ScreenShot
| Created | 2024.07.11 13:33 | Machine | s1_win7_x6401 |
| Filename | bypass.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (AIDetectMalware, malicious, moderate confidence, score, Unsafe, V117, Attribute, HighConfidence, Artemis, MalwareX, BypassUAC, CLOUD, Outbreak, fdxvp, Wacapew, Gencirc, susgen) | ||
| md5 | 2a46814f73c0ee996868df06146b5be4 | ||
| sha256 | b38322b2a1b73a0f2f1486ff04d8b7db1f5193e804897c16de83e4be7eddc647 | ||
| ssdeep | 3072:3oRj/uPUQqn2+PXBjONfJmneg7/qO8Z5u1v9pXgICN+ls4oY46gl5/Vx0LUlu:3ouUT2AXBjONfQeM/qOksx1ohXVlu | ||
| imphash | dc45028f125903eb3295d607723bc821 | ||
| impfuzzy | 24:fMPOIFDPsHuOGOov3cpVWZf02tMS1GBg3JBl39FNoBgvwaZ8GMA+wgvh:QOIFcBOcpVeLtMS1GBgPpnNnXZ/O | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Collects information to fingerprint the system (MachineGuid |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14002d000 SetConsoleTextAttribute
0x14002d008 GetStdHandle
0x14002d010 GetModuleFileNameW
0x14002d018 GetLastError
0x14002d020 DeleteFileW
0x14002d028 GetCurrentDirectoryW
0x14002d030 GetProcAddress
0x14002d038 GetModuleHandleW
0x14002d040 CopyFileW
0x14002d048 CreateFileW
0x14002d050 HeapSize
0x14002d058 ReadConsoleW
0x14002d060 GetProcessHeap
0x14002d068 SetStdHandle
0x14002d070 FreeEnvironmentStringsW
0x14002d078 GetEnvironmentStringsW
0x14002d080 GetCommandLineW
0x14002d088 GetCommandLineA
0x14002d090 GetOEMCP
0x14002d098 GetACP
0x14002d0a0 IsValidCodePage
0x14002d0a8 MultiByteToWideChar
0x14002d0b0 GetStringTypeW
0x14002d0b8 WideCharToMultiByte
0x14002d0c0 EnterCriticalSection
0x14002d0c8 LeaveCriticalSection
0x14002d0d0 InitializeCriticalSectionEx
0x14002d0d8 DeleteCriticalSection
0x14002d0e0 EncodePointer
0x14002d0e8 DecodePointer
0x14002d0f0 LCMapStringEx
0x14002d0f8 GetCPInfo
0x14002d100 RtlCaptureContext
0x14002d108 RtlLookupFunctionEntry
0x14002d110 RtlVirtualUnwind
0x14002d118 UnhandledExceptionFilter
0x14002d120 SetUnhandledExceptionFilter
0x14002d128 GetCurrentProcess
0x14002d130 TerminateProcess
0x14002d138 IsProcessorFeaturePresent
0x14002d140 QueryPerformanceCounter
0x14002d148 GetCurrentProcessId
0x14002d150 GetCurrentThreadId
0x14002d158 GetSystemTimeAsFileTime
0x14002d160 InitializeSListHead
0x14002d168 IsDebuggerPresent
0x14002d170 GetStartupInfoW
0x14002d178 RtlUnwindEx
0x14002d180 RtlPcToFileHeader
0x14002d188 RaiseException
0x14002d190 SetLastError
0x14002d198 InitializeCriticalSectionAndSpinCount
0x14002d1a0 TlsAlloc
0x14002d1a8 TlsGetValue
0x14002d1b0 TlsSetValue
0x14002d1b8 TlsFree
0x14002d1c0 FreeLibrary
0x14002d1c8 LoadLibraryExW
0x14002d1d0 RtlUnwind
0x14002d1d8 WriteFile
0x14002d1e0 ExitProcess
0x14002d1e8 GetModuleHandleExW
0x14002d1f0 HeapAlloc
0x14002d1f8 HeapFree
0x14002d200 GetFileType
0x14002d208 FlsAlloc
0x14002d210 FlsGetValue
0x14002d218 FlsSetValue
0x14002d220 FlsFree
0x14002d228 LCMapStringW
0x14002d230 GetLocaleInfoW
0x14002d238 IsValidLocale
0x14002d240 GetUserDefaultLCID
0x14002d248 EnumSystemLocalesW
0x14002d250 GetFileSizeEx
0x14002d258 SetFilePointerEx
0x14002d260 CloseHandle
0x14002d268 FlushFileBuffers
0x14002d270 GetConsoleOutputCP
0x14002d278 GetConsoleMode
0x14002d280 ReadFile
0x14002d288 HeapReAlloc
