ScreenShot
| Created | 2024.07.11 14:06 | Machine | s1_win7_x6403 |
| Filename | doh.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 27 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Save, Attribute, HighConfidence, GoLang, AGen, G suspicious, FileRepMalware, Misc, WinGo, Shellcoderunner, Detected, Wacapew, P0B1IP, confidence) | ||
| md5 | 820562b1432bd540f32b277ce5e6f749 | ||
| sha256 | 4b8235e2898b9c65dd767b1d8bd3ffd20bab614c5eadcf586fc8f28593793f5c | ||
| ssdeep | 98304:6gcKKE5jT3QDvt9yU/Za3GeZ+jEMy6GYmX7WUK87JJSpPAwXeARo8:tcbVgU/Z/3TGX7WbYJSpPAieARB | ||
| imphash | ec67d1984e18f70d6dc08fc76cfdd87b | ||
| impfuzzy | 48:nJbFMCgO1hKemo2DgndX8JOmTaJG0JqkoqcQ:nJbFMCgO1Eo2DgdX8g8aJG0URqcQ | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x9ec39c AddVectoredExceptionHandler
0x9ec3a4 CloseHandle
0x9ec3ac CreateEventA
0x9ec3b4 CreateFileA
0x9ec3bc CreateIoCompletionPort
0x9ec3c4 CreateThread
0x9ec3cc CreateWaitableTimerExW
0x9ec3d4 DeleteCriticalSection
0x9ec3dc DuplicateHandle
0x9ec3e4 EnterCriticalSection
0x9ec3ec ExitProcess
0x9ec3f4 FreeEnvironmentStringsW
0x9ec3fc FreeLibrary
0x9ec404 GetConsoleMode
0x9ec40c GetCurrentProcess
0x9ec414 GetCurrentProcessId
0x9ec41c GetCurrentThreadId
0x9ec424 GetEnvironmentStringsW
0x9ec42c GetErrorMode
0x9ec434 GetLastError
0x9ec43c GetProcAddress
0x9ec444 GetProcessAffinityMask
0x9ec44c GetProcessHeap
0x9ec454 GetQueuedCompletionStatusEx
0x9ec45c GetStartupInfoA
0x9ec464 GetStdHandle
0x9ec46c GetSystemDirectoryA
0x9ec474 GetSystemInfo
0x9ec47c GetSystemTimeAsFileTime
0x9ec484 GetThreadContext
0x9ec48c GetThreadLocale
0x9ec494 GetTickCount
0x9ec49c HeapAlloc
0x9ec4a4 HeapFree
0x9ec4ac InitializeCriticalSection
0x9ec4b4 IsBadReadPtr
0x9ec4bc LeaveCriticalSection
0x9ec4c4 LoadLibraryA
0x9ec4cc LoadLibraryExW
0x9ec4d4 LoadLibraryW
0x9ec4dc PostQueuedCompletionStatus
0x9ec4e4 QueryPerformanceCounter
0x9ec4ec RaiseFailFastException
0x9ec4f4 ResumeThread
0x9ec4fc RtlAddFunctionTable
0x9ec504 RtlCaptureContext
0x9ec50c RtlLookupFunctionEntry
0x9ec514 RtlVirtualUnwind
0x9ec51c SetConsoleCtrlHandler
0x9ec524 SetErrorMode
0x9ec52c SetEvent
0x9ec534 SetLastError
0x9ec53c SetProcessPriorityBoost
0x9ec544 SetThreadContext
0x9ec54c SetUnhandledExceptionFilter
0x9ec554 SetWaitableTimer
0x9ec55c Sleep
0x9ec564 SuspendThread
0x9ec56c SwitchToThread
0x9ec574 TerminateProcess
0x9ec57c TlsAlloc
0x9ec584 TlsGetValue
0x9ec58c UnhandledExceptionFilter
0x9ec594 VirtualAlloc
0x9ec59c VirtualFree
0x9ec5a4 VirtualProtect
0x9ec5ac VirtualQuery
0x9ec5b4 WaitForMultipleObjects
0x9ec5bc WaitForSingleObject
0x9ec5c4 WerGetFlags
0x9ec5cc WerSetFlags
0x9ec5d4 WriteConsoleW
0x9ec5dc WriteFile
0x9ec5e4 __C_specific_handler
0x9ec5ec lstrlenA
msvcrt.dll
0x9ec5fc __getmainargs
0x9ec604 __initenv
0x9ec60c __iob_func
0x9ec614 __lconv_init
0x9ec61c __set_app_type
0x9ec624 __setusermatherr
0x9ec62c _acmdln
0x9ec634 _amsg_exit
0x9ec63c _beginthread
0x9ec644 _cexit
0x9ec64c _errno
0x9ec654 _fmode
