ScreenShot
| Created | 2024.07.18 11:16 | Machine | s1_win7_x6401 |
| Filename | 6697dafdd90a3_crypted.exe#1 | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 40 detected (AIDetectMalware, Convagent, Malicious, score, Unsafe, Save, Attribute, HighConfidence, high confidence, GenKryptik, GZLE, PWSX, Lazy, Reline, Undefined, LJYb8B5HnVJ, RedLineNET, REDLINE, YXEGQZ, high, Outbreak, Detected, Kryptik, vagwy, Upatre, 7YXJK4, Eldorado, ZexaF, FqW@ampxNNh, BScope, TrojanPSW, susgen, GZGT, GOAZ) | ||
| md5 | b511a938c3da1d394dadd5c5c67bb48b | ||
| sha256 | 7010eb737bc8cbc8598ae5de392f485406f7fd1e821f0d7e6649f3022fcf8ac8 | ||
| ssdeep | 12288:LK7gu5x1LpK8b/A92swJTUGrbbREsS4odrGCRXJe:LKH5w8bWGrxEFxICRE | ||
| imphash | 6b1f0699c48267727938cca490899696 | ||
| impfuzzy | 24:+m8TjlpDFEkBKAWokbJcpVJ+cyt8CbJBl39r9OovbO3kFZMv5GMACEZHu9U:Ghv/W/cpVJhyt8C7pZo30FZGK | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x425174 OffsetRect
ADVAPI32.dll
0x425000 DeleteAce
KERNEL32.dll
0x425008 SetStdHandle
0x42500c HeapSize
0x425010 CreateFileW
0x425014 WaitForSingleObject
0x425018 CreateThread
0x42501c VirtualAlloc
0x425020 GetModuleHandleA
0x425024 GetProcAddress
0x425028 RaiseException
0x42502c InitOnceBeginInitialize
0x425030 InitOnceComplete
0x425034 CloseHandle
0x425038 GetCurrentThreadId
0x42503c ReleaseSRWLockExclusive
0x425040 AcquireSRWLockExclusive
0x425044 TryAcquireSRWLockExclusive
0x425048 WakeAllConditionVariable
0x42504c SleepConditionVariableSRW
0x425050 WideCharToMultiByte
0x425054 GetLastError
0x425058 FreeLibraryWhenCallbackReturns
0x42505c CreateThreadpoolWork
0x425060 SubmitThreadpoolWork
0x425064 CloseThreadpoolWork
0x425068 GetModuleHandleExW
0x42506c IsProcessorFeaturePresent
0x425070 EnterCriticalSection
0x425074 LeaveCriticalSection
0x425078 InitializeCriticalSectionEx
0x42507c DeleteCriticalSection
0x425080 QueryPerformanceCounter
0x425084 EncodePointer
0x425088 DecodePointer
0x42508c MultiByteToWideChar
0x425090 LCMapStringEx
0x425094 GetSystemTimeAsFileTime
0x425098 GetModuleHandleW
0x42509c GetStringTypeW
0x4250a0 GetCPInfo
0x4250a4 IsDebuggerPresent
0x4250a8 UnhandledExceptionFilter
0x4250ac SetUnhandledExceptionFilter
0x4250b0 GetStartupInfoW
0x4250b4 GetCurrentProcess
0x4250b8 TerminateProcess
0x4250bc GetCurrentProcessId
0x4250c0 InitializeSListHead
0x4250c4 GetProcessHeap
0x4250c8 RtlUnwind
0x4250cc SetLastError
0x4250d0 InitializeCriticalSectionAndSpinCount
0x4250d4 TlsAlloc
0x4250d8 TlsGetValue
0x4250dc TlsSetValue
0x4250e0 TlsFree
0x4250e4 FreeLibrary
0x4250e8 LoadLibraryExW
0x4250ec ExitProcess
0x4250f0 GetModuleFileNameW
0x4250f4 GetStdHandle
0x4250f8 WriteFile
0x4250fc GetCommandLineA
0x425100 GetCommandLineW
0x425104 HeapAlloc
0x425108 HeapFree
0x42510c CompareStringW
0x425110 LCMapStringW
0x425114 GetLocaleInfoW
0x425118 IsValidLocale
0x42511c GetUserDefaultLCID
0x425120 EnumSystemLocalesW
0x425124 GetFileType
0x425128 GetFileSizeEx
