ScreenShot
Created | 2024.07.11 13:29 | Machine | s1_win7_x6403 |
Filename | msconfig.exe | ||
Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : mailcious | ||
VT API (file) | 15 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Save, Attribute, HighConfidence, Wacapew, susgen, confidence) | ||
md5 | 2a44eb3dc28a50a636e69e3baec6d9d4 | ||
sha256 | 2d91964d39c94a566752ffd3300deb3d3465999ee6f8d8cb20b8491060f9f982 | ||
ssdeep | 98304:5H4R5KHagrOuLveyvczmFSxtxyguSGEptw2:5Y0LLvslTHBO | ||
imphash | 9cd12d9f6cec0a2da4ded5a7c6bb3bbb | ||
impfuzzy | 48:tJbFMCgO1hKemo2DgndX8JOmTaJG0JqkoqcQ:tJbFMCgO1Eo2DgdX8g8aJG0URqcQ |
Network IP location
Signature (2cnts)
Level | Description |
---|---|
watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE64 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x9403a4 AddVectoredContinueHandler
0x9403ac AddVectoredExceptionHandler
0x9403b4 CloseHandle
0x9403bc CreateEventA
0x9403c4 CreateFileA
0x9403cc CreateIoCompletionPort
0x9403d4 CreateThread
0x9403dc CreateWaitableTimerExW
0x9403e4 DeleteCriticalSection
0x9403ec DuplicateHandle
0x9403f4 EnterCriticalSection
0x9403fc ExitProcess
0x940404 FreeEnvironmentStringsW
0x94040c FreeLibrary
0x940414 GetConsoleMode
0x94041c GetCurrentProcess
0x940424 GetCurrentProcessId
0x94042c GetCurrentThreadId
0x940434 GetEnvironmentStringsW
0x94043c GetErrorMode
0x940444 GetLastError
0x94044c GetProcAddress
0x940454 GetProcessAffinityMask
0x94045c GetProcessHeap
0x940464 GetQueuedCompletionStatusEx
0x94046c GetStartupInfoA
0x940474 GetStdHandle
0x94047c GetSystemDirectoryA
0x940484 GetSystemInfo
0x94048c GetSystemTimeAsFileTime
0x940494 GetThreadContext
0x94049c GetThreadLocale
0x9404a4 GetTickCount
0x9404ac HeapAlloc
0x9404b4 HeapFree
0x9404bc InitializeCriticalSection
0x9404c4 IsBadReadPtr
0x9404cc LeaveCriticalSection
0x9404d4 LoadLibraryA
0x9404dc LoadLibraryExW
0x9404e4 LoadLibraryW
0x9404ec PostQueuedCompletionStatus
0x9404f4 QueryPerformanceCounter
0x9404fc RaiseFailFastException
0x940504 ResumeThread
0x94050c RtlAddFunctionTable
0x940514 RtlCaptureContext
0x94051c RtlLookupFunctionEntry
0x940524 RtlVirtualUnwind
0x94052c SetConsoleCtrlHandler
0x940534 SetErrorMode
0x94053c SetEvent
0x940544 SetLastError
0x94054c SetProcessPriorityBoost
0x940554 SetThreadContext
0x94055c SetUnhandledExceptionFilter
0x940564 SetWaitableTimer
0x94056c Sleep
0x940574 SuspendThread
0x94057c SwitchToThread
0x940584 TerminateProcess
0x94058c TlsAlloc
0x940594 TlsGetValue
0x94059c UnhandledExceptionFilter
0x9405a4 VirtualAlloc
0x9405ac VirtualFree
0x9405b4 VirtualProtect
0x9405bc VirtualQuery
0x9405c4 WaitForMultipleObjects
0x9405cc WaitForSingleObject
0x9405d4 WerGetFlags
0x9405dc WerSetFlags
0x9405e4 WriteConsoleW
0x9405ec WriteFile
0x9405f4 __C_specific_handler
0x9405fc lstrlenA
msvcrt.dll
0x94060c __getmainargs
0x940614 __initenv
0x94061c __iob_func
0x940624 __lconv_init
0x94062c __set_app_type
0x940634 __setusermatherr
0x94063c _acmdln
0x940644 _amsg_exit
0x94064c _beginthread
0x940654 _cexit
