ScreenShot
| Created | 2024.07.11 13:42 | Machine | s1_win7_x6401 |
| Filename | gen.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 15 detected (AIDetectMalware, malicious, moderate confidence, score, Ctsinf, Unsafe, Static AI, Suspicious PE, susgen, confidence) | ||
| md5 | 2ece8e2b24bfaf4825acc4888bbd31ac | ||
| sha256 | 97a8be603cade59060b3adb885ad6dcc91de036589b99e1d1970c24b7b5ce47a | ||
| ssdeep | 49152:usoFVUax3Tgrb/TBvO90d7HjmAFd4A64nsfJeEkGXJCIgsaZM4jID1:m39kGXyN | ||
| imphash | 9cbefe68f395e67356e2a5d8d1b285c0 | ||
| impfuzzy | 24:UbVjhNwO+VuT2oLtXOr6kwmDruMztxdEr6tP:KwO+VAXOmGx0oP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | Detects the presence of Wine emulator |
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| watch | Looks for the Windows Idle Time to determine the uptime |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x5b2240 WriteFile
0x5b2248 WriteConsoleW
0x5b2250 WaitForMultipleObjects
0x5b2258 WaitForSingleObject
0x5b2260 VirtualQuery
0x5b2268 VirtualFree
0x5b2270 VirtualAlloc
0x5b2278 SwitchToThread
0x5b2280 SuspendThread
0x5b2288 SetWaitableTimer
0x5b2290 SetUnhandledExceptionFilter
0x5b2298 SetProcessPriorityBoost
0x5b22a0 SetEvent
0x5b22a8 SetErrorMode
0x5b22b0 SetConsoleCtrlHandler
0x5b22b8 ResumeThread
0x5b22c0 PostQueuedCompletionStatus
0x5b22c8 LoadLibraryA
0x5b22d0 LoadLibraryW
0x5b22d8 SetThreadContext
0x5b22e0 GetThreadContext
0x5b22e8 GetSystemInfo
0x5b22f0 GetSystemDirectoryA
0x5b22f8 GetStdHandle
0x5b2300 GetQueuedCompletionStatusEx
0x5b2308 GetProcessAffinityMask
0x5b2310 GetProcAddress
0x5b2318 GetEnvironmentStringsW
0x5b2320 GetConsoleMode
0x5b2328 FreeEnvironmentStringsW
0x5b2330 ExitProcess
0x5b2338 DuplicateHandle
0x5b2340 CreateWaitableTimerExW
0x5b2348 CreateThread
0x5b2350 CreateIoCompletionPort
0x5b2358 CreateFileA
0x5b2360 CreateEventA
0x5b2368 CloseHandle
0x5b2370 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x5b2240 WriteFile
0x5b2248 WriteConsoleW
0x5b2250 WaitForMultipleObjects
0x5b2258 WaitForSingleObject
0x5b2260 VirtualQuery
0x5b2268 VirtualFree
0x5b2270 VirtualAlloc
0x5b2278 SwitchToThread
0x5b2280 SuspendThread
0x5b2288 SetWaitableTimer
0x5b2290 SetUnhandledExceptionFilter
0x5b2298 SetProcessPriorityBoost
0x5b22a0 SetEvent
0x5b22a8 SetErrorMode
0x5b22b0 SetConsoleCtrlHandler
0x5b22b8 ResumeThread
0x5b22c0 PostQueuedCompletionStatus
0x5b22c8 LoadLibraryA
0x5b22d0 LoadLibraryW
0x5b22d8 SetThreadContext
0x5b22e0 GetThreadContext
0x5b22e8 GetSystemInfo
0x5b22f0 GetSystemDirectoryA
0x5b22f8 GetStdHandle
0x5b2300 GetQueuedCompletionStatusEx
0x5b2308 GetProcessAffinityMask
0x5b2310 GetProcAddress
0x5b2318 GetEnvironmentStringsW
0x5b2320 GetConsoleMode
0x5b2328 FreeEnvironmentStringsW
0x5b2330 ExitProcess
0x5b2338 DuplicateHandle
0x5b2340 CreateWaitableTimerExW
0x5b2348 CreateThread
0x5b2350 CreateIoCompletionPort
0x5b2358 CreateFileA
0x5b2360 CreateEventA
0x5b2368 CloseHandle
0x5b2370 AddVectoredExceptionHandler
EAT(Export Address Table) is none