ScreenShot
| Created | 2024.07.17 09:11 | Machine | s1_win7_x6403 |
| Filename | file1111.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 57 detected (AIDetectMalware, Reline, Malicious, score, Trojanpws, Smokeloader, Unsafe, GenericKD, Save, Genus, Attribute, HighConfidence, high confidence, GenKryptik, GZGT, Artemis, CrypterX, Lazy, Convagent, 8GciTJKqqUR, Kryptik, ibalo, RedLineNET, LUMMASTEALER, YXEGNZ, high, Detected, Wacatac, Eldorado, R658172, ZexaF, 7yW@aCAxTDli, BScope, TrojanPSW, Vidar, Chgt, ai score=81, susgen, PossibleThreat, PALLAS) | ||
| md5 | 7fc7b187ff95d6c0c6b080f887f20b30 | ||
| sha256 | f1ed1782ec5eab05a9eabec5be13fba9f7175203a33a3dd4a93f6793fbd7dc82 | ||
| ssdeep | 24576:Tw7dRz2VTg7fflF18fiq047+XoLJENS4iZn/5L8gd18:A2VTg7ffbyL7+XoST0/5Igb | ||
| imphash | d7f90b4194570d933853c419f8cde98d | ||
| impfuzzy | 48:Ey5x6KeL9cW/xRcpVqjSXtXOrYtWCzTpazuFZGol3V:Z6KKaW/xRcpVq+XtXUYtWC/paMz | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x48b000 SetPixel
USER32.dll
0x48b214 OffsetRect
0x48b218 ReleaseDC
0x48b21c GetDC
KERNEL32.dll
0x48b008 CreateFileW
0x48b00c HeapSize
0x48b010 SetStdHandle
0x48b014 OutputDebugStringW
0x48b018 SetConsoleTitleA
0x48b01c VirtualAlloc
0x48b020 WaitForSingleObject
0x48b024 CreateThread
0x48b028 RaiseException
0x48b02c RtlCaptureStackBackTrace
0x48b030 GetCurrentThreadId
0x48b034 IsProcessorFeaturePresent
0x48b038 GetLastError
0x48b03c FreeLibraryWhenCallbackReturns
0x48b040 CreateThreadpoolWork
0x48b044 SubmitThreadpoolWork
0x48b048 CloseThreadpoolWork
0x48b04c GetModuleHandleExW
0x48b050 MultiByteToWideChar
0x48b054 WakeConditionVariable
0x48b058 WakeAllConditionVariable
0x48b05c SleepConditionVariableSRW
0x48b060 InitOnceComplete
0x48b064 InitOnceBeginInitialize
0x48b068 FormatMessageA
0x48b06c GetStringTypeW
0x48b070 ReleaseSRWLockExclusive
0x48b074 AcquireSRWLockExclusive
0x48b078 TryAcquireSRWLockExclusive
0x48b07c WideCharToMultiByte
0x48b080 CloseHandle
0x48b084 WaitForSingleObjectEx
0x48b088 Sleep
0x48b08c SwitchToThread
0x48b090 GetExitCodeThread
0x48b094 GetNativeSystemInfo
0x48b098 QueryPerformanceCounter
0x48b09c QueryPerformanceFrequency
0x48b0a0 EnterCriticalSection
0x48b0a4 LeaveCriticalSection
0x48b0a8 InitializeCriticalSectionEx
0x48b0ac DeleteCriticalSection
0x48b0b0 EncodePointer
0x48b0b4 DecodePointer
0x48b0b8 LocalFree
0x48b0bc GetLocaleInfoEx
0x48b0c0 LCMapStringEx
0x48b0c4 SetFileInformationByHandle
0x48b0c8 GetTempPathW
0x48b0cc InitOnceExecuteOnce
0x48b0d0 CreateEventExW
0x48b0d4 CreateSemaphoreExW
0x48b0d8 FlushProcessWriteBuffers
0x48b0dc GetCurrentProcessorNumber
0x48b0e0 GetSystemTimeAsFileTime
0x48b0e4 GetTickCount64
0x48b0e8 CreateThreadpoolTimer
0x48b0ec SetThreadpoolTimer
0x48b0f0 WaitForThreadpoolTimerCallbacks
