ScreenShot
| Created | 2024.07.26 10:46 | Machine | s1_win7_x6403 |
| Filename | RogueOxidResolver.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 50 detected (AIDetectMalware, Hacktool, RoguePotato, malicious, high confidence, score, Artemis, Unsafe, Vi8l, Attribute, HighConfidence, RogueP, Vv5uM75b07J, qvnmg, Tool, gxzio, ai score=83, GrayWare, Malware@#1ykkhbb4je363, Convagent, Gencirc, V5mAPKfSik4, susgen, confidence, 100%) | ||
| md5 | 73446530325d8bdf09edd62d56e2e329 | ||
| sha256 | 9c5d53208d324f6f14e3417fe072be9b0f29aa35299f99c30bbaf602790b7480 | ||
| ssdeep | 1536:7nwUwdAN2rEv590XcXFEQXVS87+r7bSV2fJZH26q1JWfsWed7B9dlmVjGabI:rwxILG8LX563b86JZHXa4WVMVj/ | ||
| imphash | 576d6e02a47c807b9063948ee683350c | ||
| impfuzzy | 24:pBV0yqgxSWoPFMU802tMS17mlJnc+pl3eDoTYZOovbO3kPvRRZHu9c:S3g4tutMS17kc+pp/Yc30nb | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ole32.dll
0x140013278 CLSIDFromString
RPCRT4.dll
0x140013228 NdrServerCall2
0x140013230 NdrServerCallAll
0x140013238 RpcServerInqBindings
0x140013240 RpcServerUseProtseqEpA
0x140013248 RpcServerListen
0x140013250 RpcServerRegisterAuthInfoA
0x140013258 RpcEpRegisterA
0x140013260 RpcServerRegisterIf2
0x140013268 RpcImpersonateClient
KERNEL32.dll
0x140013000 GetModuleHandleExW
0x140013008 WriteConsoleW
0x140013010 CreateFileW
0x140013018 CloseHandle
0x140013020 HeapReAlloc
0x140013028 HeapSize
0x140013030 SetFilePointerEx
0x140013038 GetFileSizeEx
0x140013040 GetConsoleMode
0x140013048 GetConsoleCP
0x140013050 RtlCaptureContext
0x140013058 RtlLookupFunctionEntry
0x140013060 RtlVirtualUnwind
0x140013068 UnhandledExceptionFilter
0x140013070 SetUnhandledExceptionFilter
0x140013078 GetCurrentProcess
0x140013080 TerminateProcess
0x140013088 IsProcessorFeaturePresent
0x140013090 QueryPerformanceCounter
0x140013098 GetCurrentProcessId
0x1400130a0 GetCurrentThreadId
0x1400130a8 GetSystemTimeAsFileTime
0x1400130b0 InitializeSListHead
0x1400130b8 IsDebuggerPresent
0x1400130c0 GetStartupInfoW
0x1400130c8 GetModuleHandleW
0x1400130d0 RtlUnwindEx
0x1400130d8 GetLastError
0x1400130e0 SetLastError
0x1400130e8 EnterCriticalSection
0x1400130f0 LeaveCriticalSection
0x1400130f8 DeleteCriticalSection
0x140013100 InitializeCriticalSectionAndSpinCount
0x140013108 TlsAlloc
0x140013110 TlsGetValue
0x140013118 TlsSetValue
0x140013120 TlsFree
0x140013128 FreeLibrary
0x140013130 GetProcAddress
0x140013138 LoadLibraryExW
0x140013140 RaiseException
0x140013148 ExitProcess
0x140013150 GetStdHandle
0x140013158 WriteFile
0x140013160 GetModuleFileNameW
0x140013168 GetCommandLineA
0x140013170 GetCommandLineW
0x140013178 HeapAlloc
0x140013180 HeapFree
0x140013188 CompareStringW
0x140013190 LCMapStringW
0x140013198 GetFileType
0x1400131a0 FindClose
0x1400131a8 FindFirstFileExW
