ScreenShot
| Created | 2024.08.12 09:45 | Machine | s1_win7_x6401 |
| Filename | 66b0ee142cf8f_PhotosExifEditor.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 44 detected (AIDetectMalware, WinGo, malicious, high confidence, GenericKD, Unsafe, Von3, Attribute, HighConfidence, a variant of WinGo, score, qwiure, Genric, CLASSIC, xlocs, Static AI, Suspicious PE, Detected, ai score=80, Caynamer, Eldorado, Chgt, R002H0CH924, Xdkl) | ||
| md5 | 677ad736788d93b76ca77717706a8176 | ||
| sha256 | 8ef1d24500ab75ee2ebde59ea01df3a168b41d9d7e987ae843c1188ec7dac49f | ||
| ssdeep | 49152:Imo7Co7xWaVpuCaqn1FmIV6Oi+eVw3HaRAGx3ycrcj/ushk8JZSjkE5E64Lo8QXs:w/VhZ0CLwEmCPaDy3B51VX | ||
| imphash | c595f1660e1a3c84f4d9b0761d23cd7a | ||
| impfuzzy | 96:wJexMCyamCRHu42xQ2H3XiX1PgblTJGQ661mcqTjz:wgrymLe3SFomQ6+STjz | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14081f494 AddAtomA
0x14081f49c AddVectoredContinueHandler
0x14081f4a4 AddVectoredExceptionHandler
0x14081f4ac CloseHandle
0x14081f4b4 CreateEventA
0x14081f4bc CreateFileA
0x14081f4c4 CreateIoCompletionPort
0x14081f4cc CreateMutexA
0x14081f4d4 CreateSemaphoreA
0x14081f4dc CreateThread
0x14081f4e4 CreateWaitableTimerExW
0x14081f4ec DeleteAtom
0x14081f4f4 DeleteCriticalSection
0x14081f4fc DuplicateHandle
0x14081f504 EnterCriticalSection
0x14081f50c ExitProcess
0x14081f514 FindAtomA
0x14081f51c FormatMessageA
0x14081f524 FreeEnvironmentStringsW
0x14081f52c GetAtomNameA
0x14081f534 GetConsoleMode
0x14081f53c GetCurrentProcess
0x14081f544 GetCurrentProcessId
0x14081f54c GetCurrentThread
0x14081f554 GetCurrentThreadId
0x14081f55c GetEnvironmentStringsW
0x14081f564 GetErrorMode
0x14081f56c GetHandleInformation
0x14081f574 GetLastError
0x14081f57c GetProcAddress
0x14081f584 GetProcessAffinityMask
0x14081f58c GetQueuedCompletionStatusEx
0x14081f594 GetStartupInfoA
0x14081f59c GetStdHandle
0x14081f5a4 GetSystemDirectoryA
0x14081f5ac GetSystemInfo
0x14081f5b4 GetSystemTimeAsFileTime
0x14081f5bc GetThreadContext
0x14081f5c4 GetThreadPriority
0x14081f5cc GetTickCount
0x14081f5d4 InitializeCriticalSection
0x14081f5dc IsDBCSLeadByteEx
0x14081f5e4 IsDebuggerPresent
0x14081f5ec LeaveCriticalSection
0x14081f5f4 LoadLibraryExW
0x14081f5fc LoadLibraryW
0x14081f604 LocalFree
0x14081f60c MultiByteToWideChar
0x14081f614 OpenProcess
0x14081f61c OutputDebugStringA
0x14081f624 PostQueuedCompletionStatus
0x14081f62c QueryPerformanceCounter
0x14081f634 QueryPerformanceFrequency
0x14081f63c RaiseException
0x14081f644 RaiseFailFastException
0x14081f64c ReleaseMutex
0x14081f654 ReleaseSemaphore
0x14081f65c RemoveVectoredExceptionHandler
0x14081f664 ResetEvent
0x14081f66c ResumeThread
0x14081f674 RtlLookupFunctionEntry
0x14081f67c RtlVirtualUnwind
0x14081f684 SetConsoleCtrlHandler
0x14081f68c SetErrorMode
