popup

Report - winws.exe

Generic Malware Malicious Library Malicious Packer UPX PE File PE64
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.07.11 13:20 Machine s1_win7_x6403
Filename winws.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score
4
 Behavior Score
1.2
ZERO API file : clean
VT API (file) 18 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Save, Attribute, HighConfidence, GoLang, AGen, G suspicious, CXrep, MalGo, WinGo, Shellcoderunner, Detected, Wacapew, confidence)
md5 1625c2e651375de754d82329b5e8b924
sha256 e5e0d3b2bd3f58d9322a3a39ad3f54bffe1499fde18c3f84b261a5f53a15c94b
ssdeep 98304:bGGtyqBP0cNb25/vutPQWtKzO8yf4QYHn2VgPQ91o:6wyUP0cNbq/vBWtX8yf4QW2SX
imphash ec67d1984e18f70d6dc08fc76cfdd87b
impfuzzy 48:nJbFMCgO1hKemo2DgndX8JOmTaJG0JqkoqcQ:nJbFMCgO1Eo2DgdX8g8aJG0URqcQ
  Network IP location

Signature (3cnts)

Level Description
watch File has been identified by 18 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed

Rules (6cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x8de39c AddVectoredExceptionHandler
 0x8de3a4 CloseHandle
 0x8de3ac CreateEventA
 0x8de3b4 CreateFileA
 0x8de3bc CreateIoCompletionPort
 0x8de3c4 CreateThread
 0x8de3cc CreateWaitableTimerExW
 0x8de3d4 DeleteCriticalSection
 0x8de3dc DuplicateHandle
 0x8de3e4 EnterCriticalSection
 0x8de3ec ExitProcess
 0x8de3f4 FreeEnvironmentStringsW
 0x8de3fc FreeLibrary
 0x8de404 GetConsoleMode
 0x8de40c GetCurrentProcess
 0x8de414 GetCurrentProcessId
 0x8de41c GetCurrentThreadId
 0x8de424 GetEnvironmentStringsW
 0x8de42c GetErrorMode
 0x8de434 GetLastError
 0x8de43c GetProcAddress
 0x8de444 GetProcessAffinityMask
 0x8de44c GetProcessHeap
 0x8de454 GetQueuedCompletionStatusEx
 0x8de45c GetStartupInfoA
 0x8de464 GetStdHandle
 0x8de46c GetSystemDirectoryA
 0x8de474 GetSystemInfo
 0x8de47c GetSystemTimeAsFileTime
 0x8de484 GetThreadContext
 0x8de48c GetThreadLocale
 0x8de494 GetTickCount
 0x8de49c HeapAlloc
 0x8de4a4 HeapFree
 0x8de4ac InitializeCriticalSection
 0x8de4b4 IsBadReadPtr
 0x8de4bc LeaveCriticalSection
 0x8de4c4 LoadLibraryA
 0x8de4cc LoadLibraryExW
 0x8de4d4 LoadLibraryW
 0x8de4dc PostQueuedCompletionStatus
 0x8de4e4 QueryPerformanceCounter
 0x8de4ec RaiseFailFastException
 0x8de4f4 ResumeThread
 0x8de4fc RtlAddFunctionTable
 0x8de504 RtlCaptureContext
 0x8de50c RtlLookupFunctionEntry
 0x8de514 RtlVirtualUnwind
 0x8de51c SetConsoleCtrlHandler
 0x8de524 SetErrorMode
 0x8de52c SetEvent
 0x8de534 SetLastError
 0x8de53c SetProcessPriorityBoost
 0x8de544 SetThreadContext
 0x8de54c SetUnhandledExceptionFilter
 0x8de554 SetWaitableTimer
 0x8de55c Sleep
 0x8de564 SuspendThread
 0x8de56c SwitchToThread
 0x8de574 TerminateProcess
 0x8de57c TlsAlloc
 0x8de584 TlsGetValue
 0x8de58c UnhandledExceptionFilter
 0x8de594 VirtualAlloc
 0x8de59c VirtualFree
 0x8de5a4 VirtualProtect
 0x8de5ac VirtualQuery
 0x8de5b4 WaitForMultipleObjects
 0x8de5bc WaitForSingleObject
 0x8de5c4 WerGetFlags
 0x8de5cc WerSetFlags
 0x8de5d4 WriteConsoleW
 0x8de5dc WriteFile
 0x8de5e4 __C_specific_handler
 0x8de5ec lstrlenA
msvcrt.dll
 0x8de5fc __getmainargs
 0x8de604 __initenv
 0x8de60c __iob_func
 0x8de614 __lconv_init
 0x8de61c __set_app_type
 0x8de624 __setusermatherr
 0x8de62c _acmdln
 0x8de634 _amsg_exit
 0x8de63c _beginthread
 0x8de644 _cexit
 0x8de64c _errno
 0x8de654 _fmode
 0x8de65c _initterm
 0x8de664 _onexit
 0x8de66c _stricmp
 0x8de674 abort
 0x8de67c calloc
 0x8de684 exit
 0x8de68c fprintf
 0x8de694 free
 0x8de69c fwrite
 0x8de6a4 malloc
 0x8de6ac memcpy
 0x8de6b4 memset
 0x8de6bc realloc
 0x8de6c4 signal
 0x8de6cc strlen
 0x8de6d4 strncmp
 0x8de6dc strtol
 0x8de6e4 vfprintf
 0x8de6ec wcstombs

EAT(Export Address Table) Library

0x8dc5d0 _cgo_dummy_export

Similarity measure (PE file only) - Checking for service failure