ScreenShot
Created | 2024.08.09 16:46 | Machine | s1_win7_x6401 |
Filename | 66b24859611ad_agent_3.exe | ||
Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : mailcious | ||
VT API (file) | 51 detected (AIDetectMalware, Gomal, malicious, moderate confidence, score, Artemis, Doina, Unsafe, Genus, Attribute, HighConfidence, kkmmnn, CLOUD, Redcap, turvo, PRIVATELOADER, YXEHGZ, Static AI, Suspicious PE, ai score=84, Wacatac, ZexaF, 9YW@aa7gNuk, Gencirc, susgen, PossibleThreat, confidence, B9nj) | ||
md5 | ba027ccb7de0f4a3769f48136d183dbd | ||
sha256 | 4cb86d1b9775321a7f8ed4f751e3ece271402e0be07070f72e68df038877dc8e | ||
ssdeep | 49152:u2LuWAXniueagRswaRfZ/G+eUmOpw80D:uWta28AOpw | ||
imphash | 96c44fa1eee2c4e9b9e77d7bf42d59e6 | ||
impfuzzy | 12:iAaKs0drX8MxOj7qkOREXPXJHeOAThTAqAGUkW0mDruMzTZGHrYXOeUP:jY0drXCj+kO+VuTdLUkNmDruMztir6UP |
Network IP location
Signature (6cnts)
Level | Description |
---|---|
danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
watch | Detects the presence of Wine emulator |
watch | Installs itself for autorun at Windows startup |
notice | Creates executable files on the filesystem |
notice | Drops a binary and executes it |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (10cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (download) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
winmm.dll
0x5bd000 timeEndPeriod
0x5bd004 timeBeginPeriod
ws2_32.dll
0x5bd00c WSAGetOverlappedResult
kernel32.dll
0x5bd014 WriteFile
0x5bd018 WriteConsoleW
0x5bd01c WaitForSingleObject
0x5bd020 VirtualFree
0x5bd024 VirtualAlloc
0x5bd028 SwitchToThread
0x5bd02c SetWaitableTimer
0x5bd030 SetUnhandledExceptionFilter
0x5bd034 SetProcessPriorityBoost
0x5bd038 SetEvent
0x5bd03c SetErrorMode
0x5bd040 SetConsoleCtrlHandler
0x5bd044 LoadLibraryA
0x5bd048 LoadLibraryW
0x5bd04c GetSystemInfo
0x5bd050 GetStdHandle
0x5bd054 GetQueuedCompletionStatus
0x5bd058 GetProcessAffinityMask
0x5bd05c GetProcAddress
0x5bd060 GetEnvironmentStringsW
0x5bd064 GetConsoleMode
0x5bd068 FreeEnvironmentStringsW
0x5bd06c ExitProcess
0x5bd070 DuplicateHandle
0x5bd074 CreateThread
0x5bd078 CreateIoCompletionPort
0x5bd07c CreateEventA
0x5bd080 CloseHandle
0x5bd084 AddVectoredExceptionHandler
EAT(Export Address Table) is none
winmm.dll
0x5bd000 timeEndPeriod
0x5bd004 timeBeginPeriod
ws2_32.dll
0x5bd00c WSAGetOverlappedResult
kernel32.dll
0x5bd014 WriteFile
0x5bd018 WriteConsoleW
0x5bd01c WaitForSingleObject
0x5bd020 VirtualFree
0x5bd024 VirtualAlloc
0x5bd028 SwitchToThread
0x5bd02c SetWaitableTimer
0x5bd030 SetUnhandledExceptionFilter
0x5bd034 SetProcessPriorityBoost
0x5bd038 SetEvent
0x5bd03c SetErrorMode
0x5bd040 SetConsoleCtrlHandler
0x5bd044 LoadLibraryA
0x5bd048 LoadLibraryW
0x5bd04c GetSystemInfo
0x5bd050 GetStdHandle
0x5bd054 GetQueuedCompletionStatus
0x5bd058 GetProcessAffinityMask
0x5bd05c GetProcAddress
0x5bd060 GetEnvironmentStringsW
0x5bd064 GetConsoleMode
0x5bd068 FreeEnvironmentStringsW
0x5bd06c ExitProcess
0x5bd070 DuplicateHandle
0x5bd074 CreateThread
0x5bd078 CreateIoCompletionPort
0x5bd07c CreateEventA
0x5bd080 CloseHandle
0x5bd084 AddVectoredExceptionHandler
EAT(Export Address Table) is none