ScreenShot
| Created | 2024.07.16 11:09 | Machine | s1_win7_x6401 |
| Filename | 201.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 35 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Save, Fragtor, Attribute, HighConfidence, Kryptik, HXIV, PWSX, Lazy, Reline, Undefined, jNJb2SpPgpD, high, LummaStealer, Detected, ai score=84, Redline, AMAN, Eldorado, ZexaF, yqY@aSvLnLj, BScope, TrojanPSW, Vidar, GdSda, Static AI, Malicious PE, susgen, GenKryptik, GZGT, confidence, 100%) | ||
| md5 | e0c387e6842dc4797be9380a8bde32f3 | ||
| sha256 | 5d6c0496aba5ef54b704ba6a0316a3b568add232cab10efeaf4d59bb06d13dd5 | ||
| ssdeep | 6144:+hdJzxpL5aUyAUCjZBLnk8OEvKBkcx09ULP7I8vscR91Q3gwy/Oeei8IEO:+fpUUyOHZG0iP8jhNi8IEO | ||
| imphash | a38d03d2b3d291f90f0d200bd42f8abf | ||
| impfuzzy | 24:+m8Tjl614EkBKAWokbJcpVJ+cQDTt8CbJBl39r9OovbO3kFZMv5GMACEZHu9U:GkKv/W/cpVJhIt8C7pZo30FZGK | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x42817c OffsetRect
ADVAPI32.dll
0x428000 DeleteAce
KERNEL32.dll
0x428008 SetStdHandle
0x42800c HeapSize
0x428010 CreateFileW
0x428014 WaitForSingleObject
0x428018 CreateThread
0x42801c VirtualAlloc
0x428020 GlobalSize
0x428024 FreeConsole
0x428028 SetConsoleTitleW
0x42802c RaiseException
0x428030 InitOnceBeginInitialize
0x428034 InitOnceComplete
0x428038 CloseHandle
0x42803c GetCurrentThreadId
0x428040 ReleaseSRWLockExclusive
0x428044 AcquireSRWLockExclusive
0x428048 TryAcquireSRWLockExclusive
0x42804c WakeAllConditionVariable
0x428050 SleepConditionVariableSRW
0x428054 WideCharToMultiByte
0x428058 GetLastError
0x42805c FreeLibraryWhenCallbackReturns
0x428060 CreateThreadpoolWork
0x428064 SubmitThreadpoolWork
0x428068 CloseThreadpoolWork
0x42806c GetModuleHandleExW
0x428070 IsProcessorFeaturePresent
0x428074 EnterCriticalSection
0x428078 LeaveCriticalSection
0x42807c InitializeCriticalSectionEx
0x428080 DeleteCriticalSection
0x428084 QueryPerformanceCounter
0x428088 EncodePointer
0x42808c DecodePointer
0x428090 MultiByteToWideChar
0x428094 LCMapStringEx
0x428098 GetSystemTimeAsFileTime
0x42809c GetModuleHandleW
0x4280a0 GetProcAddress
0x4280a4 GetStringTypeW
0x4280a8 GetCPInfo
0x4280ac IsDebuggerPresent
0x4280b0 UnhandledExceptionFilter
0x4280b4 SetUnhandledExceptionFilter
0x4280b8 GetStartupInfoW
0x4280bc GetCurrentProcess
0x4280c0 TerminateProcess
0x4280c4 GetCurrentProcessId
0x4280c8 InitializeSListHead
0x4280cc GetProcessHeap
0x4280d0 RtlUnwind
0x4280d4 SetLastError
0x4280d8 InitializeCriticalSectionAndSpinCount
0x4280dc TlsAlloc
0x4280e0 TlsGetValue
0x4280e4 TlsSetValue
0x4280e8 TlsFree
0x4280ec FreeLibrary
0x4280f0 LoadLibraryExW
0x4280f4 ExitProcess
0x4280f8 GetModuleFileNameW
0x4280fc GetStdHandle
0x428100 WriteFile
0x428104 GetCommandLineA
0x428108 GetCommandLineW
0x42810c HeapAlloc
0x428110 HeapFree
0x428114 CompareStringW
0x428118 LCMapStringW
0x42811c GetLocaleInfoW
0x428120 IsValidLocale
0x428124 GetUserDefaultLCID
0x428128 EnumSystemLocalesW
0x42812c GetFileType
