ScreenShot
| Created | 2024.07.15 09:30 | Machine | s1_win7_x6403 |
| Filename | 217.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 26 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Save, Attribute, HighConfidence, Kryptik, HXIV, CrypterX, Lazy, Reline, RDMK, cmRtazoF4a+nh0FFmBY, high, LummaStealer, Detected, Wacatac, Eldorado, ZexaF, vqY@aS299fb, BScope, TrojanPSW, Vidar, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 42e2d273ee6215957f2b979737a74b45 | ||
| sha256 | 1a5035edf2e2c8b92a5129e97c13e2114070d87c684a842491ebcdb3797b592f | ||
| ssdeep | 6144:qwTS7/BpP+AegMMtRvu3LqBOkQWrpbRPSxkplz7ZfnvH2di8MEO:qPpP6gMEhNbRPwkplRSi8MEO | ||
| imphash | c474903bf6d4b0292eceba80bbf0ab66 | ||
| impfuzzy | 24:+9jQV614EkBKAWokbJcpVJ+cQDTt8CbJBl39IOovbO3kFZMv5GMACEZHu9U:/cKv/W/cpVJhIt8C7pF30FZGK | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x428174 OffsetRect
KERNEL32.dll
0x428000 CreateFileW
0x428004 HeapSize
0x428008 SetStdHandle
0x42800c WaitForSingleObject
0x428010 ExitProcess
0x428014 CreateThread
0x428018 VirtualAlloc
0x42801c GlobalSize
0x428020 FreeConsole
0x428024 SetConsoleTitleW
0x428028 RaiseException
0x42802c InitOnceBeginInitialize
0x428030 InitOnceComplete
0x428034 CloseHandle
0x428038 GetCurrentThreadId
0x42803c ReleaseSRWLockExclusive
0x428040 AcquireSRWLockExclusive
0x428044 TryAcquireSRWLockExclusive
0x428048 WakeAllConditionVariable
0x42804c SleepConditionVariableSRW
0x428050 WideCharToMultiByte
0x428054 GetLastError
0x428058 FreeLibraryWhenCallbackReturns
0x42805c CreateThreadpoolWork
0x428060 SubmitThreadpoolWork
0x428064 CloseThreadpoolWork
0x428068 GetModuleHandleExW
0x42806c IsProcessorFeaturePresent
0x428070 EnterCriticalSection
0x428074 LeaveCriticalSection
0x428078 InitializeCriticalSectionEx
0x42807c DeleteCriticalSection
0x428080 QueryPerformanceCounter
0x428084 EncodePointer
0x428088 DecodePointer
0x42808c MultiByteToWideChar
0x428090 LCMapStringEx
0x428094 GetSystemTimeAsFileTime
0x428098 GetModuleHandleW
0x42809c GetProcAddress
0x4280a0 GetStringTypeW
0x4280a4 GetCPInfo
0x4280a8 IsDebuggerPresent
0x4280ac UnhandledExceptionFilter
0x4280b0 SetUnhandledExceptionFilter
0x4280b4 GetStartupInfoW
0x4280b8 GetCurrentProcess
0x4280bc TerminateProcess
0x4280c0 GetCurrentProcessId
0x4280c4 InitializeSListHead
0x4280c8 GetProcessHeap
0x4280cc RtlUnwind
0x4280d0 SetLastError
0x4280d4 InitializeCriticalSectionAndSpinCount
0x4280d8 TlsAlloc
0x4280dc TlsGetValue
0x4280e0 TlsSetValue
0x4280e4 TlsFree
0x4280e8 FreeLibrary
0x4280ec LoadLibraryExW
0x4280f0 GetModuleFileNameW
0x4280f4 GetStdHandle
0x4280f8 WriteFile
0x4280fc GetCommandLineA
0x428100 GetCommandLineW
0x428104 HeapAlloc
0x428108 HeapFree
0x42810c CompareStringW
0x428110 LCMapStringW
0x428114 GetLocaleInfoW
0x428118 IsValidLocale
0x42811c GetUserDefaultLCID
0x428120 EnumSystemLocalesW
0x428124 GetFileType
0x428128 GetFileSizeEx
0x42812c SetFilePointerEx
