ScreenShot
| Created | 2024.08.02 07:47 | Machine | s1_win7_x6403 |
| Filename | 4434.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 56 detected (AIDetectMalware, malicious, high confidence, score, Zusy, Unsafe, Save, GenusT, DYRA, Attribute, HighConfidence, Kryptik, HXDB, Artemis, PWSX, Lazy, LummaStealer, tqR7QSnYTiP, Stealc, qpzok, YXEG5Z, high, Static AI, Malicious PE, Detected, ai score=89, Convagent, Eldorado, RedLine, R659669, ZexaF, zuW@aGqzCTf, GdSda, susgen, confidence, 100%) | ||
| md5 | 607c413d4698582cc147d0f0d8ce5ef1 | ||
| sha256 | 46a8a9d9c639503a3c8c9654c18917a9cedbed9c93babd14ef14c1e25282c0d5 | ||
| ssdeep | 6144:FmliDzugxTgexyJ4hgIR3oHu5VamKRUuCjdwZOeBSGJfaoZ0HmNKP7gnF/1p0IX:m8bxcextX5UmKRUuyQOeBtJpZ8Cd | ||
| imphash | 95d4113c25a148a48f2688574ed71076 | ||
| impfuzzy | 24:WjKiE+xXBKAWJkbJcpVGDBZ4t8GbJBl39r9OovbO3gv9FZ+GMACEZHu95:+zxX/WccpVG4t8G7pZo3y9FZo | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42a000 WaitForSingleObject
0x42a004 Sleep
0x42a008 CreateThread
0x42a00c VirtualAllocEx
0x42a010 FreeConsole
0x42a014 RaiseException
0x42a018 InitOnceBeginInitialize
0x42a01c InitOnceComplete
0x42a020 QueryPerformanceCounter
0x42a024 QueryPerformanceFrequency
0x42a028 CloseHandle
0x42a02c GetCurrentThreadId
0x42a030 ReleaseSRWLockExclusive
0x42a034 AcquireSRWLockExclusive
0x42a038 TryAcquireSRWLockExclusive
0x42a03c WakeAllConditionVariable
0x42a040 SleepConditionVariableSRW
0x42a044 WideCharToMultiByte
0x42a048 MultiByteToWideChar
0x42a04c GetStringTypeW
0x42a050 GetLastError
0x42a054 FreeLibraryWhenCallbackReturns
0x42a058 CreateThreadpoolWork
0x42a05c SubmitThreadpoolWork
0x42a060 CloseThreadpoolWork
0x42a064 GetModuleHandleExW
0x42a068 IsProcessorFeaturePresent
0x42a06c EnterCriticalSection
0x42a070 LeaveCriticalSection
0x42a074 InitializeCriticalSectionEx
0x42a078 DeleteCriticalSection
0x42a07c GetSystemTimeAsFileTime
0x42a080 GetModuleHandleW
0x42a084 GetProcAddress
0x42a088 EncodePointer
0x42a08c DecodePointer
0x42a090 LCMapStringEx
0x42a094 GetCPInfo
0x42a098 IsDebuggerPresent
0x42a09c UnhandledExceptionFilter
0x42a0a0 SetUnhandledExceptionFilter
0x42a0a4 GetStartupInfoW
0x42a0a8 GetCurrentProcess
0x42a0ac TerminateProcess
0x42a0b0 GetCurrentProcessId
0x42a0b4 InitializeSListHead
0x42a0b8 CreateFileW
0x42a0bc RtlUnwind
0x42a0c0 SetLastError
0x42a0c4 InitializeCriticalSectionAndSpinCount
0x42a0c8 TlsAlloc
0x42a0cc TlsGetValue
0x42a0d0 TlsSetValue
0x42a0d4 TlsFree
0x42a0d8 FreeLibrary
0x42a0dc LoadLibraryExW
0x42a0e0 ExitProcess
0x42a0e4 GetModuleFileNameW
0x42a0e8 GetStdHandle
0x42a0ec WriteFile
0x42a0f0 GetCommandLineA
0x42a0f4 GetCommandLineW
0x42a0f8 HeapAlloc
0x42a0fc HeapFree
0x42a100 GetFileType
0x42a104 CompareStringW
0x42a108 LCMapStringW
0x42a10c GetLocaleInfoW
0x42a110 IsValidLocale
0x42a114 GetUserDefaultLCID
0x42a118 EnumSystemLocalesW
0x42a11c GetFileSizeEx
0x42a120 SetFilePointerEx
0x42a124 FlushFileBuffers
