ScreenShot
| Created | 2024.07.22 17:50 | Machine | s1_win7_x6403 |
| Filename | deepweb.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 30 detected (AIDetectMalware, malicious, high confidence, score, Artemis, Unsafe, Vof1, Attribute, HighConfidence, a variant of WinGo, qwiuhm, CLASSIC, mmdfk, AMADEY, YXEGQZ, Generic Reputation PUA, WinGo, Detected, Wacatac, Eldorado, Gencirc) | ||
| md5 | 478d0787cddfa1a31e3480d1612c91b7 | ||
| sha256 | 962bf6bb4e3d1ba6c2da00cc015467e49638db72614c63a779b9c37e0372cd36 | ||
| ssdeep | 98304:FpAKSfEy27N/dhKZF5NGjJvfMgJrtktFE5uUNkVrUAEix3JBylaMSFP6g:zSEy27NWZF3avfMxFE5uUErU5wFF | ||
| imphash | c595f1660e1a3c84f4d9b0761d23cd7a | ||
| impfuzzy | 96:wJexMCyamCRHu42xQ2H3XiX1PgblTJGQ661mcqTjz:wgrymLe3SFomQ6+STjz | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14155c494 AddAtomA
0x14155c49c AddVectoredContinueHandler
0x14155c4a4 AddVectoredExceptionHandler
0x14155c4ac CloseHandle
0x14155c4b4 CreateEventA
0x14155c4bc CreateFileA
0x14155c4c4 CreateIoCompletionPort
0x14155c4cc CreateMutexA
0x14155c4d4 CreateSemaphoreA
0x14155c4dc CreateThread
0x14155c4e4 CreateWaitableTimerExW
0x14155c4ec DeleteAtom
0x14155c4f4 DeleteCriticalSection
0x14155c4fc DuplicateHandle
0x14155c504 EnterCriticalSection
0x14155c50c ExitProcess
0x14155c514 FindAtomA
0x14155c51c FormatMessageA
0x14155c524 FreeEnvironmentStringsW
0x14155c52c GetAtomNameA
0x14155c534 GetConsoleMode
0x14155c53c GetCurrentProcess
0x14155c544 GetCurrentProcessId
0x14155c54c GetCurrentThread
0x14155c554 GetCurrentThreadId
0x14155c55c GetEnvironmentStringsW
0x14155c564 GetErrorMode
0x14155c56c GetHandleInformation
0x14155c574 GetLastError
0x14155c57c GetProcAddress
0x14155c584 GetProcessAffinityMask
0x14155c58c GetQueuedCompletionStatusEx
0x14155c594 GetStartupInfoA
0x14155c59c GetStdHandle
0x14155c5a4 GetSystemDirectoryA
0x14155c5ac GetSystemInfo
0x14155c5b4 GetSystemTimeAsFileTime
0x14155c5bc GetThreadContext
0x14155c5c4 GetThreadPriority
0x14155c5cc GetTickCount
0x14155c5d4 InitializeCriticalSection
0x14155c5dc IsDBCSLeadByteEx
0x14155c5e4 IsDebuggerPresent
0x14155c5ec LeaveCriticalSection
0x14155c5f4 LoadLibraryExW
0x14155c5fc LoadLibraryW
0x14155c604 LocalFree
0x14155c60c MultiByteToWideChar
0x14155c614 OpenProcess
0x14155c61c OutputDebugStringA
0x14155c624 PostQueuedCompletionStatus
0x14155c62c QueryPerformanceCounter
0x14155c634 QueryPerformanceFrequency
0x14155c63c RaiseException
0x14155c644 RaiseFailFastException
0x14155c64c ReleaseMutex
0x14155c654 ReleaseSemaphore
0x14155c65c RemoveVectoredExceptionHandler
0x14155c664 ResetEvent
0x14155c66c ResumeThread
0x14155c674 RtlLookupFunctionEntry
0x14155c67c RtlVirtualUnwind
0x14155c684 SetConsoleCtrlHandler
0x14155c68c SetErrorMode
0x14155c694 SetEvent
