ScreenShot
| Created | 2024.07.30 09:36 | Machine | s1_win7_x6401 |
| Filename | event.php | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 50 detected (AIDetectMalware, Nekark, malicious, high confidence, score, NetLoader, Unsafe, Vgxn, Attribute, HighConfidence, Artemis, TrojanX, Y2bFPPajU2P, nhtjo, Siggen29, ASYNCRAT, YXEG2Z, moderate, Static AI, Malicious PE, Detected, ai score=85, GrayWare, Wacapew, Casdet, Chgt, Gencirc, confidence, 100%) | ||
| md5 | 61c5a8e414a47b8cc2c69e1ac4370a35 | ||
| sha256 | 4da3bff89fc796886ca615a29a2595c4109f86fff2a9e699ea1036195719cb3b | ||
| ssdeep | 6144:l5B8DY9c80tk5koaMrtonT8nzkwHgDKFaz4cHgo2TW:rB8DY9yYhaODRgDKiHgo2a | ||
| imphash | 5aceba6b8f80a97c0ff1e3c072a69b00 | ||
| impfuzzy | 48:FsCj/8uPkDUsX7VhNsROLpEU9lXzfK3qEbumOu0cpVkRBg/H:Fr/8okdhNsROLrbXzy32mj0cpVqBg/H | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| notice | Creates a suspicious process |
| notice | Creates hidden or system file |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | Queries for the computername |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ntdll.dll
0x1400294b0 NtClose
0x1400294b8 NtWriteFile
0x1400294c0 NtMapViewOfSection
0x1400294c8 NtSetInformationFile
0x1400294d0 RtlInitUnicodeString
0x1400294d8 NtSetInformationProcess
0x1400294e0 RtlAdjustPrivilege
0x1400294e8 NtCreateSection
0x1400294f0 NtOpenFile
USER32.dll
0x140029470 wsprintfA
OLEAUT32.dll
0x140029438 VariantClear
SHLWAPI.dll
0x140029460 PathFindFileNameW
ADVAPI32.dll
0x140029000 RegCloseKey
0x140029008 RegOpenKeyExW
0x140029010 RegOpenKeyExA
0x140029018 RegSetValueExA
0x140029020 GetTokenInformation
0x140029028 GetUserNameW
0x140029030 AdjustTokenPrivileges
0x140029038 LookupPrivilegeValueA
0x140029040 OpenProcessToken
0x140029048 RegSetValueExW
WININET.dll
0x140029480 InternetOpenUrlW
0x140029488 InternetReadFile
0x140029490 InternetCloseHandle
0x140029498 HttpQueryInfoA
0x1400294a0 InternetOpenW
SHELL32.dll
0x140029448 SHGetFolderPathA
0x140029450 SHGetFolderPathW
KERNEL32.dll
0x140029058 IsValidLocaleName
0x140029060 LCMapStringEx
0x140029068 GetUserDefaultLocaleName
0x140029070 FreeEnvironmentStringsW
0x140029078 GetEnvironmentStringsW
0x140029080 GetTickCount64
0x140029088 QueryPerformanceCounter
0x140029090 EnumSystemLocalesEx
0x140029098 FlsFree
0x1400290a0 FlsSetValue
0x1400290a8 FlsGetValue
0x1400290b0 FlsAlloc
0x1400290b8 SetUnhandledExceptionFilter
0x1400290c0 UnhandledExceptionFilter
0x1400290c8 RtlVirtualUnwind
0x1400290d0 RtlCaptureContext
0x1400290d8 GetConsoleMode
0x1400290e0 GetConsoleCP
0x1400290e8 FlushFileBuffers
0x1400290f0 HeapReAlloc
0x1400290f8 LoadLibraryExW
0x140029100 OutputDebugStringW
0x140029108 ReadConsoleW
0x140029110 SetStdHandle
0x140029118 WriteConsoleW
0x140029120 GetModuleHandleW
0x140029128 UnmapViewOfFile
0x140029130 SetFilePointerEx
0x140029138 GetStartupInfoW
0x140029140 InitOnceExecuteOnce
0x140029148 GetFileType
0x140029150 HeapSize
0x140029158 GetStdHandle
0x140029160 GetModuleHandleExW
0x140029168 GetCurrentThreadId
0x140029170 GetThreadContext
0x140029178 GetTempFileNameW
0x140029180 GetFileSize
0x140029188 SetThreadContext
0x140029190 SetFilePointer
0x140029198 GetCurrentProcess
0x1400291a0 WaitForSingleObject
0x1400291a8 WriteFile
0x1400291b0 OpenProcess
0x1400291b8 GetSystemDirectoryW
0x1400291c0 LoadLibraryW