0x428130 FlushFileBuffers
0x428134 GetConsoleOutputCP
0x428138 GetConsoleMode
0x42813c ReadFile
0x428140 ReadConsoleW
0x428144 HeapReAlloc
0x428148 FindClose
0x42814c FindFirstFileExW
0x428150 FindNextFileW
0x428154 IsValidCodePage
0x428158 GetACP
0x42815c GetOEMCP
0x428160 GetEnvironmentStringsW
0x428164 FreeEnvironmentStringsW
0x428168 SetEnvironmentVariableW
0x42816c WriteConsoleW
EAT(Export Address Table) is none
USER32.dll
0x428174 OffsetRect
KERNEL32.dll
0x428000 CreateFileW
0x428004 HeapSize
0x428008 SetStdHandle
0x42800c WaitForSingleObject
0x428010 ExitProcess
0x428014 CreateThread
0x428018 VirtualAlloc
0x42801c GlobalSize
0x428020 FreeConsole
0x428024 SetConsoleTitleW
0x428028 RaiseException
0x42802c InitOnceBeginInitialize
0x428030 InitOnceComplete
0x428034 CloseHandle
0x428038 GetCurrentThreadId
0x42803c ReleaseSRWLockExclusive
0x428040 AcquireSRWLockExclusive
0x428044 TryAcquireSRWLockExclusive
0x428048 WakeAllConditionVariable
0x42804c SleepConditionVariableSRW
0x428050 WideCharToMultiByte
0x428054 GetLastError
0x428058 FreeLibraryWhenCallbackReturns
0x42805c CreateThreadpoolWork
0x428060 SubmitThreadpoolWork
0x428064 CloseThreadpoolWork
0x428068 GetModuleHandleExW
0x42806c IsProcessorFeaturePresent
0x428070 EnterCriticalSection
0x428074 LeaveCriticalSection
0x428078 InitializeCriticalSectionEx
0x42807c DeleteCriticalSection
0x428080 QueryPerformanceCounter
0x428084 EncodePointer
0x428088 DecodePointer
0x42808c MultiByteToWideChar
0x428090 LCMapStringEx
0x428094 GetSystemTimeAsFileTime
0x428098 GetModuleHandleW
0x42809c GetProcAddress
0x4280a0 GetStringTypeW
0x4280a4 GetCPInfo
0x4280a8 IsDebuggerPresent
0x4280ac UnhandledExceptionFilter
0x4280b0 SetUnhandledExceptionFilter
0x4280b4 GetStartupInfoW
0x4280b8 GetCurrentProcess
0x4280bc TerminateProcess
0x4280c0 GetCurrentProcessId
0x4280c4 InitializeSListHead
0x4280c8 GetProcessHeap
0x4280cc RtlUnwind
0x4280d0 SetLastError
0x4280d4 InitializeCriticalSectionAndSpinCount
0x4280d8 TlsAlloc
0x4280dc TlsGetValue
0x4280e0 TlsSetValue
0x4280e4 TlsFree
0x4280e8 FreeLibrary
0x4280ec LoadLibraryExW
0x4280f0 GetModuleFileNameW
0x4280f4 GetStdHandle
0x4280f8 WriteFile
0x4280fc GetCommandLineA
0x428100 GetCommandLineW
0x428104 HeapAlloc
0x428108 HeapFree
0x42810c CompareStringW
0x428110 LCMapStringW
0x428114 GetLocaleInfoW
0x428118 IsValidLocale
0x42811c GetUserDefaultLCID
0x428120 EnumSystemLocalesW
0x428124 GetFileType
0x428128 GetFileSizeEx
0x42812c SetFilePointerEx
0x428130 FlushFileBuffers
0x428134 GetConsoleOutputCP
0x428138 GetConsoleMode
0x42813c ReadFile
0x428140 ReadConsoleW
0x428144 HeapReAlloc
0x428148 FindClose
0x42814c FindFirstFileExW
0x428150 FindNextFileW
0x428154 IsValidCodePage
0x428158 GetACP
0x42815c GetOEMCP
0x428160 GetEnvironmentStringsW
0x428164 FreeEnvironmentStringsW
0x428168 SetEnvironmentVariableW
0x42816c WriteConsoleW
EAT(Export Address Table) is none