ScreenShot
| Created | 2024.07.25 11:17 | Machine | s1_win7_x6401 |
| Filename | pic1.jpg.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 45 detected (AIDetectMalware, Malicious, score, HLLP, Vprh, Attribute, HighConfidence, a variant of WinGo, Artemis, qwiuir, Genric, CLASSIC, koucj, LUMMASTEALER, YXEGTZ, WinGo, Remoteadmin, Detected, GrayWare, Wacapew, Casdet, Eldorado, Chgt, Gencirc, ai score=87) | ||
| md5 | d3785ed170cdb1f4784d3dff3a61dae0 | ||
| sha256 | 505968dff5e73b6db05caaa86ea34633140ec3b7bb75b19167af7ce4af641259 | ||
| ssdeep | 98304:LzqI+neqpiuNs3zHlse+SRWSlwEO5zwnJY:N5uNs3zF5+SNJOk | ||
| imphash | c595f1660e1a3c84f4d9b0761d23cd7a | ||
| impfuzzy | 96:wJexMCyamCRHu42xQ2H3XiX1PgblTJGQ661mcqTjz:wgrymLe3SFomQ6+STjz | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140b76494 AddAtomA
0x140b7649c AddVectoredContinueHandler
0x140b764a4 AddVectoredExceptionHandler
0x140b764ac CloseHandle
0x140b764b4 CreateEventA
0x140b764bc CreateFileA
0x140b764c4 CreateIoCompletionPort
0x140b764cc CreateMutexA
0x140b764d4 CreateSemaphoreA
0x140b764dc CreateThread
0x140b764e4 CreateWaitableTimerExW
0x140b764ec DeleteAtom
0x140b764f4 DeleteCriticalSection
0x140b764fc DuplicateHandle
0x140b76504 EnterCriticalSection
0x140b7650c ExitProcess
0x140b76514 FindAtomA
0x140b7651c FormatMessageA
0x140b76524 FreeEnvironmentStringsW
0x140b7652c GetAtomNameA
0x140b76534 GetConsoleMode
0x140b7653c GetCurrentProcess
0x140b76544 GetCurrentProcessId
0x140b7654c GetCurrentThread
0x140b76554 GetCurrentThreadId
0x140b7655c GetEnvironmentStringsW
0x140b76564 GetErrorMode
0x140b7656c GetHandleInformation
0x140b76574 GetLastError
0x140b7657c GetProcAddress
0x140b76584 GetProcessAffinityMask
0x140b7658c GetQueuedCompletionStatusEx
0x140b76594 GetStartupInfoA
0x140b7659c GetStdHandle
0x140b765a4 GetSystemDirectoryA
0x140b765ac GetSystemInfo
0x140b765b4 GetSystemTimeAsFileTime
0x140b765bc GetThreadContext
0x140b765c4 GetThreadPriority
0x140b765cc GetTickCount
0x140b765d4 InitializeCriticalSection
0x140b765dc IsDBCSLeadByteEx
0x140b765e4 IsDebuggerPresent
0x140b765ec LeaveCriticalSection
0x140b765f4 LoadLibraryExW
0x140b765fc LoadLibraryW
0x140b76604 LocalFree
0x140b7660c MultiByteToWideChar
0x140b76614 OpenProcess
0x140b7661c OutputDebugStringA
0x140b76624 PostQueuedCompletionStatus
0x140b7662c QueryPerformanceCounter
0x140b76634 QueryPerformanceFrequency
0x140b7663c RaiseException
0x140b76644 RaiseFailFastException
0x140b7664c ReleaseMutex
0x140b76654 ReleaseSemaphore
0x140b7665c RemoveVectoredExceptionHandler
0x140b76664 ResetEvent
0x140b7666c ResumeThread
0x140b76674 RtlLookupFunctionEntry
0x140b7667c RtlVirtualUnwind
0x140b76684 SetConsoleCtrlHandler
0x140b7668c SetErrorMode
0x140b76694 SetEvent
0x140b7669c SetLastError
