ScreenShot
| Created | 2024.07.11 13:44 | Machine | s1_win7_x6401 |
| Filename | ws.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 32 detected (AIDetectMalware, GoLang, malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, AGen, G suspicious, MalwareX, score, GoLangAGen, Generic Reputation PUA, WinGo, Shellcoderunner, Detected, Wacapew, PNZSJP, confidence) | ||
| md5 | dadc454c892912cd84136387e734e389 | ||
| sha256 | e62ce31617ac8a52fcc93414ff2e1f31a8022951fc264ca368bb613c633a96c2 | ||
| ssdeep | 98304:COKlncWD8u7mWh+ME44RM7SbSfF6tUm2VVhW:zucWDKWh+vw7SbmxVLW | ||
| imphash | ec67d1984e18f70d6dc08fc76cfdd87b | ||
| impfuzzy | 48:nJbFMCgO1hKemo2DgndX8JOmTaJG0JqkoqcQ:nJbFMCgO1Eo2DgdX8g8aJG0URqcQ | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x8ec39c AddVectoredExceptionHandler
0x8ec3a4 CloseHandle
0x8ec3ac CreateEventA
0x8ec3b4 CreateFileA
0x8ec3bc CreateIoCompletionPort
0x8ec3c4 CreateThread
0x8ec3cc CreateWaitableTimerExW
0x8ec3d4 DeleteCriticalSection
0x8ec3dc DuplicateHandle
0x8ec3e4 EnterCriticalSection
0x8ec3ec ExitProcess
0x8ec3f4 FreeEnvironmentStringsW
0x8ec3fc FreeLibrary
0x8ec404 GetConsoleMode
0x8ec40c GetCurrentProcess
0x8ec414 GetCurrentProcessId
0x8ec41c GetCurrentThreadId
0x8ec424 GetEnvironmentStringsW
0x8ec42c GetErrorMode
0x8ec434 GetLastError
0x8ec43c GetProcAddress
0x8ec444 GetProcessAffinityMask
0x8ec44c GetProcessHeap
0x8ec454 GetQueuedCompletionStatusEx
0x8ec45c GetStartupInfoA
0x8ec464 GetStdHandle
0x8ec46c GetSystemDirectoryA
0x8ec474 GetSystemInfo
0x8ec47c GetSystemTimeAsFileTime
0x8ec484 GetThreadContext
0x8ec48c GetThreadLocale
0x8ec494 GetTickCount
0x8ec49c HeapAlloc
0x8ec4a4 HeapFree
0x8ec4ac InitializeCriticalSection
0x8ec4b4 IsBadReadPtr
0x8ec4bc LeaveCriticalSection
0x8ec4c4 LoadLibraryA
0x8ec4cc LoadLibraryExW
0x8ec4d4 LoadLibraryW
0x8ec4dc PostQueuedCompletionStatus
0x8ec4e4 QueryPerformanceCounter
0x8ec4ec RaiseFailFastException
0x8ec4f4 ResumeThread
0x8ec4fc RtlAddFunctionTable
0x8ec504 RtlCaptureContext
0x8ec50c RtlLookupFunctionEntry
0x8ec514 RtlVirtualUnwind
0x8ec51c SetConsoleCtrlHandler
0x8ec524 SetErrorMode
0x8ec52c SetEvent
0x8ec534 SetLastError
0x8ec53c SetProcessPriorityBoost
0x8ec544 SetThreadContext
0x8ec54c SetUnhandledExceptionFilter
0x8ec554 SetWaitableTimer
0x8ec55c Sleep
0x8ec564 SuspendThread
0x8ec56c SwitchToThread
0x8ec574 TerminateProcess
0x8ec57c TlsAlloc
0x8ec584 TlsGetValue
0x8ec58c UnhandledExceptionFilter
0x8ec594 VirtualAlloc
0x8ec59c VirtualFree
0x8ec5a4 VirtualProtect
0x8ec5ac VirtualQuery
0x8ec5b4 WaitForMultipleObjects
0x8ec5bc WaitForSingleObject
0x8ec5c4 WerGetFlags
0x8ec5cc WerSetFlags
0x8ec5d4 WriteConsoleW
0x8ec5dc WriteFile
0x8ec5e4 __C_specific_handler
0x8ec5ec lstrlenA
msvcrt.dll
0x8ec5fc __getmainargs
0x8ec604 __initenv
0x8ec60c __iob_func
0x8ec614 __lconv_init
0x8ec61c __set_app_type
0x8ec624 __setusermatherr
0x8ec62c _acmdln
0x8ec634 _amsg_exit
0x8ec63c _beginthread
0x8ec644 _cexit
0x8ec64c _errno
0x8ec654 _fmode
