ScreenShot
| Created | 2024.07.26 10:28 | Machine | s1_win7_x6403 |
| Filename | chisel32.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 51 detected (AIDetectMalware, Hacktool, Chisel, malicious, moderate confidence, score, Ransomware, Unsafe, Vfgm, a variant of WinGo, GenericRXAA, Tool, Redcap, gepbx, NetTool, Detected, ai score=77, ABApplication, OKBG, Outbreak, Qcnw, susgen, PossibleThreat, grayware, confidence, 100%) | ||
| md5 | 7eae075c51e9bda629835d4b2815ee03 | ||
| sha256 | f82edf0228b8e58517659bc465599a85609377f34c9e4a8b1279e10806109b61 | ||
| ssdeep | 98304:cjkwV6+I5dc/mwpg27Ee3A58mDB739NWfAz:An/4e3A6mj | ||
| imphash | 4f2f006e2ecf7172ad368f8289dc96c1 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6tP:AwO+VUjXOmokx0oP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0xbb16a0 WriteFile
0xbb16a4 WriteConsoleW
0xbb16a8 WerSetFlags
0xbb16ac WerGetFlags
0xbb16b0 WaitForMultipleObjects
0xbb16b4 WaitForSingleObject
0xbb16b8 VirtualQuery
0xbb16bc VirtualFree
0xbb16c0 VirtualAlloc
0xbb16c4 TlsAlloc
0xbb16c8 SwitchToThread
0xbb16cc SuspendThread
0xbb16d0 SetWaitableTimer
0xbb16d4 SetUnhandledExceptionFilter
0xbb16d8 SetProcessPriorityBoost
0xbb16dc SetEvent
0xbb16e0 SetErrorMode
0xbb16e4 SetConsoleCtrlHandler
0xbb16e8 ResumeThread
0xbb16ec RaiseFailFastException
0xbb16f0 PostQueuedCompletionStatus
0xbb16f4 LoadLibraryW
0xbb16f8 LoadLibraryExW
0xbb16fc SetThreadContext
0xbb1700 GetThreadContext
0xbb1704 GetSystemInfo
0xbb1708 GetSystemDirectoryA
0xbb170c GetStdHandle
0xbb1710 GetQueuedCompletionStatusEx
0xbb1714 GetProcessAffinityMask
0xbb1718 GetProcAddress
0xbb171c GetErrorMode
0xbb1720 GetEnvironmentStringsW
0xbb1724 GetCurrentThreadId
0xbb1728 GetConsoleMode
0xbb172c FreeEnvironmentStringsW
0xbb1730 ExitProcess
0xbb1734 DuplicateHandle
0xbb1738 CreateWaitableTimerExW
0xbb173c CreateThread
0xbb1740 CreateIoCompletionPort
0xbb1744 CreateFileA
0xbb1748 CreateEventA
0xbb174c CloseHandle
0xbb1750 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0xbb16a0 WriteFile
0xbb16a4 WriteConsoleW
0xbb16a8 WerSetFlags
0xbb16ac WerGetFlags
0xbb16b0 WaitForMultipleObjects
0xbb16b4 WaitForSingleObject
0xbb16b8 VirtualQuery
0xbb16bc VirtualFree
0xbb16c0 VirtualAlloc
0xbb16c4 TlsAlloc
0xbb16c8 SwitchToThread
0xbb16cc SuspendThread
0xbb16d0 SetWaitableTimer
0xbb16d4 SetUnhandledExceptionFilter
0xbb16d8 SetProcessPriorityBoost
0xbb16dc SetEvent
0xbb16e0 SetErrorMode
0xbb16e4 SetConsoleCtrlHandler
0xbb16e8 ResumeThread
0xbb16ec RaiseFailFastException
0xbb16f0 PostQueuedCompletionStatus
0xbb16f4 LoadLibraryW
0xbb16f8 LoadLibraryExW
0xbb16fc SetThreadContext
0xbb1700 GetThreadContext
0xbb1704 GetSystemInfo
0xbb1708 GetSystemDirectoryA
0xbb170c GetStdHandle
0xbb1710 GetQueuedCompletionStatusEx
0xbb1714 GetProcessAffinityMask
0xbb1718 GetProcAddress
0xbb171c GetErrorMode
0xbb1720 GetEnvironmentStringsW
0xbb1724 GetCurrentThreadId
0xbb1728 GetConsoleMode
0xbb172c FreeEnvironmentStringsW
0xbb1730 ExitProcess
0xbb1734 DuplicateHandle
0xbb1738 CreateWaitableTimerExW
0xbb173c CreateThread
0xbb1740 CreateIoCompletionPort
0xbb1744 CreateFileA
0xbb1748 CreateEventA
0xbb174c CloseHandle
0xbb1750 AddVectoredExceptionHandler
EAT(Export Address Table) is none