ScreenShot
| Created | 2024.07.11 13:38 | Machine | s1_win7_x6403 |
| Filename | 200.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetectMalware, malicious, high confidence, score, Lockbit, Unsafe, Save, Attribute, HighConfidence, DiskWriter, Generic@AI, RDMK, cmRtazrvBuqBx+xNXU6sYiQXIVwy, Real Protect, moderate, Krypt, Tepfer, Detected, SmokeLoader, Kryptik, Eldorado, ZexaF, Kq0@a0nv, MachineLearning, Anomalous, 100%, Obfuscated, Static AI, Malicious PE, susgen, confidence) | ||
| md5 | 1f052863077493e6e0db03a1570853f1 | ||
| sha256 | 6359790a5154bbe4b9ac7096d368d7e87645e57e5c5daec9773beb2650fd72e2 | ||
| ssdeep | 12288:VAlUcTqYxxvf3MlBd00kEO4WZxeQ8/zV:uCcTqYxxvf3Mlv00kEUnyV | ||
| imphash | a3e85d80936c7ef42408e50a5a01f3d6 | ||
| impfuzzy | 24:uS2li9glJcD5Acv+TV+UOovsh5di8Rnlyv95hIjT4RfjrGqAQ2FcQnAdFLB:u7GQ+LH91K97McRfjr/AQ2eQAXB | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x468014 AllocConsole
0x468018 CommConfigDialogA
0x46801c SetEndOfFile
0x468020 LocalCompact
0x468024 GetProcessPriorityBoost
0x468028 LoadLibraryW
0x46802c CreateEventA
0x468030 GetModuleFileNameW
0x468034 GetACP
0x468038 ReplaceFileA
0x46803c CreateDirectoryA
0x468040 GetLastError
0x468044 SetLastError
0x468048 GetProcAddress
0x46804c CreateJobSet
0x468050 IsBadStringPtrW
0x468054 CreateFileMappingA
0x468058 LocalAlloc
0x46805c GlobalFindAtomW
0x468060 EnumResourceTypesW
0x468064 GetWindowsDirectoryW
0x468068 SetFileAttributesW
0x46806c RaiseException
0x468070 HeapReAlloc
0x468074 GetStringTypeW
0x468078 MultiByteToWideChar
0x46807c LCMapStringW
0x468080 FindResourceA
0x468084 WriteConsoleInputW
0x468088 CreateFileA
0x46808c GlobalFree
0x468090 GetDateFormatW
0x468094 HeapSize
0x468098 RtlUnwind
0x46809c HeapAlloc
0x4680a0 GetCommandLineA
0x4680a4 HeapSetInformation
0x4680a8 GetStartupInfoW
0x4680ac IsProcessorFeaturePresent
0x4680b0 GetModuleHandleW
0x4680b4 ExitProcess
0x4680b8 DecodePointer
0x4680bc WriteFile
0x4680c0 GetStdHandle
0x4680c4 HeapCreate
0x4680c8 EncodePointer
0x4680cc HeapFree
0x4680d0 SetUnhandledExceptionFilter
0x4680d4 GetModuleFileNameA
0x4680d8 FreeEnvironmentStringsW
0x4680dc WideCharToMultiByte
0x4680e0 GetEnvironmentStringsW
0x4680e4 SetHandleCount
0x4680e8 InitializeCriticalSectionAndSpinCount
0x4680ec GetFileType
0x4680f0 DeleteCriticalSection
0x4680f4 TlsAlloc
0x4680f8 TlsGetValue
0x4680fc TlsSetValue
0x468100 TlsFree
0x468104 InterlockedIncrement
0x468108 GetCurrentThreadId
0x46810c InterlockedDecrement
0x468110 QueryPerformanceCounter
0x468114 GetTickCount
0x468118 GetCurrentProcessId
0x46811c GetSystemTimeAsFileTime
0x468120 LeaveCriticalSection
0x468124 EnterCriticalSection
0x468128 UnhandledExceptionFilter
0x46812c IsDebuggerPresent
0x468130 TerminateProcess
