ScreenShot
| Created | 2024.07.11 13:17 | Machine | s1_win7_x6401 |
| Filename | goo.exe | ||
| Type | PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 21 detected (malicious, moderate confidence, score, Sabsik, Unsafe, Vyi8, Artemis, Etap, Generic Reputation PUA, Detected, Wacatac, Infected, AutoInfector, Casdet, ABApplication, SOLH, Static AI, Suspicious PE, susgen, PossibleThreat) | ||
| md5 | 8bd9ba6bf43c3664ac3179f8aaaf780b | ||
| sha256 | 0e3145becb5133d8f8d4229cbfee8b22766ed6d0ca5d3a815c08805919c7c2e8 | ||
| ssdeep | 24576:KkBswrOgYvFCc59CsnX3PKr9JFTLyUMfy8DUf4C/bUXCC+CoJeZaYD1/3r:Q33PKgD64GVCqYD1/3r | ||
| imphash | 9cbefe68f395e67356e2a5d8d1b285c0 | ||
| impfuzzy | 24:UbVjhNwO+VuT2oLtXOr6kwmDruMztxdEr6tP:KwO+VAXOmGx0oP | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to identify installed AV products by installation directory |
| watch | Detects the presence of Wine emulator |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x578140 WriteFile
0x578144 WriteConsoleW
0x578148 WaitForMultipleObjects
0x57814c WaitForSingleObject
0x578150 VirtualQuery
0x578154 VirtualFree
0x578158 VirtualAlloc
0x57815c SwitchToThread
0x578160 SuspendThread
0x578164 SetWaitableTimer
0x578168 SetUnhandledExceptionFilter
0x57816c SetProcessPriorityBoost
0x578170 SetEvent
0x578174 SetErrorMode
0x578178 SetConsoleCtrlHandler
0x57817c ResumeThread
0x578180 PostQueuedCompletionStatus
0x578184 LoadLibraryA
0x578188 LoadLibraryW
0x57818c SetThreadContext
0x578190 GetThreadContext
0x578194 GetSystemInfo
0x578198 GetSystemDirectoryA
0x57819c GetStdHandle
0x5781a0 GetQueuedCompletionStatusEx
0x5781a4 GetProcessAffinityMask
0x5781a8 GetProcAddress
0x5781ac GetEnvironmentStringsW
0x5781b0 GetConsoleMode
0x5781b4 FreeEnvironmentStringsW
0x5781b8 ExitProcess
0x5781bc DuplicateHandle
0x5781c0 CreateWaitableTimerExW
0x5781c4 CreateThread
0x5781c8 CreateIoCompletionPort
0x5781cc CreateFileA
0x5781d0 CreateEventA
0x5781d4 CloseHandle
0x5781d8 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x578140 WriteFile
0x578144 WriteConsoleW
0x578148 WaitForMultipleObjects
0x57814c WaitForSingleObject
0x578150 VirtualQuery
0x578154 VirtualFree
0x578158 VirtualAlloc
0x57815c SwitchToThread
0x578160 SuspendThread
0x578164 SetWaitableTimer
0x578168 SetUnhandledExceptionFilter
0x57816c SetProcessPriorityBoost
0x578170 SetEvent
0x578174 SetErrorMode
0x578178 SetConsoleCtrlHandler
0x57817c ResumeThread
0x578180 PostQueuedCompletionStatus
0x578184 LoadLibraryA
0x578188 LoadLibraryW
0x57818c SetThreadContext
0x578190 GetThreadContext
0x578194 GetSystemInfo
0x578198 GetSystemDirectoryA
0x57819c GetStdHandle
0x5781a0 GetQueuedCompletionStatusEx
0x5781a4 GetProcessAffinityMask
0x5781a8 GetProcAddress
0x5781ac GetEnvironmentStringsW
0x5781b0 GetConsoleMode
0x5781b4 FreeEnvironmentStringsW
0x5781b8 ExitProcess
0x5781bc DuplicateHandle
0x5781c0 CreateWaitableTimerExW
0x5781c4 CreateThread
0x5781c8 CreateIoCompletionPort
0x5781cc CreateFileA
0x5781d0 CreateEventA
0x5781d4 CloseHandle
0x5781d8 AddVectoredExceptionHandler
EAT(Export Address Table) is none