ScreenShot
| Created | 2024.07.14 17:52 | Machine | s1_win7_x6401 |
| Filename | random.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 61 detected (AIDetectMalware, SmokeLoader, malicious, high confidence, score, Unsafe, Save, Genus, FakeAV, Kryptik, HXMG, CrypterX, Tepfer, CLOUD, GenSHCode, pxiua, DownLoader47, AMADEY, YXEGKZ, Real Protect, moderate, Krypt, Detected, ai score=80, Malware@#32cc2ge7hjakp, FIX18U, Eldorado, R657887, ZexaF, Aq0@aWI, nziG, Deyma, Chgt, Obfuscated, Static AI, Malicious PE, susgen, PossibleThreat, confidence, 100%, SZP2XJC) | ||
| md5 | 233ea23b1c1587f1cf895f08ba6da10b | ||
| sha256 | c7e20eafa32a38282616d78c43c574991d30fe2fbc876141fa76e5ff538c3b5c | ||
| ssdeep | 6144:mA9KjaHcwQq8DvrqYTs8HinSRR9fYCDX9Y9yTDRLN:mAkjavQjDvt8SRzDYAb | ||
| imphash | def745e62858e9ac0dee4801e550d289 | ||
| impfuzzy | 24:X8l4Z9glJjvV2TVeS/D+ApOovuKL8Rnlyv9WlhIjT4ISfeQFc2AQ0Gq8FqOMLl:MXV4eRLBKAK9aMcISfeQe2AQ0/t | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 61 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44100c FindResourceW
0x441010 LocalCompact
0x441014 WriteConsoleInputA
0x441018 GetModuleHandleW
0x44101c GetWindowsDirectoryA
0x441020 GetDateFormatA
0x441024 SetProcessPriorityBoost
0x441028 LoadLibraryW
0x44102c FreeConsole
0x441030 CreateEventA
0x441034 GetModuleFileNameW
0x441038 GetACP
0x44103c IsBadStringPtrA
0x441040 ReplaceFileA
0x441044 CreateDirectoryA
0x441048 GetLastError
0x44104c SetLastError
0x441050 SetEndOfFile
0x441054 GlobalFree
0x441058 CreateFileMappingA
0x44105c LocalAlloc
0x441060 AddVectoredExceptionHandler
0x441064 GlobalFindAtomW
0x441068 EnumResourceTypesW
0x44106c GetWindowsDirectoryW
0x441070 SetFileAttributesW
0x441074 RaiseException
0x441078 HeapReAlloc
0x44107c HeapAlloc
0x441080 GetStringTypeW
0x441084 MultiByteToWideChar
0x441088 CommConfigDialogA
0x44108c GetProcAddress
0x441090 CreateFileA
0x441094 LCMapStringW
0x441098 HeapSize
0x44109c RtlUnwind
0x4410a0 Sleep
0x4410a4 IsValidCodePage
0x4410a8 HeapFree
0x4410ac GetCommandLineA
0x4410b0 HeapSetInformation
0x4410b4 GetStartupInfoW
0x4410b8 IsProcessorFeaturePresent
0x4410bc HeapCreate
0x4410c0 SetUnhandledExceptionFilter
0x4410c4 ExitProcess
0x4410c8 DecodePointer
0x4410cc WriteFile
0x4410d0 GetStdHandle
0x4410d4 GetModuleFileNameA
0x4410d8 FreeEnvironmentStringsW
0x4410dc WideCharToMultiByte
0x4410e0 GetEnvironmentStringsW
0x4410e4 SetHandleCount
0x4410e8 InitializeCriticalSectionAndSpinCount
0x4410ec GetFileType
0x4410f0 DeleteCriticalSection
0x4410f4 EncodePointer
0x4410f8 TlsAlloc
0x4410fc TlsGetValue
0x441100 TlsSetValue
0x441104 TlsFree
0x441108 InterlockedIncrement
0x44110c GetCurrentThreadId
0x441110 InterlockedDecrement
0x441114 QueryPerformanceCounter
0x441118 GetTickCount
0x44111c GetCurrentProcessId
0x441120 GetSystemTimeAsFileTime
0x441124 UnhandledExceptionFilter
0x441128 IsDebuggerPresent
