ScreenShot
| Created | 2024.08.09 16:18 | Machine | s1_win7_x6402 |
| Filename | MicrosoftWordUpdater.log.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 18 detected (AIDetectMalware, malicious, moderate confidence, Unsafe, Save, CLOUD, score, Detected, R660345, Outbreak, Eflw, susgen, confidence, 100%) | ||
| md5 | 0d1dca5eaad49c2dbd979e1bf0b5f8d0 | ||
| sha256 | a250740948aba579462397ac95ff10e6b0ee952c2af7d9d726cbfde9da1eaaff | ||
| ssdeep | 6144:3g2iqrzOgpZKUb+xLn/8loIZTbSgM8nzMQfdu24T5WL8gPIAO1Goo:31iqbDKUbw/QtbtM8ZF4dQ8gPIkoo | ||
| imphash | 45c6b272631aa9e0c4b2ba675699b803 | ||
| impfuzzy | 24:g/27Ik2bpMBrDY02twS1GUJnc+pl39T+opSOovbO9ZivxGMCwkg8:ghMBItwS1GEc+pp9+U3Ay/g8 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 18 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
Cabinet.dll
0x140016000 None
0x140016008 None
0x140016010 None
KERNEL32.dll
0x140016020 GetCurrentProcess
0x140016028 TerminateProcess
0x140016030 GetModuleFileNameW
0x140016038 ExpandEnvironmentStringsA
0x140016040 Sleep
0x140016048 LoadLibraryA
0x140016050 FreeConsole
0x140016058 CreateThread
0x140016060 HeapAlloc
0x140016068 VerSetConditionMask
0x140016070 GetProcessHeap
0x140016078 VerifyVersionInfoW
0x140016080 CreateDirectoryA
0x140016088 HeapFree
0x140016090 GetLastError
0x140016098 GetCurrentThread
0x1400160a0 K32EnumProcesses
0x1400160a8 GetThreadContext
0x1400160b0 GetProcAddress
0x1400160b8 GetModuleHandleW
0x1400160c0 WriteConsoleW
0x1400160c8 CloseHandle
0x1400160d0 CreateFileW
0x1400160d8 RtlCaptureContext
0x1400160e0 RtlLookupFunctionEntry
0x1400160e8 RtlVirtualUnwind
0x1400160f0 UnhandledExceptionFilter
0x1400160f8 SetUnhandledExceptionFilter
0x140016100 IsProcessorFeaturePresent
0x140016108 QueryPerformanceCounter
0x140016110 GetCurrentProcessId
0x140016118 GetCurrentThreadId
0x140016120 GetSystemTimeAsFileTime
0x140016128 InitializeSListHead
0x140016130 IsDebuggerPresent
0x140016138 GetStartupInfoW
0x140016140 RtlUnwindEx
0x140016148 SetLastError
0x140016150 EnterCriticalSection
0x140016158 LeaveCriticalSection
0x140016160 DeleteCriticalSection
0x140016168 InitializeCriticalSectionAndSpinCount
0x140016170 TlsAlloc
0x140016178 TlsGetValue
0x140016180 TlsSetValue
0x140016188 TlsFree
0x140016190 FreeLibrary
0x140016198 LoadLibraryExW
0x1400161a0 RaiseException
0x1400161a8 GetStdHandle
0x1400161b0 WriteFile
0x1400161b8 ExitProcess
0x1400161c0 GetModuleHandleExW
0x1400161c8 FindClose
0x1400161d0 FindFirstFileExW
0x1400161d8 FindNextFileW
0x1400161e0 IsValidCodePage
0x1400161e8 GetACP
0x1400161f0 GetOEMCP
0x1400161f8 GetCPInfo
0x140016200 GetCommandLineA
0x140016208 GetCommandLineW
0x140016210 MultiByteToWideChar
0x140016218 WideCharToMultiByte
0x140016220 GetEnvironmentStringsW
