ScreenShot
| Created | 2024.07.20 20:15 | Machine | s1_win7_x6403 |
| Filename | 2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (AIDetectMalware, Malicious, score, Unsafe, Save, Attribute, HighConfidence, high confidence, Convagent, ZexaF, py0@auXIMWpG, Real Protect, high, Krypt, Danabot, Detected, STOP, RedLine, R658443, Obfuscated, Static AI, Malicious PE, susgen, Kryptik, HFSR, confidence, 100%) | ||
| md5 | cd385c52e6ad2dd6a304839159534b7e | ||
| sha256 | b1680f17257af3c77a220fcf29ade51d0f02e9b429f687cc2d8a66f5a07e272b | ||
| ssdeep | 3072:X0tRmAsRYfI174Ofi0Q2SAMvDVNronnE+kQBwbCvhb9zWbqs5uxVCW:ERlfIXvQ2IDrktzB1Jb0qWkC | ||
| imphash | cb30965266fdf6eae519dd45f888fcf1 | ||
| impfuzzy | 48:n5f731rdT+fcWqG1VtfiU0cuZeaAQTmK/v:nR7FJT+fcbG1VtfitcWia | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x427000 IsBadHugeReadPtr
0x427004 SetEndOfFile
0x427008 LocalCompact
0x42700c CreateHardLinkA
0x427010 GetModuleHandleW
0x427014 GetCurrentThread
0x427018 GetProcessHeap
0x42701c EnumResourceTypesA
0x427020 GetConsoleCP
0x427024 GlobalAlloc
0x427028 LoadLibraryW
0x42702c IsProcessInJob
0x427030 AssignProcessToJobObject
0x427034 GetSystemDirectoryA
0x427038 GetLastError
0x42703c SetLastError
0x427040 GetProcAddress
0x427044 VerLanguageNameA
0x427048 FindClose
0x42704c LoadLibraryA
0x427050 SetConsoleCtrlHandler
0x427054 AddAtomW
0x427058 CreateEventW
0x42705c HeapWalk
0x427060 GlobalHandle
0x427064 SetEnvironmentVariableA
0x427068 GetModuleFileNameA
0x42706c GetOEMCP
0x427070 GlobalUnWire
0x427074 EnumResourceNamesA
0x427078 PeekConsoleInputA
0x42707c GetDiskFreeSpaceExW
0x427080 CreateFileW
0x427084 SetStdHandle
0x427088 WriteConsoleW
0x42708c SetFilePointer
0x427090 HeapReAlloc
0x427094 IsValidLocale
0x427098 EnumSystemLocalesA
0x42709c WideCharToMultiByte
0x4270a0 InterlockedIncrement
0x4270a4 InterlockedDecrement
0x4270a8 InterlockedCompareExchange
0x4270ac InterlockedExchange
0x4270b0 MultiByteToWideChar
0x4270b4 GetStringTypeW
0x4270b8 EncodePointer
0x4270bc DecodePointer
0x4270c0 Sleep
0x4270c4 InitializeCriticalSection
0x4270c8 DeleteCriticalSection
0x4270cc EnterCriticalSection
0x4270d0 LeaveCriticalSection
0x4270d4 HeapFree
0x4270d8 GetCommandLineW
0x4270dc HeapSetInformation
0x4270e0 GetStartupInfoW
0x4270e4 GetCPInfo
0x4270e8 RaiseException
0x4270ec RtlUnwind
0x4270f0 HeapAlloc
0x4270f4 LCMapStringW
0x4270f8 IsProcessorFeaturePresent
0x4270fc GetACP
0x427100 IsValidCodePage
0x427104 TlsAlloc
0x427108 TlsGetValue
0x42710c TlsSetValue
0x427110 TlsFree
0x427114 GetCurrentThreadId
0x427118 HeapCreate
0x42711c ReadFile
0x427120 UnhandledExceptionFilter
0x427124 SetUnhandledExceptionFilter
0x427128 IsDebuggerPresent
0x42712c TerminateProcess
0x427130 GetCurrentProcess
0x427134 WriteFile
0x427138 GetConsoleMode
0x42713c FlushFileBuffers
0x427140 InitializeCriticalSectionAndSpinCount
0x427144 ExitProcess
0x427148 GetStdHandle
0x42714c GetModuleFileNameW
0x427150 FreeEnvironmentStringsW
0x427154 GetEnvironmentStringsW
0x427158 SetHandleCount
0x42715c GetFileType
0x427160 QueryPerformanceCounter
