ScreenShot
| Created | 2024.07.22 17:45 | Machine | s1_win7_x6403 |
| Filename | deepweb2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 49 detected (AIDetectMalware, Malicious, score, Unsafe, Kysler, Save, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, GZVA, Artemis, PWSX, Lazy, Reline, CLOUD, Kryptik, xlbhx, AMADEY, YXEGVZ, Real Protect, high, LummaStealer, Detected, ai score=88, Wacatac, ZexaF, 6uW@a06Sz4gi, BScope, TrojanPSW, Vidar, Chgt, Static AI, Malicious PE, susgen, PossibleThreat) | ||
| md5 | cdcf164d5d8fac1ce015d142cf83e105 | ||
| sha256 | d84f31e8e141835f1e65f0ab1493e0993c1d33ed6ff551d5f6c2907e51bcc927 | ||
| ssdeep | 24576:0ws5Lw7d1MsCFv4nWTwrd71HRH9Ip8XjxnRx+su2y0/p:YIMsCFv4nFL19Ip8XFnREt2zp | ||
| imphash | b28a7df3b3506a3ad155d3f99aa29899 | ||
| impfuzzy | 48:vrJ6KFL9oW8xRcpVsjSXtXHtW+zTpazuFZGol38:TJ6KdWW8xRcpVs+XtXHtW+/paM6 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x488214 OffsetRect
KERNEL32.dll
0x488000 CompareStringEx
0x488004 CreateFileW
0x488008 WaitForSingleObject
0x48800c GetModuleHandleA
0x488010 SwitchToFiber
0x488014 CreateThread
0x488018 GetProcAddress
0x48801c VirtualAllocEx
0x488020 SetConsoleTitleW
0x488024 RaiseException
0x488028 RtlCaptureStackBackTrace
0x48802c GetCurrentThreadId
0x488030 IsProcessorFeaturePresent
0x488034 GetLastError
0x488038 FreeLibraryWhenCallbackReturns
0x48803c CreateThreadpoolWork
0x488040 SubmitThreadpoolWork
0x488044 CloseThreadpoolWork
0x488048 GetModuleHandleExW
0x48804c WakeConditionVariable
0x488050 WakeAllConditionVariable
0x488054 SleepConditionVariableSRW
0x488058 InitOnceComplete
0x48805c InitOnceBeginInitialize
0x488060 FormatMessageA
0x488064 ReleaseSRWLockExclusive
0x488068 AcquireSRWLockExclusive
0x48806c TryAcquireSRWLockExclusive
0x488070 CloseHandle
0x488074 WaitForSingleObjectEx
0x488078 Sleep
0x48807c SwitchToThread
0x488080 GetExitCodeThread
0x488084 GetNativeSystemInfo
0x488088 QueryPerformanceCounter
0x48808c QueryPerformanceFrequency
0x488090 EnterCriticalSection
0x488094 LeaveCriticalSection
0x488098 InitializeCriticalSectionEx
0x48809c DeleteCriticalSection
0x4880a0 EncodePointer
0x4880a4 DecodePointer
0x4880a8 LocalFree
0x4880ac GetLocaleInfoEx
0x4880b0 MultiByteToWideChar
0x4880b4 WideCharToMultiByte
0x4880b8 LCMapStringEx
0x4880bc SetFileInformationByHandle
0x4880c0 GetTempPathW
0x4880c4 InitOnceExecuteOnce
0x4880c8 CreateEventExW
0x4880cc CreateSemaphoreExW
0x4880d0 FlushProcessWriteBuffers
0x4880d4 GetCurrentProcessorNumber
0x4880d8 GetSystemTimeAsFileTime
0x4880dc GetTickCount64
0x4880e0 CreateThreadpoolTimer
0x4880e4 SetThreadpoolTimer
0x4880e8 WaitForThreadpoolTimerCallbacks
0x4880ec CloseThreadpoolTimer
0x4880f0 CreateThreadpoolWait
0x4880f4 SetThreadpoolWait
