ScreenShot
| Created | 2024.07.21 09:49 | Machine | s1_win7_x6403 |
| Filename | 669bd79ba7b76_crypted.exe#1 | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 38 detected (AIDetectMalware, malicious, high confidence, Jaik, Unsafe, Save, ZexaF, pLY@aGy99Lmi, Attribute, HighConfidence, score, METASTEALER, YXEGUZ, Krypt, ai score=87, RedLine, Artemis, BScope, TrojanPSW, Vidar, Static AI, Malicious PE, PossibleThreat, Chgt, confidence, 100%) | ||
| md5 | ea997020dfe8911e85a57e22185a827a | ||
| sha256 | 96db11589e31f55a3bb06de8f13246d3220a483e5ff41f8fabbb1070e0bf52fa | ||
| ssdeep | 24576:xscfqYRgWHOpTqaQBm6i65noMaDCLAyPsmGgivF18G6xDWmuZRCt:xaWHOpTqaQBrd57KgLsmSvf8GyWmuZ4 | ||
| imphash | 425ae93f3527555c2a7a6cb554d1adac | ||
| impfuzzy | 48:E54rpmWsz9CxcpVJxrjSXtXbr4t8CzTpao3ZuFZGLx:VpmWGIxcpVJxr+XtXf4t8C/pahI | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x58b000 SetPixel
USER32.dll
0x58b2c4 ReleaseDC
0x58b2c8 GetDC
0x58b2cc OffsetRect
KERNEL32.dll
0x58b030 CreateFileW
0x58b034 HeapSize
0x58b038 SetStdHandle
0x58b03c OutputDebugStringW
0x58b040 WaitForSingleObject
0x58b044 CreateThread
0x58b048 VirtualAllocEx
0x58b04c GetModuleHandleW
0x58b050 GetProcAddress
0x58b054 RaiseException
0x58b058 InitOnceBeginInitialize
0x58b05c InitOnceComplete
0x58b060 CloseHandle
0x58b064 WaitForSingleObjectEx
0x58b068 Sleep
0x58b06c SwitchToThread
0x58b070 GetCurrentThreadId
0x58b074 GetExitCodeThread
0x58b078 GetNativeSystemInfo
0x58b07c ReleaseSRWLockExclusive
0x58b080 AcquireSRWLockExclusive
0x58b084 TryAcquireSRWLockExclusive
0x58b088 WakeConditionVariable
0x58b08c WakeAllConditionVariable
0x58b090 SleepConditionVariableSRW
0x58b094 FormatMessageA
0x58b098 WideCharToMultiByte
0x58b09c GetLastError
0x58b0a0 FreeLibraryWhenCallbackReturns
0x58b0a4 CreateThreadpoolWork
0x58b0a8 SubmitThreadpoolWork
0x58b0ac CloseThreadpoolWork
0x58b0b0 GetModuleHandleExW
0x58b0b4 RtlCaptureStackBackTrace
0x58b0b8 IsProcessorFeaturePresent
0x58b0bc EnterCriticalSection
0x58b0c0 LeaveCriticalSection
0x58b0c4 InitializeCriticalSectionEx
0x58b0c8 DeleteCriticalSection
0x58b0cc QueryPerformanceCounter
0x58b0d0 QueryPerformanceFrequency
0x58b0d4 LocalFree
0x58b0d8 GetLocaleInfoEx
0x58b0dc EncodePointer
0x58b0e0 DecodePointer
0x58b0e4 MultiByteToWideChar
0x58b0e8 LCMapStringEx
0x58b0ec SetFileInformationByHandle
0x58b0f0 GetTempPathW
0x58b0f4 InitOnceExecuteOnce
0x58b0f8 CreateEventExW
0x58b0fc CreateSemaphoreExW
0x58b100 FlushProcessWriteBuffers
0x58b104 GetCurrentProcessorNumber
0x58b108 GetSystemTimeAsFileTime
0x58b10c GetTickCount64
0x58b110 CreateThreadpoolTimer
0x58b114 SetThreadpoolTimer
0x58b118 WaitForThreadpoolTimerCallbacks
0x58b11c CloseThreadpoolTimer