0x14081f694 SetEvent
0x14081f69c SetLastError
0x14081f6a4 SetProcessAffinityMask
0x14081f6ac SetProcessPriorityBoost
0x14081f6b4 SetThreadContext
0x14081f6bc SetThreadPriority
0x14081f6c4 SetUnhandledExceptionFilter
0x14081f6cc SetWaitableTimer
0x14081f6d4 Sleep
0x14081f6dc SuspendThread
0x14081f6e4 SwitchToThread
0x14081f6ec TlsAlloc
0x14081f6f4 TlsGetValue
0x14081f6fc TlsSetValue
0x14081f704 TryEnterCriticalSection
0x14081f70c VirtualAlloc
0x14081f714 VirtualFree
0x14081f71c VirtualProtect
0x14081f724 VirtualQuery
0x14081f72c WaitForMultipleObjects
0x14081f734 WaitForSingleObject
0x14081f73c WerGetFlags
0x14081f744 WerSetFlags
0x14081f74c WideCharToMultiByte
0x14081f754 WriteConsoleW
0x14081f75c WriteFile
0x14081f764 __C_specific_handler
msvcrt.dll
0x14081f774 ___lc_codepage_func
0x14081f77c ___mb_cur_max_func
0x14081f784 __getmainargs
0x14081f78c __initenv
0x14081f794 __iob_func
0x14081f79c __lconv_init
0x14081f7a4 __set_app_type
0x14081f7ac __setusermatherr
0x14081f7b4 _acmdln
0x14081f7bc _amsg_exit
0x14081f7c4 _beginthread
0x14081f7cc _beginthreadex
0x14081f7d4 _cexit
0x14081f7dc _commode
0x14081f7e4 _endthreadex
0x14081f7ec _errno
0x14081f7f4 _fmode
0x14081f7fc _initterm
0x14081f804 _lock
0x14081f80c _memccpy
0x14081f814 _onexit
0x14081f81c _setjmp
0x14081f824 _strdup
0x14081f82c _ultoa
0x14081f834 _unlock
0x14081f83c abort
0x14081f844 calloc
0x14081f84c exit
0x14081f854 fprintf
0x14081f85c fputc
0x14081f864 free
0x14081f86c fwrite
0x14081f874 localeconv
0x14081f87c longjmp
0x14081f884 malloc
0x14081f88c memcpy
0x14081f894 memmove
0x14081f89c memset
0x14081f8a4 printf
0x14081f8ac realloc
0x14081f8b4 signal
0x14081f8bc strerror
0x14081f8c4 strlen
0x14081f8cc strncmp
0x14081f8d4 vfprintf
0x14081f8dc wcslen
EAT(Export Address Table) Library
0x14081d010 _cgo_dummy_export
KERNEL32.dll
0x14081f494 AddAtomA
0x14081f49c AddVectoredContinueHandler
0x14081f4a4 AddVectoredExceptionHandler
0x14081f4ac CloseHandle
0x14081f4b4 CreateEventA
0x14081f4bc CreateFileA
0x14081f4c4 CreateIoCompletionPort
0x14081f4cc CreateMutexA
0x14081f4d4 CreateSemaphoreA
0x14081f4dc CreateThread
0x14081f4e4 CreateWaitableTimerExW
0x14081f4ec DeleteAtom
0x14081f4f4 DeleteCriticalSection
0x14081f4fc DuplicateHandle
0x14081f504 EnterCriticalSection
0x14081f50c ExitProcess
0x14081f514 FindAtomA
0x14081f51c FormatMessageA
0x14081f524 FreeEnvironmentStringsW
0x14081f52c GetAtomNameA
0x14081f534 GetConsoleMode
0x14081f53c GetCurrentProcess
0x14081f544 GetCurrentProcessId
0x14081f54c GetCurrentThread
0x14081f554 GetCurrentThreadId
0x14081f55c GetEnvironmentStringsW
0x14081f564 GetErrorMode
0x14081f56c GetHandleInformation
0x14081f574 GetLastError
0x14081f57c GetProcAddress
0x14081f584 GetProcessAffinityMask
0x14081f58c GetQueuedCompletionStatusEx
