ScreenShot
| Created | 2024.07.11 09:23 | Machine | s1_win7_x6403 |
| Filename | 1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 32 detected (AIDetectMalware, malicious, high confidence, score, Lockbit, Unsafe, Save, Attribute, HighConfidence, DiskWriter, Generic@AI, RDMK, cmRtazq0rhB9l4lXzqeSfKtroOAa, Real Protect, high, Krypt, Tepfer, Detected, Wacapew, Kryptik, Eldorado, ZexaF, rq0@aiEYXnfG, MachineLearning, Anomalous, Obfuscated, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 835246232dbb706d3958d28677176332 | ||
| sha256 | 7723f42ffff348cccf33af03afb955f678a0abf6f67965c19db76afc09d5a8a8 | ||
| ssdeep | 3072:ziB7yGFwOm/mPm9galK+LDpIhIcTxca09zV+g:G7Lqm6gaE+B8Iq6Tz | ||
| imphash | a3e85d80936c7ef42408e50a5a01f3d6 | ||
| impfuzzy | 24:uS2li9glJcD5Acv+TV+UOovsh5di8Rnlyv95hIjT4RfjrGqAQ2FcQnAdFLB:u7GQ+LH91K97McRfjr/AQ2eQAXB | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d014 AllocConsole
0x41d018 CommConfigDialogA
0x41d01c SetEndOfFile
0x41d020 LocalCompact
0x41d024 GetProcessPriorityBoost
0x41d028 LoadLibraryW
0x41d02c CreateEventA
0x41d030 GetModuleFileNameW
0x41d034 GetACP
0x41d038 ReplaceFileA
0x41d03c CreateDirectoryA
0x41d040 GetLastError
0x41d044 SetLastError
0x41d048 GetProcAddress
0x41d04c CreateJobSet
0x41d050 IsBadStringPtrW
0x41d054 CreateFileMappingA
0x41d058 LocalAlloc
0x41d05c GlobalFindAtomW
0x41d060 EnumResourceTypesW
0x41d064 GetWindowsDirectoryW
0x41d068 SetFileAttributesW
0x41d06c RaiseException
0x41d070 HeapReAlloc
0x41d074 GetStringTypeW
0x41d078 MultiByteToWideChar
0x41d07c LCMapStringW
0x41d080 FindResourceA
0x41d084 WriteConsoleInputW
0x41d088 CreateFileA
0x41d08c GlobalFree
0x41d090 GetDateFormatW
0x41d094 HeapSize
0x41d098 RtlUnwind
0x41d09c HeapAlloc
0x41d0a0 GetCommandLineA
0x41d0a4 HeapSetInformation
0x41d0a8 GetStartupInfoW
0x41d0ac IsProcessorFeaturePresent
0x41d0b0 GetModuleHandleW
0x41d0b4 ExitProcess
0x41d0b8 DecodePointer
0x41d0bc WriteFile
0x41d0c0 GetStdHandle
0x41d0c4 HeapCreate
0x41d0c8 EncodePointer
0x41d0cc HeapFree
0x41d0d0 SetUnhandledExceptionFilter
0x41d0d4 GetModuleFileNameA
0x41d0d8 FreeEnvironmentStringsW
0x41d0dc WideCharToMultiByte
0x41d0e0 GetEnvironmentStringsW
0x41d0e4 SetHandleCount
0x41d0e8 InitializeCriticalSectionAndSpinCount
0x41d0ec GetFileType
0x41d0f0 DeleteCriticalSection
0x41d0f4 TlsAlloc
0x41d0f8 TlsGetValue
0x41d0fc TlsSetValue
0x41d100 TlsFree
0x41d104 InterlockedIncrement
0x41d108 GetCurrentThreadId
0x41d10c InterlockedDecrement
0x41d110 QueryPerformanceCounter
0x41d114 GetTickCount
0x41d118 GetCurrentProcessId
0x41d11c GetSystemTimeAsFileTime
0x41d120 LeaveCriticalSection
0x41d124 EnterCriticalSection
0x41d128 UnhandledExceptionFilter
0x41d12c IsDebuggerPresent
0x41d130 TerminateProcess
