ScreenShot
| Created | 2024.08.08 14:42 | Machine | s1_win7_x6401 |
| Filename | 66b274e0e1b95_shapr3D.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 42 detected (AIDetectMalware, Injuke, malicious, high confidence, score, V22i, Attribute, HighConfidence, a variant of WinGo, Artemis, oezw, AGEN, PRIVATELOADER, YXEHFZ, WinGo, Detected, ai score=83, Sabsik, OMQHIY, ABTrojan, YCJP, SmartDriverUpdater, Gencirc) | ||
| md5 | a80b3beac20e2a5d805c51c36ba14a53 | ||
| sha256 | fc678f0540da23c49928f774b88856d297ae5732f48e154279a78da2ff4af566 | ||
| ssdeep | 98304:JZa9tkJCVhrpvIVymuxZtNUbh/oEBc/pWltsqF:7a7DvIVy9tGblBBbF | ||
| imphash | 5929190c8765f5bc37b052ab5c6c53e7 | ||
| impfuzzy | 48:qJrKxMCy9cmwKeFR+2u42xQ2HpdXiX1PJOmSnlTJGfYJ861k1vcqTjz:qJexMCyamCRHu42xQ2HPXiX1PgblTJGh | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140ef647c AddAtomA
0x140ef6484 AddVectoredExceptionHandler
0x140ef648c CloseHandle
0x140ef6494 CreateEventA
0x140ef649c CreateFileA
0x140ef64a4 CreateIoCompletionPort
0x140ef64ac CreateMutexA
0x140ef64b4 CreateSemaphoreA
0x140ef64bc CreateThread
0x140ef64c4 CreateWaitableTimerExW
0x140ef64cc DeleteAtom
0x140ef64d4 DeleteCriticalSection
0x140ef64dc DuplicateHandle
0x140ef64e4 EnterCriticalSection
0x140ef64ec ExitProcess
0x140ef64f4 FindAtomA
0x140ef64fc FormatMessageA
0x140ef6504 FreeEnvironmentStringsW
0x140ef650c GetAtomNameA
0x140ef6514 GetConsoleMode
0x140ef651c GetCurrentProcess
0x140ef6524 GetCurrentProcessId
0x140ef652c GetCurrentThread
0x140ef6534 GetCurrentThreadId
0x140ef653c GetEnvironmentStringsW
0x140ef6544 GetErrorMode
0x140ef654c GetHandleInformation
0x140ef6554 GetLastError
0x140ef655c GetProcAddress
0x140ef6564 GetProcessAffinityMask
0x140ef656c GetQueuedCompletionStatusEx
0x140ef6574 GetStartupInfoA
0x140ef657c GetStdHandle
0x140ef6584 GetSystemDirectoryA
0x140ef658c GetSystemInfo
0x140ef6594 GetSystemTimeAsFileTime
0x140ef659c GetThreadContext
0x140ef65a4 GetThreadPriority
0x140ef65ac GetTickCount
0x140ef65b4 InitializeCriticalSection
0x140ef65bc IsDBCSLeadByteEx
0x140ef65c4 IsDebuggerPresent
0x140ef65cc LeaveCriticalSection
0x140ef65d4 LoadLibraryExW
0x140ef65dc LoadLibraryW
0x140ef65e4 LocalFree
0x140ef65ec MultiByteToWideChar
0x140ef65f4 OpenProcess
0x140ef65fc OutputDebugStringA
0x140ef6604 PostQueuedCompletionStatus
0x140ef660c QueryPerformanceCounter
0x140ef6614 QueryPerformanceFrequency
0x140ef661c RaiseException
0x140ef6624 RaiseFailFastException
0x140ef662c ReleaseMutex
0x140ef6634 ReleaseSemaphore
0x140ef663c RemoveVectoredExceptionHandler
0x140ef6644 ResetEvent
0x140ef664c ResumeThread
0x140ef6654 SetConsoleCtrlHandler
0x140ef665c SetErrorMode
0x140ef6664 SetEvent
0x140ef666c SetLastError