0x1400291c8 GetModuleFileNameW
0x1400291d0 CreateFileW
0x1400291d8 GetTempPathW
0x1400291e0 GetLastError
0x1400291e8 GetProcAddress
0x1400291f0 VirtualAllocEx
0x1400291f8 LoadLibraryA
0x140029200 GetModuleHandleA
0x140029208 Wow64SetThreadContext
0x140029210 CloseHandle
0x140029218 WriteProcessMemory
0x140029220 ResumeThread
0x140029228 Wow64GetThreadContext
0x140029230 CreateThread
0x140029238 HeapAlloc
0x140029240 GetProcessHeap
0x140029248 Sleep
0x140029250 Process32First
0x140029258 CreateRemoteThread
0x140029260 Process32Next
0x140029268 CreateToolhelp32Snapshot
0x140029270 VirtualProtectEx
0x140029278 ExitProcess
0x140029280 FindFirstFileW
0x140029288 MapViewOfFile
0x140029290 SetEndOfFile
0x140029298 CreateProcessW
0x1400292a0 CompareFileTime
0x1400292a8 VirtualFree
0x1400292b0 GetWindowsDirectoryA
0x1400292b8 GetProcessTimes
0x1400292c0 GetVolumeInformationA
0x1400292c8 CopyFileW
0x1400292d0 TerminateProcess
0x1400292d8 ReadFile
0x1400292e0 lstrcatA
0x1400292e8 CreateDirectoryA
0x1400292f0 VirtualAlloc
0x1400292f8 CopyFileA
0x140029300 SetFileAttributesA
0x140029308 FindClose
0x140029310 Process32FirstW
0x140029318 CreateFileMappingA
0x140029320 IsWow64Process
0x140029328 GetModuleFileNameA
0x140029330 Process32NextW
0x140029338 CreateMutexA
0x140029340 IsDebuggerPresent
0x140029348 FindNextFileW
0x140029350 DeleteFileW
0x140029358 SetFileAttributesW
0x140029360 ExpandEnvironmentStringsW
0x140029368 MultiByteToWideChar
0x140029370 WideCharToMultiByte
0x140029378 LocalFree
0x140029380 GetStringTypeW
0x140029388 EncodePointer
0x140029390 DecodePointer
0x140029398 EnterCriticalSection
0x1400293a0 LeaveCriticalSection
0x1400293a8 InitializeCriticalSectionEx
0x1400293b0 DeleteCriticalSection
0x1400293b8 GetLocaleInfoEx
0x1400293c0 HeapFree
0x1400293c8 GetCPInfo
0x1400293d0 IsProcessorFeaturePresent
0x1400293d8 GetSystemTimeAsFileTime
0x1400293e0 GetCommandLineW
0x1400293e8 RtlLookupFunctionEntry
0x1400293f0 RtlUnwindEx
0x1400293f8 RtlPcToFileHeader
0x140029400 RaiseException
0x140029408 InitializeCriticalSectionAndSpinCount
0x140029410 IsValidCodePage
0x140029418 GetACP
0x140029420 GetOEMCP
0x140029428 SetLastError
EAT(Export Address Table) Library
0x140003e14 Start
ntdll.dll
0x1400294b0 NtClose
0x1400294b8 NtWriteFile
0x1400294c0 NtMapViewOfSection
0x1400294c8 NtSetInformationFile
0x1400294d0 RtlInitUnicodeString
0x1400294d8 NtSetInformationProcess
0x1400294e0 RtlAdjustPrivilege
0x1400294e8 NtCreateSection
0x1400294f0 NtOpenFile
USER32.dll
0x140029470 wsprintfA
OLEAUT32.dll
0x140029438 VariantClear
SHLWAPI.dll
0x140029460 PathFindFileNameW
ADVAPI32.dll
0x140029000 RegCloseKey
0x140029008 RegOpenKeyExW
0x140029010 RegOpenKeyExA
0x140029018 RegSetValueExA
0x140029020 GetTokenInformation
0x140029028 GetUserNameW
0x140029030 AdjustTokenPrivileges
0x140029038 LookupPrivilegeValueA
0x140029040 OpenProcessToken
0x140029048 RegSetValueExW
WININET.dll
0x140029480 InternetOpenUrlW
0x140029488 InternetReadFile
0x140029490 InternetCloseHandle
0x140029498 HttpQueryInfoA
0x1400294a0 InternetOpenW
SHELL32.dll
0x140029448 SHGetFolderPathA
0x140029450 SHGetFolderPathW
KERNEL32.dll
0x140029058 IsValidLocaleName
0x140029060 LCMapStringEx
0x140029068 GetUserDefaultLocaleName
0x140029070 FreeEnvironmentStringsW
0x140029078 GetEnvironmentStringsW
0x140029080 GetTickCount64
