ScreenShot
| Created | 2024.07.27 12:39 | Machine | s1_win7_x6403 |
| Filename | build2.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 22 detected (AIDetectMalware, malicious, high confidence, Unsafe, Vzpf, Attribute, HighConfidence, Kryptik, TrojanX, SleepObf, CLOUD, Static AI, Suspicious PE, Wacatac, confidence, 100%) | ||
| md5 | 410e91a252ffe557a41e66a174cd6dcb | ||
| sha256 | 67ce38dec54fd963ff28f4a257d58133eb241c909f9e06c859de0a7f00976202 | ||
| ssdeep | 49152:wXduhClX5Td3dKHJH2u4DTUN8A0AAlFnK9O5JDW0ZX+Gh8e9waVp/EoQ4PKw/n0+:LkUixA0Zea | ||
| imphash | e49b63183dc452ee4abc90a6e47f6582 | ||
| impfuzzy | 12:YRJRJJcDn5ARZqRLAYPXJDCqV0MH/5XGXgEG6eGJNJmo:8fjcDqcLV5X0Mf5XGe6Zpd | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140308158 DeleteCriticalSection
0x140308160 EnterCriticalSection
0x140308168 GetLastError
0x140308170 GetProcAddress
0x140308178 GetStartupInfoA
0x140308180 InitializeCriticalSection
0x140308188 LeaveCriticalSection
0x140308190 LoadLibraryA
0x140308198 SetUnhandledExceptionFilter
0x1403081a0 Sleep
0x1403081a8 TlsAlloc
0x1403081b0 TlsGetValue
0x1403081b8 TlsSetValue
0x1403081c0 VirtualAlloc
0x1403081c8 VirtualFree
0x1403081d0 VirtualProtect
0x1403081d8 VirtualQuery
msvcrt.dll
0x1403081e8 __C_specific_handler
0x1403081f0 __initenv
0x1403081f8 __set_app_type
0x140308200 __setusermatherr
0x140308208 _acmdln
0x140308210 _commode
0x140308218 _fmode
0x140308220 _initterm
0x140308228 _ismbblead
0x140308230 _onexit
0x140308238 abort
0x140308240 calloc
0x140308248 free
0x140308250 memcpy
0x140308258 memset
0x140308260 strncmp
EAT(Export Address Table) is none
KERNEL32.dll
0x140308158 DeleteCriticalSection
0x140308160 EnterCriticalSection
0x140308168 GetLastError
0x140308170 GetProcAddress
0x140308178 GetStartupInfoA
0x140308180 InitializeCriticalSection
0x140308188 LeaveCriticalSection
0x140308190 LoadLibraryA
0x140308198 SetUnhandledExceptionFilter
0x1403081a0 Sleep
0x1403081a8 TlsAlloc
0x1403081b0 TlsGetValue
0x1403081b8 TlsSetValue
0x1403081c0 VirtualAlloc
0x1403081c8 VirtualFree
0x1403081d0 VirtualProtect
0x1403081d8 VirtualQuery
msvcrt.dll
0x1403081e8 __C_specific_handler
0x1403081f0 __initenv
0x1403081f8 __set_app_type
0x140308200 __setusermatherr
0x140308208 _acmdln
0x140308210 _commode
0x140308218 _fmode
0x140308220 _initterm
0x140308228 _ismbblead
0x140308230 _onexit
0x140308238 abort
0x140308240 calloc
0x140308248 free
0x140308250 memcpy
0x140308258 memset
0x140308260 strncmp
EAT(Export Address Table) is none