ScreenShot
| Created | 2024.07.26 10:41 | Machine | s1_win7_x6403 |
| Filename | 2023.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 41 detected (AIDetectMalware, malicious, high confidence, score, Artemis, Unsafe, Vfq1, Attribute, HighConfidence, CVE-2023-2933, pYyFPw2ioPP, AGen, tyetv, AgentAGen, R002C0DFG24, PEExp, Static AI, Suspicious PE, Detected, GrayWare, Wacapew, Z7X18F@gen, ABRisk, XEXZ, Chgt, Xmhl, confidence, 100%) | ||
| md5 | a2348de3f84a433171df2f2d09b036aa | ||
| sha256 | 1ca9658cf5042ab654af76e976e17a166aabed44b1f1b63ee1c7cb307e86bb4f | ||
| ssdeep | 6144:zU39qW9qNfptSsjsA9VAHKU64ur8+/Q5AiTeq+8JpY:zK0W9SfrSsjsA7gv64gAmKJ | ||
| imphash | c041c68b7b227b01e57e46cad5ec870a | ||
| impfuzzy | 48:AO+tMS8ucAc+pG+c35uFZGm9nSECvZWqQmtMEEfK/X090WnB/KAJGF3f:AO+tMS8uZc+pG+JZ+tyaahC | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400c7000 CloseHandle
0x1400c7008 GetLastError
0x1400c7010 CreatePipe
0x1400c7018 CreateProcessW
0x1400c7020 GetStartupInfoW
0x1400c7028 VirtualAlloc
0x1400c7030 GetModuleHandleA
0x1400c7038 GetProcAddress
0x1400c7040 LoadLibraryA
0x1400c7048 WriteConsoleW
0x1400c7050 CreateFileW
0x1400c7058 ReadConsoleW
0x1400c7060 ReadFile
0x1400c7068 HeapReAlloc
0x1400c7070 HeapSize
0x1400c7078 SetFilePointerEx
0x1400c7080 GetFileSizeEx
0x1400c7088 GetConsoleMode
0x1400c7090 GetConsoleOutputCP
0x1400c7098 FlushFileBuffers
0x1400c70a0 SetConsoleCtrlHandler
0x1400c70a8 GetStringTypeW
0x1400c70b0 SetStdHandle
0x1400c70b8 SetEnvironmentVariableW
0x1400c70c0 FreeEnvironmentStringsW
0x1400c70c8 GetEnvironmentStringsW
0x1400c70d0 GetCPInfo
0x1400c70d8 GetOEMCP
0x1400c70e0 GetACP
0x1400c70e8 IsValidCodePage
0x1400c70f0 FindNextFileW
0x1400c70f8 FindFirstFileExW
0x1400c7100 FindClose
0x1400c7108 OutputDebugStringW
0x1400c7110 GetCurrentThreadId
0x1400c7118 IsDebuggerPresent
0x1400c7120 RaiseException
0x1400c7128 MultiByteToWideChar
0x1400c7130 WideCharToMultiByte
0x1400c7138 RtlCaptureContext
0x1400c7140 RtlLookupFunctionEntry
0x1400c7148 RtlVirtualUnwind
0x1400c7150 UnhandledExceptionFilter
0x1400c7158 SetUnhandledExceptionFilter
0x1400c7160 GetCurrentProcess
0x1400c7168 TerminateProcess
0x1400c7170 IsProcessorFeaturePresent
0x1400c7178 QueryPerformanceCounter
0x1400c7180 GetCurrentProcessId
0x1400c7188 GetSystemTimeAsFileTime
0x1400c7190 InitializeSListHead
0x1400c7198 GetModuleHandleW
0x1400c71a0 HeapAlloc
0x1400c71a8 HeapFree
0x1400c71b0 GetProcessHeap
0x1400c71b8 VirtualQuery
0x1400c71c0 FreeLibrary
0x1400c71c8 RtlUnwindEx
0x1400c71d0 InterlockedPushEntrySList
0x1400c71d8 InterlockedFlushSList
0x1400c71e0 GetModuleFileNameW
0x1400c71e8 LoadLibraryExW
0x1400c71f0 SetLastError
0x1400c71f8 EnterCriticalSection
0x1400c7200 LeaveCriticalSection
0x1400c7208 DeleteCriticalSection
0x1400c7210 InitializeCriticalSectionAndSpinCount
0x1400c7218 TlsAlloc
0x1400c7220 TlsGetValue
0x1400c7228 TlsSetValue
0x1400c7230 TlsFree
0x1400c7238 EncodePointer
0x1400c7240 RtlPcToFileHeader
0x1400c7248 GetStdHandle
0x1400c7250 WriteFile
0x1400c7258 ExitProcess
0x1400c7260 GetModuleHandleExW
0x1400c7268 GetCommandLineA
0x1400c7270 GetCommandLineW
0x1400c7278 GetDateFormatW
0x1400c7280 GetTimeFormatW
0x1400c7288 CompareStringW
0x1400c7290 LCMapStringW
0x1400c7298 GetLocaleInfoW
0x1400c72a0 IsValidLocale
0x1400c72a8 GetUserDefaultLCID
0x1400c72b0 EnumSystemLocalesW
0x1400c72b8 GetFileType
0x1400c72c0 GetCurrentThread
0x1400c72c8 RtlUnwind
USER32.dll
0x1400c73b8 SetClassLongPtrW
0x1400c73c0 SetWindowLongPtrW
0x1400c73c8 UpdateWindow
0x1400c73d0 DeleteMenu
0x1400c73d8 RemoveMenu
0x1400c73e0 AppendMenuW
0x1400c73e8 GetMenuItemCount
0x1400c73f0 DestroyMenu