0x140029088 QueryPerformanceCounter
0x140029090 EnumSystemLocalesEx
0x140029098 FlsFree
0x1400290a0 FlsSetValue
0x1400290a8 FlsGetValue
0x1400290b0 FlsAlloc
0x1400290b8 SetUnhandledExceptionFilter
0x1400290c0 UnhandledExceptionFilter
0x1400290c8 RtlVirtualUnwind
0x1400290d0 RtlCaptureContext
0x1400290d8 GetConsoleMode
0x1400290e0 GetConsoleCP
0x1400290e8 FlushFileBuffers
0x1400290f0 HeapReAlloc
0x1400290f8 LoadLibraryExW
0x140029100 OutputDebugStringW
0x140029108 ReadConsoleW
0x140029110 SetStdHandle
0x140029118 WriteConsoleW
0x140029120 GetModuleHandleW
0x140029128 UnmapViewOfFile
0x140029130 SetFilePointerEx
0x140029138 GetStartupInfoW
0x140029140 InitOnceExecuteOnce
0x140029148 GetFileType
0x140029150 HeapSize
0x140029158 GetStdHandle
0x140029160 GetModuleHandleExW
0x140029168 GetCurrentThreadId
0x140029170 GetThreadContext
0x140029178 GetTempFileNameW
0x140029180 GetFileSize
0x140029188 SetThreadContext
0x140029190 SetFilePointer
0x140029198 GetCurrentProcess
0x1400291a0 WaitForSingleObject
0x1400291a8 WriteFile
0x1400291b0 OpenProcess
0x1400291b8 GetSystemDirectoryW
0x1400291c0 LoadLibraryW
0x1400291c8 GetModuleFileNameW
0x1400291d0 CreateFileW
0x1400291d8 GetTempPathW
0x1400291e0 GetLastError
0x1400291e8 GetProcAddress
0x1400291f0 VirtualAllocEx
0x1400291f8 LoadLibraryA
0x140029200 GetModuleHandleA
0x140029208 Wow64SetThreadContext
0x140029210 CloseHandle
0x140029218 WriteProcessMemory
0x140029220 ResumeThread
0x140029228 Wow64GetThreadContext
0x140029230 CreateThread
0x140029238 HeapAlloc
0x140029240 GetProcessHeap
0x140029248 Sleep
0x140029250 Process32First
0x140029258 CreateRemoteThread
0x140029260 Process32Next
0x140029268 CreateToolhelp32Snapshot
0x140029270 VirtualProtectEx
0x140029278 ExitProcess
0x140029280 FindFirstFileW
0x140029288 MapViewOfFile
0x140029290 SetEndOfFile
0x140029298 CreateProcessW
0x1400292a0 CompareFileTime
0x1400292a8 VirtualFree
0x1400292b0 GetWindowsDirectoryA
0x1400292b8 GetProcessTimes
0x1400292c0 GetVolumeInformationA
0x1400292c8 CopyFileW
0x1400292d0 TerminateProcess
0x1400292d8 ReadFile
0x1400292e0 lstrcatA
0x1400292e8 CreateDirectoryA
0x1400292f0 VirtualAlloc
0x1400292f8 CopyFileA
0x140029300 SetFileAttributesA
0x140029308 FindClose
0x140029310 Process32FirstW
0x140029318 CreateFileMappingA
0x140029320 IsWow64Process
0x140029328 GetModuleFileNameA
0x140029330 Process32NextW
0x140029338 CreateMutexA
0x140029340 IsDebuggerPresent
0x140029348 FindNextFileW
0x140029350 DeleteFileW
0x140029358 SetFileAttributesW
0x140029360 ExpandEnvironmentStringsW
0x140029368 MultiByteToWideChar
0x140029370 WideCharToMultiByte
0x140029378 LocalFree
0x140029380 GetStringTypeW
0x140029388 EncodePointer
0x140029390 DecodePointer
0x140029398 EnterCriticalSection
0x1400293a0 LeaveCriticalSection
0x1400293a8 InitializeCriticalSectionEx
0x1400293b0 DeleteCriticalSection
0x1400293b8 GetLocaleInfoEx
0x1400293c0 HeapFree
0x1400293c8 GetCPInfo
0x1400293d0 IsProcessorFeaturePresent
0x1400293d8 GetSystemTimeAsFileTime
0x1400293e0 GetCommandLineW
0x1400293e8 RtlLookupFunctionEntry
0x1400293f0 RtlUnwindEx
0x1400293f8 RtlPcToFileHeader
0x140029400 RaiseException
0x140029408 InitializeCriticalSectionAndSpinCount
0x140029410 IsValidCodePage
0x140029418 GetACP
0x140029420 GetOEMCP
0x140029428 SetLastError
EAT(Export Address Table) Library
0x140003e14 Start