ScreenShot
Created | 2024.07.11 13:24 | Machine | s1_win7_x6401 |
Filename | gg.exe | ||
Type | PE32+ executable (console) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 7 detected (AIDetectMalware, malicious, moderate confidence, susgen, confidence) | ||
md5 | 282895a5fdd5a9c87ef8ddefba4e07aa | ||
sha256 | adc7966d09b9bf3831894fc1aa77596db1cf91cd98fe5f785560a897057c9ae8 | ||
ssdeep | 192:gabt2NKaiS7OxqX1DbIyg4SHrgbsgIdnaDQieXb3Q5tf4DOKV:gap237OxS1DbIyFSHMuZb3b | ||
imphash | ecc26a8a56fd73b03052d803b6376c51 | ||
impfuzzy | 24:589aL6zRVJCcyWNwYgMyWPW+6aJCbyBocAihATD29hK4Tg9zAfZhBSJMBbQQSLMA:589aLU3hNTx6w3ZgAMMBMQSLMA |
Network IP location
Signature (1cnts)
Level | Description |
---|---|
notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
Rules (4cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE64 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140003000 GetCurrentThreadId
0x140003008 GetCurrentProcessId
0x140003010 IsDebuggerPresent
0x140003018 InitializeSListHead
0x140003020 GetSystemTimeAsFileTime
0x140003028 QueryPerformanceCounter
0x140003030 IsProcessorFeaturePresent
0x140003038 TerminateProcess
0x140003040 GetCurrentProcess
0x140003048 SetUnhandledExceptionFilter
0x140003050 UnhandledExceptionFilter
0x140003058 RtlVirtualUnwind
0x140003060 RtlLookupFunctionEntry
0x140003068 RtlCaptureContext
0x140003070 GetModuleHandleW
RPCRT4.dll
0x140003080 RpcStringBindingComposeA
0x140003088 RpcBindingFromStringBindingA
0x140003090 NdrClientCall3
VCRUNTIME140.dll
0x1400030a0 __current_exception
0x1400030a8 __C_specific_handler
0x1400030b0 __current_exception_context
0x1400030b8 memset
api-ms-win-crt-convert-l1-1-0.dll
0x1400030c8 mbstowcs
api-ms-win-crt-heap-l1-1-0.dll
0x1400030d8 free
0x1400030e0 malloc
0x1400030e8 _set_new_mode
api-ms-win-crt-runtime-l1-1-0.dll
0x140003118 _register_onexit_function
0x140003120 _crt_atexit
0x140003128 terminate
0x140003130 exit
0x140003138 _c_exit
0x140003140 _initterm
0x140003148 _initterm_e
0x140003150 _get_initial_narrow_environment
0x140003158 _cexit
0x140003160 __p___argv
0x140003168 __p___argc
0x140003170 _initialize_narrow_environment
0x140003178 _configure_narrow_argv
0x140003180 _exit
0x140003188 _set_app_type
0x140003190 _initialize_onexit_table
0x140003198 _seh_filter_exe
0x1400031a0 _register_thread_local_exe_atexit_callback
api-ms-win-crt-math-l1-1-0.dll
0x140003108 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x1400031b0 _set_fmode
0x1400031b8 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1400030f8 _configthreadlocale
EAT(Export Address Table) is none
KERNEL32.dll
0x140003000 GetCurrentThreadId
0x140003008 GetCurrentProcessId
0x140003010 IsDebuggerPresent
0x140003018 InitializeSListHead
0x140003020 GetSystemTimeAsFileTime
0x140003028 QueryPerformanceCounter
0x140003030 IsProcessorFeaturePresent
0x140003038 TerminateProcess
0x140003040 GetCurrentProcess
0x140003048 SetUnhandledExceptionFilter
0x140003050 UnhandledExceptionFilter
0x140003058 RtlVirtualUnwind
0x140003060 RtlLookupFunctionEntry
0x140003068 RtlCaptureContext
0x140003070 GetModuleHandleW
RPCRT4.dll
0x140003080 RpcStringBindingComposeA
0x140003088 RpcBindingFromStringBindingA
0x140003090 NdrClientCall3
VCRUNTIME140.dll
0x1400030a0 __current_exception
0x1400030a8 __C_specific_handler
0x1400030b0 __current_exception_context
0x1400030b8 memset
api-ms-win-crt-convert-l1-1-0.dll
0x1400030c8 mbstowcs
api-ms-win-crt-heap-l1-1-0.dll
0x1400030d8 free
0x1400030e0 malloc
0x1400030e8 _set_new_mode
api-ms-win-crt-runtime-l1-1-0.dll
0x140003118 _register_onexit_function
0x140003120 _crt_atexit
0x140003128 terminate
0x140003130 exit
0x140003138 _c_exit
0x140003140 _initterm
0x140003148 _initterm_e
0x140003150 _get_initial_narrow_environment
0x140003158 _cexit
0x140003160 __p___argv
0x140003168 __p___argc
0x140003170 _initialize_narrow_environment
0x140003178 _configure_narrow_argv
0x140003180 _exit
0x140003188 _set_app_type
0x140003190 _initialize_onexit_table
0x140003198 _seh_filter_exe
0x1400031a0 _register_thread_local_exe_atexit_callback
api-ms-win-crt-math-l1-1-0.dll
0x140003108 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x1400031b0 _set_fmode
0x1400031b8 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1400030f8 _configthreadlocale
EAT(Export Address Table) is none