0x140ef6674 SetProcessAffinityMask
0x140ef667c SetProcessPriorityBoost
0x140ef6684 SetThreadContext
0x140ef668c SetThreadPriority
0x140ef6694 SetUnhandledExceptionFilter
0x140ef669c SetWaitableTimer
0x140ef66a4 Sleep
0x140ef66ac SuspendThread
0x140ef66b4 SwitchToThread
0x140ef66bc TlsAlloc
0x140ef66c4 TlsGetValue
0x140ef66cc TlsSetValue
0x140ef66d4 TryEnterCriticalSection
0x140ef66dc VirtualAlloc
0x140ef66e4 VirtualFree
0x140ef66ec VirtualProtect
0x140ef66f4 VirtualQuery
0x140ef66fc WaitForMultipleObjects
0x140ef6704 WaitForSingleObject
0x140ef670c WerGetFlags
0x140ef6714 WerSetFlags
0x140ef671c WideCharToMultiByte
0x140ef6724 WriteConsoleW
0x140ef672c WriteFile
0x140ef6734 __C_specific_handler
msvcrt.dll
0x140ef6744 ___lc_codepage_func
0x140ef674c ___mb_cur_max_func
0x140ef6754 __getmainargs
0x140ef675c __initenv
0x140ef6764 __iob_func
0x140ef676c __lconv_init
0x140ef6774 __set_app_type
0x140ef677c __setusermatherr
0x140ef6784 _acmdln
0x140ef678c _amsg_exit
0x140ef6794 _beginthread
0x140ef679c _beginthreadex
0x140ef67a4 _cexit
0x140ef67ac _commode
0x140ef67b4 _endthreadex
0x140ef67bc _errno
0x140ef67c4 _fmode
0x140ef67cc _initterm
0x140ef67d4 _lock
0x140ef67dc _memccpy
0x140ef67e4 _onexit
0x140ef67ec _setjmp
0x140ef67f4 _strdup
0x140ef67fc _ultoa
0x140ef6804 _unlock
0x140ef680c abort
0x140ef6814 calloc
0x140ef681c exit
0x140ef6824 fprintf
0x140ef682c fputc
0x140ef6834 free
0x140ef683c fwrite
0x140ef6844 localeconv
0x140ef684c longjmp
0x140ef6854 malloc
0x140ef685c memcpy
0x140ef6864 memmove
0x140ef686c memset
0x140ef6874 printf
0x140ef687c realloc
0x140ef6884 signal
0x140ef688c strerror
0x140ef6894 strlen
0x140ef689c strncmp
0x140ef68a4 vfprintf
0x140ef68ac wcslen
EAT(Export Address Table) Library
0x140ef39f0 _cgo_dummy_export
KERNEL32.dll
0x140ef647c AddAtomA
0x140ef6484 AddVectoredExceptionHandler
0x140ef648c CloseHandle
0x140ef6494 CreateEventA
0x140ef649c CreateFileA
0x140ef64a4 CreateIoCompletionPort
0x140ef64ac CreateMutexA
0x140ef64b4 CreateSemaphoreA
0x140ef64bc CreateThread
0x140ef64c4 CreateWaitableTimerExW
0x140ef64cc DeleteAtom
0x140ef64d4 DeleteCriticalSection
0x140ef64dc DuplicateHandle
0x140ef64e4 EnterCriticalSection
0x140ef64ec ExitProcess
0x140ef64f4 FindAtomA
0x140ef64fc FormatMessageA
0x140ef6504 FreeEnvironmentStringsW
0x140ef650c GetAtomNameA
0x140ef6514 GetConsoleMode
0x140ef651c GetCurrentProcess
0x140ef6524 GetCurrentProcessId
0x140ef652c GetCurrentThread
0x140ef6534 GetCurrentThreadId
0x140ef653c GetEnvironmentStringsW
0x140ef6544 GetErrorMode
0x140ef654c GetHandleInformation
0x140ef6554 GetLastError
0x140ef655c GetProcAddress
0x140ef6564 GetProcessAffinityMask
0x140ef656c GetQueuedCompletionStatusEx
0x140ef6574 GetStartupInfoA
