ScreenShot
| Created | 2024.08.09 16:33 | Machine | s1_win7_x6401 |
| Filename | ghgadadas.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 41 detected (AIDetectMalware, malicious, high confidence, score, Strictor, Vcbe, Attribute, HighConfidence, a variant of JS, Artemis, Lumma, CLOUD, wqqzt, Detected, ai score=81, Caynamer, JavaScript, Rgil, susgen, confidence) | ||
| md5 | eae8fea1fe3a77450002d315167b3471 | ||
| sha256 | 656099d4fcb2a5824b4bf2ac8d6356f33d73d9a2a4c401bcd986f7667ee71695 | ||
| ssdeep | 3072:MXk7bSP2sXk7bSP2mXk7bSP2VXk7bSP2:0k7O+Uk7O+Kk7O+xk7O+ | ||
| imphash | 76e0d8d65462216e7b0903bc27d606d1 | ||
| impfuzzy | 48:sK24t9qcBL8xnAfJKDjsMFSvlw/gl4/zLn6g1bFEUznpfttvzGZSY49+oRiuenBu:sKTtccBL8Nf0m7eGeEIx+ZN3Mzw | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x407000 RegDeleteValueW
0x407004 RegOpenKeyExW
0x407008 RegSetValueExW
0x40700c RegCreateKeyExW
0x407010 RegCloseKey
0x407014 RegQueryValueExW
KERNEL32.dll
0x407038 HeapSetInformation
0x40703c LocalFree
0x407040 GetModuleHandleW
0x407044 GetTickCount
0x407048 lstrcmpW
0x40704c GetCurrentThreadId
0x407050 GetLastError
0x407054 FormatMessageW
0x407058 LocalAlloc
0x40705c CreateMutexW
0x407060 lstrlenW
0x407064 CloseHandle
0x407068 GetCurrentProcessId
0x40706c GetSystemTimeAsFileTime
0x407070 QueryPerformanceCounter
0x407074 TerminateProcess
0x407078 GetCurrentProcess
0x40707c SetUnhandledExceptionFilter
0x407080 UnhandledExceptionFilter
0x407084 GetStartupInfoW
0x407088 Sleep
GDI32.dll
0x40701c GetStockObject
0x407020 GetTextExtentPoint32W
0x407024 SetBkColor
0x407028 LPtoDP
0x40702c CreateFontIndirectW
0x407030 SelectObject
USER32.dll
0x4070e4 DefDlgProcW
0x4070e8 IsDialogMessageW
0x4070ec DispatchMessageW
0x4070f0 ShowWindow
0x4070f4 GetActiveWindow
0x4070f8 LoadStringW
0x4070fc LoadAcceleratorsW
0x407100 DrawIcon
0x407104 GetSystemMetrics
0x407108 EndDialog
0x40710c SendMessageW
0x407110 FillRect
0x407114 MessageBoxW
0x407118 SetWindowPos
0x40711c GetDC
0x407120 DestroyWindow
0x407124 GetFocus
0x407128 GetWindowRect
0x40712c PostMessageW
0x407130 CreateDialogParamW
0x407134 GetMessageW
0x407138 GetWindowTextLengthW
0x40713c SetDlgItemTextW
0x407140 GetDlgItemTextW
0x407144 SendDlgItemMessageW
0x407148 GetSysColor
0x40714c WinHelpW
0x407150 SetFocus
0x407154 TranslateAcceleratorW
0x407158 TranslateMessage
0x40715c GetClipboardData
0x407160 LoadIconW
0x407164 PeekMessageW
0x407168 FindWindowW
0x40716c LoadCursorW
0x407170 GetClientRect
0x407174 GetDlgItem
0x407178 IsClipboardFormatAvailable
0x40717c CheckDlgButton
0x407180 PostQuitMessage
0x407184 GetSysColorBrush
0x407188 EnableMenuItem
0x40718c SystemParametersInfoW
0x407190 GetParent
0x407194 DialogBoxParamW
0x407198 UpdateWindow
0x40719c SetForegroundWindow
0x4071a0 IsIconic
0x4071a4 ReleaseDC
0x4071a8 BeginPaint
0x4071ac EndPaint
0x4071b0 EnableWindow
0x4071b4 RegisterClassW
msvcrt.dll
0x4071bc _except_handler4_common
0x4071c0 _controlfp
0x4071c4 ?terminate@@YAXXZ
0x4071c8 _acmdln
0x4071cc _initterm
0x4071d0 __setusermatherr
0x4071d4 _ismbblead
0x4071d8 __p__fmode
0x4071dc _cexit
0x4071e0 memset
0x4071e4 exit
0x4071e8 __set_app_type
0x4071ec __getmainargs
0x4071f0 _amsg_exit
0x4071f4 __p__commode
0x4071f8 _XcptFilter
0x4071fc wcscspn
0x407200 wcsspn
0x407204 _itow
0x407208 _wtoi
0x40720c _vsnwprintf
0x407210 _exit
0x407214 memmove
SHELL32.dll
0x407090 ShellAboutW
TAPI32.dll
0x407098 lineGetAppPriorityW
0x40709c lineGetDevCapsW
0x4070a0 lineClose
0x4070a4 lineGetRequestW
0x4070a8 lineSetAppPriorityW