0x140b766a4 SetProcessAffinityMask
0x140b766ac SetProcessPriorityBoost
0x140b766b4 SetThreadContext
0x140b766bc SetThreadPriority
0x140b766c4 SetUnhandledExceptionFilter
0x140b766cc SetWaitableTimer
0x140b766d4 Sleep
0x140b766dc SuspendThread
0x140b766e4 SwitchToThread
0x140b766ec TlsAlloc
0x140b766f4 TlsGetValue
0x140b766fc TlsSetValue
0x140b76704 TryEnterCriticalSection
0x140b7670c VirtualAlloc
0x140b76714 VirtualFree
0x140b7671c VirtualProtect
0x140b76724 VirtualQuery
0x140b7672c WaitForMultipleObjects
0x140b76734 WaitForSingleObject
0x140b7673c WerGetFlags
0x140b76744 WerSetFlags
0x140b7674c WideCharToMultiByte
0x140b76754 WriteConsoleW
0x140b7675c WriteFile
0x140b76764 __C_specific_handler
msvcrt.dll
0x140b76774 ___lc_codepage_func
0x140b7677c ___mb_cur_max_func
0x140b76784 __getmainargs
0x140b7678c __initenv
0x140b76794 __iob_func
0x140b7679c __lconv_init
0x140b767a4 __set_app_type
0x140b767ac __setusermatherr
0x140b767b4 _acmdln
0x140b767bc _amsg_exit
0x140b767c4 _beginthread
0x140b767cc _beginthreadex
0x140b767d4 _cexit
0x140b767dc _commode
0x140b767e4 _endthreadex
0x140b767ec _errno
0x140b767f4 _fmode
0x140b767fc _initterm
0x140b76804 _lock
0x140b7680c _memccpy
0x140b76814 _onexit
0x140b7681c _setjmp
0x140b76824 _strdup
0x140b7682c _ultoa
0x140b76834 _unlock
0x140b7683c abort
0x140b76844 calloc
0x140b7684c exit
0x140b76854 fprintf
0x140b7685c fputc
0x140b76864 free
0x140b7686c fwrite
0x140b76874 localeconv
0x140b7687c longjmp
0x140b76884 malloc
0x140b7688c memcpy
0x140b76894 memmove
0x140b7689c memset
0x140b768a4 printf
0x140b768ac realloc
0x140b768b4 signal
0x140b768bc strerror
0x140b768c4 strlen
0x140b768cc strncmp
0x140b768d4 vfprintf
0x140b768dc wcslen
EAT(Export Address Table) Library
0x140b74110 _cgo_dummy_export
KERNEL32.dll
0x140b76494 AddAtomA
0x140b7649c AddVectoredContinueHandler
0x140b764a4 AddVectoredExceptionHandler
0x140b764ac CloseHandle
0x140b764b4 CreateEventA
0x140b764bc CreateFileA
0x140b764c4 CreateIoCompletionPort
0x140b764cc CreateMutexA
0x140b764d4 CreateSemaphoreA
0x140b764dc CreateThread
0x140b764e4 CreateWaitableTimerExW
0x140b764ec DeleteAtom
0x140b764f4 DeleteCriticalSection
0x140b764fc DuplicateHandle
0x140b76504 EnterCriticalSection
0x140b7650c ExitProcess
0x140b76514 FindAtomA
0x140b7651c FormatMessageA
0x140b76524 FreeEnvironmentStringsW
0x140b7652c GetAtomNameA
0x140b76534 GetConsoleMode
0x140b7653c GetCurrentProcess
0x140b76544 GetCurrentProcessId
0x140b7654c GetCurrentThread
0x140b76554 GetCurrentThreadId
0x140b7655c GetEnvironmentStringsW
0x140b76564 GetErrorMode
0x140b7656c GetHandleInformation
0x140b76574 GetLastError
0x140b7657c GetProcAddress
0x140b76584 GetProcessAffinityMask
0x140b7658c GetQueuedCompletionStatusEx
0x140b76594 GetStartupInfoA