0x41d134 GetCurrentProcess
0x41d138 GetCPInfo
0x41d13c GetOEMCP
0x41d140 IsValidCodePage
0x41d144 Sleep
USER32.dll
0x41d154 InsertMenuItemW
0x41d158 CharUpperBuffA
0x41d15c GetCaretPos
0x41d160 SetMessageExtraInfo
0x41d164 GetKeyboardLayoutNameA
0x41d168 ShowCursor
0x41d16c GetClassInfoW
GDI32.dll
0x41d00c GetCharABCWidthsI
ADVAPI32.dll
0x41d000 CopySid
0x41d004 ClearEventLogA
MSIMG32.dll
0x41d14c AlphaBlend
EAT(Export Address Table) is none
KERNEL32.dll
0x41d014 AllocConsole
0x41d018 CommConfigDialogA
0x41d01c SetEndOfFile
0x41d020 LocalCompact
0x41d024 GetProcessPriorityBoost
0x41d028 LoadLibraryW
0x41d02c CreateEventA
0x41d030 GetModuleFileNameW
0x41d034 GetACP
0x41d038 ReplaceFileA
0x41d03c CreateDirectoryA
0x41d040 GetLastError
0x41d044 SetLastError
0x41d048 GetProcAddress
0x41d04c CreateJobSet
0x41d050 IsBadStringPtrW
0x41d054 CreateFileMappingA
0x41d058 LocalAlloc
0x41d05c GlobalFindAtomW
0x41d060 EnumResourceTypesW
0x41d064 GetWindowsDirectoryW
0x41d068 SetFileAttributesW
0x41d06c RaiseException
0x41d070 HeapReAlloc
0x41d074 GetStringTypeW
0x41d078 MultiByteToWideChar
0x41d07c LCMapStringW
0x41d080 FindResourceA
0x41d084 WriteConsoleInputW
0x41d088 CreateFileA
0x41d08c GlobalFree
0x41d090 GetDateFormatW
0x41d094 HeapSize
0x41d098 RtlUnwind
0x41d09c HeapAlloc
0x41d0a0 GetCommandLineA
0x41d0a4 HeapSetInformation
0x41d0a8 GetStartupInfoW
0x41d0ac IsProcessorFeaturePresent
0x41d0b0 GetModuleHandleW
0x41d0b4 ExitProcess
0x41d0b8 DecodePointer
0x41d0bc WriteFile
0x41d0c0 GetStdHandle
0x41d0c4 HeapCreate
0x41d0c8 EncodePointer
0x41d0cc HeapFree
0x41d0d0 SetUnhandledExceptionFilter
0x41d0d4 GetModuleFileNameA
0x41d0d8 FreeEnvironmentStringsW
0x41d0dc WideCharToMultiByte
0x41d0e0 GetEnvironmentStringsW
0x41d0e4 SetHandleCount
0x41d0e8 InitializeCriticalSectionAndSpinCount
0x41d0ec GetFileType
0x41d0f0 DeleteCriticalSection
0x41d0f4 TlsAlloc
0x41d0f8 TlsGetValue
0x41d0fc TlsSetValue
0x41d100 TlsFree
0x41d104 InterlockedIncrement
0x41d108 GetCurrentThreadId
0x41d10c InterlockedDecrement
0x41d110 QueryPerformanceCounter
0x41d114 GetTickCount
0x41d118 GetCurrentProcessId
0x41d11c GetSystemTimeAsFileTime
0x41d120 LeaveCriticalSection
0x41d124 EnterCriticalSection
0x41d128 UnhandledExceptionFilter
0x41d12c IsDebuggerPresent
0x41d130 TerminateProcess
0x41d134 GetCurrentProcess
0x41d138 GetCPInfo
0x41d13c GetOEMCP
0x41d140 IsValidCodePage
0x41d144 Sleep
USER32.dll
0x41d154 InsertMenuItemW
0x41d158 CharUpperBuffA
0x41d15c GetCaretPos
0x41d160 SetMessageExtraInfo
0x41d164 GetKeyboardLayoutNameA
0x41d168 ShowCursor
0x41d16c GetClassInfoW
GDI32.dll
0x41d00c GetCharABCWidthsI
ADVAPI32.dll
0x41d000 CopySid
0x41d004 ClearEventLogA
MSIMG32.dll
0x41d14c AlphaBlend
EAT(Export Address Table) is none