ScreenShot
| Created | 2024.07.11 09:24 | Machine | s1_win7_x6401 |
| Filename | 1qWbf4Bsej2u.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 32 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Vyn6, Attribute, HighConfidence, a variant of WinGo, Artemis, CLASSIC, ykdhp, AMADEY, YXEGJZ, WinGo, Detected, LummaStealer, Eldorado, Chgt, Static AI, Suspicious PE) | ||
| md5 | 0e9459f87d4d72ca3f3fb54af7432de9 | ||
| sha256 | c4452b42ae44c837bb125fa539edfd57241aff7f40c63365ff4cde0d9a823f44 | ||
| ssdeep | 49152:4kmANd/Zz39voeJAg/Bst+YhOQz4W3FlFPyHF80WBh5OIm/tJe34jcH5EGgMLhZk:Uoh3FJBWz4W1lFbBnPE6wUa7nPF | ||
| imphash | c595f1660e1a3c84f4d9b0761d23cd7a | ||
| impfuzzy | 96:wJexMCyamCRHu42xQ2H3XiX1PgblTJGQ661mcqTjz:wgrymLe3SFomQ6+STjz | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140906494 AddAtomA
0x14090649c AddVectoredContinueHandler
0x1409064a4 AddVectoredExceptionHandler
0x1409064ac CloseHandle
0x1409064b4 CreateEventA
0x1409064bc CreateFileA
0x1409064c4 CreateIoCompletionPort
0x1409064cc CreateMutexA
0x1409064d4 CreateSemaphoreA
0x1409064dc CreateThread
0x1409064e4 CreateWaitableTimerExW
0x1409064ec DeleteAtom
0x1409064f4 DeleteCriticalSection
0x1409064fc DuplicateHandle
0x140906504 EnterCriticalSection
0x14090650c ExitProcess
0x140906514 FindAtomA
0x14090651c FormatMessageA
0x140906524 FreeEnvironmentStringsW
0x14090652c GetAtomNameA
0x140906534 GetConsoleMode
0x14090653c GetCurrentProcess
0x140906544 GetCurrentProcessId
0x14090654c GetCurrentThread
0x140906554 GetCurrentThreadId
0x14090655c GetEnvironmentStringsW
0x140906564 GetErrorMode
0x14090656c GetHandleInformation
0x140906574 GetLastError
0x14090657c GetProcAddress
0x140906584 GetProcessAffinityMask
0x14090658c GetQueuedCompletionStatusEx
0x140906594 GetStartupInfoA
0x14090659c GetStdHandle
0x1409065a4 GetSystemDirectoryA
0x1409065ac GetSystemInfo
0x1409065b4 GetSystemTimeAsFileTime
0x1409065bc GetThreadContext
0x1409065c4 GetThreadPriority
0x1409065cc GetTickCount
0x1409065d4 InitializeCriticalSection
0x1409065dc IsDBCSLeadByteEx
0x1409065e4 IsDebuggerPresent
0x1409065ec LeaveCriticalSection
0x1409065f4 LoadLibraryExW
0x1409065fc LoadLibraryW
0x140906604 LocalFree
0x14090660c MultiByteToWideChar
0x140906614 OpenProcess
0x14090661c OutputDebugStringA
0x140906624 PostQueuedCompletionStatus
0x14090662c QueryPerformanceCounter
0x140906634 QueryPerformanceFrequency
0x14090663c RaiseException
0x140906644 RaiseFailFastException
0x14090664c ReleaseMutex
0x140906654 ReleaseSemaphore
0x14090665c RemoveVectoredExceptionHandler
0x140906664 ResetEvent
0x14090666c ResumeThread
0x140906674 RtlLookupFunctionEntry
0x14090667c RtlVirtualUnwind
0x140906684 SetConsoleCtrlHandler
0x14090668c SetErrorMode
0x140906694 SetEvent
0x14090669c SetLastError
