ScreenShot
| Created | 2024.08.05 10:55 | Machine | s1_win7_x6403 |
| Filename | mass.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 44 detected (Hacktool, Masscan, Malicious, score, GenericRXGX, Unsafe, Vh90, Attribute, HighConfidence, NetTool, A potentially unsafe, ahmz, iudsyy, ET#92%, YzY0OrH7+0cfq2oQ, Tool, R06BC0DBT24, Generic Reputation PUA, ai score=100, Casdet, Portscan, ZexaF, muW@aSMXYMli, susgen, grayware, confidence) | ||
| md5 | 197f78ed2328b1369153eda070489805 | ||
| sha256 | 837dc4e83fcefc8334384c88d672eb2dee31bceb64657ca7bb4322536a810192 | ||
| ssdeep | 3072:iVLwTJhLB6Da/dJaBITodleeTx0qbhaStTnK65gnF9RzNxEugH8No2:0wTHL8O/dJamodle+0QAonK6ezwH8y2 | ||
| imphash | dbc496501480f6d5744db73bbec0b742 | ||
| impfuzzy | 48:3u1yLZd5kyMnV4a5hZGa507O5ZldfguhKTo//DO6T:3u1yLj5kyMOa5PnS7WTY4K2O6T | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x420008 LoadLibraryA
0x42000c GetModuleFileNameA
0x420010 CreateFileA
0x420014 GetLastError
0x420018 GetProcessAffinityMask
0x42001c QueryPerformanceCounter
0x420020 GetSystemTimeAsFileTime
0x420024 Sleep
0x420028 GetProcAddress
0x42002c GetCurrentProcessId
0x420030 GetCurrentThreadId
0x420034 GetTickCount
0x420038 DecodePointer
0x42003c IsDebuggerPresent
0x420040 SetUnhandledExceptionFilter
0x420044 UnhandledExceptionFilter
0x420048 TerminateProcess
0x42004c EncodePointer
0x420050 HeapSetInformation
0x420054 InterlockedCompareExchange
0x420058 InterlockedExchange
0x42005c QueryPerformanceFrequency
0x420060 GetCurrentProcess
0x420064 IsProcessorFeaturePresent
MSVCR100.dll
0x42006c fwrite
0x420070 _gmtime64_s
0x420074 strftime
0x420078 isdigit
0x42007c _localtime64_s
0x420080 signal
0x420084 _open_osfhandle
0x420088 _fdopen
0x42008c memmove
0x420090 isspace
0x420094 toupper
0x420098 _memicmp
0x42009c isalnum
0x4200a0 ispunct
0x4200a4 isprint
0x4200a8 fflush
0x4200ac tolower
0x4200b0 vfprintf
0x4200b4 feof
0x4200b8 fgets
0x4200bc isalpha
0x4200c0 isxdigit
0x4200c4 getc
0x4200c8 clock
0x4200cc rename
0x4200d0 _access
0x4200d4 _errno
0x4200d8 _beginthread
0x4200dc _mktime64
0x4200e0 _ftelli64
0x4200e4 strstr
0x4200e8 _fseeki64
0x4200ec _snprintf
0x4200f0 fopen
0x4200f4 ftell
0x4200f8 fseek
0x4200fc fclose
0x420100 atoi
0x420104 strerror
0x420108 _amsg_exit
0x42010c __getmainargs
0x420110 _cexit
0x420114 _exit
0x420118 _XcptFilter
0x42011c __initenv
0x420120 _initterm
0x420124 _initterm_e
0x420128 _configthreadlocale
0x42012c __setusermatherr
0x420130 _commode
0x420134 _fmode
0x420138 __set_app_type
0x42013c _crt_debugger_hook
0x420140 ?terminate@@YAXXZ
0x420144 _unlock
0x420148 __dllonexit
0x42014c _lock
0x420150 _onexit
0x420154 _except_handler4_common
0x420158 _invoke_watson
0x42015c _controlfp_s
0x420160 _CIsqrt
0x420164 memset
0x420168 memcpy
0x42016c __iob_func
0x420170 fprintf
0x420174 _time64
0x420178 malloc
0x42017c exit
0x420180 printf
0x420184 strtoul
0x420188 fread
0x42018c sprintf_s
0x420190 strchr
0x420194 strcpy_s
0x420198 perror
0x42019c free
0x4201a0 fopen_s
0x4201a4 _stat64i32
WS2_32.dll
0x4201ac recv
0x4201b0 select
0x4201b4 WSAStartup
0x4201b8 socket
0x4201bc htons
0x4201c0 htonl
0x4201c4 connect
0x4201c8 send
IPHLPAPI.DLL
0x420000 GetAdaptersInfo
wpcap.dll
