ScreenShot
| Created | 2024.07.26 10:45 | Machine | s1_win7_x6401 |
| Filename | crypted.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 50 detected (AIDetectMalware, Stelpak, malicious, high confidence, score, Unsafe, Kysler, Save, Attribute, HighConfidence, GenKryptik, GZVA, Artemis, CrypterX, Lazy, Fragtor, JKq5CBfm0bS, RedLineNET, REDLINE, YXEGZZ, Real Protect, high, Krypt, Static AI, Malicious PE, Detected, ai score=82, Kryptik, AMAR, R658971, ZexaF, 7uW@aCSmujai, LummaStealer, GdSda, Zwhl, susgen, confidence, 100%) | ||
| md5 | 371d606aa2fcd2945d84a13e598da55f | ||
| sha256 | 59c6d955b28461cd8d1f8f8c9a97d4f7a2e741dd62c69e67f0b71ecb3f7f040a | ||
| ssdeep | 24576:TwGArtsJR9XoZ6vuES4K316MxyeV+xQQjTP6hW:TxJR9XoZ6vPMUeVjeb | ||
| imphash | af0f88358390a4f58963b26bacea4505 | ||
| impfuzzy | 48:V6KFL9oW8xRcpVsjSXtXIrytW+zTpazuFZGol38:V6KdWW8xRcpVs+XtXCytW+/paM6 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x489210 OffsetRect
KERNEL32.dll
0x489000 GetCPInfo
0x489004 CreateFileW
0x489008 WaitForSingleObject
0x48900c GetModuleHandleA
0x489010 SwitchToFiber
0x489014 CreateThread
0x489018 GetProcAddress
0x48901c VirtualAllocEx
0x489020 RaiseException
0x489024 RtlCaptureStackBackTrace
0x489028 GetCurrentThreadId
0x48902c IsProcessorFeaturePresent
0x489030 GetLastError
0x489034 FreeLibraryWhenCallbackReturns
0x489038 CreateThreadpoolWork
0x48903c SubmitThreadpoolWork
0x489040 CloseThreadpoolWork
0x489044 GetModuleHandleExW
0x489048 WakeConditionVariable
0x48904c WakeAllConditionVariable
0x489050 SleepConditionVariableSRW
0x489054 InitOnceComplete
0x489058 InitOnceBeginInitialize
0x48905c FormatMessageA
0x489060 ReleaseSRWLockExclusive
0x489064 AcquireSRWLockExclusive
0x489068 TryAcquireSRWLockExclusive
0x48906c CloseHandle
0x489070 WaitForSingleObjectEx
0x489074 Sleep
0x489078 SwitchToThread
0x48907c GetExitCodeThread
0x489080 GetNativeSystemInfo
0x489084 QueryPerformanceCounter
0x489088 QueryPerformanceFrequency
0x48908c EnterCriticalSection
0x489090 LeaveCriticalSection
0x489094 InitializeCriticalSectionEx
0x489098 DeleteCriticalSection
0x48909c EncodePointer
0x4890a0 DecodePointer
0x4890a4 LocalFree
0x4890a8 GetLocaleInfoEx
0x4890ac MultiByteToWideChar
0x4890b0 WideCharToMultiByte
0x4890b4 LCMapStringEx
0x4890b8 SetFileInformationByHandle
0x4890bc GetTempPathW
0x4890c0 InitOnceExecuteOnce
0x4890c4 CreateEventExW
0x4890c8 CreateSemaphoreExW
0x4890cc FlushProcessWriteBuffers
0x4890d0 GetCurrentProcessorNumber
0x4890d4 GetSystemTimeAsFileTime
0x4890d8 GetTickCount64
0x4890dc CreateThreadpoolTimer
0x4890e0 SetThreadpoolTimer
0x4890e4 WaitForThreadpoolTimerCallbacks
0x4890e8 CloseThreadpoolTimer
0x4890ec CreateThreadpoolWait
0x4890f0 SetThreadpoolWait
