ScreenShot
| Created | 2024.08.10 12:37 | Machine | s1_win7_x6401 |
| Filename | 66b4f6893d3c3_shapr3D.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 22 detected (AIDetectMalware, malicious, high confidence, V3t3, Attribute, HighConfidence, a variant of WinGo, Artemis, CLASSIC, Detected, Phonzy, Eldorado, WinGo, Wacatac, B9nj) | ||
| md5 | 7b873ae5a7cd923a0cc5ac12107da0f2 | ||
| sha256 | d4aafdf7261fb41ef48370eca3e4d70a9086528d7c3d14fc8c82fcb8b69710cb | ||
| ssdeep | 98304:/fQ3XYasS2N3YIQkkgpY/8uOSEo6EmCtJgbSZjoFSegyDcpd:HcHCoIQkrpYBJE8mCtJ5ZMmyop | ||
| imphash | c595f1660e1a3c84f4d9b0761d23cd7a | ||
| impfuzzy | 96:wJexMCyamCRHu42xQ2H3XiX1PgblTJGQ661mcqTjz:wgrymLe3SFomQ6+STjz | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140fe4494 AddAtomA
0x140fe449c AddVectoredContinueHandler
0x140fe44a4 AddVectoredExceptionHandler
0x140fe44ac CloseHandle
0x140fe44b4 CreateEventA
0x140fe44bc CreateFileA
0x140fe44c4 CreateIoCompletionPort
0x140fe44cc CreateMutexA
0x140fe44d4 CreateSemaphoreA
0x140fe44dc CreateThread
0x140fe44e4 CreateWaitableTimerExW
0x140fe44ec DeleteAtom
0x140fe44f4 DeleteCriticalSection
0x140fe44fc DuplicateHandle
0x140fe4504 EnterCriticalSection
0x140fe450c ExitProcess
0x140fe4514 FindAtomA
0x140fe451c FormatMessageA
0x140fe4524 FreeEnvironmentStringsW
0x140fe452c GetAtomNameA
0x140fe4534 GetConsoleMode
0x140fe453c GetCurrentProcess
0x140fe4544 GetCurrentProcessId
0x140fe454c GetCurrentThread
0x140fe4554 GetCurrentThreadId
0x140fe455c GetEnvironmentStringsW
0x140fe4564 GetErrorMode
0x140fe456c GetHandleInformation
0x140fe4574 GetLastError
0x140fe457c GetProcAddress
0x140fe4584 GetProcessAffinityMask
0x140fe458c GetQueuedCompletionStatusEx
0x140fe4594 GetStartupInfoA
0x140fe459c GetStdHandle
0x140fe45a4 GetSystemDirectoryA
0x140fe45ac GetSystemInfo
0x140fe45b4 GetSystemTimeAsFileTime
0x140fe45bc GetThreadContext
0x140fe45c4 GetThreadPriority
0x140fe45cc GetTickCount
0x140fe45d4 InitializeCriticalSection
0x140fe45dc IsDBCSLeadByteEx
0x140fe45e4 IsDebuggerPresent
0x140fe45ec LeaveCriticalSection
0x140fe45f4 LoadLibraryExW
0x140fe45fc LoadLibraryW
0x140fe4604 LocalFree
0x140fe460c MultiByteToWideChar
0x140fe4614 OpenProcess
0x140fe461c OutputDebugStringA
0x140fe4624 PostQueuedCompletionStatus
0x140fe462c QueryPerformanceCounter
0x140fe4634 QueryPerformanceFrequency
0x140fe463c RaiseException
0x140fe4644 RaiseFailFastException
0x140fe464c ReleaseMutex
0x140fe4654 ReleaseSemaphore
0x140fe465c RemoveVectoredExceptionHandler
0x140fe4664 ResetEvent
0x140fe466c ResumeThread
0x140fe4674 RtlLookupFunctionEntry
0x140fe467c RtlVirtualUnwind
0x140fe4684 SetConsoleCtrlHandler
0x140fe468c SetErrorMode
0x140fe4694 SetEvent
0x140fe469c SetLastError
0x140fe46a4 SetProcessAffinityMask