0x14155c69c SetLastError
0x14155c6a4 SetProcessAffinityMask
0x14155c6ac SetProcessPriorityBoost
0x14155c6b4 SetThreadContext
0x14155c6bc SetThreadPriority
0x14155c6c4 SetUnhandledExceptionFilter
0x14155c6cc SetWaitableTimer
0x14155c6d4 Sleep
0x14155c6dc SuspendThread
0x14155c6e4 SwitchToThread
0x14155c6ec TlsAlloc
0x14155c6f4 TlsGetValue
0x14155c6fc TlsSetValue
0x14155c704 TryEnterCriticalSection
0x14155c70c VirtualAlloc
0x14155c714 VirtualFree
0x14155c71c VirtualProtect
0x14155c724 VirtualQuery
0x14155c72c WaitForMultipleObjects
0x14155c734 WaitForSingleObject
0x14155c73c WerGetFlags
0x14155c744 WerSetFlags
0x14155c74c WideCharToMultiByte
0x14155c754 WriteConsoleW
0x14155c75c WriteFile
0x14155c764 __C_specific_handler
msvcrt.dll
0x14155c774 ___lc_codepage_func
0x14155c77c ___mb_cur_max_func
0x14155c784 __getmainargs
0x14155c78c __initenv
0x14155c794 __iob_func
0x14155c79c __lconv_init
0x14155c7a4 __set_app_type
0x14155c7ac __setusermatherr
0x14155c7b4 _acmdln
0x14155c7bc _amsg_exit
0x14155c7c4 _beginthread
0x14155c7cc _beginthreadex
0x14155c7d4 _cexit
0x14155c7dc _commode
0x14155c7e4 _endthreadex
0x14155c7ec _errno
0x14155c7f4 _fmode
0x14155c7fc _initterm
0x14155c804 _lock
0x14155c80c _memccpy
0x14155c814 _onexit
0x14155c81c _setjmp
0x14155c824 _strdup
0x14155c82c _ultoa
0x14155c834 _unlock
0x14155c83c abort
0x14155c844 calloc
0x14155c84c exit
0x14155c854 fprintf
0x14155c85c fputc
0x14155c864 free
0x14155c86c fwrite
0x14155c874 localeconv
0x14155c87c longjmp
0x14155c884 malloc
0x14155c88c memcpy
0x14155c894 memmove
0x14155c89c memset
0x14155c8a4 printf
0x14155c8ac realloc
0x14155c8b4 signal
0x14155c8bc strerror
0x14155c8c4 strlen
0x14155c8cc strncmp
0x14155c8d4 vfprintf
0x14155c8dc wcslen
EAT(Export Address Table) Library
0x1415597f0 _cgo_dummy_export
KERNEL32.dll
0x14155c494 AddAtomA
0x14155c49c AddVectoredContinueHandler
0x14155c4a4 AddVectoredExceptionHandler
0x14155c4ac CloseHandle
0x14155c4b4 CreateEventA
0x14155c4bc CreateFileA
0x14155c4c4 CreateIoCompletionPort
0x14155c4cc CreateMutexA
0x14155c4d4 CreateSemaphoreA
0x14155c4dc CreateThread
0x14155c4e4 CreateWaitableTimerExW
0x14155c4ec DeleteAtom
0x14155c4f4 DeleteCriticalSection
0x14155c4fc DuplicateHandle
0x14155c504 EnterCriticalSection
0x14155c50c ExitProcess
0x14155c514 FindAtomA
0x14155c51c FormatMessageA
0x14155c524 FreeEnvironmentStringsW
0x14155c52c GetAtomNameA
0x14155c534 GetConsoleMode
0x14155c53c GetCurrentProcess
0x14155c544 GetCurrentProcessId
0x14155c54c GetCurrentThread
0x14155c554 GetCurrentThreadId
0x14155c55c GetEnvironmentStringsW
0x14155c564 GetErrorMode
0x14155c56c GetHandleInformation
0x14155c574 GetLastError
0x14155c57c GetProcAddress
0x14155c584 GetProcessAffinityMask
0x14155c58c GetQueuedCompletionStatusEx
0x14155c594 GetStartupInfoA
