ScreenShot
| Created | 2024.07.11 13:58 | Machine | s1_win7_x6403 |
| Filename | version.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 22 detected (AIDetectMalware, Sliver, Unsafe, V8ia, Attribute, HighConfidence, Malicious, xbrrky, TrojanPSW, Genric, Detected, Wacapew, Static AI, Malicious PE, PossibleThreat, confidence) | ||
| md5 | 5caebe57cf130a313c8dfcacac415028 | ||
| sha256 | d5060458cbc5d08cb5fab7917169d2a0f9b974cd62261eee213c7a5d399bdd20 | ||
| ssdeep | 49152:I8MlY/PjEfY0ZBQA/3y/iRa8HXrdat0luPa6PfuAlUJE1wYvH8q0urQvPD0YG1GQ:VB/PjEfTZBJWi0kdaFi6P2AYuMHxnM | ||
| imphash | 4035d2883e01d64f3e7a9dccb1d63af5 | ||
| impfuzzy | 24:UbVjhN5O+VuT2oLtXOr6kwmDruMztxdEr6UP:K5O+VAXOmGx0nP | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Creates a slightly modified copy of itself |
| watch | Deletes executed files from disk |
| watch | Detects the presence of Wine emulator |
| watch | Drops a binary and executes it |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Creates executable files on the filesystem |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | Suspicious_Obfuscation_Script_2 | Suspicious obfuscation script (e.g. executable files) | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x978020 WriteFile
0x978028 WriteConsoleW
0x978030 WaitForMultipleObjects
0x978038 WaitForSingleObject
0x978040 VirtualQuery
0x978048 VirtualFree
0x978050 VirtualAlloc
0x978058 SwitchToThread
0x978060 SuspendThread
0x978068 Sleep
0x978070 SetWaitableTimer
0x978078 SetUnhandledExceptionFilter
0x978080 SetProcessPriorityBoost
0x978088 SetEvent
0x978090 SetErrorMode
0x978098 SetConsoleCtrlHandler
0x9780a0 ResumeThread
0x9780a8 PostQueuedCompletionStatus
0x9780b0 LoadLibraryA
0x9780b8 LoadLibraryW
0x9780c0 SetThreadContext
0x9780c8 GetThreadContext
0x9780d0 GetSystemInfo
0x9780d8 GetSystemDirectoryA
0x9780e0 GetStdHandle
0x9780e8 GetQueuedCompletionStatusEx
0x9780f0 GetProcessAffinityMask
0x9780f8 GetProcAddress
0x978100 GetEnvironmentStringsW
0x978108 GetConsoleMode
0x978110 FreeEnvironmentStringsW
0x978118 ExitProcess
0x978120 DuplicateHandle
0x978128 CreateWaitableTimerExW
0x978130 CreateThread
0x978138 CreateIoCompletionPort
0x978140 CreateEventA
0x978148 CloseHandle
0x978150 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x978020 WriteFile
0x978028 WriteConsoleW
0x978030 WaitForMultipleObjects
0x978038 WaitForSingleObject
0x978040 VirtualQuery
0x978048 VirtualFree
0x978050 VirtualAlloc
0x978058 SwitchToThread
0x978060 SuspendThread
0x978068 Sleep
0x978070 SetWaitableTimer
0x978078 SetUnhandledExceptionFilter
0x978080 SetProcessPriorityBoost
0x978088 SetEvent
0x978090 SetErrorMode
0x978098 SetConsoleCtrlHandler
0x9780a0 ResumeThread
0x9780a8 PostQueuedCompletionStatus
0x9780b0 LoadLibraryA
0x9780b8 LoadLibraryW
0x9780c0 SetThreadContext
0x9780c8 GetThreadContext
0x9780d0 GetSystemInfo
0x9780d8 GetSystemDirectoryA
0x9780e0 GetStdHandle
0x9780e8 GetQueuedCompletionStatusEx
0x9780f0 GetProcessAffinityMask
0x9780f8 GetProcAddress
0x978100 GetEnvironmentStringsW
0x978108 GetConsoleMode
0x978110 FreeEnvironmentStringsW
0x978118 ExitProcess
0x978120 DuplicateHandle
0x978128 CreateWaitableTimerExW
0x978130 CreateThread
0x978138 CreateIoCompletionPort
0x978140 CreateEventA
0x978148 CloseHandle
0x978150 AddVectoredExceptionHandler
EAT(Export Address Table) is none