ScreenShot
| Created | 2024.08.02 17:24 | Machine | s1_win7_x6403 |
| Filename | build_2024-07-24_23-16.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 56 detected (AIDetectMalware, malicious, high confidence, score, Stop, MultiPlug, Artemis, Unsafe, Midie, Kryptik, V7o3, Attribute, HighConfidence, HXPA, PWSX, Smokeloader, Mokes, CLASSIC, gcwhe, Steam, VIDAR, YXEHBZ, Real Protect, high, Krypt, Static AI, Malicious PE, Detected, ai score=82, IH4DBM, ABTrojan, IERX, R658943, ZexaF, my0@aKlV0boG, BScope, Genetic, Osmw, susgen, GenKryptik, HADR, confidence, 100%, GTJ2XJC) | ||
| md5 | 72bcb9136fde10fdddfaa593f2cdfe42 | ||
| sha256 | bb38168a3222858c6b499dfceec3e3dc9055777b91869dbece107c241d97c436 | ||
| ssdeep | 6144:jcpL70IqhJWQf2v8m1I5UIi0NJ8IyLHiS:j0cICJWQfXmS5UIv8IsC | ||
| imphash | 4a47d3b31c76c5bfdd3a0e7c8325aa10 | ||
| impfuzzy | 24:kYuOoLkrNdTcDj6CjpQdgcfdY0cHuOZyv4/J3IjT4QjMFluvMI:kYDNd1CFQdgcfjMueMcds0I | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| watch | Looks for the Windows Idle Time to determine the uptime |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x425000 GetNumaProcessorNode
0x425004 SetUnhandledExceptionFilter
0x425008 FindCloseChangeNotification
0x42500c SetVolumeMountPointW
0x425010 FreeEnvironmentStringsA
0x425014 GetModuleHandleW
0x425018 GetSystemTimes
0x42501c LoadLibraryW
0x425020 Sleep
0x425024 WriteConsoleW
0x425028 GetConsoleAliasesW
0x42502c InterlockedExchange
0x425030 GetLastError
0x425034 GetProcAddress
0x425038 GetAtomNameA
0x42503c LoadLibraryA
0x425040 OpenWaitableTimerW
0x425044 LocalAlloc
0x425048 SetFileApisToANSI
0x42504c GetCommMask
0x425050 OpenJobObjectW
0x425054 CreateWaitableTimerW
0x425058 EnumDateFormatsW
0x42505c FindFirstVolumeA
0x425060 HeapAlloc
0x425064 HeapReAlloc
0x425068 GetStartupInfoW
0x42506c TerminateProcess
0x425070 GetCurrentProcess
0x425074 UnhandledExceptionFilter
0x425078 IsDebuggerPresent
0x42507c DeleteCriticalSection
0x425080 LeaveCriticalSection
0x425084 EnterCriticalSection
0x425088 HeapFree
0x42508c VirtualFree
0x425090 VirtualAlloc
0x425094 HeapCreate
0x425098 ExitProcess
0x42509c WriteFile
0x4250a0 GetStdHandle
0x4250a4 GetModuleFileNameA
0x4250a8 GetModuleFileNameW
0x4250ac FreeEnvironmentStringsW
0x4250b0 GetEnvironmentStringsW
0x4250b4 GetCommandLineW
0x4250b8 SetHandleCount
0x4250bc GetFileType
0x4250c0 GetStartupInfoA
0x4250c4 TlsGetValue
0x4250c8 TlsAlloc
0x4250cc TlsSetValue
0x4250d0 TlsFree
0x4250d4 InterlockedIncrement
0x4250d8 SetLastError
0x4250dc GetCurrentThreadId
0x4250e0 InterlockedDecrement
0x4250e4 QueryPerformanceCounter
0x4250e8 GetTickCount
0x4250ec GetCurrentProcessId
0x4250f0 GetSystemTimeAsFileTime
0x4250f4 SetFilePointer