0x14155c59c GetStdHandle
0x14155c5a4 GetSystemDirectoryA
0x14155c5ac GetSystemInfo
0x14155c5b4 GetSystemTimeAsFileTime
0x14155c5bc GetThreadContext
0x14155c5c4 GetThreadPriority
0x14155c5cc GetTickCount
0x14155c5d4 InitializeCriticalSection
0x14155c5dc IsDBCSLeadByteEx
0x14155c5e4 IsDebuggerPresent
0x14155c5ec LeaveCriticalSection
0x14155c5f4 LoadLibraryExW
0x14155c5fc LoadLibraryW
0x14155c604 LocalFree
0x14155c60c MultiByteToWideChar
0x14155c614 OpenProcess
0x14155c61c OutputDebugStringA
0x14155c624 PostQueuedCompletionStatus
0x14155c62c QueryPerformanceCounter
0x14155c634 QueryPerformanceFrequency
0x14155c63c RaiseException
0x14155c644 RaiseFailFastException
0x14155c64c ReleaseMutex
0x14155c654 ReleaseSemaphore
0x14155c65c RemoveVectoredExceptionHandler
0x14155c664 ResetEvent
0x14155c66c ResumeThread
0x14155c674 RtlLookupFunctionEntry
0x14155c67c RtlVirtualUnwind
0x14155c684 SetConsoleCtrlHandler
0x14155c68c SetErrorMode
0x14155c694 SetEvent
0x14155c69c SetLastError
0x14155c6a4 SetProcessAffinityMask
0x14155c6ac SetProcessPriorityBoost
0x14155c6b4 SetThreadContext
0x14155c6bc SetThreadPriority
0x14155c6c4 SetUnhandledExceptionFilter
0x14155c6cc SetWaitableTimer
0x14155c6d4 Sleep
0x14155c6dc SuspendThread
0x14155c6e4 SwitchToThread
0x14155c6ec TlsAlloc
0x14155c6f4 TlsGetValue
0x14155c6fc TlsSetValue
0x14155c704 TryEnterCriticalSection
0x14155c70c VirtualAlloc
0x14155c714 VirtualFree
0x14155c71c VirtualProtect
0x14155c724 VirtualQuery
0x14155c72c WaitForMultipleObjects
0x14155c734 WaitForSingleObject
0x14155c73c WerGetFlags
0x14155c744 WerSetFlags
0x14155c74c WideCharToMultiByte
0x14155c754 WriteConsoleW
0x14155c75c WriteFile
0x14155c764 __C_specific_handler
msvcrt.dll
0x14155c774 ___lc_codepage_func
0x14155c77c ___mb_cur_max_func
0x14155c784 __getmainargs
0x14155c78c __initenv
0x14155c794 __iob_func
0x14155c79c __lconv_init
0x14155c7a4 __set_app_type
0x14155c7ac __setusermatherr
0x14155c7b4 _acmdln
0x14155c7bc _amsg_exit
0x14155c7c4 _beginthread
0x14155c7cc _beginthreadex
0x14155c7d4 _cexit
0x14155c7dc _commode
0x14155c7e4 _endthreadex
0x14155c7ec _errno
0x14155c7f4 _fmode
0x14155c7fc _initterm
0x14155c804 _lock
0x14155c80c _memccpy
0x14155c814 _onexit
0x14155c81c _setjmp
0x14155c824 _strdup
0x14155c82c _ultoa
0x14155c834 _unlock
0x14155c83c abort
0x14155c844 calloc
0x14155c84c exit
0x14155c854 fprintf
0x14155c85c fputc
0x14155c864 free
0x14155c86c fwrite
0x14155c874 localeconv
0x14155c87c longjmp
0x14155c884 malloc
0x14155c88c memcpy
0x14155c894 memmove
0x14155c89c memset
0x14155c8a4 printf
0x14155c8ac realloc
0x14155c8b4 signal
0x14155c8bc strerror
0x14155c8c4 strlen
0x14155c8cc strncmp
0x14155c8d4 vfprintf
0x14155c8dc wcslen
EAT(Export Address Table) Library
0x1415597f0 _cgo_dummy_export