ScreenShot
| Created | 2024.08.01 15:16 | Machine | s1_win7_x6401 |
| Filename | lasjdflakdsjf.pdf.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 14 detected (AIDetectMalware, HToolWinGo, unsafe, malicious, high confidence, a variant of WinGo, WinGo, Detected, Wacatac, Static AI, Suspicious PE, susgen) | ||
| md5 | 9de2806368f77203832f5b4b421af88f | ||
| sha256 | e1b08a14812ef252294f0ca6df3c86d10203a407029684734e5118df0f75e845 | ||
| ssdeep | 49152:37HCl6NqBDHGrb/T5vO90d7HjmAFd4A64nsfJ0WNm14JKRxbh1TBOt7uCG/4LZsm:DqlM1euC2/iEJw | ||
| imphash | f0ea7b7844bbc5bfa9bb32efdcea957c | ||
| impfuzzy | 24:UbVjh9wO+VuT2oLtXOr6kwmDruMztxdEr6tP:GwO+VAXOmGx0oP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects the presence of Wine emulator |
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x861200 WriteFile
0x861208 WriteConsoleW
0x861210 WaitForMultipleObjects
0x861218 WaitForSingleObject
0x861220 VirtualQuery
0x861228 VirtualFree
0x861230 VirtualAlloc
0x861238 TlsAlloc
0x861240 SwitchToThread
0x861248 SuspendThread
0x861250 SetWaitableTimer
0x861258 SetUnhandledExceptionFilter
0x861260 SetProcessPriorityBoost
0x861268 SetEvent
0x861270 SetErrorMode
0x861278 SetConsoleCtrlHandler
0x861280 ResumeThread
0x861288 PostQueuedCompletionStatus
0x861290 LoadLibraryA
0x861298 LoadLibraryW
0x8612a0 SetThreadContext
0x8612a8 GetThreadContext
0x8612b0 GetSystemInfo
0x8612b8 GetSystemDirectoryA
0x8612c0 GetStdHandle
0x8612c8 GetQueuedCompletionStatusEx
0x8612d0 GetProcessAffinityMask
0x8612d8 GetProcAddress
0x8612e0 GetEnvironmentStringsW
0x8612e8 GetConsoleMode
0x8612f0 FreeEnvironmentStringsW
0x8612f8 ExitProcess
0x861300 DuplicateHandle
0x861308 CreateWaitableTimerExW
0x861310 CreateThread
0x861318 CreateIoCompletionPort
0x861320 CreateFileA
0x861328 CreateEventA
0x861330 CloseHandle
0x861338 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x861200 WriteFile
0x861208 WriteConsoleW
0x861210 WaitForMultipleObjects
0x861218 WaitForSingleObject
0x861220 VirtualQuery
0x861228 VirtualFree
0x861230 VirtualAlloc
0x861238 TlsAlloc
0x861240 SwitchToThread
0x861248 SuspendThread
0x861250 SetWaitableTimer
0x861258 SetUnhandledExceptionFilter
0x861260 SetProcessPriorityBoost
0x861268 SetEvent
0x861270 SetErrorMode
0x861278 SetConsoleCtrlHandler
0x861280 ResumeThread
0x861288 PostQueuedCompletionStatus
0x861290 LoadLibraryA
0x861298 LoadLibraryW
0x8612a0 SetThreadContext
0x8612a8 GetThreadContext
0x8612b0 GetSystemInfo
0x8612b8 GetSystemDirectoryA
0x8612c0 GetStdHandle
0x8612c8 GetQueuedCompletionStatusEx
0x8612d0 GetProcessAffinityMask
0x8612d8 GetProcAddress
0x8612e0 GetEnvironmentStringsW
0x8612e8 GetConsoleMode
0x8612f0 FreeEnvironmentStringsW
0x8612f8 ExitProcess
0x861300 DuplicateHandle
0x861308 CreateWaitableTimerExW
0x861310 CreateThread
0x861318 CreateIoCompletionPort
0x861320 CreateFileA
0x861328 CreateEventA
0x861330 CloseHandle
0x861338 AddVectoredExceptionHandler
EAT(Export Address Table) is none