0x140fe46ac SetProcessPriorityBoost
0x140fe46b4 SetThreadContext
0x140fe46bc SetThreadPriority
0x140fe46c4 SetUnhandledExceptionFilter
0x140fe46cc SetWaitableTimer
0x140fe46d4 Sleep
0x140fe46dc SuspendThread
0x140fe46e4 SwitchToThread
0x140fe46ec TlsAlloc
0x140fe46f4 TlsGetValue
0x140fe46fc TlsSetValue
0x140fe4704 TryEnterCriticalSection
0x140fe470c VirtualAlloc
0x140fe4714 VirtualFree
0x140fe471c VirtualProtect
0x140fe4724 VirtualQuery
0x140fe472c WaitForMultipleObjects
0x140fe4734 WaitForSingleObject
0x140fe473c WerGetFlags
0x140fe4744 WerSetFlags
0x140fe474c WideCharToMultiByte
0x140fe4754 WriteConsoleW
0x140fe475c WriteFile
0x140fe4764 __C_specific_handler
msvcrt.dll
0x140fe4774 ___lc_codepage_func
0x140fe477c ___mb_cur_max_func
0x140fe4784 __getmainargs
0x140fe478c __initenv
0x140fe4794 __iob_func
0x140fe479c __lconv_init
0x140fe47a4 __set_app_type
0x140fe47ac __setusermatherr
0x140fe47b4 _acmdln
0x140fe47bc _amsg_exit
0x140fe47c4 _beginthread
0x140fe47cc _beginthreadex
0x140fe47d4 _cexit
0x140fe47dc _commode
0x140fe47e4 _endthreadex
0x140fe47ec _errno
0x140fe47f4 _fmode
0x140fe47fc _initterm
0x140fe4804 _lock
0x140fe480c _memccpy
0x140fe4814 _onexit
0x140fe481c _setjmp
0x140fe4824 _strdup
0x140fe482c _ultoa
0x140fe4834 _unlock
0x140fe483c abort
0x140fe4844 calloc
0x140fe484c exit
0x140fe4854 fprintf
0x140fe485c fputc
0x140fe4864 free
0x140fe486c fwrite
0x140fe4874 localeconv
0x140fe487c longjmp
0x140fe4884 malloc
0x140fe488c memcpy
0x140fe4894 memmove
0x140fe489c memset
0x140fe48a4 printf
0x140fe48ac realloc
0x140fe48b4 signal
0x140fe48bc strerror
0x140fe48c4 strlen
0x140fe48cc strncmp
0x140fe48d4 vfprintf
0x140fe48dc wcslen
EAT(Export Address Table) Library
0x140fe17f0 _cgo_dummy_export
KERNEL32.dll
0x140fe4494 AddAtomA
0x140fe449c AddVectoredContinueHandler
0x140fe44a4 AddVectoredExceptionHandler
0x140fe44ac CloseHandle
0x140fe44b4 CreateEventA
0x140fe44bc CreateFileA
0x140fe44c4 CreateIoCompletionPort
0x140fe44cc CreateMutexA
0x140fe44d4 CreateSemaphoreA
0x140fe44dc CreateThread
0x140fe44e4 CreateWaitableTimerExW
0x140fe44ec DeleteAtom
0x140fe44f4 DeleteCriticalSection
0x140fe44fc DuplicateHandle
0x140fe4504 EnterCriticalSection
0x140fe450c ExitProcess
0x140fe4514 FindAtomA
0x140fe451c FormatMessageA
0x140fe4524 FreeEnvironmentStringsW
0x140fe452c GetAtomNameA
0x140fe4534 GetConsoleMode
0x140fe453c GetCurrentProcess
0x140fe4544 GetCurrentProcessId
0x140fe454c GetCurrentThread
0x140fe4554 GetCurrentThreadId
0x140fe455c GetEnvironmentStringsW
0x140fe4564 GetErrorMode
0x140fe456c GetHandleInformation
0x140fe4574 GetLastError
0x140fe457c GetProcAddress
0x140fe4584 GetProcessAffinityMask
0x140fe458c GetQueuedCompletionStatusEx
0x140fe4594 GetStartupInfoA
0x140fe459c GetStdHandle