0x140b7659c GetStdHandle
0x140b765a4 GetSystemDirectoryA
0x140b765ac GetSystemInfo
0x140b765b4 GetSystemTimeAsFileTime
0x140b765bc GetThreadContext
0x140b765c4 GetThreadPriority
0x140b765cc GetTickCount
0x140b765d4 InitializeCriticalSection
0x140b765dc IsDBCSLeadByteEx
0x140b765e4 IsDebuggerPresent
0x140b765ec LeaveCriticalSection
0x140b765f4 LoadLibraryExW
0x140b765fc LoadLibraryW
0x140b76604 LocalFree
0x140b7660c MultiByteToWideChar
0x140b76614 OpenProcess
0x140b7661c OutputDebugStringA
0x140b76624 PostQueuedCompletionStatus
0x140b7662c QueryPerformanceCounter
0x140b76634 QueryPerformanceFrequency
0x140b7663c RaiseException
0x140b76644 RaiseFailFastException
0x140b7664c ReleaseMutex
0x140b76654 ReleaseSemaphore
0x140b7665c RemoveVectoredExceptionHandler
0x140b76664 ResetEvent
0x140b7666c ResumeThread
0x140b76674 RtlLookupFunctionEntry
0x140b7667c RtlVirtualUnwind
0x140b76684 SetConsoleCtrlHandler
0x140b7668c SetErrorMode
0x140b76694 SetEvent
0x140b7669c SetLastError
0x140b766a4 SetProcessAffinityMask
0x140b766ac SetProcessPriorityBoost
0x140b766b4 SetThreadContext
0x140b766bc SetThreadPriority
0x140b766c4 SetUnhandledExceptionFilter
0x140b766cc SetWaitableTimer
0x140b766d4 Sleep
0x140b766dc SuspendThread
0x140b766e4 SwitchToThread
0x140b766ec TlsAlloc
0x140b766f4 TlsGetValue
0x140b766fc TlsSetValue
0x140b76704 TryEnterCriticalSection
0x140b7670c VirtualAlloc
0x140b76714 VirtualFree
0x140b7671c VirtualProtect
0x140b76724 VirtualQuery
0x140b7672c WaitForMultipleObjects
0x140b76734 WaitForSingleObject
0x140b7673c WerGetFlags
0x140b76744 WerSetFlags
0x140b7674c WideCharToMultiByte
0x140b76754 WriteConsoleW
0x140b7675c WriteFile
0x140b76764 __C_specific_handler
msvcrt.dll
0x140b76774 ___lc_codepage_func
0x140b7677c ___mb_cur_max_func
0x140b76784 __getmainargs
0x140b7678c __initenv
0x140b76794 __iob_func
0x140b7679c __lconv_init
0x140b767a4 __set_app_type
0x140b767ac __setusermatherr
0x140b767b4 _acmdln
0x140b767bc _amsg_exit
0x140b767c4 _beginthread
0x140b767cc _beginthreadex
0x140b767d4 _cexit
0x140b767dc _commode
0x140b767e4 _endthreadex
0x140b767ec _errno
0x140b767f4 _fmode
0x140b767fc _initterm
0x140b76804 _lock
0x140b7680c _memccpy
0x140b76814 _onexit
0x140b7681c _setjmp
0x140b76824 _strdup
0x140b7682c _ultoa
0x140b76834 _unlock
0x140b7683c abort
0x140b76844 calloc
0x140b7684c exit
0x140b76854 fprintf
0x140b7685c fputc
0x140b76864 free
0x140b7686c fwrite
0x140b76874 localeconv
0x140b7687c longjmp
0x140b76884 malloc
0x140b7688c memcpy
0x140b76894 memmove
0x140b7689c memset
0x140b768a4 printf
0x140b768ac realloc
0x140b768b4 signal
0x140b768bc strerror
0x140b768c4 strlen
0x140b768cc strncmp
0x140b768d4 vfprintf
0x140b768dc wcslen
EAT(Export Address Table) Library
0x140b74110 _cgo_dummy_export