0x58b120 CreateThreadpoolWait
0x58b124 SetThreadpoolWait
0x58b128 CloseThreadpoolWait
0x58b12c GetFileInformationByHandleEx
0x58b130 CreateSymbolicLinkW
0x58b134 GetStringTypeW
0x58b138 CompareStringEx
0x58b13c GetCPInfo
0x58b140 IsDebuggerPresent
0x58b144 UnhandledExceptionFilter
0x58b148 SetUnhandledExceptionFilter
0x58b14c GetStartupInfoW
0x58b150 GetCurrentProcess
0x58b154 TerminateProcess
0x58b158 GetCurrentProcessId
0x58b15c InitializeSListHead
0x58b160 GetProcessHeap
0x58b164 RtlUnwind
0x58b168 InterlockedPushEntrySList
0x58b16c InterlockedFlushSList
0x58b170 SetLastError
0x58b174 InitializeCriticalSectionAndSpinCount
0x58b178 TlsAlloc
0x58b17c TlsGetValue
0x58b180 TlsSetValue
0x58b184 TlsFree
0x58b188 FreeLibrary
0x58b18c LoadLibraryExW
0x58b190 ExitThread
0x58b194 ResumeThread
0x58b198 FreeLibraryAndExitThread
0x58b19c ExitProcess
0x58b1a0 GetModuleFileNameW
0x58b1a4 GetStdHandle
0x58b1a8 WriteFile
0x58b1ac GetCommandLineA
0x58b1b0 GetCommandLineW
0x58b1b4 GetCurrentThread
0x58b1b8 HeapAlloc
0x58b1bc HeapFree
0x58b1c0 SetConsoleCtrlHandler
0x58b1c4 GetDateFormatW
0x58b1c8 GetTimeFormatW
0x58b1cc CompareStringW
0x58b1d0 LCMapStringW
0x58b1d4 GetLocaleInfoW
0x58b1d8 IsValidLocale
0x58b1dc GetUserDefaultLCID
0x58b1e0 EnumSystemLocalesW
0x58b1e4 GetFileType
0x58b1e8 GetFileSizeEx
0x58b1ec SetFilePointerEx
0x58b1f0 FlushFileBuffers
0x58b1f4 GetConsoleOutputCP
0x58b1f8 GetConsoleMode
0x58b1fc ReadFile
0x58b200 ReadConsoleW
0x58b204 HeapReAlloc
0x58b208 GetTimeZoneInformation
0x58b20c FindClose
0x58b210 FindFirstFileExW
0x58b214 FindNextFileW
0x58b218 IsValidCodePage
0x58b21c GetACP
0x58b220 GetOEMCP
0x58b224 GetEnvironmentStringsW
0x58b228 FreeEnvironmentStringsW
0x58b22c SetEnvironmentVariableW
0x58b230 WriteConsoleW
EAT(Export Address Table) is none
GDI32.dll
0x58b000 SetPixel
USER32.dll
0x58b2c4 ReleaseDC
0x58b2c8 GetDC
0x58b2cc OffsetRect
KERNEL32.dll
0x58b030 CreateFileW
0x58b034 HeapSize
0x58b038 SetStdHandle
0x58b03c OutputDebugStringW
0x58b040 WaitForSingleObject
0x58b044 CreateThread
0x58b048 VirtualAllocEx
0x58b04c GetModuleHandleW
0x58b050 GetProcAddress
0x58b054 RaiseException
0x58b058 InitOnceBeginInitialize
0x58b05c InitOnceComplete
0x58b060 CloseHandle
0x58b064 WaitForSingleObjectEx
0x58b068 Sleep
0x58b06c SwitchToThread
0x58b070 GetCurrentThreadId
0x58b074 GetExitCodeThread
0x58b078 GetNativeSystemInfo
0x58b07c ReleaseSRWLockExclusive
0x58b080 AcquireSRWLockExclusive
0x58b084 TryAcquireSRWLockExclusive
0x58b088 WakeConditionVariable
0x58b08c WakeAllConditionVariable
0x58b090 SleepConditionVariableSRW
0x58b094 FormatMessageA
0x58b098 WideCharToMultiByte
0x58b09c GetLastError
0x58b0a0 FreeLibraryWhenCallbackReturns
0x58b0a4 CreateThreadpoolWork