0x427164 GetTickCount
0x427168 GetCurrentProcessId
0x42716c GetSystemTimeAsFileTime
0x427170 GetLocaleInfoW
0x427174 HeapSize
0x427178 GetUserDefaultLCID
0x42717c GetLocaleInfoA
0x427180 CloseHandle
USER32.dll
0x427188 GetMessageExtraInfo
0x42718c CharUpperBuffA
0x427190 DrawStateW
0x427194 SetMenu
0x427198 SetCaretPos
0x42719c GetCaretBlinkTime
0x4271a0 SetClipboardViewer
EAT(Export Address Table) is none
KERNEL32.dll
0x427000 IsBadHugeReadPtr
0x427004 SetEndOfFile
0x427008 LocalCompact
0x42700c CreateHardLinkA
0x427010 GetModuleHandleW
0x427014 GetCurrentThread
0x427018 GetProcessHeap
0x42701c EnumResourceTypesA
0x427020 GetConsoleCP
0x427024 GlobalAlloc
0x427028 LoadLibraryW
0x42702c IsProcessInJob
0x427030 AssignProcessToJobObject
0x427034 GetSystemDirectoryA
0x427038 GetLastError
0x42703c SetLastError
0x427040 GetProcAddress
0x427044 VerLanguageNameA
0x427048 FindClose
0x42704c LoadLibraryA
0x427050 SetConsoleCtrlHandler
0x427054 AddAtomW
0x427058 CreateEventW
0x42705c HeapWalk
0x427060 GlobalHandle
0x427064 SetEnvironmentVariableA
0x427068 GetModuleFileNameA
0x42706c GetOEMCP
0x427070 GlobalUnWire
0x427074 EnumResourceNamesA
0x427078 PeekConsoleInputA
0x42707c GetDiskFreeSpaceExW
0x427080 CreateFileW
0x427084 SetStdHandle
0x427088 WriteConsoleW
0x42708c SetFilePointer
0x427090 HeapReAlloc
0x427094 IsValidLocale
0x427098 EnumSystemLocalesA
0x42709c WideCharToMultiByte
0x4270a0 InterlockedIncrement
0x4270a4 InterlockedDecrement
0x4270a8 InterlockedCompareExchange
0x4270ac InterlockedExchange
0x4270b0 MultiByteToWideChar
0x4270b4 GetStringTypeW
0x4270b8 EncodePointer
0x4270bc DecodePointer
0x4270c0 Sleep
0x4270c4 InitializeCriticalSection
0x4270c8 DeleteCriticalSection
0x4270cc EnterCriticalSection
0x4270d0 LeaveCriticalSection
0x4270d4 HeapFree
0x4270d8 GetCommandLineW
0x4270dc HeapSetInformation
0x4270e0 GetStartupInfoW
0x4270e4 GetCPInfo
0x4270e8 RaiseException
0x4270ec RtlUnwind
0x4270f0 HeapAlloc
0x4270f4 LCMapStringW
0x4270f8 IsProcessorFeaturePresent
0x4270fc GetACP
0x427100 IsValidCodePage
0x427104 TlsAlloc
0x427108 TlsGetValue
0x42710c TlsSetValue
0x427110 TlsFree
0x427114 GetCurrentThreadId
0x427118 HeapCreate
0x42711c ReadFile
0x427120 UnhandledExceptionFilter
0x427124 SetUnhandledExceptionFilter
0x427128 IsDebuggerPresent
0x42712c TerminateProcess
0x427130 GetCurrentProcess
0x427134 WriteFile
0x427138 GetConsoleMode
0x42713c FlushFileBuffers
0x427140 InitializeCriticalSectionAndSpinCount
0x427144 ExitProcess
0x427148 GetStdHandle
0x42714c GetModuleFileNameW
0x427150 FreeEnvironmentStringsW
0x427154 GetEnvironmentStringsW
0x427158 SetHandleCount
0x42715c GetFileType
0x427160 QueryPerformanceCounter
0x427164 GetTickCount
0x427168 GetCurrentProcessId
0x42716c GetSystemTimeAsFileTime
0x427170 GetLocaleInfoW
0x427174 HeapSize
0x427178 GetUserDefaultLCID
0x42717c GetLocaleInfoA
0x427180 CloseHandle
USER32.dll
0x427188 GetMessageExtraInfo
0x42718c CharUpperBuffA
0x427190 DrawStateW
0x427194 SetMenu
0x427198 SetCaretPos
0x42719c GetCaretBlinkTime
0x4271a0 SetClipboardViewer
EAT(Export Address Table) is none