0x1400c73f8 CreatePopupMenu
0x1400c7400 CreateMenu
0x1400c7408 GetMenuBarInfo
0x1400c7410 ShowWindow
0x1400c7418 DestroyWindow
0x1400c7420 CreateWindowExW
0x1400c7428 RegisterClassExW
0x1400c7430 RegisterClassW
0x1400c7438 PostQuitMessage
0x1400c7440 DefWindowProcW
0x1400c7448 DispatchMessageW
0x1400c7450 TranslateMessage
0x1400c7458 GetMessageW
0x1400c7460 wsprintfW
0x1400c7468 GetSystemMenu
EAT(Export Address Table) is none
KERNEL32.dll
0x1400c7000 CloseHandle
0x1400c7008 GetLastError
0x1400c7010 CreatePipe
0x1400c7018 CreateProcessW
0x1400c7020 GetStartupInfoW
0x1400c7028 VirtualAlloc
0x1400c7030 GetModuleHandleA
0x1400c7038 GetProcAddress
0x1400c7040 LoadLibraryA
0x1400c7048 WriteConsoleW
0x1400c7050 CreateFileW
0x1400c7058 ReadConsoleW
0x1400c7060 ReadFile
0x1400c7068 HeapReAlloc
0x1400c7070 HeapSize
0x1400c7078 SetFilePointerEx
0x1400c7080 GetFileSizeEx
0x1400c7088 GetConsoleMode
0x1400c7090 GetConsoleOutputCP
0x1400c7098 FlushFileBuffers
0x1400c70a0 SetConsoleCtrlHandler
0x1400c70a8 GetStringTypeW
0x1400c70b0 SetStdHandle
0x1400c70b8 SetEnvironmentVariableW
0x1400c70c0 FreeEnvironmentStringsW
0x1400c70c8 GetEnvironmentStringsW
0x1400c70d0 GetCPInfo
0x1400c70d8 GetOEMCP
0x1400c70e0 GetACP
0x1400c70e8 IsValidCodePage
0x1400c70f0 FindNextFileW
0x1400c70f8 FindFirstFileExW
0x1400c7100 FindClose
0x1400c7108 OutputDebugStringW
0x1400c7110 GetCurrentThreadId
0x1400c7118 IsDebuggerPresent
0x1400c7120 RaiseException
0x1400c7128 MultiByteToWideChar
0x1400c7130 WideCharToMultiByte
0x1400c7138 RtlCaptureContext
0x1400c7140 RtlLookupFunctionEntry
0x1400c7148 RtlVirtualUnwind
0x1400c7150 UnhandledExceptionFilter
0x1400c7158 SetUnhandledExceptionFilter
0x1400c7160 GetCurrentProcess
0x1400c7168 TerminateProcess
0x1400c7170 IsProcessorFeaturePresent
0x1400c7178 QueryPerformanceCounter
0x1400c7180 GetCurrentProcessId
0x1400c7188 GetSystemTimeAsFileTime
0x1400c7190 InitializeSListHead
0x1400c7198 GetModuleHandleW
0x1400c71a0 HeapAlloc
0x1400c71a8 HeapFree
0x1400c71b0 GetProcessHeap
0x1400c71b8 VirtualQuery
0x1400c71c0 FreeLibrary
0x1400c71c8 RtlUnwindEx
0x1400c71d0 InterlockedPushEntrySList
0x1400c71d8 InterlockedFlushSList
0x1400c71e0 GetModuleFileNameW
0x1400c71e8 LoadLibraryExW
0x1400c71f0 SetLastError
0x1400c71f8 EnterCriticalSection
0x1400c7200 LeaveCriticalSection
0x1400c7208 DeleteCriticalSection
0x1400c7210 InitializeCriticalSectionAndSpinCount
0x1400c7218 TlsAlloc
0x1400c7220 TlsGetValue
0x1400c7228 TlsSetValue
0x1400c7230 TlsFree
0x1400c7238 EncodePointer
0x1400c7240 RtlPcToFileHeader
0x1400c7248 GetStdHandle
0x1400c7250 WriteFile
0x1400c7258 ExitProcess
0x1400c7260 GetModuleHandleExW
0x1400c7268 GetCommandLineA
0x1400c7270 GetCommandLineW
0x1400c7278 GetDateFormatW
0x1400c7280 GetTimeFormatW
0x1400c7288 CompareStringW
0x1400c7290 LCMapStringW
0x1400c7298 GetLocaleInfoW
0x1400c72a0 IsValidLocale
0x1400c72a8 GetUserDefaultLCID
0x1400c72b0 EnumSystemLocalesW
0x1400c72b8 GetFileType
0x1400c72c0 GetCurrentThread
0x1400c72c8 RtlUnwind
USER32.dll
0x1400c73b8 SetClassLongPtrW
0x1400c73c0 SetWindowLongPtrW
0x1400c73c8 UpdateWindow
0x1400c73d0 DeleteMenu
0x1400c73d8 RemoveMenu
0x1400c73e0 AppendMenuW
0x1400c73e8 GetMenuItemCount
0x1400c73f0 DestroyMenu
0x1400c73f8 CreatePopupMenu
0x1400c7400 CreateMenu
0x1400c7408 GetMenuBarInfo
0x1400c7410 ShowWindow
0x1400c7418 DestroyWindow
0x1400c7420 CreateWindowExW
0x1400c7428 RegisterClassExW
0x1400c7430 RegisterClassW
0x1400c7438 PostQuitMessage
0x1400c7440 DefWindowProcW
0x1400c7448 DispatchMessageW
0x1400c7450 TranslateMessage
0x1400c7458 GetMessageW
0x1400c7460 wsprintfW
0x1400c7468 GetSystemMenu
EAT(Export Address Table) is none