0x1409066a4 SetProcessAffinityMask
0x1409066ac SetProcessPriorityBoost
0x1409066b4 SetThreadContext
0x1409066bc SetThreadPriority
0x1409066c4 SetUnhandledExceptionFilter
0x1409066cc SetWaitableTimer
0x1409066d4 Sleep
0x1409066dc SuspendThread
0x1409066e4 SwitchToThread
0x1409066ec TlsAlloc
0x1409066f4 TlsGetValue
0x1409066fc TlsSetValue
0x140906704 TryEnterCriticalSection
0x14090670c VirtualAlloc
0x140906714 VirtualFree
0x14090671c VirtualProtect
0x140906724 VirtualQuery
0x14090672c WaitForMultipleObjects
0x140906734 WaitForSingleObject
0x14090673c WerGetFlags
0x140906744 WerSetFlags
0x14090674c WideCharToMultiByte
0x140906754 WriteConsoleW
0x14090675c WriteFile
0x140906764 __C_specific_handler
msvcrt.dll
0x140906774 ___lc_codepage_func
0x14090677c ___mb_cur_max_func
0x140906784 __getmainargs
0x14090678c __initenv
0x140906794 __iob_func
0x14090679c __lconv_init
0x1409067a4 __set_app_type
0x1409067ac __setusermatherr
0x1409067b4 _acmdln
0x1409067bc _amsg_exit
0x1409067c4 _beginthread
0x1409067cc _beginthreadex
0x1409067d4 _cexit
0x1409067dc _commode
0x1409067e4 _endthreadex
0x1409067ec _errno
0x1409067f4 _fmode
0x1409067fc _initterm
0x140906804 _lock
0x14090680c _memccpy
0x140906814 _onexit
0x14090681c _setjmp
0x140906824 _strdup
0x14090682c _ultoa
0x140906834 _unlock
0x14090683c abort
0x140906844 calloc
0x14090684c exit
0x140906854 fprintf
0x14090685c fputc
0x140906864 free
0x14090686c fwrite
0x140906874 localeconv
0x14090687c longjmp
0x140906884 malloc
0x14090688c memcpy
0x140906894 memmove
0x14090689c memset
0x1409068a4 printf
0x1409068ac realloc
0x1409068b4 signal
0x1409068bc strerror
0x1409068c4 strlen
0x1409068cc strncmp
0x1409068d4 vfprintf
0x1409068dc wcslen
EAT(Export Address Table) Library
0x140903b70 _cgo_dummy_export
KERNEL32.dll
0x140906494 AddAtomA
0x14090649c AddVectoredContinueHandler
0x1409064a4 AddVectoredExceptionHandler
0x1409064ac CloseHandle
0x1409064b4 CreateEventA
0x1409064bc CreateFileA
0x1409064c4 CreateIoCompletionPort
0x1409064cc CreateMutexA
0x1409064d4 CreateSemaphoreA
0x1409064dc CreateThread
0x1409064e4 CreateWaitableTimerExW
0x1409064ec DeleteAtom
0x1409064f4 DeleteCriticalSection
0x1409064fc DuplicateHandle
0x140906504 EnterCriticalSection
0x14090650c ExitProcess
0x140906514 FindAtomA
0x14090651c FormatMessageA
0x140906524 FreeEnvironmentStringsW
0x14090652c GetAtomNameA
0x140906534 GetConsoleMode
0x14090653c GetCurrentProcess
0x140906544 GetCurrentProcessId
0x14090654c GetCurrentThread
0x140906554 GetCurrentThreadId
0x14090655c GetEnvironmentStringsW
0x140906564 GetErrorMode
0x14090656c GetHandleInformation
0x140906574 GetLastError
0x14090657c GetProcAddress
0x140906584 GetProcessAffinityMask
0x14090658c GetQueuedCompletionStatusEx
0x140906594 GetStartupInfoA
