ScreenShot
| Created | 2024.08.09 07:57 | Machine | s1_win7_x6403 |
| Filename | GOLD.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | e71c0c5d72455dde6510ba23552d7d2f | ||
| sha256 | de1d7fe86a0b70a7a268d2960109833f4d126d5d9e3acb36697e8ff59c56017f | ||
| ssdeep | 24576:o2dFArtAo1EToieW2n0CYXK0erJ6AkCViHTxYsXrqBHG733D4:LdPo1ETonWVCBJ6A4HqOrQm7HD4 | ||
| imphash | a2eb6cc146c4e9dfe5bcaee15109632a | ||
| impfuzzy | 48:b6KeL9cW/xRcpVqjSXtXOrYtWGzTpao3LuFZGjM:b6KKaW/xRcpVq+XtXUYtWG/pa35 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x489000 WaitForSingleObject
0x489004 FreeConsole
0x489008 CreateThread
0x48900c VirtualAllocEx
0x489010 RaiseException
0x489014 RtlCaptureStackBackTrace
0x489018 GetCurrentThreadId
0x48901c IsProcessorFeaturePresent
0x489020 GetLastError
0x489024 FreeLibraryWhenCallbackReturns
0x489028 CreateThreadpoolWork
0x48902c SubmitThreadpoolWork
0x489030 CloseThreadpoolWork
0x489034 GetModuleHandleExW
0x489038 MultiByteToWideChar
0x48903c WakeConditionVariable
0x489040 WakeAllConditionVariable
0x489044 SleepConditionVariableSRW
0x489048 InitOnceComplete
0x48904c InitOnceBeginInitialize
0x489050 FormatMessageA
0x489054 GetStringTypeW
0x489058 ReleaseSRWLockExclusive
0x48905c AcquireSRWLockExclusive
0x489060 TryAcquireSRWLockExclusive
0x489064 WideCharToMultiByte
0x489068 CloseHandle
0x48906c WaitForSingleObjectEx
0x489070 Sleep
0x489074 SwitchToThread
0x489078 GetExitCodeThread
0x48907c GetNativeSystemInfo
0x489080 QueryPerformanceCounter
0x489084 QueryPerformanceFrequency
0x489088 EnterCriticalSection
0x48908c LeaveCriticalSection
0x489090 InitializeCriticalSectionEx
0x489094 DeleteCriticalSection
0x489098 EncodePointer
0x48909c DecodePointer
0x4890a0 LocalFree
0x4890a4 GetLocaleInfoEx
0x4890a8 LCMapStringEx
0x4890ac SetFileInformationByHandle
0x4890b0 GetTempPathW
0x4890b4 InitOnceExecuteOnce
0x4890b8 CreateEventExW
0x4890bc CreateSemaphoreExW
0x4890c0 FlushProcessWriteBuffers
0x4890c4 GetCurrentProcessorNumber
0x4890c8 GetSystemTimeAsFileTime
0x4890cc GetTickCount64
0x4890d0 CreateThreadpoolTimer
0x4890d4 SetThreadpoolTimer
0x4890d8 WaitForThreadpoolTimerCallbacks
0x4890dc CloseThreadpoolTimer
0x4890e0 CreateThreadpoolWait
0x4890e4 SetThreadpoolWait
0x4890e8 CloseThreadpoolWait
0x4890ec GetModuleHandleW
0x4890f0 GetProcAddress
0x4890f4 GetFileInformationByHandleEx
0x4890f8 CreateSymbolicLinkW
0x4890fc CompareStringEx
0x489100 GetCPInfo
0x489104 UnhandledExceptionFilter
0x489108 SetUnhandledExceptionFilter
0x48910c GetCurrentProcess
0x489110 TerminateProcess
0x489114 IsDebuggerPresent
0x489118 GetStartupInfoW
0x48911c GetCurrentProcessId
0x489120 InitializeSListHead
0x489124 CreateFileW
0x489128 RtlUnwind
0x48912c InterlockedPushEntrySList
0x489130 InterlockedFlushSList
0x489134 SetLastError
0x489138 InitializeCriticalSectionAndSpinCount
0x48913c TlsAlloc
0x489140 TlsGetValue
0x489144 TlsSetValue
0x489148 TlsFree
0x48914c FreeLibrary
0x489150 LoadLibraryExW
0x489154 ExitThread
0x489158 ResumeThread
0x48915c FreeLibraryAndExitThread
0x489160 ExitProcess
0x489164 GetModuleFileNameW
0x489168 GetStdHandle
0x48916c WriteFile
0x489170 GetCommandLineA
0x489174 GetCommandLineW
0x489178 SetConsoleCtrlHandler
0x48917c HeapAlloc
0x489180 HeapFree
0x489184 GetCurrentThread
0x489188 GetDateFormatW
0x48918c GetTimeFormatW
0x489190 CompareStringW
0x489194 LCMapStringW
0x489198 GetLocaleInfoW
0x48919c IsValidLocale
0x4891a0 GetUserDefaultLCID
0x4891a4 EnumSystemLocalesW
0x4891a8 GetFileType
0x4891ac FlushFileBuffers
0x4891b0 GetConsoleOutputCP
0x4891b4 GetConsoleMode
0x4891b8 ReadFile
0x4891bc GetFileSizeEx
0x4891c0 SetFilePointerEx
0x4891c4 ReadConsoleW
0x4891c8 HeapReAlloc
0x4891cc GetTimeZoneInformation
0x4891d0 FindClose
0x4891d4 FindFirstFileExW
0x4891d8 FindNextFileW
0x4891dc IsValidCodePage
0x4891e0 GetACP
