ScreenShot
| Created | 2024.07.22 09:30 | Machine | s1_win7_x6401 |
| Filename | 567jn7x.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 49 detected (AIDetectMalware, malicious, high confidence, score, Artemis, Unsafe, Kysler, Save, Attribute, HighConfidence, GenKryptik, GZUD, DropperX, Injuke, Stealerc, CLOUD, Stealc, ijlve, RedLineNET, YXEGUZ, Krypt, Detected, ai score=88, Wacatac, R658793, BScope, TrojanPSW, Vidar, Chgt, Static AI, Malicious PE, PossibleThreat, PALLAS, confidence, 100%) | ||
| md5 | e8a1d35e54a6982c175c4351f3ce0dcd | ||
| sha256 | 6565ab8e7be0d3e8544a49cb90e79715df0120d03c187ba9443ab738ca4dca28 | ||
| ssdeep | 24576:Xi+H+khU6fKwnSQM1BQjo0ejcik51r/rwuMGRvot:Xq6fKwnSQM1OrCarzsGRI | ||
| imphash | 425ae93f3527555c2a7a6cb554d1adac | ||
| impfuzzy | 48:E54rpmWsz9CxcpVJxrjSXtXbr4t8CzTpao3ZuFZGLx:VpmWGIxcpVJxr+XtXf4t8C/pahI | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x56a000 SetPixel
USER32.dll
0x56a2c4 ReleaseDC
0x56a2c8 GetDC
0x56a2cc OffsetRect
KERNEL32.dll
0x56a030 CreateFileW
0x56a034 HeapSize
0x56a038 SetStdHandle
0x56a03c OutputDebugStringW
0x56a040 WaitForSingleObject
0x56a044 CreateThread
0x56a048 VirtualAllocEx
0x56a04c GetModuleHandleW
0x56a050 GetProcAddress
0x56a054 RaiseException
0x56a058 InitOnceBeginInitialize
0x56a05c InitOnceComplete
0x56a060 CloseHandle
0x56a064 WaitForSingleObjectEx
0x56a068 Sleep
0x56a06c SwitchToThread
0x56a070 GetCurrentThreadId
0x56a074 GetExitCodeThread
0x56a078 GetNativeSystemInfo
0x56a07c ReleaseSRWLockExclusive
0x56a080 AcquireSRWLockExclusive
0x56a084 TryAcquireSRWLockExclusive
0x56a088 WakeConditionVariable
0x56a08c WakeAllConditionVariable
0x56a090 SleepConditionVariableSRW
0x56a094 FormatMessageA
0x56a098 WideCharToMultiByte
0x56a09c GetLastError
0x56a0a0 FreeLibraryWhenCallbackReturns
0x56a0a4 CreateThreadpoolWork
0x56a0a8 SubmitThreadpoolWork
0x56a0ac CloseThreadpoolWork
0x56a0b0 GetModuleHandleExW
0x56a0b4 RtlCaptureStackBackTrace
0x56a0b8 IsProcessorFeaturePresent
0x56a0bc EnterCriticalSection
0x56a0c0 LeaveCriticalSection
0x56a0c4 InitializeCriticalSectionEx
0x56a0c8 DeleteCriticalSection
0x56a0cc QueryPerformanceCounter
0x56a0d0 QueryPerformanceFrequency
0x56a0d4 LocalFree
0x56a0d8 GetLocaleInfoEx
0x56a0dc EncodePointer
0x56a0e0 DecodePointer
0x56a0e4 MultiByteToWideChar
0x56a0e8 LCMapStringEx
0x56a0ec SetFileInformationByHandle
0x56a0f0 GetTempPathW
0x56a0f4 InitOnceExecuteOnce
0x56a0f8 CreateEventExW
0x56a0fc CreateSemaphoreExW
0x56a100 FlushProcessWriteBuffers
0x56a104 GetCurrentProcessorNumber
0x56a108 GetSystemTimeAsFileTime
0x56a10c GetTickCount64
0x56a110 CreateThreadpoolTimer
0x56a114 SetThreadpoolTimer
0x56a118 WaitForThreadpoolTimerCallbacks
0x56a11c CloseThreadpoolTimer
