ScreenShot
| Created | 2024.07.26 10:26 | Machine | s1_win7_x6401 |
| Filename | joom.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 30 detected (AIDetectMalware, Malicious, score, FWPJ, Unsafe, Save, Attribute, HighConfidence, high confidence, DiskWriter, SmokeLoader, CLASSIC, Real Protect, high, Static AI, Malicious PE, Detected, Wacatac, ZexaF, pq0@amf, cAbG, Genetic, Obfuscated, susgen, GenKryptik, EWCW) | ||
| md5 | 278d770f363da10c7f7eb1a9c653ccf0 | ||
| sha256 | e188132c1d115a2f78c5da36d56f178f1a6586106b62341c4f942993512abeec | ||
| ssdeep | 3072:GHXfJmQUzlOCTqUG6n3EK37jiknZyKmvThlv8PU6PR4+LhAm+P3cQuT2:UPJmQUzlxaKrPyKZ/KrsQuT | ||
| imphash | 3c4625b089724a866beb99a0245cb276 | ||
| impfuzzy | 24:oD6krA4N9fn1YcDZCNTPu4xGxpOXtUgcQIlyv9Vl8HE/J3IjS3MlxgKRhc6T+Pl:gtfnOxGqXtxcHK9rzMSEuKRa6T+9 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42300c SetEndOfFile
0x423010 LocalCompact
0x423014 GetModuleHandleW
0x423018 GetTickCount
0x42301c CreateNamedPipeW
0x423020 GetProcessHeap
0x423024 GetConsoleAliasesA
0x423028 GetConsoleCP
0x42302c GlobalAlloc
0x423030 GetSystemDirectoryW
0x423034 SetFileShortNameW
0x423038 LoadLibraryW
0x42303c IsProcessInJob
0x423040 FatalAppExitW
0x423044 AssignProcessToJobObject
0x423048 IsBadCodePtr
0x42304c ReplaceFileW
0x423050 GetModuleFileNameW
0x423054 GlobalUnlock
0x423058 CreateJobObjectA
0x42305c GetLastError
0x423060 GetProcAddress
0x423064 WriteConsoleInputW
0x423068 VerLanguageNameW
0x42306c LoadLibraryA
0x423070 SetConsoleCtrlHandler
0x423074 AddAtomW
0x423078 HeapWalk
0x42307c EnumResourceTypesW
0x423080 SetEnvironmentVariableA
0x423084 GetOEMCP
0x423088 EnumDateFormatsA
0x42308c EnumResourceNamesA
0x423090 GetFileTime
0x423094 SetProcessShutdownParameters
0x423098 GetDiskFreeSpaceExW
0x42309c LCMapStringW
0x4230a0 CreateFileW
0x4230a4 HeapSize
0x4230a8 FlushFileBuffers
0x4230ac FindVolumeClose
0x4230b0 PeekConsoleInputW
0x4230b4 CreateFileA
0x4230b8 HeapReAlloc
0x4230bc GetStringTypeW
0x4230c0 HeapFree
0x4230c4 GetCommandLineW
0x4230c8 HeapSetInformation
0x4230cc GetStartupInfoW
0x4230d0 DecodePointer
0x4230d4 UnhandledExceptionFilter
0x4230d8 SetUnhandledExceptionFilter
0x4230dc IsDebuggerPresent
0x4230e0 EncodePointer
0x4230e4 TerminateProcess
0x4230e8 GetCurrentProcess
0x4230ec HeapAlloc
0x4230f0 HeapCreate
0x4230f4 EnterCriticalSection
0x4230f8 LeaveCriticalSection
0x4230fc SetHandleCount
0x423100 GetStdHandle
0x423104 InitializeCriticalSectionAndSpinCount
0x423108 GetFileType
0x42310c DeleteCriticalSection
0x423110 ReadFile
0x423114 MultiByteToWideChar
0x423118 ExitProcess
0x42311c SetFilePointer
0x423120 WriteFile
0x423124 FreeEnvironmentStringsW
0x423128 GetEnvironmentStringsW
0x42312c TlsAlloc
0x423130 TlsGetValue
0x423134 TlsSetValue
0x423138 TlsFree
0x42313c InterlockedIncrement
0x423140 SetLastError
0x423144 GetCurrentThreadId
0x423148 InterlockedDecrement
0x42314c QueryPerformanceCounter
0x423150 GetCurrentProcessId
0x423154 GetSystemTimeAsFileTime
0x423158 WideCharToMultiByte
0x42315c GetConsoleMode
0x423160 GetCPInfo
0x423164 GetACP