0x42a128 GetConsoleOutputCP
0x42a12c GetConsoleMode
0x42a130 ReadFile
0x42a134 ReadConsoleW
0x42a138 HeapReAlloc
0x42a13c FindClose
0x42a140 FindFirstFileExW
0x42a144 FindNextFileW
0x42a148 IsValidCodePage
0x42a14c GetACP
0x42a150 GetOEMCP
0x42a154 GetEnvironmentStringsW
0x42a158 FreeEnvironmentStringsW
0x42a15c SetEnvironmentVariableW
0x42a160 GetProcessHeap
0x42a164 SetStdHandle
0x42a168 HeapSize
0x42a16c WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x42a000 WaitForSingleObject
0x42a004 Sleep
0x42a008 CreateThread
0x42a00c VirtualAllocEx
0x42a010 FreeConsole
0x42a014 RaiseException
0x42a018 InitOnceBeginInitialize
0x42a01c InitOnceComplete
0x42a020 QueryPerformanceCounter
0x42a024 QueryPerformanceFrequency
0x42a028 CloseHandle
0x42a02c GetCurrentThreadId
0x42a030 ReleaseSRWLockExclusive
0x42a034 AcquireSRWLockExclusive
0x42a038 TryAcquireSRWLockExclusive
0x42a03c WakeAllConditionVariable
0x42a040 SleepConditionVariableSRW
0x42a044 WideCharToMultiByte
0x42a048 MultiByteToWideChar
0x42a04c GetStringTypeW
0x42a050 GetLastError
0x42a054 FreeLibraryWhenCallbackReturns
0x42a058 CreateThreadpoolWork
0x42a05c SubmitThreadpoolWork
0x42a060 CloseThreadpoolWork
0x42a064 GetModuleHandleExW
0x42a068 IsProcessorFeaturePresent
0x42a06c EnterCriticalSection
0x42a070 LeaveCriticalSection
0x42a074 InitializeCriticalSectionEx
0x42a078 DeleteCriticalSection
0x42a07c GetSystemTimeAsFileTime
0x42a080 GetModuleHandleW
0x42a084 GetProcAddress
0x42a088 EncodePointer
0x42a08c DecodePointer
0x42a090 LCMapStringEx
0x42a094 GetCPInfo
0x42a098 IsDebuggerPresent
0x42a09c UnhandledExceptionFilter
0x42a0a0 SetUnhandledExceptionFilter
0x42a0a4 GetStartupInfoW
0x42a0a8 GetCurrentProcess
0x42a0ac TerminateProcess
0x42a0b0 GetCurrentProcessId
0x42a0b4 InitializeSListHead
0x42a0b8 CreateFileW
0x42a0bc RtlUnwind
0x42a0c0 SetLastError
0x42a0c4 InitializeCriticalSectionAndSpinCount
0x42a0c8 TlsAlloc
0x42a0cc TlsGetValue
0x42a0d0 TlsSetValue
0x42a0d4 TlsFree
0x42a0d8 FreeLibrary
0x42a0dc LoadLibraryExW
0x42a0e0 ExitProcess
0x42a0e4 GetModuleFileNameW
0x42a0e8 GetStdHandle
0x42a0ec WriteFile
0x42a0f0 GetCommandLineA
0x42a0f4 GetCommandLineW
0x42a0f8 HeapAlloc
0x42a0fc HeapFree
0x42a100 GetFileType
0x42a104 CompareStringW
0x42a108 LCMapStringW
0x42a10c GetLocaleInfoW
0x42a110 IsValidLocale
0x42a114 GetUserDefaultLCID
0x42a118 EnumSystemLocalesW
0x42a11c GetFileSizeEx
0x42a120 SetFilePointerEx
0x42a124 FlushFileBuffers
0x42a128 GetConsoleOutputCP
0x42a12c GetConsoleMode
0x42a130 ReadFile
0x42a134 ReadConsoleW
0x42a138 HeapReAlloc
0x42a13c FindClose
0x42a140 FindFirstFileExW
0x42a144 FindNextFileW
0x42a148 IsValidCodePage
0x42a14c GetACP
0x42a150 GetOEMCP
0x42a154 GetEnvironmentStringsW
0x42a158 FreeEnvironmentStringsW
0x42a15c SetEnvironmentVariableW
0x42a160 GetProcessHeap
0x42a164 SetStdHandle
0x42a168 HeapSize
0x42a16c WriteConsoleW
EAT(Export Address Table) is none