ScreenShot
| Created | 2024.08.07 10:09 | Machine | s1_win7_x6401 |
| Filename | az.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 17 detected (AIDetectMalware, malicious, moderate confidence, GenericRXNY, Vi6m, TrojanX, Detected, Uwamson, Zpevdo, Wapomi, FileInfector) | ||
| md5 | b9fcbae32e294854e2507179d4acef1c | ||
| sha256 | 5ee6cfb7dd10f7fecf03d515c60c8e319920ec1b99e9835f4fbcba8caa4b924c | ||
| ssdeep | 6144:EQEPWO/7+Ugo33uIH7/hjOlqkDVmaxR3psGoyj0mBZ0gTzzh6lOUepHiPVn5lXwM:EHv3LVOAkDVmaxR5sGb0KZ0e4 | ||
| imphash | 1738fefa50d0611937aaf1eda2e025f7 | ||
| impfuzzy | 96:11lwjmVfV0sephaYwQCoD1gNOvgv8yWRFSXR/4uVZrBBK:3q1gNOK8nSXRzVZrBBK | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x407024 GetSystemTimeAsFileTime
0x407028 GetCurrentProcessId
0x40702c GetCurrentThreadId
0x407030 GetTickCount
0x407034 QueryPerformanceCounter
0x407038 IsDebuggerPresent
0x40703c DeleteCriticalSection
0x407040 UnhandledExceptionFilter
0x407044 GetCurrentProcess
0x407048 TerminateProcess
0x40704c HeapSetInformation
0x407050 InterlockedCompareExchange
0x407054 InterlockedExchange
0x407058 DecodePointer
0x40705c EncodePointer
0x407060 CreateThread
0x407064 CloseHandle
0x407068 SetConsoleCtrlHandler
0x40706c Sleep
0x407070 TerminateThread
0x407074 InitializeCriticalSection
0x407078 EnterCriticalSection
0x40707c SetUnhandledExceptionFilter
0x407080 LeaveCriticalSection
0x407084 IsProcessorFeaturePresent
MSVCP100.dll
0x40708c ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x407090 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x407094 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x407098 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
0x40709c ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
0x4070a0 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x4070a4 ?_Xlength_error@std@@YAXPBD@Z
0x4070a8 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
MSVCR100.dll
0x4070b0 _fmode
0x4070b4 __set_app_type
0x4070b8 _crt_debugger_hook
0x4070bc ?terminate@@YAXXZ
0x4070c0 _commode
0x4070c4 _except_handler4_common
0x4070c8 _invoke_watson
0x4070cc _controlfp_s
0x4070d0 memcpy
0x4070d4 __CxxFrameHandler3
0x4070d8 __setusermatherr
0x4070dc _configthreadlocale
0x4070e0 _initterm_e
0x4070e4 _onexit
0x4070e8 _initterm
0x4070ec __initenv
0x4070f0 exit
0x4070f4 _XcptFilter
0x4070f8 _exit
0x4070fc _cexit
0x407100 __getmainargs
0x407104 ?_type_info_dtor_internal_method@type_info@@QAEXXZ
0x407108 _amsg_exit
0x40710c ?what@exception@std@@UBEPBDXZ
0x407110 ??1exception@std@@UAE@XZ
0x407114 ??0exception@std@@QAE@ABQBD@Z
0x407118 ??0exception@std@@QAE@ABV01@@Z
0x40711c memmove
0x407120 printf
0x407124 _purecall
0x407128 _CxxThrowException
0x40712c ??3@YAXPAX@Z
0x407130 ??2@YAPAXI@Z
0x407134 _unlock
0x407138 __dllonexit
0x40713c _lock
lua51.dll
0x407144 lua_newuserdata
0x407148 luaL_ref
0x40714c lua_topointer
0x407150 lua_pushlightuserdata
0x407154 lua_touserdata
0x407158 luaL_newstate
0x40715c luaL_openlibs
0x407160 lua_close
0x407164 luaL_loadbuffer
0x407168 lua_pushboolean
0x40716c luaL_unref
0x407170 lua_error
0x407174 lua_toboolean
0x407178 lua_pushlstring
0x40717c lua_tointeger
0x407180 lua_gettop
0x407184 lua_setmetatable
0x407188 lua_pushvalue
0x40718c luaL_checkudata
0x407190 lua_getfield
0x407194 lua_pushstring
0x407198 lua_pushinteger
0x40719c lua_remove
0x4071a0 lua_rawgeti
0x4071a4 lua_call
0x4071a8 lua_tonumber
0x4071ac lua_pushnil
0x4071b0 luaL_newmetatable
0x4071b4 lua_pushcclosure
0x4071b8 lua_setfield
0x4071bc lua_settable
0x4071c0 lua_type
0x4071c4 lua_rawset
0x4071c8 lua_createtable
0x4071cc lua_pushnumber
0x4071d0 lua_tolstring
0x4071d4 lua_settop
