ScreenShot
Created | 2024.07.15 16:46 | Machine | s1_win7_x6403 |
Filename | 205.exe | ||
Type | PE32 executable (console) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 63 detected (AIDetectMalware, Convagent, malicious, high confidence, score, Lazy, Unsafe, Save, Attribute, HighConfidence, Kryptik, HXDB, Artemis, PWSX, Reline, TrojanPSW, kpguta, 70AJUrUrcXO, ylknr, Locky, high, LummaStealer, Detected, ai score=84, Malware@#2qtdp4p7zvs79, AMAI, Eldorado, ZexaE, tuW@aqfBENh, BScope, GdSda, Static AI, Malicious PE, susgen, confidence, 100%, AZZA3DGW) | ||
md5 | f07d044782a27691aa43de4b94603355 | ||
sha256 | 8e53a60383f57dc7ee46465eb298030ae0484574781823cad9d1231bfc0a2d4e | ||
ssdeep | 6144:dP5/98b9Th66j9IRXwfNQLHUPpPl2pTIejjnFJLo7:15yb9966ji64p/jjnFJQ | ||
imphash | bdd081110ce6691ddde6cfe79c51d26e | ||
impfuzzy | 24:+EjKpDaVjM3cpVJfK1cLtePu9uGhlJBl393PLOovbO3kFZMv1GMAkEZX:s3cpVJJLteZGnpN630FZGc |
Network IP location
Signature (4cnts)
Level | Description |
---|---|
danger | File has been identified by 63 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | One or more processes crashed |
Rules (6cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x426160 OffsetRect
KERNEL32.dll
0x426000 CreateFileW
0x426004 HeapSize
0x426008 GetProcessHeap
0x42600c SetStdHandle
0x426010 WaitForSingleObject
0x426014 Sleep
0x426018 CreateThread
0x42601c VirtualAlloc
0x426020 GetModuleHandleA
0x426024 GetProcAddress
0x426028 GetConsoleWindow
0x42602c CloseHandle
0x426030 WaitForSingleObjectEx
0x426034 GetCurrentThreadId
0x426038 GetExitCodeThread
0x42603c WideCharToMultiByte
0x426040 EnterCriticalSection
0x426044 LeaveCriticalSection
0x426048 InitializeCriticalSectionEx
0x42604c DeleteCriticalSection
0x426050 QueryPerformanceCounter
0x426054 ReleaseSRWLockExclusive
0x426058 WakeAllConditionVariable
0x42605c EncodePointer
0x426060 DecodePointer
0x426064 MultiByteToWideChar
0x426068 LCMapStringEx
0x42606c GetSystemTimeAsFileTime
0x426070 GetModuleHandleW
0x426074 GetStringTypeW
0x426078 GetCPInfo
0x42607c IsProcessorFeaturePresent
0x426080 UnhandledExceptionFilter
0x426084 SetUnhandledExceptionFilter
0x426088 GetCurrentProcess
0x42608c TerminateProcess
0x426090 GetCurrentProcessId
0x426094 InitializeSListHead
0x426098 IsDebuggerPresent
0x42609c GetStartupInfoW
0x4260a0 SetEnvironmentVariableW
0x4260a4 RaiseException
0x4260a8 RtlUnwind
0x4260ac GetLastError
0x4260b0 SetLastError
0x4260b4 InitializeCriticalSectionAndSpinCount
0x4260b8 TlsAlloc
0x4260bc TlsGetValue
0x4260c0 TlsSetValue
0x4260c4 TlsFree
0x4260c8 FreeLibrary
0x4260cc LoadLibraryExW
0x4260d0 ExitThread
0x4260d4 FreeLibraryAndExitThread
0x4260d8 GetModuleHandleExW
0x4260dc GetStdHandle
0x4260e0 WriteFile
0x4260e4 GetModuleFileNameW
0x4260e8 ExitProcess
0x4260ec GetCommandLineA
0x4260f0 GetCommandLineW
0x4260f4 HeapAlloc
0x4260f8 HeapFree
0x4260fc CompareStringW
0x426100 LCMapStringW
