ScreenShot
| Created | 2024.07.14 17:56 | Machine | s1_win7_x6403 |
| Filename | 1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (AIDetectMalware, malicious, high confidence, score, Upatre, Unsafe, Save, Attribute, HighConfidence, PWSX, Convagent, Generic@AI, RDMK, cmRtazrhm2pXho7U5Zwly1V6IpyQ, Real Protect, high, Krypt, Detected, Wacapew, Kryptik, Eldorado, ZexaF, sq0@a8THTZoG, BScope, Ajent, MachineLearning, Anomalous, Obfuscated, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 2b292145e4ec28e8bd8b22c1353543d1 | ||
| sha256 | 60bda530b226d63299968670e256a9a2896ab69076e16792436e92f95bc0d0e0 | ||
| ssdeep | 3072:Dq3vlb4qEAkDhZdrTbLC9VZBjnNgRM6Fh:DybjEXFZd3C9VZ7eF | ||
| imphash | 3e14c881bae1a3bb325eea058df0a11c | ||
| impfuzzy | 24:UPXPlJcDZB69J/hoOovWtUVJdcplE5hI+8Ryv0T4ojM73BBKAQTzCQ2GA2Fjt:cpJ/hnjtYcpe7h0cb3BBKAQfCQ2GAwt | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41f008 IsBadStringPtrW
0x41f00c SetEndOfFile
0x41f010 LocalCompact
0x41f014 CreateHardLinkA
0x41f018 GetModuleHandleW
0x41f01c EnumResourceTypesA
0x41f020 LoadLibraryW
0x41f024 ReadConsoleInputA
0x41f028 IsBadCodePtr
0x41f02c CreateEventA
0x41f030 GetACP
0x41f034 GlobalUnlock
0x41f038 GetLastError
0x41f03c SetLastError
0x41f040 GetProcAddress
0x41f044 AttachConsole
0x41f048 CreateJobSet
0x41f04c LoadLibraryA
0x41f050 FindResourceA
0x41f054 AddAtomW
0x41f058 GetModuleFileNameA
0x41f05c EnumResourceNamesA
0x41f060 GetFileTime
0x41f064 ReleaseMutex
0x41f068 GetDiskFreeSpaceExW
0x41f06c TerminateJobObject
0x41f070 GetWindowsDirectoryW
0x41f074 CheckRemoteDebuggerPresent
0x41f078 CloseHandle
0x41f07c CreateFileW
0x41f080 FlushFileBuffers
0x41f084 GetStringTypeW
0x41f088 LCMapStringW
0x41f08c LocalAlloc
0x41f090 CreateFileA
0x41f094 WriteConsoleW
0x41f098 SetStdHandle
0x41f09c HeapAlloc
0x41f0a0 ExitProcess
0x41f0a4 DecodePointer
0x41f0a8 GetCommandLineA
0x41f0ac HeapSetInformation
0x41f0b0 GetStartupInfoW
0x41f0b4 IsProcessorFeaturePresent
0x41f0b8 UnhandledExceptionFilter
0x41f0bc SetUnhandledExceptionFilter
0x41f0c0 IsDebuggerPresent
0x41f0c4 EncodePointer
0x41f0c8 TerminateProcess
0x41f0cc GetCurrentProcess
0x41f0d0 HeapFree
0x41f0d4 WriteFile
0x41f0d8 GetStdHandle
0x41f0dc GetModuleFileNameW
0x41f0e0 HeapCreate
0x41f0e4 ReadFile
0x41f0e8 EnterCriticalSection
0x41f0ec LeaveCriticalSection
0x41f0f0 InitializeCriticalSectionAndSpinCount
0x41f0f4 DeleteCriticalSection
0x41f0f8 TlsAlloc
0x41f0fc TlsGetValue
0x41f100 TlsSetValue
0x41f104 TlsFree
0x41f108 InterlockedIncrement
0x41f10c GetCurrentThreadId
0x41f110 InterlockedDecrement
0x41f114 FreeEnvironmentStringsW
0x41f118 WideCharToMultiByte
0x41f11c GetEnvironmentStringsW
0x41f120 SetHandleCount
0x41f124 GetFileType
0x41f128 QueryPerformanceCounter
0x41f12c GetTickCount
0x41f130 GetCurrentProcessId
0x41f134 GetSystemTimeAsFileTime
0x41f138 Sleep
0x41f13c SetFilePointer
0x41f140 GetConsoleCP
0x41f144 GetConsoleMode
0x41f148 GetCPInfo
0x41f14c GetOEMCP