0x4071d8 lua_isuserdata
HPSocket.dll
0x407000 HP_Destroy_TcpPackClient
0x407004 HP_Create_TcpPackClient
0x407008 HP_Destroy_TcpPullClient
0x40700c HP_Create_TcpPackServer
0x407010 HP_Destroy_TcpPackServer
0x407014 HP_Destroy_TcpPullServer
0x407018 HP_Create_TcpPullServer
0x40701c HP_Create_TcpPullClient
EAT(Export Address Table) is none
KERNEL32.dll
0x407024 GetSystemTimeAsFileTime
0x407028 GetCurrentProcessId
0x40702c GetCurrentThreadId
0x407030 GetTickCount
0x407034 QueryPerformanceCounter
0x407038 IsDebuggerPresent
0x40703c DeleteCriticalSection
0x407040 UnhandledExceptionFilter
0x407044 GetCurrentProcess
0x407048 TerminateProcess
0x40704c HeapSetInformation
0x407050 InterlockedCompareExchange
0x407054 InterlockedExchange
0x407058 DecodePointer
0x40705c EncodePointer
0x407060 CreateThread
0x407064 CloseHandle
0x407068 SetConsoleCtrlHandler
0x40706c Sleep
0x407070 TerminateThread
0x407074 InitializeCriticalSection
0x407078 EnterCriticalSection
0x40707c SetUnhandledExceptionFilter
0x407080 LeaveCriticalSection
0x407084 IsProcessorFeaturePresent
MSVCP100.dll
0x40708c ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x407090 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x407094 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x407098 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
0x40709c ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
0x4070a0 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x4070a4 ?_Xlength_error@std@@YAXPBD@Z
0x4070a8 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
MSVCR100.dll
0x4070b0 _fmode
0x4070b4 __set_app_type
0x4070b8 _crt_debugger_hook
0x4070bc ?terminate@@YAXXZ
0x4070c0 _commode
0x4070c4 _except_handler4_common
0x4070c8 _invoke_watson
0x4070cc _controlfp_s
0x4070d0 memcpy
0x4070d4 __CxxFrameHandler3
0x4070d8 __setusermatherr
0x4070dc _configthreadlocale
0x4070e0 _initterm_e
0x4070e4 _onexit
0x4070e8 _initterm
0x4070ec __initenv
0x4070f0 exit
0x4070f4 _XcptFilter
0x4070f8 _exit
0x4070fc _cexit
0x407100 __getmainargs
0x407104 ?_type_info_dtor_internal_method@type_info@@QAEXXZ
0x407108 _amsg_exit
0x40710c ?what@exception@std@@UBEPBDXZ
0x407110 ??1exception@std@@UAE@XZ
0x407114 ??0exception@std@@QAE@ABQBD@Z
0x407118 ??0exception@std@@QAE@ABV01@@Z
0x40711c memmove
0x407120 printf
0x407124 _purecall
0x407128 _CxxThrowException
0x40712c ??3@YAXPAX@Z
0x407130 ??2@YAPAXI@Z
0x407134 _unlock
0x407138 __dllonexit
0x40713c _lock
lua51.dll
0x407144 lua_newuserdata
0x407148 luaL_ref
0x40714c lua_topointer
0x407150 lua_pushlightuserdata
0x407154 lua_touserdata
0x407158 luaL_newstate
0x40715c luaL_openlibs
0x407160 lua_close
0x407164 luaL_loadbuffer
0x407168 lua_pushboolean
0x40716c luaL_unref
0x407170 lua_error
0x407174 lua_toboolean
0x407178 lua_pushlstring
0x40717c lua_tointeger
0x407180 lua_gettop
0x407184 lua_setmetatable
0x407188 lua_pushvalue
0x40718c luaL_checkudata
0x407190 lua_getfield
0x407194 lua_pushstring
0x407198 lua_pushinteger
0x40719c lua_remove
0x4071a0 lua_rawgeti
0x4071a4 lua_call
0x4071a8 lua_tonumber
0x4071ac lua_pushnil
0x4071b0 luaL_newmetatable
0x4071b4 lua_pushcclosure
0x4071b8 lua_setfield
0x4071bc lua_settable
0x4071c0 lua_type
0x4071c4 lua_rawset
0x4071c8 lua_createtable
0x4071cc lua_pushnumber
0x4071d0 lua_tolstring
0x4071d4 lua_settop
0x4071d8 lua_isuserdata
HPSocket.dll
0x407000 HP_Destroy_TcpPackClient
0x407004 HP_Create_TcpPackClient
0x407008 HP_Destroy_TcpPullClient
0x40700c HP_Create_TcpPackServer
0x407010 HP_Destroy_TcpPackServer
0x407014 HP_Destroy_TcpPullServer
0x407018 HP_Create_TcpPullServer
0x40701c HP_Create_TcpPullClient
EAT(Export Address Table) is none