0x4070ac lineRegisterRequestRecipient
0x4070b0 lineDrop
0x4070b4 lineConfigDialogW
0x4070b8 lineDeallocateCall
0x4070bc lineTranslateDialogW
0x4070c0 lineInitializeExW
0x4070c4 lineGetTranslateCapsW
0x4070c8 lineTranslateAddressW
0x4070cc lineShutdown
0x4070d0 lineGetAddressCapsW
0x4070d4 lineMakeCallW
0x4070d8 lineNegotiateAPIVersion
0x4070dc lineOpenW
EAT(Export Address Table) is none
ADVAPI32.dll
0x407000 RegDeleteValueW
0x407004 RegOpenKeyExW
0x407008 RegSetValueExW
0x40700c RegCreateKeyExW
0x407010 RegCloseKey
0x407014 RegQueryValueExW
KERNEL32.dll
0x407038 HeapSetInformation
0x40703c LocalFree
0x407040 GetModuleHandleW
0x407044 GetTickCount
0x407048 lstrcmpW
0x40704c GetCurrentThreadId
0x407050 GetLastError
0x407054 FormatMessageW
0x407058 LocalAlloc
0x40705c CreateMutexW
0x407060 lstrlenW
0x407064 CloseHandle
0x407068 GetCurrentProcessId
0x40706c GetSystemTimeAsFileTime
0x407070 QueryPerformanceCounter
0x407074 TerminateProcess
0x407078 GetCurrentProcess
0x40707c SetUnhandledExceptionFilter
0x407080 UnhandledExceptionFilter
0x407084 GetStartupInfoW
0x407088 Sleep
GDI32.dll
0x40701c GetStockObject
0x407020 GetTextExtentPoint32W
0x407024 SetBkColor
0x407028 LPtoDP
0x40702c CreateFontIndirectW
0x407030 SelectObject
USER32.dll
0x4070e4 DefDlgProcW
0x4070e8 IsDialogMessageW
0x4070ec DispatchMessageW
0x4070f0 ShowWindow
0x4070f4 GetActiveWindow
0x4070f8 LoadStringW
0x4070fc LoadAcceleratorsW
0x407100 DrawIcon
0x407104 GetSystemMetrics
0x407108 EndDialog
0x40710c SendMessageW
0x407110 FillRect
0x407114 MessageBoxW
0x407118 SetWindowPos
0x40711c GetDC
0x407120 DestroyWindow
0x407124 GetFocus
0x407128 GetWindowRect
0x40712c PostMessageW
0x407130 CreateDialogParamW
0x407134 GetMessageW
0x407138 GetWindowTextLengthW
0x40713c SetDlgItemTextW
0x407140 GetDlgItemTextW
0x407144 SendDlgItemMessageW
0x407148 GetSysColor
0x40714c WinHelpW
0x407150 SetFocus
0x407154 TranslateAcceleratorW
0x407158 TranslateMessage
0x40715c GetClipboardData
0x407160 LoadIconW
0x407164 PeekMessageW
0x407168 FindWindowW
0x40716c LoadCursorW
0x407170 GetClientRect
0x407174 GetDlgItem
0x407178 IsClipboardFormatAvailable
0x40717c CheckDlgButton
0x407180 PostQuitMessage
0x407184 GetSysColorBrush
0x407188 EnableMenuItem
0x40718c SystemParametersInfoW
0x407190 GetParent
0x407194 DialogBoxParamW
0x407198 UpdateWindow
0x40719c SetForegroundWindow
0x4071a0 IsIconic
0x4071a4 ReleaseDC
0x4071a8 BeginPaint
0x4071ac EndPaint
0x4071b0 EnableWindow
0x4071b4 RegisterClassW
msvcrt.dll
0x4071bc _except_handler4_common
0x4071c0 _controlfp
0x4071c4 ?terminate@@YAXXZ
0x4071c8 _acmdln
0x4071cc _initterm
0x4071d0 __setusermatherr
0x4071d4 _ismbblead
0x4071d8 __p__fmode
0x4071dc _cexit
0x4071e0 memset
0x4071e4 exit
0x4071e8 __set_app_type
0x4071ec __getmainargs
0x4071f0 _amsg_exit
0x4071f4 __p__commode
0x4071f8 _XcptFilter
0x4071fc wcscspn
0x407200 wcsspn
0x407204 _itow
0x407208 _wtoi
0x40720c _vsnwprintf
0x407210 _exit
0x407214 memmove
SHELL32.dll
0x407090 ShellAboutW
TAPI32.dll
0x407098 lineGetAppPriorityW
0x40709c lineGetDevCapsW
0x4070a0 lineClose
0x4070a4 lineGetRequestW
0x4070a8 lineSetAppPriorityW
0x4070ac lineRegisterRequestRecipient
0x4070b0 lineDrop
0x4070b4 lineConfigDialogW
0x4070b8 lineDeallocateCall
0x4070bc lineTranslateDialogW
0x4070c0 lineInitializeExW
0x4070c4 lineGetTranslateCapsW
0x4070c8 lineTranslateAddressW
0x4070cc lineShutdown
0x4070d0 lineGetAddressCapsW
0x4070d4 lineMakeCallW
0x4070d8 lineNegotiateAPIVersion
0x4070dc lineOpenW
EAT(Export Address Table) is none