0x56a120 CreateThreadpoolWait
0x56a124 SetThreadpoolWait
0x56a128 CloseThreadpoolWait
0x56a12c GetFileInformationByHandleEx
0x56a130 CreateSymbolicLinkW
0x56a134 GetStringTypeW
0x56a138 CompareStringEx
0x56a13c GetCPInfo
0x56a140 IsDebuggerPresent
0x56a144 UnhandledExceptionFilter
0x56a148 SetUnhandledExceptionFilter
0x56a14c GetStartupInfoW
0x56a150 GetCurrentProcess
0x56a154 TerminateProcess
0x56a158 GetCurrentProcessId
0x56a15c InitializeSListHead
0x56a160 GetProcessHeap
0x56a164 RtlUnwind
0x56a168 InterlockedPushEntrySList
0x56a16c InterlockedFlushSList
0x56a170 SetLastError
0x56a174 InitializeCriticalSectionAndSpinCount
0x56a178 TlsAlloc
0x56a17c TlsGetValue
0x56a180 TlsSetValue
0x56a184 TlsFree
0x56a188 FreeLibrary
0x56a18c LoadLibraryExW
0x56a190 ExitThread
0x56a194 ResumeThread
0x56a198 FreeLibraryAndExitThread
0x56a19c ExitProcess
0x56a1a0 GetModuleFileNameW
0x56a1a4 GetStdHandle
0x56a1a8 WriteFile
0x56a1ac GetCommandLineA
0x56a1b0 GetCommandLineW
0x56a1b4 GetCurrentThread
0x56a1b8 HeapAlloc
0x56a1bc HeapFree
0x56a1c0 SetConsoleCtrlHandler
0x56a1c4 GetDateFormatW
0x56a1c8 GetTimeFormatW
0x56a1cc CompareStringW
0x56a1d0 LCMapStringW
0x56a1d4 GetLocaleInfoW
0x56a1d8 IsValidLocale
0x56a1dc GetUserDefaultLCID
0x56a1e0 EnumSystemLocalesW
0x56a1e4 GetFileType
0x56a1e8 GetFileSizeEx
0x56a1ec SetFilePointerEx
0x56a1f0 FlushFileBuffers
0x56a1f4 GetConsoleOutputCP
0x56a1f8 GetConsoleMode
0x56a1fc ReadFile
0x56a200 ReadConsoleW
0x56a204 HeapReAlloc
0x56a208 GetTimeZoneInformation
0x56a20c FindClose
0x56a210 FindFirstFileExW
0x56a214 FindNextFileW
0x56a218 IsValidCodePage
0x56a21c GetACP
0x56a220 GetOEMCP
0x56a224 GetEnvironmentStringsW
0x56a228 FreeEnvironmentStringsW
0x56a22c SetEnvironmentVariableW
0x56a230 WriteConsoleW
EAT(Export Address Table) is none
GDI32.dll
0x56a000 SetPixel
USER32.dll
0x56a2c4 ReleaseDC
0x56a2c8 GetDC
0x56a2cc OffsetRect
KERNEL32.dll
0x56a030 CreateFileW
0x56a034 HeapSize
0x56a038 SetStdHandle
0x56a03c OutputDebugStringW
0x56a040 WaitForSingleObject
0x56a044 CreateThread
0x56a048 VirtualAllocEx
0x56a04c GetModuleHandleW
0x56a050 GetProcAddress
0x56a054 RaiseException
0x56a058 InitOnceBeginInitialize
0x56a05c InitOnceComplete
0x56a060 CloseHandle
0x56a064 WaitForSingleObjectEx
0x56a068 Sleep
0x56a06c SwitchToThread
0x56a070 GetCurrentThreadId
0x56a074 GetExitCodeThread
0x56a078 GetNativeSystemInfo
0x56a07c ReleaseSRWLockExclusive
0x56a080 AcquireSRWLockExclusive
0x56a084 TryAcquireSRWLockExclusive
0x56a088 WakeConditionVariable
0x56a08c WakeAllConditionVariable
0x56a090 SleepConditionVariableSRW
0x56a094 FormatMessageA
0x56a098 WideCharToMultiByte
0x56a09c GetLastError
0x56a0a0 FreeLibraryWhenCallbackReturns
