InterlockedDecrement
0x41d110 QueryPerformanceCounter
0x41d114 GetTickCount
0x41d118 GetCurrentProcessId
0x41d11c GetSystemTimeAsFileTime
0x41d120 UnhandledExceptionFilter
0x41d124 IsDebuggerPresent
0x41d128 TerminateProcess
0x41d12c GetCurrentProcess
0x41d130 GetCPInfo
0x41d134 GetOEMCP
0x41d138 IsValidCodePage
0x41d13c LeaveCriticalSection
0x41d140 EnterCriticalSection
0x41d144 RaiseException
USER32.dll
0x41d14c GetKeyboardLayoutNameA
0x41d150 SetMessageExtraInfo
0x41d154 GetCaretPos
0x41d158 DdeCmpStringHandles
0x41d15c CharUpperBuffW
0x41d160 GetClassInfoW
0x41d164 InsertMenuItemW
ADVAPI32.dll
0x41d000 GetLengthSid
ole32.dll
0x41d174 CoRevokeClassObject
0x41d178 CoMarshalHresult
WINHTTP.dll
0x41d16c WinHttpWriteData
EAT(Export Address Table) is none
KERNEL32.dll
0x41d008 FindResourceA
0x41d00c IsBadStringPtrW
0x41d010 CommConfigDialogA
0x41d014 SetEndOfFile
0x41d018 FindResourceW
0x41d01c CreateDirectoryW
0x41d020 WriteConsoleInputA
0x41d024 GetComputerNameW
0x41d028 GetModuleHandleW
0x41d02c VirtualFree
0x41d030 SetProcessPriorityBoost
0x41d034 GlobalFindAtomA
0x41d038 LoadLibraryW
0x41d03c CreateEventA
0x41d040 GetModuleFileNameW
0x41d044 CreateFileW
0x41d048 GetACP
0x41d04c ReplaceFileA
0x41d050 GlobalUnlock
0x41d054 RemoveVectoredExceptionHandler
0x41d058 SetLastError
0x41d05c GetProcAddress
0x41d060 AttachConsole
0x41d064 SetFileAttributesA
0x41d068 LocalAlloc
0x41d06c EnumResourceTypesW
0x41d070 CancelIo
0x41d074 GetWindowsDirectoryW
0x41d078 OpenFileMappingA
0x41d07c HeapReAlloc
0x41d080 HeapAlloc
0x41d084 HeapSize
0x41d088 GetStringTypeW
0x41d08c GetLastError
0x41d090 GetDateFormatW
0x41d094 MultiByteToWideChar
0x41d098 LCMapStringW
0x41d09c RtlUnwind
0x41d0a0 Sleep
0x41d0a4 HeapFree
0x41d0a8 GetCommandLineA
0x41d0ac HeapSetInformation
0x41d0b0 GetStartupInfoW
0x41d0b4 IsProcessorFeaturePresent
0x41d0b8 HeapCreate
0x41d0bc SetUnhandledExceptionFilter
0x41d0c0 ExitProcess
0x41d0c4 DecodePointer
0x41d0c8 WriteFile
0x41d0cc GetStdHandle
0x41d0d0 GetModuleFileNameA
0x41d0d4 FreeEnvironmentStringsW
0x41d0d8 WideCharToMultiByte
0x41d0dc GetEnvironmentStringsW
0x41d0e0 SetHandleCount
0x41d0e4 InitializeCriticalSectionAndSpinCount
0x41d0e8 GetFileType
0x41d0ec DeleteCriticalSection
0x41d0f0 EncodePointer
0x41d0f4 TlsAlloc
0x41d0f8 TlsGetValue
0x41d0fc TlsSetValue
0x41d100 TlsFree
0x41d104 InterlockedIncrement
0x41d108 GetCurrentThreadId
0x41d10c InterlockedDecrement
0x41d110 QueryPerformanceCounter
0x41d114 GetTickCount
0x41d118 GetCurrentProcessId
0x41d11c GetSystemTimeAsFileTime
0x41d120 UnhandledExceptionFilter
0x41d124 IsDebuggerPresent
0x41d128 TerminateProcess
0x41d12c GetCurrentProcess
0x41d130 GetCPInfo
0x41d134 GetOEMCP
0x41d138 IsValidCodePage
0x41d13c LeaveCriticalSection
0x41d140 EnterCriticalSection
0x41d144 RaiseException
USER32.dll
0x41d14c GetKeyboardLayoutNameA
0x41d150 SetMessageExtraInfo
0x41d154 GetCaretPos
0x41d158 DdeCmpStringHandles
0x41d15c CharUpperBuffW
0x41d160 GetClassInfoW
0x41d164 InsertMenuItemW
ADVAPI32.dll
0x41d000 GetLengthSid
ole32.dll
0x41d174 CoRevokeClassObject
0x41d178 CoMarshalHresult
WINHTTP.dll
0x41d16c WinHttpWriteData
EAT(Export Address Table) is none