0x4890f4 CloseThreadpoolWait
0x4890f8 GetModuleHandleW
0x4890fc GetFileInformationByHandleEx
0x489100 CreateSymbolicLinkW
0x489104 GetStringTypeW
0x489108 CompareStringEx
0x48910c WriteConsoleW
0x489110 UnhandledExceptionFilter
0x489114 SetUnhandledExceptionFilter
0x489118 GetCurrentProcess
0x48911c TerminateProcess
0x489120 IsDebuggerPresent
0x489124 GetStartupInfoW
0x489128 GetCurrentProcessId
0x48912c InitializeSListHead
0x489130 HeapSize
0x489134 RtlUnwind
0x489138 InterlockedPushEntrySList
0x48913c InterlockedFlushSList
0x489140 SetLastError
0x489144 InitializeCriticalSectionAndSpinCount
0x489148 TlsAlloc
0x48914c TlsGetValue
0x489150 TlsSetValue
0x489154 TlsFree
0x489158 FreeLibrary
0x48915c LoadLibraryExW
0x489160 ExitThread
0x489164 ResumeThread
0x489168 FreeLibraryAndExitThread
0x48916c ExitProcess
0x489170 GetModuleFileNameW
0x489174 GetStdHandle
0x489178 WriteFile
0x48917c SetConsoleCtrlHandler
0x489180 HeapAlloc
0x489184 HeapFree
0x489188 GetDateFormatW
0x48918c GetTimeFormatW
0x489190 CompareStringW
0x489194 LCMapStringW
0x489198 GetLocaleInfoW
0x48919c IsValidLocale
0x4891a0 GetUserDefaultLCID
0x4891a4 EnumSystemLocalesW
0x4891a8 GetFileType
0x4891ac GetCurrentThread
0x4891b0 FlushFileBuffers
0x4891b4 GetConsoleOutputCP
0x4891b8 GetConsoleMode
0x4891bc ReadFile
0x4891c0 GetFileSizeEx
0x4891c4 SetFilePointerEx
0x4891c8 ReadConsoleW
0x4891cc HeapReAlloc
0x4891d0 GetTimeZoneInformation
0x4891d4 FindClose
0x4891d8 FindFirstFileExW
0x4891dc FindNextFileW
0x4891e0 IsValidCodePage
0x4891e4 GetACP
0x4891e8 GetOEMCP
0x4891ec GetCommandLineA
0x4891f0 GetCommandLineW
0x4891f4 GetEnvironmentStringsW
0x4891f8 FreeEnvironmentStringsW
0x4891fc SetEnvironmentVariableW
0x489200 GetProcessHeap
0x489204 OutputDebugStringW
0x489208 SetStdHandle
EAT(Export Address Table) is none
USER32.dll
0x489210 OffsetRect
KERNEL32.dll
0x489000 GetCPInfo
0x489004 CreateFileW
0x489008 WaitForSingleObject
0x48900c GetModuleHandleA
0x489010 SwitchToFiber
0x489014 CreateThread
0x489018 GetProcAddress
0x48901c VirtualAllocEx
0x489020 RaiseException
0x489024 RtlCaptureStackBackTrace
0x489028 GetCurrentThreadId
0x48902c IsProcessorFeaturePresent
0x489030 GetLastError
0x489034 FreeLibraryWhenCallbackReturns
0x489038 CreateThreadpoolWork
0x48903c SubmitThreadpoolWork
0x489040 CloseThreadpoolWork
0x489044 GetModuleHandleExW
0x489048 WakeConditionVariable
0x48904c WakeAllConditionVariable
0x489050 SleepConditionVariableSRW
0x489054 InitOnceComplete
0x489058 InitOnceBeginInitialize
0x48905c FormatMessageA
0x489060 ReleaseSRWLockExclusive
0x489064 AcquireSRWLockExclusive
0x489068 TryAcquireSRWLockExclusive
0x48906c CloseHandle
0x489070 WaitForSingleObjectEx
0x489074 Sleep