0x423168 IsValidCodePage
0x42316c Sleep
0x423170 RtlUnwind
0x423174 SetStdHandle
0x423178 IsProcessorFeaturePresent
0x42317c WriteConsoleW
0x423180 CloseHandle
USER32.dll
0x423188 SetCaretPos
0x42318c CharUpperBuffW
0x423190 GetMessageExtraInfo
0x423194 GetMenu
0x423198 DrawStateW
0x42319c GetSysColorBrush
GDI32.dll
0x423000 GetCharWidthI
0x423004 GetCharABCWidthsI
WINHTTP.dll
0x4231a4 WinHttpOpen
EAT(Export Address Table) is none
KERNEL32.dll
0x42300c SetEndOfFile
0x423010 LocalCompact
0x423014 GetModuleHandleW
0x423018 GetTickCount
0x42301c CreateNamedPipeW
0x423020 GetProcessHeap
0x423024 GetConsoleAliasesA
0x423028 GetConsoleCP
0x42302c GlobalAlloc
0x423030 GetSystemDirectoryW
0x423034 SetFileShortNameW
0x423038 LoadLibraryW
0x42303c IsProcessInJob
0x423040 FatalAppExitW
0x423044 AssignProcessToJobObject
0x423048 IsBadCodePtr
0x42304c ReplaceFileW
0x423050 GetModuleFileNameW
0x423054 GlobalUnlock
0x423058 CreateJobObjectA
0x42305c GetLastError
0x423060 GetProcAddress
0x423064 WriteConsoleInputW
0x423068 VerLanguageNameW
0x42306c LoadLibraryA
0x423070 SetConsoleCtrlHandler
0x423074 AddAtomW
0x423078 HeapWalk
0x42307c EnumResourceTypesW
0x423080 SetEnvironmentVariableA
0x423084 GetOEMCP
0x423088 EnumDateFormatsA
0x42308c EnumResourceNamesA
0x423090 GetFileTime
0x423094 SetProcessShutdownParameters
0x423098 GetDiskFreeSpaceExW
0x42309c LCMapStringW
0x4230a0 CreateFileW
0x4230a4 HeapSize
0x4230a8 FlushFileBuffers
0x4230ac FindVolumeClose
0x4230b0 PeekConsoleInputW
0x4230b4 CreateFileA
0x4230b8 HeapReAlloc
0x4230bc GetStringTypeW
0x4230c0 HeapFree
0x4230c4 GetCommandLineW
0x4230c8 HeapSetInformation
0x4230cc GetStartupInfoW
0x4230d0 DecodePointer
0x4230d4 UnhandledExceptionFilter
0x4230d8 SetUnhandledExceptionFilter
0x4230dc IsDebuggerPresent
0x4230e0 EncodePointer
0x4230e4 TerminateProcess
0x4230e8 GetCurrentProcess
0x4230ec HeapAlloc
0x4230f0 HeapCreate
0x4230f4 EnterCriticalSection
0x4230f8 LeaveCriticalSection
0x4230fc SetHandleCount
0x423100 GetStdHandle
0x423104 InitializeCriticalSectionAndSpinCount
0x423108 GetFileType
0x42310c DeleteCriticalSection
0x423110 ReadFile
0x423114 MultiByteToWideChar
0x423118 ExitProcess
0x42311c SetFilePointer
0x423120 WriteFile
0x423124 FreeEnvironmentStringsW
0x423128 GetEnvironmentStringsW
0x42312c TlsAlloc
0x423130 TlsGetValue
0x423134 TlsSetValue
0x423138 TlsFree
0x42313c InterlockedIncrement
0x423140 SetLastError
0x423144 GetCurrentThreadId
0x423148 InterlockedDecrement
0x42314c QueryPerformanceCounter
0x423150 GetCurrentProcessId
0x423154 GetSystemTimeAsFileTime
0x423158 WideCharToMultiByte
0x42315c GetConsoleMode
0x423160 GetCPInfo
0x423164 GetACP
0x423168 IsValidCodePage
0x42316c Sleep
0x423170 RtlUnwind
0x423174 SetStdHandle
0x423178 IsProcessorFeaturePresent
0x42317c WriteConsoleW
0x423180 CloseHandle
USER32.dll
0x423188 SetCaretPos
0x42318c CharUpperBuffW
0x423190 GetMessageExtraInfo
0x423194 GetMenu
0x423198 DrawStateW
0x42319c GetSysColorBrush
GDI32.dll
0x423000 GetCharWidthI
0x423004 GetCharABCWidthsI
WINHTTP.dll
0x4231a4 WinHttpOpen
EAT(Export Address Table) is none