0x42512c SetFilePointerEx
0x425130 FlushFileBuffers
0x425134 GetConsoleOutputCP
0x425138 GetConsoleMode
0x42513c ReadFile
0x425140 ReadConsoleW
0x425144 HeapReAlloc
0x425148 FindClose
0x42514c FindFirstFileExW
0x425150 FindNextFileW
0x425154 IsValidCodePage
0x425158 GetACP
0x42515c GetOEMCP
0x425160 GetEnvironmentStringsW
0x425164 FreeEnvironmentStringsW
0x425168 SetEnvironmentVariableW
0x42516c WriteConsoleW
EAT(Export Address Table) is none
USER32.dll
0x425174 OffsetRect
ADVAPI32.dll
0x425000 DeleteAce
KERNEL32.dll
0x425008 SetStdHandle
0x42500c HeapSize
0x425010 CreateFileW
0x425014 WaitForSingleObject
0x425018 CreateThread
0x42501c VirtualAlloc
0x425020 GetModuleHandleA
0x425024 GetProcAddress
0x425028 RaiseException
0x42502c InitOnceBeginInitialize
0x425030 InitOnceComplete
0x425034 CloseHandle
0x425038 GetCurrentThreadId
0x42503c ReleaseSRWLockExclusive
0x425040 AcquireSRWLockExclusive
0x425044 TryAcquireSRWLockExclusive
0x425048 WakeAllConditionVariable
0x42504c SleepConditionVariableSRW
0x425050 WideCharToMultiByte
0x425054 GetLastError
0x425058 FreeLibraryWhenCallbackReturns
0x42505c CreateThreadpoolWork
0x425060 SubmitThreadpoolWork
0x425064 CloseThreadpoolWork
0x425068 GetModuleHandleExW
0x42506c IsProcessorFeaturePresent
0x425070 EnterCriticalSection
0x425074 LeaveCriticalSection
0x425078 InitializeCriticalSectionEx
0x42507c DeleteCriticalSection
0x425080 QueryPerformanceCounter
0x425084 EncodePointer
0x425088 DecodePointer
0x42508c MultiByteToWideChar
0x425090 LCMapStringEx
0x425094 GetSystemTimeAsFileTime
0x425098 GetModuleHandleW
0x42509c GetStringTypeW
0x4250a0 GetCPInfo
0x4250a4 IsDebuggerPresent
0x4250a8 UnhandledExceptionFilter
0x4250ac SetUnhandledExceptionFilter
0x4250b0 GetStartupInfoW
0x4250b4 GetCurrentProcess
0x4250b8 TerminateProcess
0x4250bc GetCurrentProcessId
0x4250c0 InitializeSListHead
0x4250c4 GetProcessHeap
0x4250c8 RtlUnwind
0x4250cc SetLastError
0x4250d0 InitializeCriticalSectionAndSpinCount
0x4250d4 TlsAlloc
0x4250d8 TlsGetValue
0x4250dc TlsSetValue
0x4250e0 TlsFree
0x4250e4 FreeLibrary
0x4250e8 LoadLibraryExW
0x4250ec ExitProcess
0x4250f0 GetModuleFileNameW
0x4250f4 GetStdHandle
0x4250f8 WriteFile
0x4250fc GetCommandLineA
0x425100 GetCommandLineW
0x425104 HeapAlloc
0x425108 HeapFree
0x42510c CompareStringW
0x425110 LCMapStringW
0x425114 GetLocaleInfoW
0x425118 IsValidLocale
0x42511c GetUserDefaultLCID
0x425120 EnumSystemLocalesW
0x425124 GetFileType
0x425128 GetFileSizeEx
0x42512c SetFilePointerEx
0x425130 FlushFileBuffers
0x425134 GetConsoleOutputCP
0x425138 GetConsoleMode
0x42513c ReadFile
0x425140 ReadConsoleW
0x425144 HeapReAlloc
0x425148 FindClose
0x42514c FindFirstFileExW
0x425150 FindNextFileW
0x425154 IsValidCodePage
0x425158 GetACP
0x42515c GetOEMCP
0x425160 GetEnvironmentStringsW
0x425164 FreeEnvironmentStringsW
0x425168 SetEnvironmentVariableW
0x42516c WriteConsoleW
EAT(Export Address Table) is none