0x48b0f4 CloseThreadpoolTimer
0x48b0f8 CreateThreadpoolWait
0x48b0fc SetThreadpoolWait
0x48b100 CloseThreadpoolWait
0x48b104 GetModuleHandleW
0x48b108 GetProcAddress
0x48b10c GetFileInformationByHandleEx
0x48b110 CreateSymbolicLinkW
0x48b114 CompareStringEx
0x48b118 GetCPInfo
0x48b11c UnhandledExceptionFilter
0x48b120 SetUnhandledExceptionFilter
0x48b124 GetCurrentProcess
0x48b128 TerminateProcess
0x48b12c IsDebuggerPresent
0x48b130 GetStartupInfoW
0x48b134 GetCurrentProcessId
0x48b138 InitializeSListHead
0x48b13c GetProcessHeap
0x48b140 RtlUnwind
0x48b144 InterlockedPushEntrySList
0x48b148 InterlockedFlushSList
0x48b14c SetLastError
0x48b150 InitializeCriticalSectionAndSpinCount
0x48b154 TlsAlloc
0x48b158 TlsGetValue
0x48b15c TlsSetValue
0x48b160 TlsFree
0x48b164 FreeLibrary
0x48b168 LoadLibraryExW
0x48b16c ExitThread
0x48b170 ResumeThread
0x48b174 FreeLibraryAndExitThread
0x48b178 ExitProcess
0x48b17c GetModuleFileNameW
0x48b180 GetStdHandle
0x48b184 WriteFile
0x48b188 SetConsoleCtrlHandler
0x48b18c HeapAlloc
0x48b190 HeapFree
0x48b194 GetDateFormatW
0x48b198 GetTimeFormatW
0x48b19c CompareStringW
0x48b1a0 LCMapStringW
0x48b1a4 GetLocaleInfoW
0x48b1a8 IsValidLocale
0x48b1ac GetUserDefaultLCID
0x48b1b0 EnumSystemLocalesW
0x48b1b4 GetFileType
0x48b1b8 GetCurrentThread
0x48b1bc FlushFileBuffers
0x48b1c0 GetConsoleOutputCP
0x48b1c4 GetConsoleMode
0x48b1c8 ReadFile
0x48b1cc GetFileSizeEx
0x48b1d0 SetFilePointerEx
0x48b1d4 ReadConsoleW
0x48b1d8 HeapReAlloc
0x48b1dc GetTimeZoneInformation
0x48b1e0 FindClose
0x48b1e4 FindFirstFileExW
0x48b1e8 FindNextFileW
0x48b1ec IsValidCodePage
0x48b1f0 GetACP
0x48b1f4 GetOEMCP
0x48b1f8 GetCommandLineA
0x48b1fc GetCommandLineW
0x48b200 GetEnvironmentStringsW
0x48b204 FreeEnvironmentStringsW
0x48b208 SetEnvironmentVariableW
0x48b20c WriteConsoleW
EAT(Export Address Table) is none
GDI32.dll
0x48b000 SetPixel
USER32.dll
0x48b214 OffsetRect
0x48b218 ReleaseDC
0x48b21c GetDC
KERNEL32.dll
0x48b008 CreateFileW
0x48b00c HeapSize
0x48b010 SetStdHandle
0x48b014 OutputDebugStringW
0x48b018 SetConsoleTitleA
0x48b01c VirtualAlloc
0x48b020 WaitForSingleObject
0x48b024 CreateThread
0x48b028 RaiseException
0x48b02c RtlCaptureStackBackTrace
0x48b030 GetCurrentThreadId
0x48b034 IsProcessorFeaturePresent
0x48b038 GetLastError
0x48b03c FreeLibraryWhenCallbackReturns
0x48b040 CreateThreadpoolWork
0x48b044 SubmitThreadpoolWork
0x48b048 CloseThreadpoolWork
0x48b04c GetModuleHandleExW
0x48b050 MultiByteToWideChar
0x48b054 WakeConditionVariable
0x48b058 WakeAllConditionVariable
0x48b05c SleepConditionVariableSRW
0x48b060 InitOnceComplete
0x48b064 InitOnceBeginInitialize
0x48b068 FormatMessageA
0x48b06c GetStringTypeW
0x48b070 ReleaseSRWLockExclusive
0x48b074 AcquireSRWLockExclusive