0x4880f8 CloseThreadpoolWait
0x4880fc GetModuleHandleW
0x488100 GetFileInformationByHandleEx
0x488104 CreateSymbolicLinkW
0x488108 GetStringTypeW
0x48810c WriteConsoleW
0x488110 GetCPInfo
0x488114 UnhandledExceptionFilter
0x488118 SetUnhandledExceptionFilter
0x48811c GetCurrentProcess
0x488120 TerminateProcess
0x488124 IsDebuggerPresent
0x488128 GetStartupInfoW
0x48812c GetCurrentProcessId
0x488130 InitializeSListHead
0x488134 HeapSize
0x488138 RtlUnwind
0x48813c InterlockedPushEntrySList
0x488140 InterlockedFlushSList
0x488144 SetLastError
0x488148 InitializeCriticalSectionAndSpinCount
0x48814c TlsAlloc
0x488150 TlsGetValue
0x488154 TlsSetValue
0x488158 TlsFree
0x48815c FreeLibrary
0x488160 LoadLibraryExW
0x488164 ExitThread
0x488168 ResumeThread
0x48816c FreeLibraryAndExitThread
0x488170 ExitProcess
0x488174 GetModuleFileNameW
0x488178 GetStdHandle
0x48817c WriteFile
0x488180 SetConsoleCtrlHandler
0x488184 HeapAlloc
0x488188 HeapFree
0x48818c GetDateFormatW
0x488190 GetTimeFormatW
0x488194 CompareStringW
0x488198 LCMapStringW
0x48819c GetLocaleInfoW
0x4881a0 IsValidLocale
0x4881a4 GetUserDefaultLCID
0x4881a8 EnumSystemLocalesW
0x4881ac GetFileType
0x4881b0 GetCurrentThread
0x4881b4 FlushFileBuffers
0x4881b8 GetConsoleOutputCP
0x4881bc GetConsoleMode
0x4881c0 ReadFile
0x4881c4 GetFileSizeEx
0x4881c8 SetFilePointerEx
0x4881cc ReadConsoleW
0x4881d0 HeapReAlloc
0x4881d4 GetTimeZoneInformation
0x4881d8 FindClose
0x4881dc FindFirstFileExW
0x4881e0 FindNextFileW
0x4881e4 IsValidCodePage
0x4881e8 GetACP
0x4881ec GetOEMCP
0x4881f0 GetCommandLineA
0x4881f4 GetCommandLineW
0x4881f8 GetEnvironmentStringsW
0x4881fc FreeEnvironmentStringsW
0x488200 SetEnvironmentVariableW
0x488204 GetProcessHeap
0x488208 OutputDebugStringW
0x48820c SetStdHandle
EAT(Export Address Table) is none
USER32.dll
0x488214 OffsetRect
KERNEL32.dll
0x488000 CompareStringEx
0x488004 CreateFileW
0x488008 WaitForSingleObject
0x48800c GetModuleHandleA
0x488010 SwitchToFiber
0x488014 CreateThread
0x488018 GetProcAddress
0x48801c VirtualAllocEx
0x488020 SetConsoleTitleW
0x488024 RaiseException
0x488028 RtlCaptureStackBackTrace
0x48802c GetCurrentThreadId
0x488030 IsProcessorFeaturePresent
0x488034 GetLastError
0x488038 FreeLibraryWhenCallbackReturns
0x48803c CreateThreadpoolWork
0x488040 SubmitThreadpoolWork
0x488044 CloseThreadpoolWork
0x488048 GetModuleHandleExW
0x48804c WakeConditionVariable
0x488050 WakeAllConditionVariable
0x488054 SleepConditionVariableSRW
0x488058 InitOnceComplete
0x48805c InitOnceBeginInitialize
0x488060 FormatMessageA
0x488064 ReleaseSRWLockExclusive
0x488068 AcquireSRWLockExclusive
0x48806c TryAcquireSRWLockExclusive
0x488070 CloseHandle
0x488074 WaitForSingleObjectEx