0x41f150 IsValidCodePage
0x41f154 MultiByteToWideChar
0x41f158 RtlUnwind
0x41f15c HeapSize
0x41f160 HeapReAlloc
0x41f164 RaiseException
USER32.dll
0x41f16c GetMessageTime
0x41f170 GetKeyboardLayout
0x41f174 CharUpperBuffA
0x41f178 SetCursorPos
0x41f17c LoadMenuW
0x41f180 GetCaretPos
0x41f184 GetSysColorBrush
0x41f188 GetSystemMetrics
ADVAPI32.dll
0x41f000 ClearEventLogW
ole32.dll
0x41f190 CoUnmarshalHresult
EAT(Export Address Table) is none
KERNEL32.dll
0x41f008 IsBadStringPtrW
0x41f00c SetEndOfFile
0x41f010 LocalCompact
0x41f014 CreateHardLinkA
0x41f018 GetModuleHandleW
0x41f01c EnumResourceTypesA
0x41f020 LoadLibraryW
0x41f024 ReadConsoleInputA
0x41f028 IsBadCodePtr
0x41f02c CreateEventA
0x41f030 GetACP
0x41f034 GlobalUnlock
0x41f038 GetLastError
0x41f03c SetLastError
0x41f040 GetProcAddress
0x41f044 AttachConsole
0x41f048 CreateJobSet
0x41f04c LoadLibraryA
0x41f050 FindResourceA
0x41f054 AddAtomW
0x41f058 GetModuleFileNameA
0x41f05c EnumResourceNamesA
0x41f060 GetFileTime
0x41f064 ReleaseMutex
0x41f068 GetDiskFreeSpaceExW
0x41f06c TerminateJobObject
0x41f070 GetWindowsDirectoryW
0x41f074 CheckRemoteDebuggerPresent
0x41f078 CloseHandle
0x41f07c CreateFileW
0x41f080 FlushFileBuffers
0x41f084 GetStringTypeW
0x41f088 LCMapStringW
0x41f08c LocalAlloc
0x41f090 CreateFileA
0x41f094 WriteConsoleW
0x41f098 SetStdHandle
0x41f09c HeapAlloc
0x41f0a0 ExitProcess
0x41f0a4 DecodePointer
0x41f0a8 GetCommandLineA
0x41f0ac HeapSetInformation
0x41f0b0 GetStartupInfoW
0x41f0b4 IsProcessorFeaturePresent
0x41f0b8 UnhandledExceptionFilter
0x41f0bc SetUnhandledExceptionFilter
0x41f0c0 IsDebuggerPresent
0x41f0c4 EncodePointer
0x41f0c8 TerminateProcess
0x41f0cc GetCurrentProcess
0x41f0d0 HeapFree
0x41f0d4 WriteFile
0x41f0d8 GetStdHandle
0x41f0dc GetModuleFileNameW
0x41f0e0 HeapCreate
0x41f0e4 ReadFile
0x41f0e8 EnterCriticalSection
0x41f0ec LeaveCriticalSection
0x41f0f0 InitializeCriticalSectionAndSpinCount
0x41f0f4 DeleteCriticalSection
0x41f0f8 TlsAlloc
0x41f0fc TlsGetValue
0x41f100 TlsSetValue
0x41f104 TlsFree
0x41f108 InterlockedIncrement
0x41f10c GetCurrentThreadId
0x41f110 InterlockedDecrement
0x41f114 FreeEnvironmentStringsW
0x41f118 WideCharToMultiByte
0x41f11c GetEnvironmentStringsW
0x41f120 SetHandleCount
0x41f124 GetFileType
0x41f128 QueryPerformanceCounter
0x41f12c GetTickCount
0x41f130 GetCurrentProcessId
0x41f134 GetSystemTimeAsFileTime
0x41f138 Sleep
0x41f13c SetFilePointer
0x41f140 GetConsoleCP
0x41f144 GetConsoleMode
0x41f148 GetCPInfo
0x41f14c GetOEMCP
0x41f150 IsValidCodePage
0x41f154 MultiByteToWideChar
0x41f158 RtlUnwind
0x41f15c HeapSize
0x41f160 HeapReAlloc
0x41f164 RaiseException
USER32.dll
0x41f16c GetMessageTime
0x41f170 GetKeyboardLayout
0x41f174 CharUpperBuffA
0x41f178 SetCursorPos
0x41f17c LoadMenuW
0x41f180 GetCaretPos
0x41f184 GetSysColorBrush
0x41f188 GetSystemMetrics
ADVAPI32.dll
0x41f000 ClearEventLogW
ole32.dll
0x41f190 CoUnmarshalHresult
EAT(Export Address Table) is none