ScreenShot
| Created | 2024.07.11 13:28 | Machine | s1_win7_x6401 |
| Filename | u.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 20 detected (AIDetectMalware, malicious, high confidence, Midie, HackTool, ai score=89, susgen, confidence) | ||
| md5 | 59bf80bdf6c8f3723375b2d83d1610af | ||
| sha256 | e77881389e4aa30e4f740674f5c4fdebe6dbe98a569daa4beedbaf1b94d7a44a | ||
| ssdeep | 3072:IBjZlfdgovOnGoDWvXdlNGbLxvg/H1RsTAk:I9fdg0OVDWvXd3kxvQzsE | ||
| imphash | 96b0c1e02ce3ed7a099cdb20098fd023 | ||
| impfuzzy | 24:/zQDGQjXo0qtvmlJnc+pl39/Cu02EOovbO3URZHu93v8R3GM81G:r1QjXYtvkc+ppQu0S3vEGQ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| info | Collects information to fingerprint the system (MachineGuid |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140011000 GetModuleFileNameW
0x140011008 OpenProcess
0x140011010 CloseHandle
0x140011018 GetWindowsDirectoryW
0x140011020 GetProcAddress
0x140011028 ReadProcessMemory
0x140011030 GetCurrentProcessId
0x140011038 GetModuleHandleW
0x140011040 CreateFileW
0x140011048 SetFilePointerEx
0x140011050 QueryPerformanceCounter
0x140011058 GetCurrentThreadId
0x140011060 GetSystemTimeAsFileTime
0x140011068 InitializeSListHead
0x140011070 RtlCaptureContext
0x140011078 RtlLookupFunctionEntry
0x140011080 RtlVirtualUnwind
0x140011088 IsDebuggerPresent
0x140011090 UnhandledExceptionFilter
0x140011098 SetUnhandledExceptionFilter
0x1400110a0 GetStartupInfoW
0x1400110a8 IsProcessorFeaturePresent
0x1400110b0 RtlUnwindEx
0x1400110b8 GetLastError
0x1400110c0 SetLastError
0x1400110c8 EnterCriticalSection
0x1400110d0 LeaveCriticalSection
0x1400110d8 DeleteCriticalSection
0x1400110e0 InitializeCriticalSectionAndSpinCount
0x1400110e8 TlsAlloc
0x1400110f0 TlsGetValue
0x1400110f8 TlsSetValue
0x140011100 TlsFree
0x140011108 FreeLibrary
0x140011110 LoadLibraryExW
0x140011118 EncodePointer
0x140011120 RaiseException
0x140011128 RtlPcToFileHeader
0x140011130 GetStdHandle
0x140011138 WriteFile
0x140011140 GetCurrentProcess
0x140011148 ExitProcess
0x140011150 TerminateProcess
0x140011158 GetModuleHandleExW
0x140011160 GetCommandLineA
0x140011168 GetCommandLineW
0x140011170 HeapAlloc
0x140011178 HeapFree
0x140011180 FindClose
0x140011188 FindFirstFileExW
0x140011190 FindNextFileW
0x140011198 IsValidCodePage
0x1400111a0 GetACP
0x1400111a8 GetOEMCP
0x1400111b0 GetCPInfo
0x1400111b8 MultiByteToWideChar
0x1400111c0 WideCharToMultiByte
0x1400111c8 GetEnvironmentStringsW
0x1400111d0 FreeEnvironmentStringsW
0x1400111d8 SetEnvironmentVariableW
0x1400111e0 SetStdHandle
0x1400111e8 GetFileType
0x1400111f0 GetStringTypeW
0x1400111f8 FlsAlloc
0x140011200 FlsGetValue
0x140011208 FlsSetValue
0x140011210 FlsFree
0x140011218 CompareStringW
0x140011220 LCMapStringW
0x140011228 GetProcessHeap
0x140011230 HeapSize
0x140011238 HeapReAlloc
0x140011240 FlushFileBuffers
0x140011248 GetConsoleOutputCP
0x140011250 GetConsoleMode
0x140011258 WriteConsoleW
ole32.dll
0x140011268 CoUninitialize
0x140011270 CoInitializeEx
0x140011278 CoGetObject
EAT(Export Address Table) is none
KERNEL32.dll
0x140011000 GetModuleFileNameW
0x140011008 OpenProcess
0x140011010 CloseHandle
0x140011018 GetWindowsDirectoryW
0x140011020 GetProcAddress
0x140011028 ReadProcessMemory
0x140011030 GetCurrentProcessId
0x140011038 GetModuleHandleW
0x140011040 CreateFileW
0x140011048 SetFilePointerEx
0x140011050 QueryPerformanceCounter
0x140011058 GetCurrentThreadId
0x140011060 GetSystemTimeAsFileTime
0x140011068 InitializeSListHead
0x140011070 RtlCaptureContext
0x140011078 RtlLookupFunctionEntry
0x140011080 RtlVirtualUnwind
0x140011088 IsDebuggerPresent
0x140011090 UnhandledExceptionFilter
0x140011098 SetUnhandledExceptionFilter
0x1400110a0 GetStartupInfoW
0x1400110a8 IsProcessorFeaturePresent
0x1400110b0 RtlUnwindEx
0x1400110b8 GetLastError
0x1400110c0 SetLastError
0x1400110c8 EnterCriticalSection
0x1400110d0 LeaveCriticalSection
0x1400110d8 DeleteCriticalSection
0x1400110e0 InitializeCriticalSectionAndSpinCount
0x1400110e8 TlsAlloc
0x1400110f0 TlsGetValue
0x1400110f8 TlsSetValue
0x140011100 TlsFree
0x140011108 FreeLibrary
0x140011110 LoadLibraryExW
0x140011118 EncodePointer
0x140011120 RaiseException
0x140011128 RtlPcToFileHeader
0x140011130 GetStdHandle
0x140011138 WriteFile
0x140011140 GetCurrentProcess
0x140011148 ExitProcess
0x140011150 TerminateProcess
0x140011158 GetModuleHandleExW
0x140011160 GetCommandLineA
0x140011168 GetCommandLineW
0x140011170 HeapAlloc
0x140011178 HeapFree
0x140011180 FindClose
0x140011188 FindFirstFileExW
0x140011190 FindNextFileW
0x140011198 IsValidCodePage
0x1400111a0 GetACP
0x1400111a8 GetOEMCP
0x1400111b0 GetCPInfo
0x1400111b8 MultiByteToWideChar
0x1400111c0 WideCharToMultiByte
0x1400111c8 GetEnvironmentStringsW
0x1400111d0 FreeEnvironmentStringsW
0x1400111d8 SetEnvironmentVariableW
0x1400111e0 SetStdHandle
0x1400111e8 GetFileType
0x1400111f0 GetStringTypeW
0x1400111f8 FlsAlloc
0x140011200 FlsGetValue
0x140011208 FlsSetValue
0x140011210 FlsFree
0x140011218 CompareStringW
0x140011220 LCMapStringW
0x140011228 GetProcessHeap
0x140011230 HeapSize
0x140011238 HeapReAlloc
0x140011240 FlushFileBuffers
0x140011248 GetConsoleOutputCP
0x140011250 GetConsoleMode
0x140011258 WriteConsoleW
ole32.dll
0x140011268 CoUninitialize
0x140011270 CoInitializeEx
0x140011278 CoGetObject
EAT(Export Address Table) is none