ScreenShot
| Created | 2024.07.25 09:00 | Machine | s1_win7_x6403 |
| Filename | judit1.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 37 detected (AIDetectMalware, tsAU, malicious, high confidence, score, Unsafe, Save, Attribute, HighConfidence, a variant of Python, Nuitka, AGen, AB suspicious, Artemis, ibzty, Alien, AMADEY, YXEGXZ, Python, Detected, Sabsik, Antis, 74XCHJ, Unkl, Static AI, Malicious PE, confidence, 100%) | ||
| md5 | c8cf26425a6ce325035e6da8dfb16c4e | ||
| sha256 | 9f7be9bf913d8378f094b3f6416db9aa4c80c380000202f7cfaddadb6efc41b4 | ||
| ssdeep | 196608:SnvxO+j9q6y7PuZANMCgvUF+j6yrO5H+KB4kj6vgC51U7BlUdinrDRQF6f1:WvxPBly7Pumdgv9RrOF+LkGvgMGBa4n7 | ||
| imphash | a15389e7a3e3d8aabef3d1422091a217 | ||
| impfuzzy | 48:p8XOst9nR3nZ+kNPlslEJGp6qJ8k3k1vkqqssXh:eXdth9nZrNPlYEJGph6k3mkqqs2 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| watch | Drops a binary and executes it |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
Rules (17cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | ftp_command | ftp command | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | wget_command | wget command | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140035368 CloseHandle
0x140035370 CopyFileW
0x140035378 CreateDirectoryW
0x140035380 CreateFileMappingW
0x140035388 CreateFileW
0x140035390 CreateProcessW
0x140035398 DeleteCriticalSection
0x1400353a0 DeleteFileW
0x1400353a8 EnterCriticalSection
0x1400353b0 FindResourceA
0x1400353b8 FormatMessageA
0x1400353c0 FreeLibrary
0x1400353c8 GenerateConsoleCtrlEvent
0x1400353d0 GetCommandLineW
0x1400353d8 GetCurrentProcessId
0x1400353e0 GetEnvironmentVariableW
0x1400353e8 GetExitCodeProcess
0x1400353f0 GetFileAttributesW
0x1400353f8 GetFileSize
0x140035400 GetLastError
0x140035408 GetModuleFileNameW
0x140035410 GetModuleHandleA
0x140035418 GetProcAddress
0x140035420 GetProcessId
0x140035428 GetStartupInfoW
0x140035430 GetStdHandle
0x140035438 GetSystemTimeAsFileTime
0x140035440 GetTempPathW
0x140035448 InitializeCriticalSection
0x140035450 IsDBCSLeadByteEx
0x140035458 LeaveCriticalSection
0x140035460 LoadLibraryA
0x140035468 LoadResource
0x140035470 LockResource
0x140035478 MapViewOfFile
0x140035480 MultiByteToWideChar
0x140035488 ReadFile
0x140035490 SetConsoleCtrlHandler
0x140035498 SetEnvironmentVariableW
0x1400354a0 SetUnhandledExceptionFilter
0x1400354a8 SizeofResource
0x1400354b0 Sleep
0x1400354b8 TerminateProcess
0x1400354c0 TlsGetValue
0x1400354c8 UnmapViewOfFile
0x1400354d0 VirtualProtect
0x1400354d8 VirtualQuery
0x1400354e0 WaitForSingleObject
0x1400354e8 WideCharToMultiByte
0x1400354f0 WriteFile
msvcrt.dll
0x140035500 __C_specific_handler
0x140035508 ___lc_codepage_func
0x140035510 ___mb_cur_max_func
0x140035518 __iob_func
0x140035520 __set_app_type
0x140035528 __setusermatherr
0x140035530 __wargv
0x140035538 __wgetmainargs
0x140035540 __winitenv
0x140035548 _amsg_exit
0x140035550 _cexit
0x140035558 _commode
0x140035560 _errno
0x140035568 _fmode
0x140035570 _initterm
0x140035578 _lock
0x140035580 _onexit
0x140035588 _unlock
0x140035590 _wcmdln
