ScreenShot
| Created | 2024.07.17 09:15 | Machine | s1_win7_x6403 |
| Filename | se.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 37 detected (AIDetectMalware, Latrodectus, malicious, high confidence, score, Unsafe, Save, Attribute, HighConfidence, Kryptik, AGen, BankerX, YzY0Oup3na34UNDE, eiazz, STEALC, YXEGPZ, Detected, Wacatac, Sabsik, FQLXOP, ABTrojan, YZTP, Chgt, Static AI, Suspicious PE, PossibleThreat, confidence, 100%) | ||
| md5 | a907d2e6edda829467a10bc8a87cb76f | ||
| sha256 | 0822d4c51c466544072ac07dd5c2dbf4143431fb6955a05911600fed50d0229a | ||
| ssdeep | 3072:UGcq9cj1PWP87STe10+aKObk8gqSCpIHk5qYQ6b39VGKaSg:UJq9cj1u87STeq+aZk89iE9DGxSg | ||
| imphash | 1efa1310f9268b62f071617d0730aefa | ||
| impfuzzy | 6:+bmRxT7mRxGZRHmRx7CAcoBx5XzvRRnMfEy+5UAZbzWMJt8IJvXiVMBvGhAwBvQe:XRZqRgARg4xJzvMfh+HZbPxvGr+ZGrtR | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140007000 EnterCriticalSection
0x140007008 LeaveCriticalSection
0x140007010 InitializeCriticalSection
0x140007018 CreateFileA
0x140007020 CloseHandle
0x140007028 GetComputerNameA
0x140007030 GetLastError
0x140007038 GetCurrentDirectoryA
0x140007040 FindFirstFileA
0x140007048 FindNextFileA
0x140007050 GetCurrentThreadId
0x140007058 LockFile
0x140007060 UnlockFile
0x140007068 OpenFileMappingA
0x140007070 CreateNamedPipeA
0x140007078 WaitNamedPipeA
0x140007080 ExitProcess
0x140007088 VirtualAlloc
0x140007090 GetLocalTime
OPENGL32.dll
0x1400070a0 glNewList
EAT(Export Address Table) is none
KERNEL32.dll
0x140007000 EnterCriticalSection
0x140007008 LeaveCriticalSection
0x140007010 InitializeCriticalSection
0x140007018 CreateFileA
0x140007020 CloseHandle
0x140007028 GetComputerNameA
0x140007030 GetLastError
0x140007038 GetCurrentDirectoryA
0x140007040 FindFirstFileA
0x140007048 FindNextFileA
0x140007050 GetCurrentThreadId
0x140007058 LockFile
0x140007060 UnlockFile
0x140007068 OpenFileMappingA
0x140007070 CreateNamedPipeA
0x140007078 WaitNamedPipeA
0x140007080 ExitProcess
0x140007088 VirtualAlloc
0x140007090 GetLocalTime
OPENGL32.dll
0x1400070a0 glNewList
EAT(Export Address Table) is none