0x4250f8 WideCharToMultiByte
0x4250fc GetConsoleCP
0x425100 GetConsoleMode
0x425104 GetCPInfo
0x425108 GetACP
0x42510c GetOEMCP
0x425110 IsValidCodePage
0x425114 InitializeCriticalSectionAndSpinCount
0x425118 RtlUnwind
0x42511c SetStdHandle
0x425120 WriteConsoleA
0x425124 GetConsoleOutputCP
0x425128 MultiByteToWideChar
0x42512c LCMapStringA
0x425130 LCMapStringW
0x425134 GetStringTypeA
0x425138 GetStringTypeW
0x42513c GetLocaleInfoA
0x425140 HeapSize
0x425144 FlushFileBuffers
0x425148 CreateFileA
0x42514c CloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x425000 GetNumaProcessorNode
0x425004 SetUnhandledExceptionFilter
0x425008 FindCloseChangeNotification
0x42500c SetVolumeMountPointW
0x425010 FreeEnvironmentStringsA
0x425014 GetModuleHandleW
0x425018 GetSystemTimes
0x42501c LoadLibraryW
0x425020 Sleep
0x425024 WriteConsoleW
0x425028 GetConsoleAliasesW
0x42502c InterlockedExchange
0x425030 GetLastError
0x425034 GetProcAddress
0x425038 GetAtomNameA
0x42503c LoadLibraryA
0x425040 OpenWaitableTimerW
0x425044 LocalAlloc
0x425048 SetFileApisToANSI
0x42504c GetCommMask
0x425050 OpenJobObjectW
0x425054 CreateWaitableTimerW
0x425058 EnumDateFormatsW
0x42505c FindFirstVolumeA
0x425060 HeapAlloc
0x425064 HeapReAlloc
0x425068 GetStartupInfoW
0x42506c TerminateProcess
0x425070 GetCurrentProcess
0x425074 UnhandledExceptionFilter
0x425078 IsDebuggerPresent
0x42507c DeleteCriticalSection
0x425080 LeaveCriticalSection
0x425084 EnterCriticalSection
0x425088 HeapFree
0x42508c VirtualFree
0x425090 VirtualAlloc
0x425094 HeapCreate
0x425098 ExitProcess
0x42509c WriteFile
0x4250a0 GetStdHandle
0x4250a4 GetModuleFileNameA
0x4250a8 GetModuleFileNameW
0x4250ac FreeEnvironmentStringsW
0x4250b0 GetEnvironmentStringsW
0x4250b4 GetCommandLineW
0x4250b8 SetHandleCount
0x4250bc GetFileType
0x4250c0 GetStartupInfoA
0x4250c4 TlsGetValue
0x4250c8 TlsAlloc
0x4250cc TlsSetValue
0x4250d0 TlsFree
0x4250d4 InterlockedIncrement
0x4250d8 SetLastError
0x4250dc GetCurrentThreadId
0x4250e0 InterlockedDecrement
0x4250e4 QueryPerformanceCounter
0x4250e8 GetTickCount
0x4250ec GetCurrentProcessId
0x4250f0 GetSystemTimeAsFileTime
0x4250f4 SetFilePointer
0x4250f8 WideCharToMultiByte
0x4250fc GetConsoleCP
0x425100 GetConsoleMode
0x425104 GetCPInfo
0x425108 GetACP
0x42510c GetOEMCP
0x425110 IsValidCodePage
0x425114 InitializeCriticalSectionAndSpinCount
0x425118 RtlUnwind
0x42511c SetStdHandle
0x425120 WriteConsoleA
0x425124 GetConsoleOutputCP
0x425128 MultiByteToWideChar
0x42512c LCMapStringA
0x425130 LCMapStringW
0x425134 GetStringTypeA
0x425138 GetStringTypeW
0x42513c GetLocaleInfoA
0x425140 HeapSize
0x425144 FlushFileBuffers
0x425148 CreateFileA
0x42514c CloseHandle
EAT(Export Address Table) is none