0x140016228 FreeEnvironmentStringsW
0x140016230 SetStdHandle
0x140016238 GetFileType
0x140016240 GetStringTypeW
0x140016248 LCMapStringW
0x140016250 HeapSize
0x140016258 HeapReAlloc
0x140016260 FlushFileBuffers
0x140016268 GetConsoleOutputCP
0x140016270 GetConsoleMode
0x140016278 SetFilePointerEx
USER32.dll
0x140016288 MessageBoxW
0x140016290 GetUserObjectInformationW
EAT(Export Address Table) is none
Cabinet.dll
0x140016000 None
0x140016008 None
0x140016010 None
KERNEL32.dll
0x140016020 GetCurrentProcess
0x140016028 TerminateProcess
0x140016030 GetModuleFileNameW
0x140016038 ExpandEnvironmentStringsA
0x140016040 Sleep
0x140016048 LoadLibraryA
0x140016050 FreeConsole
0x140016058 CreateThread
0x140016060 HeapAlloc
0x140016068 VerSetConditionMask
0x140016070 GetProcessHeap
0x140016078 VerifyVersionInfoW
0x140016080 CreateDirectoryA
0x140016088 HeapFree
0x140016090 GetLastError
0x140016098 GetCurrentThread
0x1400160a0 K32EnumProcesses
0x1400160a8 GetThreadContext
0x1400160b0 GetProcAddress
0x1400160b8 GetModuleHandleW
0x1400160c0 WriteConsoleW
0x1400160c8 CloseHandle
0x1400160d0 CreateFileW
0x1400160d8 RtlCaptureContext
0x1400160e0 RtlLookupFunctionEntry
0x1400160e8 RtlVirtualUnwind
0x1400160f0 UnhandledExceptionFilter
0x1400160f8 SetUnhandledExceptionFilter
0x140016100 IsProcessorFeaturePresent
0x140016108 QueryPerformanceCounter
0x140016110 GetCurrentProcessId
0x140016118 GetCurrentThreadId
0x140016120 GetSystemTimeAsFileTime
0x140016128 InitializeSListHead
0x140016130 IsDebuggerPresent
0x140016138 GetStartupInfoW
0x140016140 RtlUnwindEx
0x140016148 SetLastError
0x140016150 EnterCriticalSection
0x140016158 LeaveCriticalSection
0x140016160 DeleteCriticalSection
0x140016168 InitializeCriticalSectionAndSpinCount
0x140016170 TlsAlloc
0x140016178 TlsGetValue
0x140016180 TlsSetValue
0x140016188 TlsFree
0x140016190 FreeLibrary
0x140016198 LoadLibraryExW
0x1400161a0 RaiseException
0x1400161a8 GetStdHandle
0x1400161b0 WriteFile
0x1400161b8 ExitProcess
0x1400161c0 GetModuleHandleExW
0x1400161c8 FindClose
0x1400161d0 FindFirstFileExW
0x1400161d8 FindNextFileW
0x1400161e0 IsValidCodePage
0x1400161e8 GetACP
0x1400161f0 GetOEMCP
0x1400161f8 GetCPInfo
0x140016200 GetCommandLineA
0x140016208 GetCommandLineW
0x140016210 MultiByteToWideChar
0x140016218 WideCharToMultiByte
0x140016220 GetEnvironmentStringsW
0x140016228 FreeEnvironmentStringsW
0x140016230 SetStdHandle
0x140016238 GetFileType
0x140016240 GetStringTypeW
0x140016248 LCMapStringW
0x140016250 HeapSize
0x140016258 HeapReAlloc
0x140016260 FlushFileBuffers
0x140016268 GetConsoleOutputCP
0x140016270 GetConsoleMode
0x140016278 SetFilePointerEx
USER32.dll
0x140016288 MessageBoxW
0x140016290 GetUserObjectInformationW
EAT(Export Address Table) is none