0x14081f594 GetStartupInfoA
0x14081f59c GetStdHandle
0x14081f5a4 GetSystemDirectoryA
0x14081f5ac GetSystemInfo
0x14081f5b4 GetSystemTimeAsFileTime
0x14081f5bc GetThreadContext
0x14081f5c4 GetThreadPriority
0x14081f5cc GetTickCount
0x14081f5d4 InitializeCriticalSection
0x14081f5dc IsDBCSLeadByteEx
0x14081f5e4 IsDebuggerPresent
0x14081f5ec LeaveCriticalSection
0x14081f5f4 LoadLibraryExW
0x14081f5fc LoadLibraryW
0x14081f604 LocalFree
0x14081f60c MultiByteToWideChar
0x14081f614 OpenProcess
0x14081f61c OutputDebugStringA
0x14081f624 PostQueuedCompletionStatus
0x14081f62c QueryPerformanceCounter
0x14081f634 QueryPerformanceFrequency
0x14081f63c RaiseException
0x14081f644 RaiseFailFastException
0x14081f64c ReleaseMutex
0x14081f654 ReleaseSemaphore
0x14081f65c RemoveVectoredExceptionHandler
0x14081f664 ResetEvent
0x14081f66c ResumeThread
0x14081f674 RtlLookupFunctionEntry
0x14081f67c RtlVirtualUnwind
0x14081f684 SetConsoleCtrlHandler
0x14081f68c SetErrorMode
0x14081f694 SetEvent
0x14081f69c SetLastError
0x14081f6a4 SetProcessAffinityMask
0x14081f6ac SetProcessPriorityBoost
0x14081f6b4 SetThreadContext
0x14081f6bc SetThreadPriority
0x14081f6c4 SetUnhandledExceptionFilter
0x14081f6cc SetWaitableTimer
0x14081f6d4 Sleep
0x14081f6dc SuspendThread
0x14081f6e4 SwitchToThread
0x14081f6ec TlsAlloc
0x14081f6f4 TlsGetValue
0x14081f6fc TlsSetValue
0x14081f704 TryEnterCriticalSection
0x14081f70c VirtualAlloc
0x14081f714 VirtualFree
0x14081f71c VirtualProtect
0x14081f724 VirtualQuery
0x14081f72c WaitForMultipleObjects
0x14081f734 WaitForSingleObject
0x14081f73c WerGetFlags
0x14081f744 WerSetFlags
0x14081f74c WideCharToMultiByte
0x14081f754 WriteConsoleW
0x14081f75c WriteFile
0x14081f764 __C_specific_handler
msvcrt.dll
0x14081f774 ___lc_codepage_func
0x14081f77c ___mb_cur_max_func
0x14081f784 __getmainargs
0x14081f78c __initenv
0x14081f794 __iob_func
0x14081f79c __lconv_init
0x14081f7a4 __set_app_type
0x14081f7ac __setusermatherr
0x14081f7b4 _acmdln
0x14081f7bc _amsg_exit
0x14081f7c4 _beginthread
0x14081f7cc _beginthreadex
0x14081f7d4 _cexit
0x14081f7dc _commode
0x14081f7e4 _endthreadex
0x14081f7ec _errno
0x14081f7f4 _fmode
0x14081f7fc _initterm
0x14081f804 _lock
0x14081f80c _memccpy
0x14081f814 _onexit
0x14081f81c _setjmp
0x14081f824 _strdup
0x14081f82c _ultoa
0x14081f834 _unlock
0x14081f83c abort
0x14081f844 calloc
0x14081f84c exit
0x14081f854 fprintf
0x14081f85c fputc
0x14081f864 free
0x14081f86c fwrite
0x14081f874 localeconv
0x14081f87c longjmp
0x14081f884 malloc
0x14081f88c memcpy
0x14081f894 memmove
0x14081f89c memset
0x14081f8a4 printf
0x14081f8ac realloc
0x14081f8b4 signal
0x14081f8bc strerror
0x14081f8c4 strlen
0x14081f8cc strncmp
0x14081f8d4 vfprintf
0x14081f8dc wcslen
EAT(Export Address Table) Library
0x14081d010 _cgo_dummy_export