0x140035598 _wcsdup
0x1400355a0 _wcsicmp
0x1400355a8 _wrename
0x1400355b0 abort
0x1400355b8 calloc
0x1400355c0 exit
0x1400355c8 fprintf
0x1400355d0 fputc
0x1400355d8 free
0x1400355e0 fwrite
0x1400355e8 localeconv
0x1400355f0 malloc
0x1400355f8 mbstowcs
0x140035600 memcpy
0x140035608 memmove
0x140035610 memset
0x140035618 puts
0x140035620 signal
0x140035628 strerror
0x140035630 strlen
0x140035638 strncmp
0x140035640 vfprintf
0x140035648 wcscmp
0x140035650 wcslen
0x140035658 wcsncmp
SHELL32.dll
0x140035668 SHFileOperationW
0x140035670 SHGetFolderPathW
EAT(Export Address Table) is none
KERNEL32.dll
0x140035368 CloseHandle
0x140035370 CopyFileW
0x140035378 CreateDirectoryW
0x140035380 CreateFileMappingW
0x140035388 CreateFileW
0x140035390 CreateProcessW
0x140035398 DeleteCriticalSection
0x1400353a0 DeleteFileW
0x1400353a8 EnterCriticalSection
0x1400353b0 FindResourceA
0x1400353b8 FormatMessageA
0x1400353c0 FreeLibrary
0x1400353c8 GenerateConsoleCtrlEvent
0x1400353d0 GetCommandLineW
0x1400353d8 GetCurrentProcessId
0x1400353e0 GetEnvironmentVariableW
0x1400353e8 GetExitCodeProcess
0x1400353f0 GetFileAttributesW
0x1400353f8 GetFileSize
0x140035400 GetLastError
0x140035408 GetModuleFileNameW
0x140035410 GetModuleHandleA
0x140035418 GetProcAddress
0x140035420 GetProcessId
0x140035428 GetStartupInfoW
0x140035430 GetStdHandle
0x140035438 GetSystemTimeAsFileTime
0x140035440 GetTempPathW
0x140035448 InitializeCriticalSection
0x140035450 IsDBCSLeadByteEx
0x140035458 LeaveCriticalSection
0x140035460 LoadLibraryA
0x140035468 LoadResource
0x140035470 LockResource
0x140035478 MapViewOfFile
0x140035480 MultiByteToWideChar
0x140035488 ReadFile
0x140035490 SetConsoleCtrlHandler
0x140035498 SetEnvironmentVariableW
0x1400354a0 SetUnhandledExceptionFilter
0x1400354a8 SizeofResource
0x1400354b0 Sleep
0x1400354b8 TerminateProcess
0x1400354c0 TlsGetValue
0x1400354c8 UnmapViewOfFile
0x1400354d0 VirtualProtect
0x1400354d8 VirtualQuery
0x1400354e0 WaitForSingleObject
0x1400354e8 WideCharToMultiByte
0x1400354f0 WriteFile
msvcrt.dll
0x140035500 __C_specific_handler
0x140035508 ___lc_codepage_func
0x140035510 ___mb_cur_max_func
0x140035518 __iob_func
0x140035520 __set_app_type
0x140035528 __setusermatherr
0x140035530 __wargv
0x140035538 __wgetmainargs
0x140035540 __winitenv
0x140035548 _amsg_exit
0x140035550 _cexit
0x140035558 _commode
0x140035560 _errno
0x140035568 _fmode
0x140035570 _initterm
0x140035578 _lock
0x140035580 _onexit
0x140035588 _unlock
0x140035590 _wcmdln
0x140035598 _wcsdup
0x1400355a0 _wcsicmp
0x1400355a8 _wrename
0x1400355b0 abort
0x1400355b8 calloc
0x1400355c0 exit
0x1400355c8 fprintf
0x1400355d0 fputc
0x1400355d8 free
0x1400355e0 fwrite
0x1400355e8 localeconv
0x1400355f0 malloc
0x1400355f8 mbstowcs
0x140035600 memcpy
0x140035608 memmove
0x140035610 memset
0x140035618 puts
0x140035620 signal
0x140035628 strerror
0x140035630 strlen
0x140035638 strncmp
0x140035640 vfprintf
0x140035648 wcscmp
0x140035650 wcslen
0x140035658 wcsncmp
SHELL32.dll
0x140035668 SHFileOperationW
0x140035670 SHGetFolderPathW
EAT(Export Address Table) is none