0x58b0a8 SubmitThreadpoolWork
0x58b0ac CloseThreadpoolWork
0x58b0b0 GetModuleHandleExW
0x58b0b4 RtlCaptureStackBackTrace
0x58b0b8 IsProcessorFeaturePresent
0x58b0bc EnterCriticalSection
0x58b0c0 LeaveCriticalSection
0x58b0c4 InitializeCriticalSectionEx
0x58b0c8 DeleteCriticalSection
0x58b0cc QueryPerformanceCounter
0x58b0d0 QueryPerformanceFrequency
0x58b0d4 LocalFree
0x58b0d8 GetLocaleInfoEx
0x58b0dc EncodePointer
0x58b0e0 DecodePointer
0x58b0e4 MultiByteToWideChar
0x58b0e8 LCMapStringEx
0x58b0ec SetFileInformationByHandle
0x58b0f0 GetTempPathW
0x58b0f4 InitOnceExecuteOnce
0x58b0f8 CreateEventExW
0x58b0fc CreateSemaphoreExW
0x58b100 FlushProcessWriteBuffers
0x58b104 GetCurrentProcessorNumber
0x58b108 GetSystemTimeAsFileTime
0x58b10c GetTickCount64
0x58b110 CreateThreadpoolTimer
0x58b114 SetThreadpoolTimer
0x58b118 WaitForThreadpoolTimerCallbacks
0x58b11c CloseThreadpoolTimer
0x58b120 CreateThreadpoolWait
0x58b124 SetThreadpoolWait
0x58b128 CloseThreadpoolWait
0x58b12c GetFileInformationByHandleEx
0x58b130 CreateSymbolicLinkW
0x58b134 GetStringTypeW
0x58b138 CompareStringEx
0x58b13c GetCPInfo
0x58b140 IsDebuggerPresent
0x58b144 UnhandledExceptionFilter
0x58b148 SetUnhandledExceptionFilter
0x58b14c GetStartupInfoW
0x58b150 GetCurrentProcess
0x58b154 TerminateProcess
0x58b158 GetCurrentProcessId
0x58b15c InitializeSListHead
0x58b160 GetProcessHeap
0x58b164 RtlUnwind
0x58b168 InterlockedPushEntrySList
0x58b16c InterlockedFlushSList
0x58b170 SetLastError
0x58b174 InitializeCriticalSectionAndSpinCount
0x58b178 TlsAlloc
0x58b17c TlsGetValue
0x58b180 TlsSetValue
0x58b184 TlsFree
0x58b188 FreeLibrary
0x58b18c LoadLibraryExW
0x58b190 ExitThread
0x58b194 ResumeThread
0x58b198 FreeLibraryAndExitThread
0x58b19c ExitProcess
0x58b1a0 GetModuleFileNameW
0x58b1a4 GetStdHandle
0x58b1a8 WriteFile
0x58b1ac GetCommandLineA
0x58b1b0 GetCommandLineW
0x58b1b4 GetCurrentThread
0x58b1b8 HeapAlloc
0x58b1bc HeapFree
0x58b1c0 SetConsoleCtrlHandler
0x58b1c4 GetDateFormatW
0x58b1c8 GetTimeFormatW
0x58b1cc CompareStringW
0x58b1d0 LCMapStringW
0x58b1d4 GetLocaleInfoW
0x58b1d8 IsValidLocale
0x58b1dc GetUserDefaultLCID
0x58b1e0 EnumSystemLocalesW
0x58b1e4 GetFileType
0x58b1e8 GetFileSizeEx
0x58b1ec SetFilePointerEx
0x58b1f0 FlushFileBuffers
0x58b1f4 GetConsoleOutputCP
0x58b1f8 GetConsoleMode
0x58b1fc ReadFile
0x58b200 ReadConsoleW
0x58b204 HeapReAlloc
0x58b208 GetTimeZoneInformation
0x58b20c FindClose
0x58b210 FindFirstFileExW
0x58b214 FindNextFileW
0x58b218 IsValidCodePage
0x58b21c GetACP
0x58b220 GetOEMCP
0x58b224 GetEnvironmentStringsW
0x58b228 FreeEnvironmentStringsW
0x58b22c SetEnvironmentVariableW
0x58b230 WriteConsoleW
EAT(Export Address Table) is none