ScreenShot
| Created | 2024.07.19 13:06 | Machine | s1_win7_x6401 |
| Filename | 1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (AIDetectMalware, Malicious, score, Unsafe, Vv7r, Attribute, HighConfidence, high confidence, BotX, DownLoader47, ZexaF, ky0@am95GvbG, Real Protect, high, Artemis, BScope, Static AI, Malicious PE, susgen, Kryptik, HEDU, confidence, 100%) | ||
| md5 | 4b0e023d1ddfc2a8166c652300375b1a | ||
| sha256 | 408e6e127e24828a7fd237ffa2e6bdf031847ff3a28bf4c6ed89a6c1fd7cfc7c | ||
| ssdeep | 3072:T1USLrbu37RHjNwNPFmCsI7/4pPcgE5MM5jWiZJBXETBS:5L/87R8MYUp3cKiBGS | ||
| imphash | 2877ccf392960748e767c5f7ffb70959 | ||
| impfuzzy | 24:QtzkruJcDNtBV4WCXFjPY7/gcfdYXiuOZyv4hJRT4QjMFluo3BYE:dj8VDYLgcfQquy7cdsEL | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41a008 CreateJobObjectW
0x41a00c GetCommProperties
0x41a010 GetModuleHandleW
0x41a014 LoadLibraryW
0x41a018 SetVolumeMountPointA
0x41a01c WriteConsoleW
0x41a020 GetAtomNameW
0x41a024 GetConsoleAliasesW
0x41a028 ReleaseActCtx
0x41a02c SetLastError
0x41a030 GetProcAddress
0x41a034 InterlockedDecrement
0x41a038 UnhandledExceptionFilter
0x41a03c LocalAlloc
0x41a040 WritePrivateProfileStringA
0x41a044 FoldStringW
0x41a048 GetModuleFileNameA
0x41a04c EnumDateFormatsA
0x41a050 lstrcatW
0x41a054 FreeEnvironmentStringsW
0x41a058 FindFirstVolumeW
0x41a05c AreFileApisANSI
0x41a060 LoadLibraryA
0x41a064 OpenJobObjectA
0x41a068 HeapAlloc
0x41a06c GetStartupInfoW
0x41a070 TerminateProcess
0x41a074 GetCurrentProcess
0x41a078 SetUnhandledExceptionFilter
0x41a07c IsDebuggerPresent
0x41a080 DeleteCriticalSection
0x41a084 LeaveCriticalSection
0x41a088 EnterCriticalSection
0x41a08c HeapFree
0x41a090 VirtualFree
0x41a094 VirtualAlloc
0x41a098 HeapReAlloc
0x41a09c HeapCreate
0x41a0a0 Sleep
0x41a0a4 ExitProcess
0x41a0a8 WriteFile
0x41a0ac GetStdHandle
0x41a0b0 GetModuleFileNameW
0x41a0b4 GetEnvironmentStringsW
0x41a0b8 GetCommandLineW
0x41a0bc SetHandleCount
0x41a0c0 GetFileType
0x41a0c4 GetStartupInfoA
0x41a0c8 TlsGetValue
0x41a0cc TlsAlloc
0x41a0d0 TlsSetValue
0x41a0d4 TlsFree
0x41a0d8 InterlockedIncrement
0x41a0dc GetCurrentThreadId
0x41a0e0 GetLastError
0x41a0e4 QueryPerformanceCounter
0x41a0e8 GetTickCount
0x41a0ec GetCurrentProcessId
0x41a0f0 GetSystemTimeAsFileTime
0x41a0f4 SetFilePointer
0x41a0f8 WideCharToMultiByte
0x41a0fc GetConsoleCP
0x41a100 GetConsoleMode
0x41a104 GetCPInfo
0x41a108 GetACP
0x41a10c GetOEMCP
0x41a110 IsValidCodePage
0x41a114 InitializeCriticalSectionAndSpinCount
0x41a118 RtlUnwind