0x4201d0 pcap_compile
0x4201d4 pcap_sendqueue_transmit
0x4201d8 pcap_findalldevs
0x4201dc pcap_datalink_val_to_name
0x4201e0 pcap_next
0x4201e4 pcap_perror
0x4201e8 pcap_sendqueue_alloc
0x4201ec pcap_open_live
0x4201f0 pcap_close
0x4201f4 pcap_setfilter
0x4201f8 pcap_sendpacket
0x4201fc pcap_datalink
0x420200 pcap_sendqueue_destroy
0x420204 pcap_sendqueue_queue
0x420208 pcap_lib_version
EAT(Export Address Table) is none
KERNEL32.dll
0x420008 LoadLibraryA
0x42000c GetModuleFileNameA
0x420010 CreateFileA
0x420014 GetLastError
0x420018 GetProcessAffinityMask
0x42001c QueryPerformanceCounter
0x420020 GetSystemTimeAsFileTime
0x420024 Sleep
0x420028 GetProcAddress
0x42002c GetCurrentProcessId
0x420030 GetCurrentThreadId
0x420034 GetTickCount
0x420038 DecodePointer
0x42003c IsDebuggerPresent
0x420040 SetUnhandledExceptionFilter
0x420044 UnhandledExceptionFilter
0x420048 TerminateProcess
0x42004c EncodePointer
0x420050 HeapSetInformation
0x420054 InterlockedCompareExchange
0x420058 InterlockedExchange
0x42005c QueryPerformanceFrequency
0x420060 GetCurrentProcess
0x420064 IsProcessorFeaturePresent
MSVCR100.dll
0x42006c fwrite
0x420070 _gmtime64_s
0x420074 strftime
0x420078 isdigit
0x42007c _localtime64_s
0x420080 signal
0x420084 _open_osfhandle
0x420088 _fdopen
0x42008c memmove
0x420090 isspace
0x420094 toupper
0x420098 _memicmp
0x42009c isalnum
0x4200a0 ispunct
0x4200a4 isprint
0x4200a8 fflush
0x4200ac tolower
0x4200b0 vfprintf
0x4200b4 feof
0x4200b8 fgets
0x4200bc isalpha
0x4200c0 isxdigit
0x4200c4 getc
0x4200c8 clock
0x4200cc rename
0x4200d0 _access
0x4200d4 _errno
0x4200d8 _beginthread
0x4200dc _mktime64
0x4200e0 _ftelli64
0x4200e4 strstr
0x4200e8 _fseeki64
0x4200ec _snprintf
0x4200f0 fopen
0x4200f4 ftell
0x4200f8 fseek
0x4200fc fclose
0x420100 atoi
0x420104 strerror
0x420108 _amsg_exit
0x42010c __getmainargs
0x420110 _cexit
0x420114 _exit
0x420118 _XcptFilter
0x42011c __initenv
0x420120 _initterm
0x420124 _initterm_e
0x420128 _configthreadlocale
0x42012c __setusermatherr
0x420130 _commode
0x420134 _fmode
0x420138 __set_app_type
0x42013c _crt_debugger_hook
0x420140 ?terminate@@YAXXZ
0x420144 _unlock
0x420148 __dllonexit
0x42014c _lock
0x420150 _onexit
0x420154 _except_handler4_common
0x420158 _invoke_watson
0x42015c _controlfp_s
0x420160 _CIsqrt
0x420164 memset
0x420168 memcpy
0x42016c __iob_func
0x420170 fprintf
0x420174 _time64
0x420178 malloc
0x42017c exit
0x420180 printf
0x420184 strtoul
0x420188 fread
0x42018c sprintf_s
0x420190 strchr
0x420194 strcpy_s
0x420198 perror
0x42019c free
0x4201a0 fopen_s
0x4201a4 _stat64i32
WS2_32.dll
0x4201ac recv
0x4201b0 select
0x4201b4 WSAStartup
0x4201b8 socket
0x4201bc htons
0x4201c0 htonl
0x4201c4 connect
0x4201c8 send
IPHLPAPI.DLL
0x420000 GetAdaptersInfo
wpcap.dll
0x4201d0 pcap_compile
0x4201d4 pcap_sendqueue_transmit
0x4201d8 pcap_findalldevs
0x4201dc pcap_datalink_val_to_name
0x4201e0 pcap_next
0x4201e4 pcap_perror
0x4201e8 pcap_sendqueue_alloc
0x4201ec pcap_open_live
0x4201f0 pcap_close
0x4201f4 pcap_setfilter
0x4201f8 pcap_sendpacket
0x4201fc pcap_datalink
0x420200 pcap_sendqueue_destroy
0x420204 pcap_sendqueue_queue
0x420208 pcap_lib_version
EAT(Export Address Table) is none