0x1400131b0 FindNextFileW
0x1400131b8 IsValidCodePage
0x1400131c0 GetACP
0x1400131c8 GetOEMCP
0x1400131d0 GetCPInfo
0x1400131d8 MultiByteToWideChar
0x1400131e0 WideCharToMultiByte
0x1400131e8 GetEnvironmentStringsW
0x1400131f0 FreeEnvironmentStringsW
0x1400131f8 SetEnvironmentVariableW
0x140013200 SetStdHandle
0x140013208 GetStringTypeW
0x140013210 GetProcessHeap
0x140013218 FlushFileBuffers
EAT(Export Address Table) is none
ole32.dll
0x140013278 CLSIDFromString
RPCRT4.dll
0x140013228 NdrServerCall2
0x140013230 NdrServerCallAll
0x140013238 RpcServerInqBindings
0x140013240 RpcServerUseProtseqEpA
0x140013248 RpcServerListen
0x140013250 RpcServerRegisterAuthInfoA
0x140013258 RpcEpRegisterA
0x140013260 RpcServerRegisterIf2
0x140013268 RpcImpersonateClient
KERNEL32.dll
0x140013000 GetModuleHandleExW
0x140013008 WriteConsoleW
0x140013010 CreateFileW
0x140013018 CloseHandle
0x140013020 HeapReAlloc
0x140013028 HeapSize
0x140013030 SetFilePointerEx
0x140013038 GetFileSizeEx
0x140013040 GetConsoleMode
0x140013048 GetConsoleCP
0x140013050 RtlCaptureContext
0x140013058 RtlLookupFunctionEntry
0x140013060 RtlVirtualUnwind
0x140013068 UnhandledExceptionFilter
0x140013070 SetUnhandledExceptionFilter
0x140013078 GetCurrentProcess
0x140013080 TerminateProcess
0x140013088 IsProcessorFeaturePresent
0x140013090 QueryPerformanceCounter
0x140013098 GetCurrentProcessId
0x1400130a0 GetCurrentThreadId
0x1400130a8 GetSystemTimeAsFileTime
0x1400130b0 InitializeSListHead
0x1400130b8 IsDebuggerPresent
0x1400130c0 GetStartupInfoW
0x1400130c8 GetModuleHandleW
0x1400130d0 RtlUnwindEx
0x1400130d8 GetLastError
0x1400130e0 SetLastError
0x1400130e8 EnterCriticalSection
0x1400130f0 LeaveCriticalSection
0x1400130f8 DeleteCriticalSection
0x140013100 InitializeCriticalSectionAndSpinCount
0x140013108 TlsAlloc
0x140013110 TlsGetValue
0x140013118 TlsSetValue
0x140013120 TlsFree
0x140013128 FreeLibrary
0x140013130 GetProcAddress
0x140013138 LoadLibraryExW
0x140013140 RaiseException
0x140013148 ExitProcess
0x140013150 GetStdHandle
0x140013158 WriteFile
0x140013160 GetModuleFileNameW
0x140013168 GetCommandLineA
0x140013170 GetCommandLineW
0x140013178 HeapAlloc
0x140013180 HeapFree
0x140013188 CompareStringW
0x140013190 LCMapStringW
0x140013198 GetFileType
0x1400131a0 FindClose
0x1400131a8 FindFirstFileExW
0x1400131b0 FindNextFileW
0x1400131b8 IsValidCodePage
0x1400131c0 GetACP
0x1400131c8 GetOEMCP
0x1400131d0 GetCPInfo
0x1400131d8 MultiByteToWideChar
0x1400131e0 WideCharToMultiByte
0x1400131e8 GetEnvironmentStringsW
0x1400131f0 FreeEnvironmentStringsW
0x1400131f8 SetEnvironmentVariableW
0x140013200 SetStdHandle
0x140013208 GetStringTypeW
0x140013210 GetProcessHeap
0x140013218 FlushFileBuffers
EAT(Export Address Table) is none