ScreenShot
| Created | 2024.07.11 13:31 | Machine | s1_win7_x6401 |
| Filename | msmger.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 15 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Save, WinGo, Detected, Behavior, confidence) | ||
| md5 | a81771f0ecb1e53a962d49a1187509ba | ||
| sha256 | dab670fa9668bfaeb913aeab13bbdd3b6654bd35931ec374f86fadbc4514cf15 | ||
| ssdeep | 98304:l6WbeFTXsofCEEgYWxgB2gZmdpEYsfQf7zYU9HpAO4QyM:8bFTXsA5Egn9gZm8Ysc7EUBCoyM | ||
| imphash | ec67d1984e18f70d6dc08fc76cfdd87b | ||
| impfuzzy | 48:nJbFMCgO1hKemo2DgndX8JOmTaJG0JqkoqcQ:nJbFMCgO1Eo2DgdX8g8aJG0URqcQ | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x8d039c AddVectoredExceptionHandler
0x8d03a4 CloseHandle
0x8d03ac CreateEventA
0x8d03b4 CreateFileA
0x8d03bc CreateIoCompletionPort
0x8d03c4 CreateThread
0x8d03cc CreateWaitableTimerExW
0x8d03d4 DeleteCriticalSection
0x8d03dc DuplicateHandle
0x8d03e4 EnterCriticalSection
0x8d03ec ExitProcess
0x8d03f4 FreeEnvironmentStringsW
0x8d03fc FreeLibrary
0x8d0404 GetConsoleMode
0x8d040c GetCurrentProcess
0x8d0414 GetCurrentProcessId
0x8d041c GetCurrentThreadId
0x8d0424 GetEnvironmentStringsW
0x8d042c GetErrorMode
0x8d0434 GetLastError
0x8d043c GetProcAddress
0x8d0444 GetProcessAffinityMask
0x8d044c GetProcessHeap
0x8d0454 GetQueuedCompletionStatusEx
0x8d045c GetStartupInfoA
0x8d0464 GetStdHandle
0x8d046c GetSystemDirectoryA
0x8d0474 GetSystemInfo
0x8d047c GetSystemTimeAsFileTime
0x8d0484 GetThreadContext
0x8d048c GetThreadLocale
0x8d0494 GetTickCount
0x8d049c HeapAlloc
0x8d04a4 HeapFree
0x8d04ac InitializeCriticalSection
0x8d04b4 IsBadReadPtr
0x8d04bc LeaveCriticalSection
0x8d04c4 LoadLibraryA
0x8d04cc LoadLibraryExW
0x8d04d4 LoadLibraryW
0x8d04dc PostQueuedCompletionStatus
0x8d04e4 QueryPerformanceCounter
0x8d04ec RaiseFailFastException
0x8d04f4 ResumeThread
0x8d04fc RtlAddFunctionTable
0x8d0504 RtlCaptureContext
0x8d050c RtlLookupFunctionEntry
0x8d0514 RtlVirtualUnwind
0x8d051c SetConsoleCtrlHandler
0x8d0524 SetErrorMode
0x8d052c SetEvent
0x8d0534 SetLastError
0x8d053c SetProcessPriorityBoost
0x8d0544 SetThreadContext
0x8d054c SetUnhandledExceptionFilter
0x8d0554 SetWaitableTimer
0x8d055c Sleep
0x8d0564 SuspendThread
0x8d056c SwitchToThread
0x8d0574 TerminateProcess
0x8d057c TlsAlloc
0x8d0584 TlsGetValue
0x8d058c UnhandledExceptionFilter
0x8d0594 VirtualAlloc
0x8d059c VirtualFree
0x8d05a4 VirtualProtect
0x8d05ac VirtualQuery
0x8d05b4 WaitForMultipleObjects
0x8d05bc WaitForSingleObject
0x8d05c4 WerGetFlags
0x8d05cc WerSetFlags
0x8d05d4 WriteConsoleW
0x8d05dc WriteFile
0x8d05e4 __C_specific_handler
0x8d05ec lstrlenA
msvcrt.dll
0x8d05fc __getmainargs
0x8d0604 __initenv
0x8d060c __iob_func
0x8d0614 __lconv_init
0x8d061c __set_app_type
0x8d0624 __setusermatherr
0x8d062c _acmdln
0x8d0634 _amsg_exit
0x8d063c _beginthread
0x8d0644 _cexit
0x8d064c _errno
0x8d0654 _fmode
0x8d065c _initterm
0x8d0664 _onexit
0x8d066c _stricmp