0x8ec65c _initterm
0x8ec664 _onexit
0x8ec66c _stricmp
0x8ec674 abort
0x8ec67c calloc
0x8ec684 exit
0x8ec68c fprintf
0x8ec694 free
0x8ec69c fwrite
0x8ec6a4 malloc
0x8ec6ac memcpy
0x8ec6b4 memset
0x8ec6bc realloc
0x8ec6c4 signal
0x8ec6cc strlen
0x8ec6d4 strncmp
0x8ec6dc strtol
0x8ec6e4 vfprintf
0x8ec6ec wcstombs
EAT(Export Address Table) Library
0x8ea5d0 _cgo_dummy_export
KERNEL32.dll
0x8ec39c AddVectoredExceptionHandler
0x8ec3a4 CloseHandle
0x8ec3ac CreateEventA
0x8ec3b4 CreateFileA
0x8ec3bc CreateIoCompletionPort
0x8ec3c4 CreateThread
0x8ec3cc CreateWaitableTimerExW
0x8ec3d4 DeleteCriticalSection
0x8ec3dc DuplicateHandle
0x8ec3e4 EnterCriticalSection
0x8ec3ec ExitProcess
0x8ec3f4 FreeEnvironmentStringsW
0x8ec3fc FreeLibrary
0x8ec404 GetConsoleMode
0x8ec40c GetCurrentProcess
0x8ec414 GetCurrentProcessId
0x8ec41c GetCurrentThreadId
0x8ec424 GetEnvironmentStringsW
0x8ec42c GetErrorMode
0x8ec434 GetLastError
0x8ec43c GetProcAddress
0x8ec444 GetProcessAffinityMask
0x8ec44c GetProcessHeap
0x8ec454 GetQueuedCompletionStatusEx
0x8ec45c GetStartupInfoA
0x8ec464 GetStdHandle
0x8ec46c GetSystemDirectoryA
0x8ec474 GetSystemInfo
0x8ec47c GetSystemTimeAsFileTime
0x8ec484 GetThreadContext
0x8ec48c GetThreadLocale
0x8ec494 GetTickCount
0x8ec49c HeapAlloc
0x8ec4a4 HeapFree
0x8ec4ac InitializeCriticalSection
0x8ec4b4 IsBadReadPtr
0x8ec4bc LeaveCriticalSection
0x8ec4c4 LoadLibraryA
0x8ec4cc LoadLibraryExW
0x8ec4d4 LoadLibraryW
0x8ec4dc PostQueuedCompletionStatus
0x8ec4e4 QueryPerformanceCounter
0x8ec4ec RaiseFailFastException
0x8ec4f4 ResumeThread
0x8ec4fc RtlAddFunctionTable
0x8ec504 RtlCaptureContext
0x8ec50c RtlLookupFunctionEntry
0x8ec514 RtlVirtualUnwind
0x8ec51c SetConsoleCtrlHandler
0x8ec524 SetErrorMode
0x8ec52c SetEvent
0x8ec534 SetLastError
0x8ec53c SetProcessPriorityBoost
0x8ec544 SetThreadContext
0x8ec54c SetUnhandledExceptionFilter
0x8ec554 SetWaitableTimer
0x8ec55c Sleep
0x8ec564 SuspendThread
0x8ec56c SwitchToThread
0x8ec574 TerminateProcess
0x8ec57c TlsAlloc
0x8ec584 TlsGetValue
0x8ec58c UnhandledExceptionFilter
0x8ec594 VirtualAlloc
0x8ec59c VirtualFree
0x8ec5a4 VirtualProtect
0x8ec5ac VirtualQuery
0x8ec5b4 WaitForMultipleObjects
0x8ec5bc WaitForSingleObject
0x8ec5c4 WerGetFlags
0x8ec5cc WerSetFlags
0x8ec5d4 WriteConsoleW
0x8ec5dc WriteFile
0x8ec5e4 __C_specific_handler
0x8ec5ec lstrlenA
msvcrt.dll
0x8ec5fc __getmainargs
0x8ec604 __initenv
0x8ec60c __iob_func
0x8ec614 __lconv_init
0x8ec61c __set_app_type
0x8ec624 __setusermatherr
0x8ec62c _acmdln
0x8ec634 _amsg_exit
0x8ec63c _beginthread
0x8ec644 _cexit
0x8ec64c _errno
0x8ec654 _fmode
0x8ec65c _initterm
0x8ec664 _onexit
0x8ec66c _stricmp
0x8ec674 abort
0x8ec67c calloc
0x8ec684 exit
0x8ec68c fprintf
0x8ec694 free
0x8ec69c fwrite
0x8ec6a4 malloc
0x8ec6ac memcpy
0x8ec6b4 memset
0x8ec6bc realloc
0x8ec6c4 signal
0x8ec6cc strlen
0x8ec6d4 strncmp
0x8ec6dc strtol
0x8ec6e4 vfprintf
0x8ec6ec wcstombs
EAT(Export Address Table) Library
0x8ea5d0 _cgo_dummy_export