ScreenShot
| Created | 2024.07.24 07:38 | Machine | s1_win7_x6401 |
| Filename | 201.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 37 detected (AIDetectMalware, malicious, high confidence, score, Fragtor, Unsafe, Save, Attribute, HighConfidence, Kryptik, HXIV, Lazy, Stelpak, Stealerc, rCSQJn51qSS, high, Generic ML PUA, LummaStealer, Detected, ai score=83, Wacatac, Convagent, ZexaF, QuW@aa6vITn, BScope, TrojanPSW, Vidar, Static AI, Malicious PE, susgen, confidence) | ||
| md5 | b42e6e906c622c0785c93e615ed2cc2b | ||
| sha256 | 48f0e9cca3590c3205e01a5e290e21b342f2848cc914d34a34efca1d3b7ddc87 | ||
| ssdeep | 12288:abwDcvRLciGt3VjKyq54mdyrbVc6x4A8L0hQda0yNVf8lRHBsPZOGi:hgZQtorXgr/xe0huOVO8Z | ||
| imphash | 42eb2b50acad70f9618962bfa70c7f34 | ||
| impfuzzy | 24:+cjliEkBKAWLkbJcpVJ+jQDRt8+bJBl39r9OovbOIHFZMv5GMACEZHu93:Cv/W+cpVJIet8+7pZo3gFZGN | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x42016c OffsetRect
KERNEL32.dll
0x420000 GetCPInfo
0x420004 CreateFileW
0x420008 WaitForSingleObject
0x42000c CreateThread
0x420010 VirtualAllocEx
0x420014 FreeConsole
0x420018 RaiseException
0x42001c InitOnceBeginInitialize
0x420020 InitOnceComplete
0x420024 CloseHandle
0x420028 GetCurrentThreadId
0x42002c ReleaseSRWLockExclusive
0x420030 AcquireSRWLockExclusive
0x420034 TryAcquireSRWLockExclusive
0x420038 WakeAllConditionVariable
0x42003c SleepConditionVariableSRW
0x420040 GetLastError
0x420044 FreeLibraryWhenCallbackReturns
0x420048 CreateThreadpoolWork
0x42004c SubmitThreadpoolWork
0x420050 CloseThreadpoolWork
0x420054 GetModuleHandleExW
0x420058 IsProcessorFeaturePresent
0x42005c EnterCriticalSection
0x420060 LeaveCriticalSection
0x420064 InitializeCriticalSectionEx
0x420068 DeleteCriticalSection
0x42006c QueryPerformanceCounter
0x420070 EncodePointer
0x420074 DecodePointer
0x420078 MultiByteToWideChar
0x42007c WideCharToMultiByte
0x420080 LCMapStringEx
0x420084 GetSystemTimeAsFileTime
0x420088 GetModuleHandleW
0x42008c GetProcAddress
0x420090 GetStringTypeW
0x420094 WriteConsoleW
0x420098 IsDebuggerPresent
0x42009c UnhandledExceptionFilter
0x4200a0 SetUnhandledExceptionFilter
0x4200a4 GetStartupInfoW
0x4200a8 GetCurrentProcess
0x4200ac TerminateProcess
0x4200b0 GetCurrentProcessId
0x4200b4 InitializeSListHead
0x4200b8 HeapSize
0x4200bc RtlUnwind
0x4200c0 SetLastError
0x4200c4 InitializeCriticalSectionAndSpinCount
0x4200c8 TlsAlloc
0x4200cc TlsGetValue
0x4200d0 TlsSetValue
0x4200d4 TlsFree
0x4200d8 FreeLibrary
0x4200dc LoadLibraryExW
0x4200e0 ExitProcess
0x4200e4 GetModuleFileNameW
0x4200e8 GetStdHandle
0x4200ec WriteFile
0x4200f0 GetCommandLineA
0x4200f4 GetCommandLineW
0x4200f8 HeapFree
0x4200fc HeapAlloc
0x420100 CompareStringW
0x420104 LCMapStringW
0x420108 GetLocaleInfoW
0x42010c IsValidLocale
0x420110 GetUserDefaultLCID
0x420114 EnumSystemLocalesW
0x420118 GetFileType
0x42011c GetFileSizeEx
0x420120 SetFilePointerEx