0x488078 Sleep
0x48807c SwitchToThread
0x488080 GetExitCodeThread
0x488084 GetNativeSystemInfo
0x488088 QueryPerformanceCounter
0x48808c QueryPerformanceFrequency
0x488090 EnterCriticalSection
0x488094 LeaveCriticalSection
0x488098 InitializeCriticalSectionEx
0x48809c DeleteCriticalSection
0x4880a0 EncodePointer
0x4880a4 DecodePointer
0x4880a8 LocalFree
0x4880ac GetLocaleInfoEx
0x4880b0 MultiByteToWideChar
0x4880b4 WideCharToMultiByte
0x4880b8 LCMapStringEx
0x4880bc SetFileInformationByHandle
0x4880c0 GetTempPathW
0x4880c4 InitOnceExecuteOnce
0x4880c8 CreateEventExW
0x4880cc CreateSemaphoreExW
0x4880d0 FlushProcessWriteBuffers
0x4880d4 GetCurrentProcessorNumber
0x4880d8 GetSystemTimeAsFileTime
0x4880dc GetTickCount64
0x4880e0 CreateThreadpoolTimer
0x4880e4 SetThreadpoolTimer
0x4880e8 WaitForThreadpoolTimerCallbacks
0x4880ec CloseThreadpoolTimer
0x4880f0 CreateThreadpoolWait
0x4880f4 SetThreadpoolWait
0x4880f8 CloseThreadpoolWait
0x4880fc GetModuleHandleW
0x488100 GetFileInformationByHandleEx
0x488104 CreateSymbolicLinkW
0x488108 GetStringTypeW
0x48810c WriteConsoleW
0x488110 GetCPInfo
0x488114 UnhandledExceptionFilter
0x488118 SetUnhandledExceptionFilter
0x48811c GetCurrentProcess
0x488120 TerminateProcess
0x488124 IsDebuggerPresent
0x488128 GetStartupInfoW
0x48812c GetCurrentProcessId
0x488130 InitializeSListHead
0x488134 HeapSize
0x488138 RtlUnwind
0x48813c InterlockedPushEntrySList
0x488140 InterlockedFlushSList
0x488144 SetLastError
0x488148 InitializeCriticalSectionAndSpinCount
0x48814c TlsAlloc
0x488150 TlsGetValue
0x488154 TlsSetValue
0x488158 TlsFree
0x48815c FreeLibrary
0x488160 LoadLibraryExW
0x488164 ExitThread
0x488168 ResumeThread
0x48816c FreeLibraryAndExitThread
0x488170 ExitProcess
0x488174 GetModuleFileNameW
0x488178 GetStdHandle
0x48817c WriteFile
0x488180 SetConsoleCtrlHandler
0x488184 HeapAlloc
0x488188 HeapFree
0x48818c GetDateFormatW
0x488190 GetTimeFormatW
0x488194 CompareStringW
0x488198 LCMapStringW
0x48819c GetLocaleInfoW
0x4881a0 IsValidLocale
0x4881a4 GetUserDefaultLCID
0x4881a8 EnumSystemLocalesW
0x4881ac GetFileType
0x4881b0 GetCurrentThread
0x4881b4 FlushFileBuffers
0x4881b8 GetConsoleOutputCP
0x4881bc GetConsoleMode
0x4881c0 ReadFile
0x4881c4 GetFileSizeEx
0x4881c8 SetFilePointerEx
0x4881cc ReadConsoleW
0x4881d0 HeapReAlloc
0x4881d4 GetTimeZoneInformation
0x4881d8 FindClose
0x4881dc FindFirstFileExW
0x4881e0 FindNextFileW
0x4881e4 IsValidCodePage
0x4881e8 GetACP
0x4881ec GetOEMCP
0x4881f0 GetCommandLineA
0x4881f4 GetCommandLineW
0x4881f8 GetEnvironmentStringsW
0x4881fc FreeEnvironmentStringsW
0x488200 SetEnvironmentVariableW
0x488204 GetProcessHeap
0x488208 OutputDebugStringW
0x48820c SetStdHandle
EAT(Export Address Table) is none