ScreenShot
| Created | 2024.07.11 13:33 | Machine | s1_win7_x6403 |
| Filename | go.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 16 detected (AIDetectMalware, malicious, moderate confidence, Artemis, WinGo, Rozena, Detected, Static AI, Suspicious PE, Behavior, confidence) | ||
| md5 | 6b7ca7aa20d0a9225f1b297bbf4c7f14 | ||
| sha256 | 725e8c3b8988d0bb4398a91afdd9d255d8f6f479397248629d21f250542d2859 | ||
| ssdeep | 49152:1AWNrHTA0hJnSnjWL/J8RWCEmBPdgwjG5Eubir1CG6bMQAZCO:1DFHthVSzRWjYdgvEqVQQkCO | ||
| imphash | 4f2f006e2ecf7172ad368f8289dc96c1 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6tP:AwO+VUjXOmokx0oP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x867200 WriteFile
0x867208 WriteConsoleW
0x867210 WerSetFlags
0x867218 WerGetFlags
0x867220 WaitForMultipleObjects
0x867228 WaitForSingleObject
0x867230 VirtualQuery
0x867238 VirtualFree
0x867240 VirtualAlloc
0x867248 TlsAlloc
0x867250 SwitchToThread
0x867258 SuspendThread
0x867260 SetWaitableTimer
0x867268 SetUnhandledExceptionFilter
0x867270 SetProcessPriorityBoost
0x867278 SetEvent
0x867280 SetErrorMode
0x867288 SetConsoleCtrlHandler
0x867290 ResumeThread
0x867298 RaiseFailFastException
0x8672a0 PostQueuedCompletionStatus
0x8672a8 LoadLibraryW
0x8672b0 LoadLibraryExW
0x8672b8 SetThreadContext
0x8672c0 GetThreadContext
0x8672c8 GetSystemInfo
0x8672d0 GetSystemDirectoryA
0x8672d8 GetStdHandle
0x8672e0 GetQueuedCompletionStatusEx
0x8672e8 GetProcessAffinityMask
0x8672f0 GetProcAddress
0x8672f8 GetErrorMode
0x867300 GetEnvironmentStringsW
0x867308 GetCurrentThreadId
0x867310 GetConsoleMode
0x867318 FreeEnvironmentStringsW
0x867320 ExitProcess
0x867328 DuplicateHandle
0x867330 CreateWaitableTimerExW
0x867338 CreateThread
0x867340 CreateIoCompletionPort
0x867348 CreateFileA
0x867350 CreateEventA
0x867358 CloseHandle
0x867360 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x867200 WriteFile
0x867208 WriteConsoleW
0x867210 WerSetFlags
0x867218 WerGetFlags
0x867220 WaitForMultipleObjects
0x867228 WaitForSingleObject
0x867230 VirtualQuery
0x867238 VirtualFree
0x867240 VirtualAlloc
0x867248 TlsAlloc
0x867250 SwitchToThread
0x867258 SuspendThread
0x867260 SetWaitableTimer
0x867268 SetUnhandledExceptionFilter
0x867270 SetProcessPriorityBoost
0x867278 SetEvent
0x867280 SetErrorMode
0x867288 SetConsoleCtrlHandler
0x867290 ResumeThread
0x867298 RaiseFailFastException
0x8672a0 PostQueuedCompletionStatus
0x8672a8 LoadLibraryW
0x8672b0 LoadLibraryExW
0x8672b8 SetThreadContext
0x8672c0 GetThreadContext
0x8672c8 GetSystemInfo
0x8672d0 GetSystemDirectoryA
0x8672d8 GetStdHandle
0x8672e0 GetQueuedCompletionStatusEx
0x8672e8 GetProcessAffinityMask
0x8672f0 GetProcAddress
0x8672f8 GetErrorMode
0x867300 GetEnvironmentStringsW
0x867308 GetCurrentThreadId
0x867310 GetConsoleMode
0x867318 FreeEnvironmentStringsW
0x867320 ExitProcess
0x867328 DuplicateHandle
0x867330 CreateWaitableTimerExW
0x867338 CreateThread
0x867340 CreateIoCompletionPort
0x867348 CreateFileA
0x867350 CreateEventA
0x867358 CloseHandle
0x867360 AddVectoredExceptionHandler
EAT(Export Address Table) is none