0x4891e4 GetOEMCP
0x4891e8 GetEnvironmentStringsW
0x4891ec FreeEnvironmentStringsW
0x4891f0 SetEnvironmentVariableW
0x4891f4 GetProcessHeap
0x4891f8 OutputDebugStringW
0x4891fc SetStdHandle
0x489200 HeapSize
0x489204 WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x489000 WaitForSingleObject
0x489004 FreeConsole
0x489008 CreateThread
0x48900c VirtualAllocEx
0x489010 RaiseException
0x489014 RtlCaptureStackBackTrace
0x489018 GetCurrentThreadId
0x48901c IsProcessorFeaturePresent
0x489020 GetLastError
0x489024 FreeLibraryWhenCallbackReturns
0x489028 CreateThreadpoolWork
0x48902c SubmitThreadpoolWork
0x489030 CloseThreadpoolWork
0x489034 GetModuleHandleExW
0x489038 MultiByteToWideChar
0x48903c WakeConditionVariable
0x489040 WakeAllConditionVariable
0x489044 SleepConditionVariableSRW
0x489048 InitOnceComplete
0x48904c InitOnceBeginInitialize
0x489050 FormatMessageA
0x489054 GetStringTypeW
0x489058 ReleaseSRWLockExclusive
0x48905c AcquireSRWLockExclusive
0x489060 TryAcquireSRWLockExclusive
0x489064 WideCharToMultiByte
0x489068 CloseHandle
0x48906c WaitForSingleObjectEx
0x489070 Sleep
0x489074 SwitchToThread
0x489078 GetExitCodeThread
0x48907c GetNativeSystemInfo
0x489080 QueryPerformanceCounter
0x489084 QueryPerformanceFrequency
0x489088 EnterCriticalSection
0x48908c LeaveCriticalSection
0x489090 InitializeCriticalSectionEx
0x489094 DeleteCriticalSection
0x489098 EncodePointer
0x48909c DecodePointer
0x4890a0 LocalFree
0x4890a4 GetLocaleInfoEx
0x4890a8 LCMapStringEx
0x4890ac SetFileInformationByHandle
0x4890b0 GetTempPathW
0x4890b4 InitOnceExecuteOnce
0x4890b8 CreateEventExW
0x4890bc CreateSemaphoreExW
0x4890c0 FlushProcessWriteBuffers
0x4890c4 GetCurrentProcessorNumber
0x4890c8 GetSystemTimeAsFileTime
0x4890cc GetTickCount64
0x4890d0 CreateThreadpoolTimer
0x4890d4 SetThreadpoolTimer
0x4890d8 WaitForThreadpoolTimerCallbacks
0x4890dc CloseThreadpoolTimer
0x4890e0 CreateThreadpoolWait
0x4890e4 SetThreadpoolWait
0x4890e8 CloseThreadpoolWait
0x4890ec GetModuleHandleW
0x4890f0 GetProcAddress
0x4890f4 GetFileInformationByHandleEx
0x4890f8 CreateSymbolicLinkW
0x4890fc CompareStringEx
0x489100 GetCPInfo
0x489104 UnhandledExceptionFilter
0x489108 SetUnhandledExceptionFilter
0x48910c GetCurrentProcess
0x489110 TerminateProcess
0x489114 IsDebuggerPresent
0x489118 GetStartupInfoW
0x48911c GetCurrentProcessId
0x489120 InitializeSListHead
0x489124 CreateFileW
0x489128 RtlUnwind
0x48912c InterlockedPushEntrySList
0x489130 InterlockedFlushSList
0x489134 SetLastError
0x489138 InitializeCriticalSectionAndSpinCount
0x48913c TlsAlloc
0x489140 TlsGetValue
0x489144 TlsSetValue
0x489148 TlsFree
0x48914c FreeLibrary
0x489150 LoadLibraryExW
0x489154 ExitThread
0x489158 ResumeThread
0x48915c FreeLibraryAndExitThread
0x489160 ExitProcess
0x489164 GetModuleFileNameW
0x489168 GetStdHandle
0x48916c WriteFile
0x489170 GetCommandLineA
0x489174 GetCommandLineW
0x489178 SetConsoleCtrlHandler
0x48917c HeapAlloc
0x489180 HeapFree
0x489184 GetCurrentThread
0x489188 GetDateFormatW
0x48918c GetTimeFormatW
0x489190 CompareStringW
0x489194 LCMapStringW
0x489198 GetLocaleInfoW
0x48919c IsValidLocale
0x4891a0 GetUserDefaultLCID
0x4891a4 EnumSystemLocalesW
0x4891a8 GetFileType
0x4891ac FlushFileBuffers
0x4891b0 GetConsoleOutputCP
0x4891b4 GetConsoleMode
0x4891b8 ReadFile
0x4891bc GetFileSizeEx
0x4891c0 SetFilePointerEx
0x4891c4 ReadConsoleW
0x4891c8 HeapReAlloc
0x4891cc GetTimeZoneInformation
0x4891d0 FindClose
0x4891d4 FindFirstFileExW
0x4891d8 FindNextFileW
0x4891dc IsValidCodePage
0x4891e0 GetACP
0x4891e4 GetOEMCP
0x4891e8 GetEnvironmentStringsW
0x4891ec FreeEnvironmentStringsW
0x4891f0 SetEnvironmentVariableW
0x4891f4 GetProcessHeap
0x4891f8 OutputDebugStringW
0x4891fc SetStdHandle
0x489200 HeapSize
0x489204 WriteConsoleW
EAT(Export Address Table) is none