0x420124 FlushFileBuffers
0x420128 GetConsoleOutputCP
0x42012c GetConsoleMode
0x420130 ReadFile
0x420134 ReadConsoleW
0x420138 HeapReAlloc
0x42013c FindClose
0x420140 FindFirstFileExW
0x420144 FindNextFileW
0x420148 IsValidCodePage
0x42014c GetACP
0x420150 GetOEMCP
0x420154 GetEnvironmentStringsW
0x420158 FreeEnvironmentStringsW
0x42015c SetEnvironmentVariableW
0x420160 GetProcessHeap
0x420164 SetStdHandle
EAT(Export Address Table) is none
USER32.dll
0x42016c OffsetRect
KERNEL32.dll
0x420000 GetCPInfo
0x420004 CreateFileW
0x420008 WaitForSingleObject
0x42000c CreateThread
0x420010 VirtualAllocEx
0x420014 FreeConsole
0x420018 RaiseException
0x42001c InitOnceBeginInitialize
0x420020 InitOnceComplete
0x420024 CloseHandle
0x420028 GetCurrentThreadId
0x42002c ReleaseSRWLockExclusive
0x420030 AcquireSRWLockExclusive
0x420034 TryAcquireSRWLockExclusive
0x420038 WakeAllConditionVariable
0x42003c SleepConditionVariableSRW
0x420040 GetLastError
0x420044 FreeLibraryWhenCallbackReturns
0x420048 CreateThreadpoolWork
0x42004c SubmitThreadpoolWork
0x420050 CloseThreadpoolWork
0x420054 GetModuleHandleExW
0x420058 IsProcessorFeaturePresent
0x42005c EnterCriticalSection
0x420060 LeaveCriticalSection
0x420064 InitializeCriticalSectionEx
0x420068 DeleteCriticalSection
0x42006c QueryPerformanceCounter
0x420070 EncodePointer
0x420074 DecodePointer
0x420078 MultiByteToWideChar
0x42007c WideCharToMultiByte
0x420080 LCMapStringEx
0x420084 GetSystemTimeAsFileTime
0x420088 GetModuleHandleW
0x42008c GetProcAddress
0x420090 GetStringTypeW
0x420094 WriteConsoleW
0x420098 IsDebuggerPresent
0x42009c UnhandledExceptionFilter
0x4200a0 SetUnhandledExceptionFilter
0x4200a4 GetStartupInfoW
0x4200a8 GetCurrentProcess
0x4200ac TerminateProcess
0x4200b0 GetCurrentProcessId
0x4200b4 InitializeSListHead
0x4200b8 HeapSize
0x4200bc RtlUnwind
0x4200c0 SetLastError
0x4200c4 InitializeCriticalSectionAndSpinCount
0x4200c8 TlsAlloc
0x4200cc TlsGetValue
0x4200d0 TlsSetValue
0x4200d4 TlsFree
0x4200d8 FreeLibrary
0x4200dc LoadLibraryExW
0x4200e0 ExitProcess
0x4200e4 GetModuleFileNameW
0x4200e8 GetStdHandle
0x4200ec WriteFile
0x4200f0 GetCommandLineA
0x4200f4 GetCommandLineW
0x4200f8 HeapFree
0x4200fc HeapAlloc
0x420100 CompareStringW
0x420104 LCMapStringW
0x420108 GetLocaleInfoW
0x42010c IsValidLocale
0x420110 GetUserDefaultLCID
0x420114 EnumSystemLocalesW
0x420118 GetFileType
0x42011c GetFileSizeEx
0x420120 SetFilePointerEx
0x420124 FlushFileBuffers
0x420128 GetConsoleOutputCP
0x42012c GetConsoleMode
0x420130 ReadFile
0x420134 ReadConsoleW
0x420138 HeapReAlloc
0x42013c FindClose
0x420140 FindFirstFileExW
0x420144 FindNextFileW
0x420148 IsValidCodePage
0x42014c GetACP
0x420150 GetOEMCP
0x420154 GetEnvironmentStringsW
0x420158 FreeEnvironmentStringsW
0x42015c SetEnvironmentVariableW
0x420160 GetProcessHeap
0x420164 SetStdHandle
EAT(Export Address Table) is none