0x426104 GetLocaleInfoW
0x426108 IsValidLocale
0x42610c GetUserDefaultLCID
0x426110 EnumSystemLocalesW
0x426114 GetFileType
0x426118 FlushFileBuffers
0x42611c GetConsoleOutputCP
0x426120 GetConsoleMode
0x426124 ReadFile
0x426128 GetFileSizeEx
0x42612c SetFilePointerEx
0x426130 ReadConsoleW
0x426134 HeapReAlloc
0x426138 FindClose
0x42613c FindFirstFileExW
0x426140 FindNextFileW
0x426144 IsValidCodePage
0x426148 GetACP
0x42614c GetOEMCP
0x426150 GetEnvironmentStringsW
0x426154 FreeEnvironmentStringsW
0x426158 WriteConsoleW
EAT(Export Address Table) Library
0x425d20 AwakeSound
USER32.dll
0x426160 OffsetRect
KERNEL32.dll
0x426000 CreateFileW
0x426004 HeapSize
0x426008 GetProcessHeap
0x42600c SetStdHandle
0x426010 WaitForSingleObject
0x426014 Sleep
0x426018 CreateThread
0x42601c VirtualAlloc
0x426020 GetModuleHandleA
0x426024 GetProcAddress
0x426028 GetConsoleWindow
0x42602c CloseHandle
0x426030 WaitForSingleObjectEx
0x426034 GetCurrentThreadId
0x426038 GetExitCodeThread
0x42603c WideCharToMultiByte
0x426040 EnterCriticalSection
0x426044 LeaveCriticalSection
0x426048 InitializeCriticalSectionEx
0x42604c DeleteCriticalSection
0x426050 QueryPerformanceCounter
0x426054 ReleaseSRWLockExclusive
0x426058 WakeAllConditionVariable
0x42605c EncodePointer
0x426060 DecodePointer
0x426064 MultiByteToWideChar
0x426068 LCMapStringEx
0x42606c GetSystemTimeAsFileTime
0x426070 GetModuleHandleW
0x426074 GetStringTypeW
0x426078 GetCPInfo
0x42607c IsProcessorFeaturePresent
0x426080 UnhandledExceptionFilter
0x426084 SetUnhandledExceptionFilter
0x426088 GetCurrentProcess
0x42608c TerminateProcess
0x426090 GetCurrentProcessId
0x426094 InitializeSListHead
0x426098 IsDebuggerPresent
0x42609c GetStartupInfoW
0x4260a0 SetEnvironmentVariableW
0x4260a4 RaiseException
0x4260a8 RtlUnwind
0x4260ac GetLastError
0x4260b0 SetLastError
0x4260b4 InitializeCriticalSectionAndSpinCount
0x4260b8 TlsAlloc
0x4260bc TlsGetValue
0x4260c0 TlsSetValue
0x4260c4 TlsFree
0x4260c8 FreeLibrary
0x4260cc LoadLibraryExW
0x4260d0 ExitThread
0x4260d4 FreeLibraryAndExitThread
0x4260d8 GetModuleHandleExW
0x4260dc GetStdHandle
0x4260e0 WriteFile
0x4260e4 GetModuleFileNameW
0x4260e8 ExitProcess
0x4260ec GetCommandLineA
0x4260f0 GetCommandLineW
0x4260f4 HeapAlloc
0x4260f8 HeapFree
0x4260fc CompareStringW
0x426100 LCMapStringW
0x426104 GetLocaleInfoW
0x426108 IsValidLocale
0x42610c GetUserDefaultLCID
0x426110 EnumSystemLocalesW
0x426114 GetFileType
0x426118 FlushFileBuffers
0x42611c GetConsoleOutputCP
0x426120 GetConsoleMode
0x426124 ReadFile
0x426128 GetFileSizeEx
0x42612c SetFilePointerEx
0x426130 ReadConsoleW
0x426134 HeapReAlloc
0x426138 FindClose
0x42613c FindFirstFileExW
0x426140 FindNextFileW
0x426144 IsValidCodePage
0x426148 GetACP
0x42614c GetOEMCP
0x426150 GetEnvironmentStringsW
0x426154 FreeEnvironmentStringsW
0x426158 WriteConsoleW
EAT(Export Address Table) Library
0x425d20 AwakeSound