0x14090659c GetStdHandle
0x1409065a4 GetSystemDirectoryA
0x1409065ac GetSystemInfo
0x1409065b4 GetSystemTimeAsFileTime
0x1409065bc GetThreadContext
0x1409065c4 GetThreadPriority
0x1409065cc GetTickCount
0x1409065d4 InitializeCriticalSection
0x1409065dc IsDBCSLeadByteEx
0x1409065e4 IsDebuggerPresent
0x1409065ec LeaveCriticalSection
0x1409065f4 LoadLibraryExW
0x1409065fc LoadLibraryW
0x140906604 LocalFree
0x14090660c MultiByteToWideChar
0x140906614 OpenProcess
0x14090661c OutputDebugStringA
0x140906624 PostQueuedCompletionStatus
0x14090662c QueryPerformanceCounter
0x140906634 QueryPerformanceFrequency
0x14090663c RaiseException
0x140906644 RaiseFailFastException
0x14090664c ReleaseMutex
0x140906654 ReleaseSemaphore
0x14090665c RemoveVectoredExceptionHandler
0x140906664 ResetEvent
0x14090666c ResumeThread
0x140906674 RtlLookupFunctionEntry
0x14090667c RtlVirtualUnwind
0x140906684 SetConsoleCtrlHandler
0x14090668c SetErrorMode
0x140906694 SetEvent
0x14090669c SetLastError
0x1409066a4 SetProcessAffinityMask
0x1409066ac SetProcessPriorityBoost
0x1409066b4 SetThreadContext
0x1409066bc SetThreadPriority
0x1409066c4 SetUnhandledExceptionFilter
0x1409066cc SetWaitableTimer
0x1409066d4 Sleep
0x1409066dc SuspendThread
0x1409066e4 SwitchToThread
0x1409066ec TlsAlloc
0x1409066f4 TlsGetValue
0x1409066fc TlsSetValue
0x140906704 TryEnterCriticalSection
0x14090670c VirtualAlloc
0x140906714 VirtualFree
0x14090671c VirtualProtect
0x140906724 VirtualQuery
0x14090672c WaitForMultipleObjects
0x140906734 WaitForSingleObject
0x14090673c WerGetFlags
0x140906744 WerSetFlags
0x14090674c WideCharToMultiByte
0x140906754 WriteConsoleW
0x14090675c WriteFile
0x140906764 __C_specific_handler
msvcrt.dll
0x140906774 ___lc_codepage_func
0x14090677c ___mb_cur_max_func
0x140906784 __getmainargs
0x14090678c __initenv
0x140906794 __iob_func
0x14090679c __lconv_init
0x1409067a4 __set_app_type
0x1409067ac __setusermatherr
0x1409067b4 _acmdln
0x1409067bc _amsg_exit
0x1409067c4 _beginthread
0x1409067cc _beginthreadex
0x1409067d4 _cexit
0x1409067dc _commode
0x1409067e4 _endthreadex
0x1409067ec _errno
0x1409067f4 _fmode
0x1409067fc _initterm
0x140906804 _lock
0x14090680c _memccpy
0x140906814 _onexit
0x14090681c _setjmp
0x140906824 _strdup
0x14090682c _ultoa
0x140906834 _unlock
0x14090683c abort
0x140906844 calloc
0x14090684c exit
0x140906854 fprintf
0x14090685c fputc
0x140906864 free
0x14090686c fwrite
0x140906874 localeconv
0x14090687c longjmp
0x140906884 malloc
0x14090688c memcpy
0x140906894 memmove
0x14090689c memset
0x1409068a4 printf
0x1409068ac realloc
0x1409068b4 signal
0x1409068bc strerror
0x1409068c4 strlen
0x1409068cc strncmp
0x1409068d4 vfprintf
0x1409068dc wcslen
EAT(Export Address Table) Library
0x140903b70 _cgo_dummy_export