0x56a0a4 CreateThreadpoolWork
0x56a0a8 SubmitThreadpoolWork
0x56a0ac CloseThreadpoolWork
0x56a0b0 GetModuleHandleExW
0x56a0b4 RtlCaptureStackBackTrace
0x56a0b8 IsProcessorFeaturePresent
0x56a0bc EnterCriticalSection
0x56a0c0 LeaveCriticalSection
0x56a0c4 InitializeCriticalSectionEx
0x56a0c8 DeleteCriticalSection
0x56a0cc QueryPerformanceCounter
0x56a0d0 QueryPerformanceFrequency
0x56a0d4 LocalFree
0x56a0d8 GetLocaleInfoEx
0x56a0dc EncodePointer
0x56a0e0 DecodePointer
0x56a0e4 MultiByteToWideChar
0x56a0e8 LCMapStringEx
0x56a0ec SetFileInformationByHandle
0x56a0f0 GetTempPathW
0x56a0f4 InitOnceExecuteOnce
0x56a0f8 CreateEventExW
0x56a0fc CreateSemaphoreExW
0x56a100 FlushProcessWriteBuffers
0x56a104 GetCurrentProcessorNumber
0x56a108 GetSystemTimeAsFileTime
0x56a10c GetTickCount64
0x56a110 CreateThreadpoolTimer
0x56a114 SetThreadpoolTimer
0x56a118 WaitForThreadpoolTimerCallbacks
0x56a11c CloseThreadpoolTimer
0x56a120 CreateThreadpoolWait
0x56a124 SetThreadpoolWait
0x56a128 CloseThreadpoolWait
0x56a12c GetFileInformationByHandleEx
0x56a130 CreateSymbolicLinkW
0x56a134 GetStringTypeW
0x56a138 CompareStringEx
0x56a13c GetCPInfo
0x56a140 IsDebuggerPresent
0x56a144 UnhandledExceptionFilter
0x56a148 SetUnhandledExceptionFilter
0x56a14c GetStartupInfoW
0x56a150 GetCurrentProcess
0x56a154 TerminateProcess
0x56a158 GetCurrentProcessId
0x56a15c InitializeSListHead
0x56a160 GetProcessHeap
0x56a164 RtlUnwind
0x56a168 InterlockedPushEntrySList
0x56a16c InterlockedFlushSList
0x56a170 SetLastError
0x56a174 InitializeCriticalSectionAndSpinCount
0x56a178 TlsAlloc
0x56a17c TlsGetValue
0x56a180 TlsSetValue
0x56a184 TlsFree
0x56a188 FreeLibrary
0x56a18c LoadLibraryExW
0x56a190 ExitThread
0x56a194 ResumeThread
0x56a198 FreeLibraryAndExitThread
0x56a19c ExitProcess
0x56a1a0 GetModuleFileNameW
0x56a1a4 GetStdHandle
0x56a1a8 WriteFile
0x56a1ac GetCommandLineA
0x56a1b0 GetCommandLineW
0x56a1b4 GetCurrentThread
0x56a1b8 HeapAlloc
0x56a1bc HeapFree
0x56a1c0 SetConsoleCtrlHandler
0x56a1c4 GetDateFormatW
0x56a1c8 GetTimeFormatW
0x56a1cc CompareStringW
0x56a1d0 LCMapStringW
0x56a1d4 GetLocaleInfoW
0x56a1d8 IsValidLocale
0x56a1dc GetUserDefaultLCID
0x56a1e0 EnumSystemLocalesW
0x56a1e4 GetFileType
0x56a1e8 GetFileSizeEx
0x56a1ec SetFilePointerEx
0x56a1f0 FlushFileBuffers
0x56a1f4 GetConsoleOutputCP
0x56a1f8 GetConsoleMode
0x56a1fc ReadFile
0x56a200 ReadConsoleW
0x56a204 HeapReAlloc
0x56a208 GetTimeZoneInformation
0x56a20c FindClose
0x56a210 FindFirstFileExW
0x56a214 FindNextFileW
0x56a218 IsValidCodePage
0x56a21c GetACP
0x56a220 GetOEMCP
0x56a224 GetEnvironmentStringsW
0x56a228 FreeEnvironmentStringsW
0x56a22c SetEnvironmentVariableW
0x56a230 WriteConsoleW
EAT(Export Address Table) is none