ScreenShot
| Created | 2024.07.28 10:40 | Machine | s1_win7_x6403 |
| Filename | random.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 38 detected (AIDetectMalware, Convagent, malicious, high confidence, score, Lockbit, Unsafe, Save, Attribute, HighConfidence, Artemis, PWSX, Stealerc, SmokeLoader, CLASSIC, Real Protect, moderate, Static AI, Malicious PE, Detected, Stealc, Wacatac, ZexaF, py0@a4MOmsmG, Obfuscated, susgen, GenKryptik, EWCW, confidence, 100%) | ||
| md5 | 7e43d787c0813212855c05d5cc4b1752 | ||
| sha256 | 5eb4e0358569874385f1f29eeb4f296ce648be45cc6ea62328e8a9594571859f | ||
| ssdeep | 3072:nCtkbYJ4Zzd+mtDjzFTVA/hdlCo0VMTUd47hxcCjTc31Lt6t4OYO8:CGYJKomtDXqhdsMjT6t6tuO | ||
| imphash | f7b7ec9e4ef13450da9b01e527b930fc | ||
| impfuzzy | 24:lQu9zDjkrXDN9fn3mqICNTKr1sDyOXtUUncQIlyv9MhkHE/J3IjS3MlggAQhcK6c:uXfnOr1kXtzcHK9erMSExAQaK6T+Y6B | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x423010 LocalCompact
0x423014 EnumCalendarInfoW
0x423018 SetEnvironmentVariableW
0x42301c GetTickCount
0x423020 CreateNamedPipeW
0x423024 GetConsoleAliasesA
0x423028 EnumResourceTypesA
0x42302c GetConsoleCP
0x423030 GlobalAlloc
0x423034 SetFileShortNameW
0x423038 LoadLibraryW
0x42303c IsProcessInJob
0x423040 FatalAppExitW
0x423044 AssignProcessToJobObject
0x423048 IsBadCodePtr
0x42304c GetModuleFileNameW
0x423050 GetSystemDirectoryA
0x423054 ReplaceFileA
0x423058 GlobalUnlock
0x42305c CreateJobObjectA
0x423060 GetLastError
0x423064 WriteConsoleInputW
0x423068 VerLanguageNameW
0x42306c LoadLibraryA
0x423070 SetConsoleCtrlHandler
0x423074 AddAtomW
0x423078 HeapWalk
0x42307c GetOEMCP
0x423080 EnumDateFormatsA
0x423084 GetModuleHandleA
0x423088 GetProcessShutdownParameters
0x42308c EnumResourceNamesA
0x423090 GetFileTime
0x423094 PeekConsoleInputA
0x423098 GetDiskFreeSpaceExA
0x42309c LCMapStringW
0x4230a0 CreateFileW
0x4230a4 HeapSize
0x4230a8 FlushFileBuffers
0x4230ac FindVolumeClose
0x4230b0 HeapCompact
0x4230b4 GetProcAddress
0x4230b8 CreateFileA
0x4230bc GetStringTypeW
0x4230c0 WriteConsoleW
0x4230c4 HeapReAlloc
0x4230c8 GetCommandLineW
0x4230cc HeapSetInformation
0x4230d0 GetStartupInfoW
0x4230d4 DecodePointer
0x4230d8 UnhandledExceptionFilter
0x4230dc SetUnhandledExceptionFilter
0x4230e0 IsDebuggerPresent
0x4230e4 EncodePointer
0x4230e8 TerminateProcess
0x4230ec GetCurrentProcess
0x4230f0 HeapAlloc
0x4230f4 HeapFree
0x4230f8 EnterCriticalSection
0x4230fc LeaveCriticalSection
0x423100 SetHandleCount
0x423104 GetStdHandle
0x423108 InitializeCriticalSectionAndSpinCount
0x42310c GetFileType
0x423110 DeleteCriticalSection
0x423114 MultiByteToWideChar
0x423118 ReadFile
0x42311c GetModuleHandleW
0x423120 ExitProcess
0x423124 SetFilePointer
0x423128 HeapCreate
0x42312c WriteFile
0x423130 FreeEnvironmentStringsW
0x423134 GetEnvironmentStringsW
0x423138 TlsAlloc
0x42313c TlsGetValue
0x423140 TlsSetValue
0x423144 TlsFree
0x423148 InterlockedIncrement
0x42314c SetLastError
0x423150 GetCurrentThreadId
0x423154 InterlockedDecrement
0x423158 QueryPerformanceCounter
0x42315c GetCurrentProcessId
0x423160 GetSystemTimeAsFileTime
0x423164 WideCharToMultiByte
0x423168 GetConsoleMode
0x42316c GetCPInfo
0x423170 GetACP