0x468134 GetCurrentProcess
0x468138 GetCPInfo
0x46813c GetOEMCP
0x468140 IsValidCodePage
0x468144 Sleep
USER32.dll
0x468154 InsertMenuItemW
0x468158 CharUpperBuffA
0x46815c GetCaretPos
0x468160 SetMessageExtraInfo
0x468164 GetKeyboardLayoutNameA
0x468168 ShowCursor
0x46816c GetClassInfoW
GDI32.dll
0x46800c GetCharABCWidthsI
ADVAPI32.dll
0x468000 CopySid
0x468004 ClearEventLogA
MSIMG32.dll
0x46814c AlphaBlend
EAT(Export Address Table) is none
KERNEL32.dll
0x468014 AllocConsole
0x468018 CommConfigDialogA
0x46801c SetEndOfFile
0x468020 LocalCompact
0x468024 GetProcessPriorityBoost
0x468028 LoadLibraryW
0x46802c CreateEventA
0x468030 GetModuleFileNameW
0x468034 GetACP
0x468038 ReplaceFileA
0x46803c CreateDirectoryA
0x468040 GetLastError
0x468044 SetLastError
0x468048 GetProcAddress
0x46804c CreateJobSet
0x468050 IsBadStringPtrW
0x468054 CreateFileMappingA
0x468058 LocalAlloc
0x46805c GlobalFindAtomW
0x468060 EnumResourceTypesW
0x468064 GetWindowsDirectoryW
0x468068 SetFileAttributesW
0x46806c RaiseException
0x468070 HeapReAlloc
0x468074 GetStringTypeW
0x468078 MultiByteToWideChar
0x46807c LCMapStringW
0x468080 FindResourceA
0x468084 WriteConsoleInputW
0x468088 CreateFileA
0x46808c GlobalFree
0x468090 GetDateFormatW
0x468094 HeapSize
0x468098 RtlUnwind
0x46809c HeapAlloc
0x4680a0 GetCommandLineA
0x4680a4 HeapSetInformation
0x4680a8 GetStartupInfoW
0x4680ac IsProcessorFeaturePresent
0x4680b0 GetModuleHandleW
0x4680b4 ExitProcess
0x4680b8 DecodePointer
0x4680bc WriteFile
0x4680c0 GetStdHandle
0x4680c4 HeapCreate
0x4680c8 EncodePointer
0x4680cc HeapFree
0x4680d0 SetUnhandledExceptionFilter
0x4680d4 GetModuleFileNameA
0x4680d8 FreeEnvironmentStringsW
0x4680dc WideCharToMultiByte
0x4680e0 GetEnvironmentStringsW
0x4680e4 SetHandleCount
0x4680e8 InitializeCriticalSectionAndSpinCount
0x4680ec GetFileType
0x4680f0 DeleteCriticalSection
0x4680f4 TlsAlloc
0x4680f8 TlsGetValue
0x4680fc TlsSetValue
0x468100 TlsFree
0x468104 InterlockedIncrement
0x468108 GetCurrentThreadId
0x46810c InterlockedDecrement
0x468110 QueryPerformanceCounter
0x468114 GetTickCount
0x468118 GetCurrentProcessId
0x46811c GetSystemTimeAsFileTime
0x468120 LeaveCriticalSection
0x468124 EnterCriticalSection
0x468128 UnhandledExceptionFilter
0x46812c IsDebuggerPresent
0x468130 TerminateProcess
0x468134 GetCurrentProcess
0x468138 GetCPInfo
0x46813c GetOEMCP
0x468140 IsValidCodePage
0x468144 Sleep
USER32.dll
0x468154 InsertMenuItemW
0x468158 CharUpperBuffA
0x46815c GetCaretPos
0x468160 SetMessageExtraInfo
0x468164 GetKeyboardLayoutNameA
0x468168 ShowCursor
0x46816c GetClassInfoW
GDI32.dll
0x46800c GetCharABCWidthsI
ADVAPI32.dll
0x468000 CopySid
0x468004 ClearEventLogA
MSIMG32.dll
0x46814c AlphaBlend
EAT(Export Address Table) is none