0x94065c _errno
0x940664 _fmode
0x94066c _initterm
0x940674 _onexit
0x94067c _stricmp
0x940684 abort
0x94068c calloc
0x940694 exit
0x94069c fprintf
0x9406a4 free
0x9406ac fwrite
0x9406b4 malloc
0x9406bc memcpy
0x9406c4 memset
0x9406cc realloc
0x9406d4 signal
0x9406dc strlen
0x9406e4 strncmp
0x9406ec strtol
0x9406f4 vfprintf
0x9406fc wcstombs
EAT(Export Address Table) Library
0x93ee70 _cgo_dummy_export
KERNEL32.dll
0x9403a4 AddVectoredContinueHandler
0x9403ac AddVectoredExceptionHandler
0x9403b4 CloseHandle
0x9403bc CreateEventA
0x9403c4 CreateFileA
0x9403cc CreateIoCompletionPort
0x9403d4 CreateThread
0x9403dc CreateWaitableTimerExW
0x9403e4 DeleteCriticalSection
0x9403ec DuplicateHandle
0x9403f4 EnterCriticalSection
0x9403fc ExitProcess
0x940404 FreeEnvironmentStringsW
0x94040c FreeLibrary
0x940414 GetConsoleMode
0x94041c GetCurrentProcess
0x940424 GetCurrentProcessId
0x94042c GetCurrentThreadId
0x940434 GetEnvironmentStringsW
0x94043c GetErrorMode
0x940444 GetLastError
0x94044c GetProcAddress
0x940454 GetProcessAffinityMask
0x94045c GetProcessHeap
0x940464 GetQueuedCompletionStatusEx
0x94046c GetStartupInfoA
0x940474 GetStdHandle
0x94047c GetSystemDirectoryA
0x940484 GetSystemInfo
0x94048c GetSystemTimeAsFileTime
0x940494 GetThreadContext
0x94049c GetThreadLocale
0x9404a4 GetTickCount
0x9404ac HeapAlloc
0x9404b4 HeapFree
0x9404bc InitializeCriticalSection
0x9404c4 IsBadReadPtr
0x9404cc LeaveCriticalSection
0x9404d4 LoadLibraryA
0x9404dc LoadLibraryExW
0x9404e4 LoadLibraryW
0x9404ec PostQueuedCompletionStatus
0x9404f4 QueryPerformanceCounter
0x9404fc RaiseFailFastException
0x940504 ResumeThread
0x94050c RtlAddFunctionTable
0x940514 RtlCaptureContext
0x94051c RtlLookupFunctionEntry
0x940524 RtlVirtualUnwind
0x94052c SetConsoleCtrlHandler
0x940534 SetErrorMode
0x94053c SetEvent
0x940544 SetLastError
0x94054c SetProcessPriorityBoost
0x940554 SetThreadContext
0x94055c SetUnhandledExceptionFilter
0x940564 SetWaitableTimer
0x94056c Sleep
0x940574 SuspendThread
0x94057c SwitchToThread
0x940584 TerminateProcess
0x94058c TlsAlloc
0x940594 TlsGetValue
0x94059c UnhandledExceptionFilter
0x9405a4 VirtualAlloc
0x9405ac VirtualFree
0x9405b4 VirtualProtect
0x9405bc VirtualQuery
0x9405c4 WaitForMultipleObjects
0x9405cc WaitForSingleObject
0x9405d4 WerGetFlags
0x9405dc WerSetFlags
0x9405e4 WriteConsoleW
0x9405ec WriteFile
0x9405f4 __C_specific_handler
0x9405fc lstrlenA
msvcrt.dll
0x94060c __getmainargs
0x940614 __initenv
0x94061c __iob_func
0x940624 __lconv_init
0x94062c __set_app_type
0x940634 __setusermatherr
0x94063c _acmdln
0x940644 _amsg_exit
0x94064c _beginthread
0x940654 _cexit
0x94065c _errno
0x940664 _fmode
0x94066c _initterm
0x940674 _onexit
0x94067c _stricmp
0x940684 abort
0x94068c calloc
0x940694 exit
0x94069c fprintf
0x9406a4 free
0x9406ac fwrite
0x9406b4 malloc
0x9406bc memcpy
0x9406c4 memset
0x9406cc realloc
0x9406d4 signal
0x9406dc strlen
0x9406e4 strncmp
0x9406ec strtol
0x9406f4 vfprintf
0x9406fc wcstombs
EAT(Export Address Table) Library
0x93ee70 _cgo_dummy_export