ScreenShot
| Created | 2024.07.14 17:47 | Machine | s1_win7_x6403 |
| Filename | build16666.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetectMalware, Amadey, malicious, high confidence, score, Unsafe, GenericKD, Vbt6, Genus, Attribute, HighConfidence, Rozena, MalwareX, YzY0OkQ, ehWfu750, ttgsc, R002C0DGC24, GenKD, Detected, ai score=83, DBadur, XOREncoded, ABTrojan, JQVR, Chgt, Szfl, susgen, PossibleThreat, confidence) | ||
| md5 | 4640faeafa95ce219c649e9f5cbffd75 | ||
| sha256 | 5e2839553458547a92fff7348862063b30510e805a550e02d94a89bd8fd0768d | ||
| ssdeep | 49152:ROG8g1q+0zLvddLpmLM1vkRG6PDaChedUaq4UL:Mzdg | ||
| imphash | a338797fb02813f0ef44a2dae655cd61 | ||
| impfuzzy | 12:YRJRJJcDn5ARZqRLAYPXJDCqV0MHHG95XGXViEG6eGJwk6lTpJq/iZn:8fjcDqcLV5X0MG95XG66ZykoDq6Zn | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1402111ac DeleteCriticalSection
0x1402111b4 EnterCriticalSection
0x1402111bc GetLastError
0x1402111c4 GetProcAddress
0x1402111cc GetStartupInfoA
0x1402111d4 InitializeCriticalSection
0x1402111dc LeaveCriticalSection
0x1402111e4 LoadLibraryA
0x1402111ec SetUnhandledExceptionFilter
0x1402111f4 Sleep
0x1402111fc TlsAlloc
0x140211204 TlsGetValue
0x14021120c TlsSetValue
0x140211214 VirtualAlloc
0x14021121c VirtualFree
0x140211224 VirtualProtect
0x14021122c VirtualQuery
msvcrt.dll
0x14021123c __C_specific_handler
0x140211244 __getmainargs
0x14021124c __initenv
0x140211254 __iob_func
0x14021125c __lconv_init
0x140211264 __set_app_type
0x14021126c __setusermatherr
0x140211274 _acmdln
0x14021127c _amsg_exit
0x140211284 _cexit
0x14021128c _commode
0x140211294 _fmode
0x14021129c _initterm
0x1402112a4 _onexit
0x1402112ac abort
0x1402112b4 calloc
0x1402112bc exit
0x1402112c4 fprintf
0x1402112cc free
0x1402112d4 fwrite
0x1402112dc malloc
0x1402112e4 memcpy
0x1402112ec memset
0x1402112f4 signal
0x1402112fc strlen
0x140211304 strncmp
0x14021130c vfprintf
EAT(Export Address Table) is none
KERNEL32.dll
0x1402111ac DeleteCriticalSection
0x1402111b4 EnterCriticalSection
0x1402111bc GetLastError
0x1402111c4 GetProcAddress
0x1402111cc GetStartupInfoA
0x1402111d4 InitializeCriticalSection
0x1402111dc LeaveCriticalSection
0x1402111e4 LoadLibraryA
0x1402111ec SetUnhandledExceptionFilter
0x1402111f4 Sleep
0x1402111fc TlsAlloc
0x140211204 TlsGetValue
0x14021120c TlsSetValue
0x140211214 VirtualAlloc
0x14021121c VirtualFree
0x140211224 VirtualProtect
0x14021122c VirtualQuery
msvcrt.dll
0x14021123c __C_specific_handler
0x140211244 __getmainargs
0x14021124c __initenv
0x140211254 __iob_func
0x14021125c __lconv_init
0x140211264 __set_app_type
0x14021126c __setusermatherr
0x140211274 _acmdln
0x14021127c _amsg_exit
0x140211284 _cexit
0x14021128c _commode
0x140211294 _fmode
0x14021129c _initterm
0x1402112a4 _onexit
0x1402112ac abort
0x1402112b4 calloc
0x1402112bc exit
0x1402112c4 fprintf
0x1402112cc free
0x1402112d4 fwrite
0x1402112dc malloc
0x1402112e4 memcpy
0x1402112ec memset
0x1402112f4 signal
0x1402112fc strlen
0x140211304 strncmp
0x14021130c vfprintf
EAT(Export Address Table) is none