ScreenShot
| Created | 2024.07.11 13:37 | Machine | s1_win7_x6401 |
| Filename | word.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 6 detected (AIDetectMalware, malicious, high confidence) | ||
| md5 | c228866013dfbaa6b00afc77f1409d8c | ||
| sha256 | 632f29ffde11458d77e6988a9bb38dece7e5818d752abd9c09823319e4869d08 | ||
| ssdeep | 3072:co+FL/RCBJjTvbMcct40NgHX8oiuTF+ifqXmL0JmCwQusodEnpgbLxVE:uFL/R0JPbMUUgHXdF+37wQusoKpgblVE | ||
| imphash | b1874c9a3c2f9ea9fff951a67f099e1c | ||
| impfuzzy | 24:bcK1FDjJ+0mBMjIYgMyWNwyWPWi+YDMLSySPQDrBbAocAD4Tg9bzAOvAKZhihAJf:4K1TiBcNg+YwLSVQDrBKE1f4ZA | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400034a8 CloseHandle
0x1400034b0 CreateThread
0x1400034b8 FreeLibrary
0x1400034c0 GetCurrentProcess
0x1400034c8 GetCurrentProcessId
0x1400034d0 GetCurrentThreadId
0x1400034d8 GetModuleHandleW
0x1400034e0 GetProcAddress
0x1400034e8 GetStartupInfoW
0x1400034f0 GetSystemTimeAsFileTime
0x1400034f8 InitializeSListHead
0x140003500 IsDebuggerPresent
0x140003508 IsProcessorFeaturePresent
0x140003510 LoadLibraryA
0x140003518 QueryPerformanceCounter
0x140003520 RtlCaptureContext
0x140003528 RtlLookupFunctionEntry
0x140003530 RtlVirtualUnwind
0x140003538 SetUnhandledExceptionFilter
0x140003540 TerminateProcess
0x140003548 UnhandledExceptionFilter
0x140003550 VirtualProtect
0x140003558 WaitForSingleObject
VCRUNTIME140.dll
0x140003568 __C_specific_handler
0x140003570 __current_exception
0x140003578 __current_exception_context
0x140003580 memcpy
0x140003588 memset
api-ms-win-crt-stdio-l1-1-0.dll
0x140003598 __acrt_iob_func
0x1400035a0 __p__commode
0x1400035a8 __stdio_common_vfprintf
0x1400035b0 _set_fmode
api-ms-win-crt-heap-l1-1-0.dll
0x1400035c0 _set_new_mode
0x1400035c8 free
0x1400035d0 malloc
api-ms-win-crt-math-l1-1-0.dll
0x1400035e0 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x1400035f0 _c_exit
0x1400035f8 _cexit
0x140003600 _configure_narrow_argv
0x140003608 _crt_atexit
0x140003610 _exit
0x140003618 _get_narrow_winmain_command_line
0x140003620 _initialize_narrow_environment
0x140003628 _initialize_onexit_table
0x140003630 _initterm
0x140003638 _initterm_e
0x140003640 _register_onexit_function
0x140003648 _register_thread_local_exe_atexit_callback
0x140003650 _seh_filter_exe
0x140003658 _set_app_type
0x140003660 exit
0x140003668 terminate
api-ms-win-crt-locale-l1-1-0.dll
0x140003678 _configthreadlocale
EAT(Export Address Table) is none
KERNEL32.dll
0x1400034a8 CloseHandle
0x1400034b0 CreateThread
0x1400034b8 FreeLibrary
0x1400034c0 GetCurrentProcess
0x1400034c8 GetCurrentProcessId
0x1400034d0 GetCurrentThreadId
0x1400034d8 GetModuleHandleW
0x1400034e0 GetProcAddress
0x1400034e8 GetStartupInfoW
0x1400034f0 GetSystemTimeAsFileTime
0x1400034f8 InitializeSListHead
0x140003500 IsDebuggerPresent
0x140003508 IsProcessorFeaturePresent
0x140003510 LoadLibraryA
0x140003518 QueryPerformanceCounter
0x140003520 RtlCaptureContext
0x140003528 RtlLookupFunctionEntry
0x140003530 RtlVirtualUnwind
0x140003538 SetUnhandledExceptionFilter
0x140003540 TerminateProcess
0x140003548 UnhandledExceptionFilter
0x140003550 VirtualProtect
0x140003558 WaitForSingleObject
VCRUNTIME140.dll
0x140003568 __C_specific_handler
0x140003570 __current_exception
0x140003578 __current_exception_context
0x140003580 memcpy
0x140003588 memset
api-ms-win-crt-stdio-l1-1-0.dll
0x140003598 __acrt_iob_func
0x1400035a0 __p__commode
0x1400035a8 __stdio_common_vfprintf
0x1400035b0 _set_fmode
api-ms-win-crt-heap-l1-1-0.dll
0x1400035c0 _set_new_mode
0x1400035c8 free
0x1400035d0 malloc
api-ms-win-crt-math-l1-1-0.dll
0x1400035e0 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x1400035f0 _c_exit
0x1400035f8 _cexit
0x140003600 _configure_narrow_argv
0x140003608 _crt_atexit
0x140003610 _exit
0x140003618 _get_narrow_winmain_command_line
0x140003620 _initialize_narrow_environment
0x140003628 _initialize_onexit_table
0x140003630 _initterm
0x140003638 _initterm_e
0x140003640 _register_onexit_function
0x140003648 _register_thread_local_exe_atexit_callback
0x140003650 _seh_filter_exe
0x140003658 _set_app_type
0x140003660 exit
0x140003668 terminate
api-ms-win-crt-locale-l1-1-0.dll
0x140003678 _configthreadlocale
EAT(Export Address Table) is none