0x41a11c MultiByteToWideChar
0x41a120 SetStdHandle
0x41a124 WriteConsoleA
0x41a128 GetConsoleOutputCP
0x41a12c LCMapStringA
0x41a130 LCMapStringW
0x41a134 GetStringTypeA
0x41a138 GetStringTypeW
0x41a13c GetLocaleInfoA
0x41a140 HeapSize
0x41a144 FlushFileBuffers
0x41a148 ReadFile
0x41a14c CreateFileA
0x41a150 CloseHandle
ADVAPI32.dll
0x41a000 ReadEventLogA
EAT(Export Address Table) is none
KERNEL32.dll
0x41a008 CreateJobObjectW
0x41a00c GetCommProperties
0x41a010 GetModuleHandleW
0x41a014 LoadLibraryW
0x41a018 SetVolumeMountPointA
0x41a01c WriteConsoleW
0x41a020 GetAtomNameW
0x41a024 GetConsoleAliasesW
0x41a028 ReleaseActCtx
0x41a02c SetLastError
0x41a030 GetProcAddress
0x41a034 InterlockedDecrement
0x41a038 UnhandledExceptionFilter
0x41a03c LocalAlloc
0x41a040 WritePrivateProfileStringA
0x41a044 FoldStringW
0x41a048 GetModuleFileNameA
0x41a04c EnumDateFormatsA
0x41a050 lstrcatW
0x41a054 FreeEnvironmentStringsW
0x41a058 FindFirstVolumeW
0x41a05c AreFileApisANSI
0x41a060 LoadLibraryA
0x41a064 OpenJobObjectA
0x41a068 HeapAlloc
0x41a06c GetStartupInfoW
0x41a070 TerminateProcess
0x41a074 GetCurrentProcess
0x41a078 SetUnhandledExceptionFilter
0x41a07c IsDebuggerPresent
0x41a080 DeleteCriticalSection
0x41a084 LeaveCriticalSection
0x41a088 EnterCriticalSection
0x41a08c HeapFree
0x41a090 VirtualFree
0x41a094 VirtualAlloc
0x41a098 HeapReAlloc
0x41a09c HeapCreate
0x41a0a0 Sleep
0x41a0a4 ExitProcess
0x41a0a8 WriteFile
0x41a0ac GetStdHandle
0x41a0b0 GetModuleFileNameW
0x41a0b4 GetEnvironmentStringsW
0x41a0b8 GetCommandLineW
0x41a0bc SetHandleCount
0x41a0c0 GetFileType
0x41a0c4 GetStartupInfoA
0x41a0c8 TlsGetValue
0x41a0cc TlsAlloc
0x41a0d0 TlsSetValue
0x41a0d4 TlsFree
0x41a0d8 InterlockedIncrement
0x41a0dc GetCurrentThreadId
0x41a0e0 GetLastError
0x41a0e4 QueryPerformanceCounter
0x41a0e8 GetTickCount
0x41a0ec GetCurrentProcessId
0x41a0f0 GetSystemTimeAsFileTime
0x41a0f4 SetFilePointer
0x41a0f8 WideCharToMultiByte
0x41a0fc GetConsoleCP
0x41a100 GetConsoleMode
0x41a104 GetCPInfo
0x41a108 GetACP
0x41a10c GetOEMCP
0x41a110 IsValidCodePage
0x41a114 InitializeCriticalSectionAndSpinCount
0x41a118 RtlUnwind
0x41a11c MultiByteToWideChar
0x41a120 SetStdHandle
0x41a124 WriteConsoleA
0x41a128 GetConsoleOutputCP
0x41a12c LCMapStringA
0x41a130 LCMapStringW
0x41a134 GetStringTypeA
0x41a138 GetStringTypeW
0x41a13c GetLocaleInfoA
0x41a140 HeapSize
0x41a144 FlushFileBuffers
0x41a148 ReadFile
0x41a14c CreateFileA
0x41a150 CloseHandle
ADVAPI32.dll
0x41a000 ReadEventLogA
EAT(Export Address Table) is none