0x489078 SwitchToThread
0x48907c GetExitCodeThread
0x489080 GetNativeSystemInfo
0x489084 QueryPerformanceCounter
0x489088 QueryPerformanceFrequency
0x48908c EnterCriticalSection
0x489090 LeaveCriticalSection
0x489094 InitializeCriticalSectionEx
0x489098 DeleteCriticalSection
0x48909c EncodePointer
0x4890a0 DecodePointer
0x4890a4 LocalFree
0x4890a8 GetLocaleInfoEx
0x4890ac MultiByteToWideChar
0x4890b0 WideCharToMultiByte
0x4890b4 LCMapStringEx
0x4890b8 SetFileInformationByHandle
0x4890bc GetTempPathW
0x4890c0 InitOnceExecuteOnce
0x4890c4 CreateEventExW
0x4890c8 CreateSemaphoreExW
0x4890cc FlushProcessWriteBuffers
0x4890d0 GetCurrentProcessorNumber
0x4890d4 GetSystemTimeAsFileTime
0x4890d8 GetTickCount64
0x4890dc CreateThreadpoolTimer
0x4890e0 SetThreadpoolTimer
0x4890e4 WaitForThreadpoolTimerCallbacks
0x4890e8 CloseThreadpoolTimer
0x4890ec CreateThreadpoolWait
0x4890f0 SetThreadpoolWait
0x4890f4 CloseThreadpoolWait
0x4890f8 GetModuleHandleW
0x4890fc GetFileInformationByHandleEx
0x489100 CreateSymbolicLinkW
0x489104 GetStringTypeW
0x489108 CompareStringEx
0x48910c WriteConsoleW
0x489110 UnhandledExceptionFilter
0x489114 SetUnhandledExceptionFilter
0x489118 GetCurrentProcess
0x48911c TerminateProcess
0x489120 IsDebuggerPresent
0x489124 GetStartupInfoW
0x489128 GetCurrentProcessId
0x48912c InitializeSListHead
0x489130 HeapSize
0x489134 RtlUnwind
0x489138 InterlockedPushEntrySList
0x48913c InterlockedFlushSList
0x489140 SetLastError
0x489144 InitializeCriticalSectionAndSpinCount
0x489148 TlsAlloc
0x48914c TlsGetValue
0x489150 TlsSetValue
0x489154 TlsFree
0x489158 FreeLibrary
0x48915c LoadLibraryExW
0x489160 ExitThread
0x489164 ResumeThread
0x489168 FreeLibraryAndExitThread
0x48916c ExitProcess
0x489170 GetModuleFileNameW
0x489174 GetStdHandle
0x489178 WriteFile
0x48917c SetConsoleCtrlHandler
0x489180 HeapAlloc
0x489184 HeapFree
0x489188 GetDateFormatW
0x48918c GetTimeFormatW
0x489190 CompareStringW
0x489194 LCMapStringW
0x489198 GetLocaleInfoW
0x48919c IsValidLocale
0x4891a0 GetUserDefaultLCID
0x4891a4 EnumSystemLocalesW
0x4891a8 GetFileType
0x4891ac GetCurrentThread
0x4891b0 FlushFileBuffers
0x4891b4 GetConsoleOutputCP
0x4891b8 GetConsoleMode
0x4891bc ReadFile
0x4891c0 GetFileSizeEx
0x4891c4 SetFilePointerEx
0x4891c8 ReadConsoleW
0x4891cc HeapReAlloc
0x4891d0 GetTimeZoneInformation
0x4891d4 FindClose
0x4891d8 FindFirstFileExW
0x4891dc FindNextFileW
0x4891e0 IsValidCodePage
0x4891e4 GetACP
0x4891e8 GetOEMCP
0x4891ec GetCommandLineA
0x4891f0 GetCommandLineW
0x4891f4 GetEnvironmentStringsW
0x4891f8 FreeEnvironmentStringsW
0x4891fc SetEnvironmentVariableW
0x489200 GetProcessHeap
0x489204 OutputDebugStringW
0x489208 SetStdHandle
EAT(Export Address Table) is none