0x14002d290 FindClose
0x14002d298 FindFirstFileExW
0x14002d2a0 FindNextFileW
0x14002d2a8 WriteConsoleW
SHELL32.dll
0x14002d2d0 SHCreateItemFromParsingName
0x14002d2d8 SHGetKnownFolderPath
ole32.dll
0x14002d2e8 CoInitializeEx
0x14002d2f0 CoUninitialize
0x14002d2f8 CoGetObject
0x14002d300 CoInitializeSecurity
0x14002d308 CoTaskMemFree
OLEAUT32.dll
0x14002d2b8 SysAllocString
0x14002d2c0 SysFreeString
EAT(Export Address Table) is none
KERNEL32.dll
0x14002d000 SetConsoleTextAttribute
0x14002d008 GetStdHandle
0x14002d010 GetModuleFileNameW
0x14002d018 GetLastError
0x14002d020 DeleteFileW
0x14002d028 GetCurrentDirectoryW
0x14002d030 GetProcAddress
0x14002d038 GetModuleHandleW
0x14002d040 CopyFileW
0x14002d048 CreateFileW
0x14002d050 HeapSize
0x14002d058 ReadConsoleW
0x14002d060 GetProcessHeap
0x14002d068 SetStdHandle
0x14002d070 FreeEnvironmentStringsW
0x14002d078 GetEnvironmentStringsW
0x14002d080 GetCommandLineW
0x14002d088 GetCommandLineA
0x14002d090 GetOEMCP
0x14002d098 GetACP
0x14002d0a0 IsValidCodePage
0x14002d0a8 MultiByteToWideChar
0x14002d0b0 GetStringTypeW
0x14002d0b8 WideCharToMultiByte
0x14002d0c0 EnterCriticalSection
0x14002d0c8 LeaveCriticalSection
0x14002d0d0 InitializeCriticalSectionEx
0x14002d0d8 DeleteCriticalSection
0x14002d0e0 EncodePointer
0x14002d0e8 DecodePointer
0x14002d0f0 LCMapStringEx
0x14002d0f8 GetCPInfo
0x14002d100 RtlCaptureContext
0x14002d108 RtlLookupFunctionEntry
0x14002d110 RtlVirtualUnwind
0x14002d118 UnhandledExceptionFilter
0x14002d120 SetUnhandledExceptionFilter
0x14002d128 GetCurrentProcess
0x14002d130 TerminateProcess
0x14002d138 IsProcessorFeaturePresent
0x14002d140 QueryPerformanceCounter
0x14002d148 GetCurrentProcessId
0x14002d150 GetCurrentThreadId
0x14002d158 GetSystemTimeAsFileTime
0x14002d160 InitializeSListHead
0x14002d168 IsDebuggerPresent
0x14002d170 GetStartupInfoW
0x14002d178 RtlUnwindEx
0x14002d180 RtlPcToFileHeader
0x14002d188 RaiseException
0x14002d190 SetLastError
0x14002d198 InitializeCriticalSectionAndSpinCount
0x14002d1a0 TlsAlloc
0x14002d1a8 TlsGetValue
0x14002d1b0 TlsSetValue
0x14002d1b8 TlsFree
0x14002d1c0 FreeLibrary
0x14002d1c8 LoadLibraryExW
0x14002d1d0 RtlUnwind
0x14002d1d8 WriteFile
0x14002d1e0 ExitProcess
0x14002d1e8 GetModuleHandleExW
0x14002d1f0 HeapAlloc
0x14002d1f8 HeapFree
0x14002d200 GetFileType
0x14002d208 FlsAlloc
0x14002d210 FlsGetValue
0x14002d218 FlsSetValue
0x14002d220 FlsFree
0x14002d228 LCMapStringW
0x14002d230 GetLocaleInfoW
0x14002d238 IsValidLocale
0x14002d240 GetUserDefaultLCID
0x14002d248 EnumSystemLocalesW
0x14002d250 GetFileSizeEx
0x14002d258 SetFilePointerEx
0x14002d260 CloseHandle
0x14002d268 FlushFileBuffers
0x14002d270 GetConsoleOutputCP
0x14002d278 GetConsoleMode
0x14002d280 ReadFile
0x14002d288 HeapReAlloc
0x14002d290 FindClose
0x14002d298 FindFirstFileExW
0x14002d2a0 FindNextFileW
0x14002d2a8 WriteConsoleW
SHELL32.dll
0x14002d2d0 SHCreateItemFromParsingName
0x14002d2d8 SHGetKnownFolderPath
ole32.dll
0x14002d2e8 CoInitializeEx
0x14002d2f0 CoUninitialize
0x14002d2f8 CoGetObject
0x14002d300 CoInitializeSecurity
0x14002d308 CoTaskMemFree
OLEAUT32.dll
0x14002d2b8 SysAllocString
0x14002d2c0 SysFreeString
EAT(Export Address Table) is none