0x48b078 TryAcquireSRWLockExclusive
0x48b07c WideCharToMultiByte
0x48b080 CloseHandle
0x48b084 WaitForSingleObjectEx
0x48b088 Sleep
0x48b08c SwitchToThread
0x48b090 GetExitCodeThread
0x48b094 GetNativeSystemInfo
0x48b098 QueryPerformanceCounter
0x48b09c QueryPerformanceFrequency
0x48b0a0 EnterCriticalSection
0x48b0a4 LeaveCriticalSection
0x48b0a8 InitializeCriticalSectionEx
0x48b0ac DeleteCriticalSection
0x48b0b0 EncodePointer
0x48b0b4 DecodePointer
0x48b0b8 LocalFree
0x48b0bc GetLocaleInfoEx
0x48b0c0 LCMapStringEx
0x48b0c4 SetFileInformationByHandle
0x48b0c8 GetTempPathW
0x48b0cc InitOnceExecuteOnce
0x48b0d0 CreateEventExW
0x48b0d4 CreateSemaphoreExW
0x48b0d8 FlushProcessWriteBuffers
0x48b0dc GetCurrentProcessorNumber
0x48b0e0 GetSystemTimeAsFileTime
0x48b0e4 GetTickCount64
0x48b0e8 CreateThreadpoolTimer
0x48b0ec SetThreadpoolTimer
0x48b0f0 WaitForThreadpoolTimerCallbacks
0x48b0f4 CloseThreadpoolTimer
0x48b0f8 CreateThreadpoolWait
0x48b0fc SetThreadpoolWait
0x48b100 CloseThreadpoolWait
0x48b104 GetModuleHandleW
0x48b108 GetProcAddress
0x48b10c GetFileInformationByHandleEx
0x48b110 CreateSymbolicLinkW
0x48b114 CompareStringEx
0x48b118 GetCPInfo
0x48b11c UnhandledExceptionFilter
0x48b120 SetUnhandledExceptionFilter
0x48b124 GetCurrentProcess
0x48b128 TerminateProcess
0x48b12c IsDebuggerPresent
0x48b130 GetStartupInfoW
0x48b134 GetCurrentProcessId
0x48b138 InitializeSListHead
0x48b13c GetProcessHeap
0x48b140 RtlUnwind
0x48b144 InterlockedPushEntrySList
0x48b148 InterlockedFlushSList
0x48b14c SetLastError
0x48b150 InitializeCriticalSectionAndSpinCount
0x48b154 TlsAlloc
0x48b158 TlsGetValue
0x48b15c TlsSetValue
0x48b160 TlsFree
0x48b164 FreeLibrary
0x48b168 LoadLibraryExW
0x48b16c ExitThread
0x48b170 ResumeThread
0x48b174 FreeLibraryAndExitThread
0x48b178 ExitProcess
0x48b17c GetModuleFileNameW
0x48b180 GetStdHandle
0x48b184 WriteFile
0x48b188 SetConsoleCtrlHandler
0x48b18c HeapAlloc
0x48b190 HeapFree
0x48b194 GetDateFormatW
0x48b198 GetTimeFormatW
0x48b19c CompareStringW
0x48b1a0 LCMapStringW
0x48b1a4 GetLocaleInfoW
0x48b1a8 IsValidLocale
0x48b1ac GetUserDefaultLCID
0x48b1b0 EnumSystemLocalesW
0x48b1b4 GetFileType
0x48b1b8 GetCurrentThread
0x48b1bc FlushFileBuffers
0x48b1c0 GetConsoleOutputCP
0x48b1c4 GetConsoleMode
0x48b1c8 ReadFile
0x48b1cc GetFileSizeEx
0x48b1d0 SetFilePointerEx
0x48b1d4 ReadConsoleW
0x48b1d8 HeapReAlloc
0x48b1dc GetTimeZoneInformation
0x48b1e0 FindClose
0x48b1e4 FindFirstFileExW
0x48b1e8 FindNextFileW
0x48b1ec IsValidCodePage
0x48b1f0 GetACP
0x48b1f4 GetOEMCP
0x48b1f8 GetCommandLineA
0x48b1fc GetCommandLineW
0x48b200 GetEnvironmentStringsW
0x48b204 FreeEnvironmentStringsW
0x48b208 SetEnvironmentVariableW
0x48b20c WriteConsoleW
EAT(Export Address Table) is none