0x428130 GetFileSizeEx
0x428134 SetFilePointerEx
0x428138 FlushFileBuffers
0x42813c GetConsoleOutputCP
0x428140 GetConsoleMode
0x428144 ReadFile
0x428148 ReadConsoleW
0x42814c HeapReAlloc
0x428150 FindClose
0x428154 FindFirstFileExW
0x428158 FindNextFileW
0x42815c IsValidCodePage
0x428160 GetACP
0x428164 GetOEMCP
0x428168 GetEnvironmentStringsW
0x42816c FreeEnvironmentStringsW
0x428170 SetEnvironmentVariableW
0x428174 WriteConsoleW
EAT(Export Address Table) is none
USER32.dll
0x42817c OffsetRect
ADVAPI32.dll
0x428000 DeleteAce
KERNEL32.dll
0x428008 SetStdHandle
0x42800c HeapSize
0x428010 CreateFileW
0x428014 WaitForSingleObject
0x428018 CreateThread
0x42801c VirtualAlloc
0x428020 GlobalSize
0x428024 FreeConsole
0x428028 SetConsoleTitleW
0x42802c RaiseException
0x428030 InitOnceBeginInitialize
0x428034 InitOnceComplete
0x428038 CloseHandle
0x42803c GetCurrentThreadId
0x428040 ReleaseSRWLockExclusive
0x428044 AcquireSRWLockExclusive
0x428048 TryAcquireSRWLockExclusive
0x42804c WakeAllConditionVariable
0x428050 SleepConditionVariableSRW
0x428054 WideCharToMultiByte
0x428058 GetLastError
0x42805c FreeLibraryWhenCallbackReturns
0x428060 CreateThreadpoolWork
0x428064 SubmitThreadpoolWork
0x428068 CloseThreadpoolWork
0x42806c GetModuleHandleExW
0x428070 IsProcessorFeaturePresent
0x428074 EnterCriticalSection
0x428078 LeaveCriticalSection
0x42807c InitializeCriticalSectionEx
0x428080 DeleteCriticalSection
0x428084 QueryPerformanceCounter
0x428088 EncodePointer
0x42808c DecodePointer
0x428090 MultiByteToWideChar
0x428094 LCMapStringEx
0x428098 GetSystemTimeAsFileTime
0x42809c GetModuleHandleW
0x4280a0 GetProcAddress
0x4280a4 GetStringTypeW
0x4280a8 GetCPInfo
0x4280ac IsDebuggerPresent
0x4280b0 UnhandledExceptionFilter
0x4280b4 SetUnhandledExceptionFilter
0x4280b8 GetStartupInfoW
0x4280bc GetCurrentProcess
0x4280c0 TerminateProcess
0x4280c4 GetCurrentProcessId
0x4280c8 InitializeSListHead
0x4280cc GetProcessHeap
0x4280d0 RtlUnwind
0x4280d4 SetLastError
0x4280d8 InitializeCriticalSectionAndSpinCount
0x4280dc TlsAlloc
0x4280e0 TlsGetValue
0x4280e4 TlsSetValue
0x4280e8 TlsFree
0x4280ec FreeLibrary
0x4280f0 LoadLibraryExW
0x4280f4 ExitProcess
0x4280f8 GetModuleFileNameW
0x4280fc GetStdHandle
0x428100 WriteFile
0x428104 GetCommandLineA
0x428108 GetCommandLineW
0x42810c HeapAlloc
0x428110 HeapFree
0x428114 CompareStringW
0x428118 LCMapStringW
0x42811c GetLocaleInfoW
0x428120 IsValidLocale
0x428124 GetUserDefaultLCID
0x428128 EnumSystemLocalesW
0x42812c GetFileType
0x428130 GetFileSizeEx
0x428134 SetFilePointerEx
0x428138 FlushFileBuffers
0x42813c GetConsoleOutputCP
0x428140 GetConsoleMode
0x428144 ReadFile
0x428148 ReadConsoleW
0x42814c HeapReAlloc
0x428150 FindClose
0x428154 FindFirstFileExW
0x428158 FindNextFileW
0x42815c IsValidCodePage
0x428160 GetACP
0x428164 GetOEMCP
0x428168 GetEnvironmentStringsW
0x42816c FreeEnvironmentStringsW
0x428170 SetEnvironmentVariableW
0x428174 WriteConsoleW
EAT(Export Address Table) is none