0x140fe45a4 GetSystemDirectoryA
0x140fe45ac GetSystemInfo
0x140fe45b4 GetSystemTimeAsFileTime
0x140fe45bc GetThreadContext
0x140fe45c4 GetThreadPriority
0x140fe45cc GetTickCount
0x140fe45d4 InitializeCriticalSection
0x140fe45dc IsDBCSLeadByteEx
0x140fe45e4 IsDebuggerPresent
0x140fe45ec LeaveCriticalSection
0x140fe45f4 LoadLibraryExW
0x140fe45fc LoadLibraryW
0x140fe4604 LocalFree
0x140fe460c MultiByteToWideChar
0x140fe4614 OpenProcess
0x140fe461c OutputDebugStringA
0x140fe4624 PostQueuedCompletionStatus
0x140fe462c QueryPerformanceCounter
0x140fe4634 QueryPerformanceFrequency
0x140fe463c RaiseException
0x140fe4644 RaiseFailFastException
0x140fe464c ReleaseMutex
0x140fe4654 ReleaseSemaphore
0x140fe465c RemoveVectoredExceptionHandler
0x140fe4664 ResetEvent
0x140fe466c ResumeThread
0x140fe4674 RtlLookupFunctionEntry
0x140fe467c RtlVirtualUnwind
0x140fe4684 SetConsoleCtrlHandler
0x140fe468c SetErrorMode
0x140fe4694 SetEvent
0x140fe469c SetLastError
0x140fe46a4 SetProcessAffinityMask
0x140fe46ac SetProcessPriorityBoost
0x140fe46b4 SetThreadContext
0x140fe46bc SetThreadPriority
0x140fe46c4 SetUnhandledExceptionFilter
0x140fe46cc SetWaitableTimer
0x140fe46d4 Sleep
0x140fe46dc SuspendThread
0x140fe46e4 SwitchToThread
0x140fe46ec TlsAlloc
0x140fe46f4 TlsGetValue
0x140fe46fc TlsSetValue
0x140fe4704 TryEnterCriticalSection
0x140fe470c VirtualAlloc
0x140fe4714 VirtualFree
0x140fe471c VirtualProtect
0x140fe4724 VirtualQuery
0x140fe472c WaitForMultipleObjects
0x140fe4734 WaitForSingleObject
0x140fe473c WerGetFlags
0x140fe4744 WerSetFlags
0x140fe474c WideCharToMultiByte
0x140fe4754 WriteConsoleW
0x140fe475c WriteFile
0x140fe4764 __C_specific_handler
msvcrt.dll
0x140fe4774 ___lc_codepage_func
0x140fe477c ___mb_cur_max_func
0x140fe4784 __getmainargs
0x140fe478c __initenv
0x140fe4794 __iob_func
0x140fe479c __lconv_init
0x140fe47a4 __set_app_type
0x140fe47ac __setusermatherr
0x140fe47b4 _acmdln
0x140fe47bc _amsg_exit
0x140fe47c4 _beginthread
0x140fe47cc _beginthreadex
0x140fe47d4 _cexit
0x140fe47dc _commode
0x140fe47e4 _endthreadex
0x140fe47ec _errno
0x140fe47f4 _fmode
0x140fe47fc _initterm
0x140fe4804 _lock
0x140fe480c _memccpy
0x140fe4814 _onexit
0x140fe481c _setjmp
0x140fe4824 _strdup
0x140fe482c _ultoa
0x140fe4834 _unlock
0x140fe483c abort
0x140fe4844 calloc
0x140fe484c exit
0x140fe4854 fprintf
0x140fe485c fputc
0x140fe4864 free
0x140fe486c fwrite
0x140fe4874 localeconv
0x140fe487c longjmp
0x140fe4884 malloc
0x140fe488c memcpy
0x140fe4894 memmove
0x140fe489c memset
0x140fe48a4 printf
0x140fe48ac realloc
0x140fe48b4 signal
0x140fe48bc strerror
0x140fe48c4 strlen
0x140fe48cc strncmp
0x140fe48d4 vfprintf
0x140fe48dc wcslen
EAT(Export Address Table) Library
0x140fe17f0 _cgo_dummy_export