ScreenShot
| Created | 2024.08.06 09:34 | Machine | s1_win7_x6403 |
| Filename | las.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 5 detected (AIDetectMalware, Malicious, Casdet, susgen) | ||
| md5 | 85bad58c9f0f03e85e7989dc7fb3eafe | ||
| sha256 | 47f6f8b908444fb7ef48f2e84977c65dd9a15ce3333b69179b7fd038b1732a16 | ||
| ssdeep | 384:niRa+DA+kP4VyrbG/pG11JeEZwEfdyxSGU2TDZqCuQpHqBJdy:ckAwspaLaEfsoV2Bq0pHWJ | ||
| imphash | b0f30335dd8aa3d3d50e923c90bb6275 | ||
| impfuzzy | 96:8MqgPCE1WY4EA6qEhxCNOA9z2UrygR8vTLq:KqUrygF | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
MSVCP140.dll
0x140005080 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
0x140005088 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
0x140005090 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
0x140005098 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
0x1400050a0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400050a8 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400050b0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400050b8 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400050c0 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400050c8 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400050d0 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400050d8 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400050e0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400050e8 ?_Xlength_error@std@@YAXPEBD@Z
0x1400050f0 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400050f8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x140005100 ?uncaught_exception@std@@YA_NXZ
Secur32.dll
0x140005110 AddSecurityPackageA
VCRUNTIME140_1.dll
0x140005180 __CxxFrameHandler4
VCRUNTIME140.dll
0x140005120 __current_exception_context
0x140005128 __current_exception
0x140005130 _CxxThrowException
0x140005138 __C_specific_handler
0x140005140 memset
0x140005148 __std_exception_copy
0x140005150 memmove
0x140005158 __std_exception_destroy
0x140005160 memcpy
0x140005168 __std_terminate
0x140005170 memcmp
api-ms-win-crt-string-l1-1-0.dll
0x1400052b0 wcsncpy
0x1400052b8 wcsnlen
0x1400052c0 wcsncat
0x1400052c8 strncmp
api-ms-win-crt-convert-l1-1-0.dll
0x140005190 mbstowcs
api-ms-win-crt-stdio-l1-1-0.dll
0x140005288 _set_fmode
0x140005290 __stdio_common_vfprintf
0x140005298 __acrt_iob_func
0x1400052a0 __p__commode
api-ms-win-crt-runtime-l1-1-0.dll
0x1400051e8 _register_thread_local_exe_atexit_callback
0x1400051f0 _c_exit
0x1400051f8 _initterm_e
0x140005200 __p___argv
0x140005208 terminate
0x140005210 _get_initial_narrow_environment
0x140005218 __p___argc
0x140005220 _set_app_type
0x140005228 _seh_filter_exe
0x140005230 _configure_narrow_argv
0x140005238 exit
0x140005240 _initterm
0x140005248 _exit
0x140005250 _crt_atexit
0x140005258 _register_onexit_function
0x140005260 _initialize_onexit_table
0x140005268 _initialize_narrow_environment
0x140005270 _cexit
0x140005278 _invalid_parameter_noinfo_noreturn
api-ms-win-crt-heap-l1-1-0.dll
0x1400051a0 _callnewh
0x1400051a8 _set_new_mode
0x1400051b0 free
0x1400051b8 malloc
api-ms-win-crt-math-l1-1-0.dll
0x1400051d8 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x1400051c8 _configthreadlocale
KERNEL32.dll
0x140005000 RtlCaptureContext
0x140005008 InitializeSListHead
0x140005010 GetCurrentThreadId
0x140005018 GetCurrentProcessId
0x140005020 QueryPerformanceCounter
0x140005028 GetModuleHandleW
0x140005030 IsDebuggerPresent
0x140005038 IsProcessorFeaturePresent
0x140005040 TerminateProcess
0x140005048 GetCurrentProcess
0x140005050 SetUnhandledExceptionFilter
0x140005058 UnhandledExceptionFilter
0x140005060 RtlVirtualUnwind
0x140005068 RtlLookupFunctionEntry
0x140005070 GetSystemTimeAsFileTime
EAT(Export Address Table) is none
MSVCP140.dll
0x140005080 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
0x140005088 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
0x140005090 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
0x140005098 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
0x1400050a0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400050a8 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400050b0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400050b8 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400050c0 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400050c8 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400050d0 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400050d8 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400050e0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400050e8 ?_Xlength_error@std@@YAXPEBD@Z
0x1400050f0 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400050f8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x140005100 ?uncaught_exception@std@@YA_NXZ
Secur32.dll
0x140005110 AddSecurityPackageA
VCRUNTIME140_1.dll
0x140005180 __CxxFrameHandler4
VCRUNTIME140.dll
0x140005120 __current_exception_context
0x140005128 __current_exception
0x140005130 _CxxThrowException
0x140005138 __C_specific_handler
0x140005140 memset
0x140005148 __std_exception_copy
0x140005150 memmove
0x140005158 __std_exception_destroy
0x140005160 memcpy
0x140005168 __std_terminate
0x140005170 memcmp
api-ms-win-crt-string-l1-1-0.dll
0x1400052b0 wcsncpy
0x1400052b8 wcsnlen
0x1400052c0 wcsncat
0x1400052c8 strncmp
api-ms-win-crt-convert-l1-1-0.dll
0x140005190 mbstowcs
api-ms-win-crt-stdio-l1-1-0.dll
0x140005288 _set_fmode
0x140005290 __stdio_common_vfprintf
0x140005298 __acrt_iob_func
0x1400052a0 __p__commode
api-ms-win-crt-runtime-l1-1-0.dll
0x1400051e8 _register_thread_local_exe_atexit_callback
0x1400051f0 _c_exit
0x1400051f8 _initterm_e
0x140005200 __p___argv
0x140005208 terminate
0x140005210 _get_initial_narrow_environment
0x140005218 __p___argc
0x140005220 _set_app_type
0x140005228 _seh_filter_exe
0x140005230 _configure_narrow_argv
0x140005238 exit
0x140005240 _initterm
0x140005248 _exit
0x140005250 _crt_atexit
0x140005258 _register_onexit_function
0x140005260 _initialize_onexit_table
0x140005268 _initialize_narrow_environment
0x140005270 _cexit
0x140005278 _invalid_parameter_noinfo_noreturn
api-ms-win-crt-heap-l1-1-0.dll
0x1400051a0 _callnewh
0x1400051a8 _set_new_mode
0x1400051b0 free
0x1400051b8 malloc
api-ms-win-crt-math-l1-1-0.dll
0x1400051d8 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x1400051c8 _configthreadlocale
KERNEL32.dll
0x140005000 RtlCaptureContext
0x140005008 InitializeSListHead
0x140005010 GetCurrentThreadId
0x140005018 GetCurrentProcessId
0x140005020 QueryPerformanceCounter
0x140005028 GetModuleHandleW
0x140005030 IsDebuggerPresent
0x140005038 IsProcessorFeaturePresent
0x140005040 TerminateProcess
0x140005048 GetCurrentProcess
0x140005050 SetUnhandledExceptionFilter
0x140005058 UnhandledExceptionFilter
0x140005060 RtlVirtualUnwind
0x140005068 RtlLookupFunctionEntry
0x140005070 GetSystemTimeAsFileTime
EAT(Export Address Table) is none