0x8d0674 abort
0x8d067c calloc
0x8d0684 exit
0x8d068c fprintf
0x8d0694 free
0x8d069c fwrite
0x8d06a4 malloc
0x8d06ac memcpy
0x8d06b4 memset
0x8d06bc realloc
0x8d06c4 signal
0x8d06cc strlen
0x8d06d4 strncmp
0x8d06dc strtol
0x8d06e4 vfprintf
0x8d06ec wcstombs
EAT(Export Address Table) Library
0x8ce550 _cgo_dummy_export
KERNEL32.dll
0x8d039c AddVectoredExceptionHandler
0x8d03a4 CloseHandle
0x8d03ac CreateEventA
0x8d03b4 CreateFileA
0x8d03bc CreateIoCompletionPort
0x8d03c4 CreateThread
0x8d03cc CreateWaitableTimerExW
0x8d03d4 DeleteCriticalSection
0x8d03dc DuplicateHandle
0x8d03e4 EnterCriticalSection
0x8d03ec ExitProcess
0x8d03f4 FreeEnvironmentStringsW
0x8d03fc FreeLibrary
0x8d0404 GetConsoleMode
0x8d040c GetCurrentProcess
0x8d0414 GetCurrentProcessId
0x8d041c GetCurrentThreadId
0x8d0424 GetEnvironmentStringsW
0x8d042c GetErrorMode
0x8d0434 GetLastError
0x8d043c GetProcAddress
0x8d0444 GetProcessAffinityMask
0x8d044c GetProcessHeap
0x8d0454 GetQueuedCompletionStatusEx
0x8d045c GetStartupInfoA
0x8d0464 GetStdHandle
0x8d046c GetSystemDirectoryA
0x8d0474 GetSystemInfo
0x8d047c GetSystemTimeAsFileTime
0x8d0484 GetThreadContext
0x8d048c GetThreadLocale
0x8d0494 GetTickCount
0x8d049c HeapAlloc
0x8d04a4 HeapFree
0x8d04ac InitializeCriticalSection
0x8d04b4 IsBadReadPtr
0x8d04bc LeaveCriticalSection
0x8d04c4 LoadLibraryA
0x8d04cc LoadLibraryExW
0x8d04d4 LoadLibraryW
0x8d04dc PostQueuedCompletionStatus
0x8d04e4 QueryPerformanceCounter
0x8d04ec RaiseFailFastException
0x8d04f4 ResumeThread
0x8d04fc RtlAddFunctionTable
0x8d0504 RtlCaptureContext
0x8d050c RtlLookupFunctionEntry
0x8d0514 RtlVirtualUnwind
0x8d051c SetConsoleCtrlHandler
0x8d0524 SetErrorMode
0x8d052c SetEvent
0x8d0534 SetLastError
0x8d053c SetProcessPriorityBoost
0x8d0544 SetThreadContext
0x8d054c SetUnhandledExceptionFilter
0x8d0554 SetWaitableTimer
0x8d055c Sleep
0x8d0564 SuspendThread
0x8d056c SwitchToThread
0x8d0574 TerminateProcess
0x8d057c TlsAlloc
0x8d0584 TlsGetValue
0x8d058c UnhandledExceptionFilter
0x8d0594 VirtualAlloc
0x8d059c VirtualFree
0x8d05a4 VirtualProtect
0x8d05ac VirtualQuery
0x8d05b4 WaitForMultipleObjects
0x8d05bc WaitForSingleObject
0x8d05c4 WerGetFlags
0x8d05cc WerSetFlags
0x8d05d4 WriteConsoleW
0x8d05dc WriteFile
0x8d05e4 __C_specific_handler
0x8d05ec lstrlenA
msvcrt.dll
0x8d05fc __getmainargs
0x8d0604 __initenv
0x8d060c __iob_func
0x8d0614 __lconv_init
0x8d061c __set_app_type
0x8d0624 __setusermatherr
0x8d062c _acmdln
0x8d0634 _amsg_exit
0x8d063c _beginthread
0x8d0644 _cexit
0x8d064c _errno
0x8d0654 _fmode
0x8d065c _initterm
0x8d0664 _onexit
0x8d066c _stricmp
0x8d0674 abort
0x8d067c calloc
0x8d0684 exit
0x8d068c fprintf
0x8d0694 free
0x8d069c fwrite
0x8d06a4 malloc
0x8d06ac memcpy
0x8d06b4 memset
0x8d06bc realloc
0x8d06c4 signal
0x8d06cc strlen
0x8d06d4 strncmp
0x8d06dc strtol
0x8d06e4 vfprintf
0x8d06ec wcstombs
EAT(Export Address Table) Library
0x8ce550 _cgo_dummy_export