ScreenShot
| Created | 2024.07.11 13:35 | Machine | s1_win7_x6401 |
| Filename | huor.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 26 detected (AIDetectMalware, Threat, Vcnt, Attribute, HighConfidence, a variant of WinGo, Artemis, BroPass, HackBrowser, Generic Reputation PUA, Detected, Malgent, FARI0K, R643960, MALICIOUS, susgen, grayware, confidence, Hacktool, HackBrowserData) | ||
| md5 | 5e808b04b297038cd01c378fb1beb6ee | ||
| sha256 | d08aa043d2107615285db96740c02a558fb2cd338f01331d471c162d6ef6fb57 | ||
| ssdeep | 196608:wo68bulDvOmbhu+Js9PFGrSZIOdfa1X0Kx:I+wuz9PFGWoR0K | ||
| imphash | c2d457ad8ac36fc9f18d45bffcd450c2 | ||
| impfuzzy | 24:ibVjh9wOuuTkkboVaXOr6kwmDgUPMztxdEr6tl:AwOuUjXOmokx0ol | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0xcbf940 WriteFile
0xcbf948 WriteConsoleW
0xcbf950 WerSetFlags
0xcbf958 WerGetFlags
0xcbf960 WaitForMultipleObjects
0xcbf968 WaitForSingleObject
0xcbf970 VirtualQuery
0xcbf978 VirtualFree
0xcbf980 VirtualAlloc
0xcbf988 TlsAlloc
0xcbf990 SwitchToThread
0xcbf998 SuspendThread
0xcbf9a0 SetWaitableTimer
0xcbf9a8 SetProcessPriorityBoost
0xcbf9b0 SetEvent
0xcbf9b8 SetErrorMode
0xcbf9c0 SetConsoleCtrlHandler
0xcbf9c8 RtlVirtualUnwind
0xcbf9d0 RtlLookupFunctionEntry
0xcbf9d8 ResumeThread
0xcbf9e0 RaiseFailFastException
0xcbf9e8 PostQueuedCompletionStatus
0xcbf9f0 LoadLibraryW
0xcbf9f8 LoadLibraryExW
0xcbfa00 SetThreadContext
0xcbfa08 GetThreadContext
0xcbfa10 GetSystemInfo
0xcbfa18 GetSystemDirectoryA
0xcbfa20 GetStdHandle
0xcbfa28 GetQueuedCompletionStatusEx
0xcbfa30 GetProcessAffinityMask
0xcbfa38 GetProcAddress
0xcbfa40 GetErrorMode
0xcbfa48 GetEnvironmentStringsW
0xcbfa50 GetCurrentThreadId
0xcbfa58 GetConsoleMode
0xcbfa60 FreeEnvironmentStringsW
0xcbfa68 ExitProcess
0xcbfa70 DuplicateHandle
0xcbfa78 CreateWaitableTimerExW
0xcbfa80 CreateThread
0xcbfa88 CreateIoCompletionPort
0xcbfa90 CreateFileA
0xcbfa98 CreateEventA
0xcbfaa0 CloseHandle
0xcbfaa8 AddVectoredExceptionHandler
0xcbfab0 AddVectoredContinueHandler
EAT(Export Address Table) is none
kernel32.dll
0xcbf940 WriteFile
0xcbf948 WriteConsoleW
0xcbf950 WerSetFlags
0xcbf958 WerGetFlags
0xcbf960 WaitForMultipleObjects
0xcbf968 WaitForSingleObject
0xcbf970 VirtualQuery
0xcbf978 VirtualFree
0xcbf980 VirtualAlloc
0xcbf988 TlsAlloc
0xcbf990 SwitchToThread
0xcbf998 SuspendThread
0xcbf9a0 SetWaitableTimer
0xcbf9a8 SetProcessPriorityBoost
0xcbf9b0 SetEvent
0xcbf9b8 SetErrorMode
0xcbf9c0 SetConsoleCtrlHandler
0xcbf9c8 RtlVirtualUnwind
0xcbf9d0 RtlLookupFunctionEntry
0xcbf9d8 ResumeThread
0xcbf9e0 RaiseFailFastException
0xcbf9e8 PostQueuedCompletionStatus
0xcbf9f0 LoadLibraryW
0xcbf9f8 LoadLibraryExW
0xcbfa00 SetThreadContext
0xcbfa08 GetThreadContext
0xcbfa10 GetSystemInfo
0xcbfa18 GetSystemDirectoryA
0xcbfa20 GetStdHandle
0xcbfa28 GetQueuedCompletionStatusEx
0xcbfa30 GetProcessAffinityMask
0xcbfa38 GetProcAddress
0xcbfa40 GetErrorMode
0xcbfa48 GetEnvironmentStringsW
0xcbfa50 GetCurrentThreadId
0xcbfa58 GetConsoleMode
0xcbfa60 FreeEnvironmentStringsW
0xcbfa68 ExitProcess
0xcbfa70 DuplicateHandle
0xcbfa78 CreateWaitableTimerExW
0xcbfa80 CreateThread
0xcbfa88 CreateIoCompletionPort
0xcbfa90 CreateFileA
0xcbfa98 CreateEventA
0xcbfaa0 CloseHandle
0xcbfaa8 AddVectoredExceptionHandler
0xcbfab0 AddVectoredContinueHandler
EAT(Export Address Table) is none