0x140ef657c GetStdHandle
0x140ef6584 GetSystemDirectoryA
0x140ef658c GetSystemInfo
0x140ef6594 GetSystemTimeAsFileTime
0x140ef659c GetThreadContext
0x140ef65a4 GetThreadPriority
0x140ef65ac GetTickCount
0x140ef65b4 InitializeCriticalSection
0x140ef65bc IsDBCSLeadByteEx
0x140ef65c4 IsDebuggerPresent
0x140ef65cc LeaveCriticalSection
0x140ef65d4 LoadLibraryExW
0x140ef65dc LoadLibraryW
0x140ef65e4 LocalFree
0x140ef65ec MultiByteToWideChar
0x140ef65f4 OpenProcess
0x140ef65fc OutputDebugStringA
0x140ef6604 PostQueuedCompletionStatus
0x140ef660c QueryPerformanceCounter
0x140ef6614 QueryPerformanceFrequency
0x140ef661c RaiseException
0x140ef6624 RaiseFailFastException
0x140ef662c ReleaseMutex
0x140ef6634 ReleaseSemaphore
0x140ef663c RemoveVectoredExceptionHandler
0x140ef6644 ResetEvent
0x140ef664c ResumeThread
0x140ef6654 SetConsoleCtrlHandler
0x140ef665c SetErrorMode
0x140ef6664 SetEvent
0x140ef666c SetLastError
0x140ef6674 SetProcessAffinityMask
0x140ef667c SetProcessPriorityBoost
0x140ef6684 SetThreadContext
0x140ef668c SetThreadPriority
0x140ef6694 SetUnhandledExceptionFilter
0x140ef669c SetWaitableTimer
0x140ef66a4 Sleep
0x140ef66ac SuspendThread
0x140ef66b4 SwitchToThread
0x140ef66bc TlsAlloc
0x140ef66c4 TlsGetValue
0x140ef66cc TlsSetValue
0x140ef66d4 TryEnterCriticalSection
0x140ef66dc VirtualAlloc
0x140ef66e4 VirtualFree
0x140ef66ec VirtualProtect
0x140ef66f4 VirtualQuery
0x140ef66fc WaitForMultipleObjects
0x140ef6704 WaitForSingleObject
0x140ef670c WerGetFlags
0x140ef6714 WerSetFlags
0x140ef671c WideCharToMultiByte
0x140ef6724 WriteConsoleW
0x140ef672c WriteFile
0x140ef6734 __C_specific_handler
msvcrt.dll
0x140ef6744 ___lc_codepage_func
0x140ef674c ___mb_cur_max_func
0x140ef6754 __getmainargs
0x140ef675c __initenv
0x140ef6764 __iob_func
0x140ef676c __lconv_init
0x140ef6774 __set_app_type
0x140ef677c __setusermatherr
0x140ef6784 _acmdln
0x140ef678c _amsg_exit
0x140ef6794 _beginthread
0x140ef679c _beginthreadex
0x140ef67a4 _cexit
0x140ef67ac _commode
0x140ef67b4 _endthreadex
0x140ef67bc _errno
0x140ef67c4 _fmode
0x140ef67cc _initterm
0x140ef67d4 _lock
0x140ef67dc _memccpy
0x140ef67e4 _onexit
0x140ef67ec _setjmp
0x140ef67f4 _strdup
0x140ef67fc _ultoa
0x140ef6804 _unlock
0x140ef680c abort
0x140ef6814 calloc
0x140ef681c exit
0x140ef6824 fprintf
0x140ef682c fputc
0x140ef6834 free
0x140ef683c fwrite
0x140ef6844 localeconv
0x140ef684c longjmp
0x140ef6854 malloc
0x140ef685c memcpy
0x140ef6864 memmove
0x140ef686c memset
0x140ef6874 printf
0x140ef687c realloc
0x140ef6884 signal
0x140ef688c strerror
0x140ef6894 strlen
0x140ef689c strncmp
0x140ef68a4 vfprintf
0x140ef68ac wcslen
EAT(Export Address Table) Library
0x140ef39f0 _cgo_dummy_export