0x44112c TerminateProcess
0x441130 GetCurrentProcess
0x441134 LeaveCriticalSection
0x441138 EnterCriticalSection
0x44113c GetCPInfo
0x441140 GetOEMCP
USER32.dll
0x441148 GetKeyboardLayoutNameA
0x44114c SetMessageExtraInfo
0x441150 GetCaretPos
0x441154 CharUpperBuffA
0x441158 GetClassInfoW
0x44115c InsertMenuItemW
0x441160 ShowCursor
ADVAPI32.dll
0x441000 CopySid
0x441004 ClearEventLogA
ole32.dll
0x441170 CoSuspendClassObjects
0x441174 CoUnmarshalHresult
WINHTTP.dll
0x441168 WinHttpOpen
EAT(Export Address Table) is none
KERNEL32.dll
0x44100c FindResourceW
0x441010 LocalCompact
0x441014 WriteConsoleInputA
0x441018 GetModuleHandleW
0x44101c GetWindowsDirectoryA
0x441020 GetDateFormatA
0x441024 SetProcessPriorityBoost
0x441028 LoadLibraryW
0x44102c FreeConsole
0x441030 CreateEventA
0x441034 GetModuleFileNameW
0x441038 GetACP
0x44103c IsBadStringPtrA
0x441040 ReplaceFileA
0x441044 CreateDirectoryA
0x441048 GetLastError
0x44104c SetLastError
0x441050 SetEndOfFile
0x441054 GlobalFree
0x441058 CreateFileMappingA
0x44105c LocalAlloc
0x441060 AddVectoredExceptionHandler
0x441064 GlobalFindAtomW
0x441068 EnumResourceTypesW
0x44106c GetWindowsDirectoryW
0x441070 SetFileAttributesW
0x441074 RaiseException
0x441078 HeapReAlloc
0x44107c HeapAlloc
0x441080 GetStringTypeW
0x441084 MultiByteToWideChar
0x441088 CommConfigDialogA
0x44108c GetProcAddress
0x441090 CreateFileA
0x441094 LCMapStringW
0x441098 HeapSize
0x44109c RtlUnwind
0x4410a0 Sleep
0x4410a4 IsValidCodePage
0x4410a8 HeapFree
0x4410ac GetCommandLineA
0x4410b0 HeapSetInformation
0x4410b4 GetStartupInfoW
0x4410b8 IsProcessorFeaturePresent
0x4410bc HeapCreate
0x4410c0 SetUnhandledExceptionFilter
0x4410c4 ExitProcess
0x4410c8 DecodePointer
0x4410cc WriteFile
0x4410d0 GetStdHandle
0x4410d4 GetModuleFileNameA
0x4410d8 FreeEnvironmentStringsW
0x4410dc WideCharToMultiByte
0x4410e0 GetEnvironmentStringsW
0x4410e4 SetHandleCount
0x4410e8 InitializeCriticalSectionAndSpinCount
0x4410ec GetFileType
0x4410f0 DeleteCriticalSection
0x4410f4 EncodePointer
0x4410f8 TlsAlloc
0x4410fc TlsGetValue
0x441100 TlsSetValue
0x441104 TlsFree
0x441108 InterlockedIncrement
0x44110c GetCurrentThreadId
0x441110 InterlockedDecrement
0x441114 QueryPerformanceCounter
0x441118 GetTickCount
0x44111c GetCurrentProcessId
0x441120 GetSystemTimeAsFileTime
0x441124 UnhandledExceptionFilter
0x441128 IsDebuggerPresent
0x44112c TerminateProcess
0x441130 GetCurrentProcess
0x441134 LeaveCriticalSection
0x441138 EnterCriticalSection
0x44113c GetCPInfo
0x441140 GetOEMCP
USER32.dll
0x441148 GetKeyboardLayoutNameA
0x44114c SetMessageExtraInfo
0x441150 GetCaretPos
0x441154 CharUpperBuffA
0x441158 GetClassInfoW
0x44115c InsertMenuItemW
0x441160 ShowCursor
ADVAPI32.dll
0x441000 CopySid
0x441004 ClearEventLogA
ole32.dll
0x441170 CoSuspendClassObjects
0x441174 CoUnmarshalHresult
WINHTTP.dll
0x441168 WinHttpOpen
EAT(Export Address Table) is none