0x423174 IsValidCodePage
0x423178 Sleep
0x42317c RtlUnwind
0x423180 SetStdHandle
0x423184 IsProcessorFeaturePresent
0x423188 CloseHandle
USER32.dll
0x423198 CharUpperBuffA
0x42319c GetMessageExtraInfo
0x4231a0 SetCaretPos
0x4231a4 GetMenu
0x4231a8 DrawStateW
0x4231ac GetSysColorBrush
GDI32.dll
0x423000 GetCharWidthI
0x423004 CreateDCA
0x423008 GetCharABCWidthsI
WINHTTP.dll
0x4231b4 WinHttpOpen
MSIMG32.dll
0x423190 AlphaBlend
EAT(Export Address Table) is none
KERNEL32.dll
0x423010 LocalCompact
0x423014 EnumCalendarInfoW
0x423018 SetEnvironmentVariableW
0x42301c GetTickCount
0x423020 CreateNamedPipeW
0x423024 GetConsoleAliasesA
0x423028 EnumResourceTypesA
0x42302c GetConsoleCP
0x423030 GlobalAlloc
0x423034 SetFileShortNameW
0x423038 LoadLibraryW
0x42303c IsProcessInJob
0x423040 FatalAppExitW
0x423044 AssignProcessToJobObject
0x423048 IsBadCodePtr
0x42304c GetModuleFileNameW
0x423050 GetSystemDirectoryA
0x423054 ReplaceFileA
0x423058 GlobalUnlock
0x42305c CreateJobObjectA
0x423060 GetLastError
0x423064 WriteConsoleInputW
0x423068 VerLanguageNameW
0x42306c LoadLibraryA
0x423070 SetConsoleCtrlHandler
0x423074 AddAtomW
0x423078 HeapWalk
0x42307c GetOEMCP
0x423080 EnumDateFormatsA
0x423084 GetModuleHandleA
0x423088 GetProcessShutdownParameters
0x42308c EnumResourceNamesA
0x423090 GetFileTime
0x423094 PeekConsoleInputA
0x423098 GetDiskFreeSpaceExA
0x42309c LCMapStringW
0x4230a0 CreateFileW
0x4230a4 HeapSize
0x4230a8 FlushFileBuffers
0x4230ac FindVolumeClose
0x4230b0 HeapCompact
0x4230b4 GetProcAddress
0x4230b8 CreateFileA
0x4230bc GetStringTypeW
0x4230c0 WriteConsoleW
0x4230c4 HeapReAlloc
0x4230c8 GetCommandLineW
0x4230cc HeapSetInformation
0x4230d0 GetStartupInfoW
0x4230d4 DecodePointer
0x4230d8 UnhandledExceptionFilter
0x4230dc SetUnhandledExceptionFilter
0x4230e0 IsDebuggerPresent
0x4230e4 EncodePointer
0x4230e8 TerminateProcess
0x4230ec GetCurrentProcess
0x4230f0 HeapAlloc
0x4230f4 HeapFree
0x4230f8 EnterCriticalSection
0x4230fc LeaveCriticalSection
0x423100 SetHandleCount
0x423104 GetStdHandle
0x423108 InitializeCriticalSectionAndSpinCount
0x42310c GetFileType
0x423110 DeleteCriticalSection
0x423114 MultiByteToWideChar
0x423118 ReadFile
0x42311c GetModuleHandleW
0x423120 ExitProcess
0x423124 SetFilePointer
0x423128 HeapCreate
0x42312c WriteFile
0x423130 FreeEnvironmentStringsW
0x423134 GetEnvironmentStringsW
0x423138 TlsAlloc
0x42313c TlsGetValue
0x423140 TlsSetValue
0x423144 TlsFree
0x423148 InterlockedIncrement
0x42314c SetLastError
0x423150 GetCurrentThreadId
0x423154 InterlockedDecrement
0x423158 QueryPerformanceCounter
0x42315c GetCurrentProcessId
0x423160 GetSystemTimeAsFileTime
0x423164 WideCharToMultiByte
0x423168 GetConsoleMode
0x42316c GetCPInfo
0x423170 GetACP
0x423174 IsValidCodePage
0x423178 Sleep
0x42317c RtlUnwind
0x423180 SetStdHandle
0x423184 IsProcessorFeaturePresent
0x423188 CloseHandle
USER32.dll
0x423198 CharUpperBuffA
0x42319c GetMessageExtraInfo
0x4231a0 SetCaretPos
0x4231a4 GetMenu
0x4231a8 DrawStateW
0x4231ac GetSysColorBrush
GDI32.dll
0x423000 GetCharWidthI
0x423004 CreateDCA
0x423008 GetCharABCWidthsI
WINHTTP.dll
0x4231b4 WinHttpOpen
MSIMG32.dll
0x423190 AlphaBlend
EAT(Export Address Table) is none