0x9ec65c _initterm
0x9ec664 _onexit
0x9ec66c _stricmp
0x9ec674 abort
0x9ec67c calloc
0x9ec684 exit
0x9ec68c fprintf
0x9ec694 free
0x9ec69c fwrite
0x9ec6a4 malloc
0x9ec6ac memcpy
0x9ec6b4 memset
0x9ec6bc realloc
0x9ec6c4 signal
0x9ec6cc strlen
0x9ec6d4 strncmp
0x9ec6dc strtol
0x9ec6e4 vfprintf
0x9ec6ec wcstombs
EAT(Export Address Table) Library
0x9ea5d0 _cgo_dummy_export
KERNEL32.dll
0x9ec39c AddVectoredExceptionHandler
0x9ec3a4 CloseHandle
0x9ec3ac CreateEventA
0x9ec3b4 CreateFileA
0x9ec3bc CreateIoCompletionPort
0x9ec3c4 CreateThread
0x9ec3cc CreateWaitableTimerExW
0x9ec3d4 DeleteCriticalSection
0x9ec3dc DuplicateHandle
0x9ec3e4 EnterCriticalSection
0x9ec3ec ExitProcess
0x9ec3f4 FreeEnvironmentStringsW
0x9ec3fc FreeLibrary
0x9ec404 GetConsoleMode
0x9ec40c GetCurrentProcess
0x9ec414 GetCurrentProcessId
0x9ec41c GetCurrentThreadId
0x9ec424 GetEnvironmentStringsW
0x9ec42c GetErrorMode
0x9ec434 GetLastError
0x9ec43c GetProcAddress
0x9ec444 GetProcessAffinityMask
0x9ec44c GetProcessHeap
0x9ec454 GetQueuedCompletionStatusEx
0x9ec45c GetStartupInfoA
0x9ec464 GetStdHandle
0x9ec46c GetSystemDirectoryA
0x9ec474 GetSystemInfo
0x9ec47c GetSystemTimeAsFileTime
0x9ec484 GetThreadContext
0x9ec48c GetThreadLocale
0x9ec494 GetTickCount
0x9ec49c HeapAlloc
0x9ec4a4 HeapFree
0x9ec4ac InitializeCriticalSection
0x9ec4b4 IsBadReadPtr
0x9ec4bc LeaveCriticalSection
0x9ec4c4 LoadLibraryA
0x9ec4cc LoadLibraryExW
0x9ec4d4 LoadLibraryW
0x9ec4dc PostQueuedCompletionStatus
0x9ec4e4 QueryPerformanceCounter
0x9ec4ec RaiseFailFastException
0x9ec4f4 ResumeThread
0x9ec4fc RtlAddFunctionTable
0x9ec504 RtlCaptureContext
0x9ec50c RtlLookupFunctionEntry
0x9ec514 RtlVirtualUnwind
0x9ec51c SetConsoleCtrlHandler
0x9ec524 SetErrorMode
0x9ec52c SetEvent
0x9ec534 SetLastError
0x9ec53c SetProcessPriorityBoost
0x9ec544 SetThreadContext
0x9ec54c SetUnhandledExceptionFilter
0x9ec554 SetWaitableTimer
0x9ec55c Sleep
0x9ec564 SuspendThread
0x9ec56c SwitchToThread
0x9ec574 TerminateProcess
0x9ec57c TlsAlloc
0x9ec584 TlsGetValue
0x9ec58c UnhandledExceptionFilter
0x9ec594 VirtualAlloc
0x9ec59c VirtualFree
0x9ec5a4 VirtualProtect
0x9ec5ac VirtualQuery
0x9ec5b4 WaitForMultipleObjects
0x9ec5bc WaitForSingleObject
0x9ec5c4 WerGetFlags
0x9ec5cc WerSetFlags
0x9ec5d4 WriteConsoleW
0x9ec5dc WriteFile
0x9ec5e4 __C_specific_handler
0x9ec5ec lstrlenA
msvcrt.dll
0x9ec5fc __getmainargs
0x9ec604 __initenv
0x9ec60c __iob_func
0x9ec614 __lconv_init
0x9ec61c __set_app_type
0x9ec624 __setusermatherr
0x9ec62c _acmdln
0x9ec634 _amsg_exit
0x9ec63c _beginthread
0x9ec644 _cexit
0x9ec64c _errno
0x9ec654 _fmode
0x9ec65c _initterm
0x9ec664 _onexit
0x9ec66c _stricmp
0x9ec674 abort
0x9ec67c calloc
0x9ec684 exit
0x9ec68c fprintf
0x9ec694 free
0x9ec69c fwrite
0x9ec6a4 malloc
0x9ec6ac memcpy
0x9ec6b4 memset
0x9ec6bc realloc
0x9ec6c4 signal
0x9ec6cc strlen
0x9ec6d4 strncmp
0x9ec6dc strtol
0x9ec6e4 vfprintf
0x9ec6ec wcstombs
EAT(Export Address Table) Library
0x9ea5d0 _cgo_dummy_export