ScreenShot
| Created | 2024.07.11 13:44 | Machine | s1_win7_x6403 |
| Filename | winwrt.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 5 detected (HToolWinGo, MALICIOUS, susgen, confidence) | ||
| md5 | 738be35e781a93b2f3486268fcbf2d6e | ||
| sha256 | 61a6c1560ac095f3fc66beadcc5f1f430c3cb0394fa77f0d369f694eb1a2685f | ||
| ssdeep | 49152:87JozavjZrb/T3vO90d7HjmAFd4A64nsfJrCyhvB9AolOjOThQLQ+JO22gltDkYX:sfYfglBRcE3BTiIWqMnM | ||
| imphash | 9cbefe68f395e67356e2a5d8d1b285c0 | ||
| impfuzzy | 24:UbVjhNwO+VuT2oLtXOr6kwmDruMztxdEr6tP:KwO+VAXOmGx0oP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | Detects the presence of Wine emulator |
| watch | Looks for the Windows Idle Time to determine the uptime |
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x9c1aa0 WriteFile
0x9c1aa8 WriteConsoleW
0x9c1ab0 WaitForMultipleObjects
0x9c1ab8 WaitForSingleObject
0x9c1ac0 VirtualQuery
0x9c1ac8 VirtualFree
0x9c1ad0 VirtualAlloc
0x9c1ad8 SwitchToThread
0x9c1ae0 SuspendThread
0x9c1ae8 SetWaitableTimer
0x9c1af0 SetUnhandledExceptionFilter
0x9c1af8 SetProcessPriorityBoost
0x9c1b00 SetEvent
0x9c1b08 SetErrorMode
0x9c1b10 SetConsoleCtrlHandler
0x9c1b18 ResumeThread
0x9c1b20 PostQueuedCompletionStatus
0x9c1b28 LoadLibraryA
0x9c1b30 LoadLibraryW
0x9c1b38 SetThreadContext
0x9c1b40 GetThreadContext
0x9c1b48 GetSystemInfo
0x9c1b50 GetSystemDirectoryA
0x9c1b58 GetStdHandle
0x9c1b60 GetQueuedCompletionStatusEx
0x9c1b68 GetProcessAffinityMask
0x9c1b70 GetProcAddress
0x9c1b78 GetEnvironmentStringsW
0x9c1b80 GetConsoleMode
0x9c1b88 FreeEnvironmentStringsW
0x9c1b90 ExitProcess
0x9c1b98 DuplicateHandle
0x9c1ba0 CreateWaitableTimerExW
0x9c1ba8 CreateThread
0x9c1bb0 CreateIoCompletionPort
0x9c1bb8 CreateFileA
0x9c1bc0 CreateEventA
0x9c1bc8 CloseHandle
0x9c1bd0 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x9c1aa0 WriteFile
0x9c1aa8 WriteConsoleW
0x9c1ab0 WaitForMultipleObjects
0x9c1ab8 WaitForSingleObject
0x9c1ac0 VirtualQuery
0x9c1ac8 VirtualFree
0x9c1ad0 VirtualAlloc
0x9c1ad8 SwitchToThread
0x9c1ae0 SuspendThread
0x9c1ae8 SetWaitableTimer
0x9c1af0 SetUnhandledExceptionFilter
0x9c1af8 SetProcessPriorityBoost
0x9c1b00 SetEvent
0x9c1b08 SetErrorMode
0x9c1b10 SetConsoleCtrlHandler
0x9c1b18 ResumeThread
0x9c1b20 PostQueuedCompletionStatus
0x9c1b28 LoadLibraryA
0x9c1b30 LoadLibraryW
0x9c1b38 SetThreadContext
0x9c1b40 GetThreadContext
0x9c1b48 GetSystemInfo
0x9c1b50 GetSystemDirectoryA
0x9c1b58 GetStdHandle
0x9c1b60 GetQueuedCompletionStatusEx
0x9c1b68 GetProcessAffinityMask
0x9c1b70 GetProcAddress
0x9c1b78 GetEnvironmentStringsW
0x9c1b80 GetConsoleMode
0x9c1b88 FreeEnvironmentStringsW
0x9c1b90 ExitProcess
0x9c1b98 DuplicateHandle
0x9c1ba0 CreateWaitableTimerExW
0x9c1ba8 CreateThread
0x9c1bb0 CreateIoCompletionPort
0x9c1bb8 CreateFileA
0x9c1bc0 CreateEventA
0x9c1bc8 CloseHandle
0x9c1bd0 AddVectoredExceptionHandler
EAT(Export Address Table) is none