ScreenShot
| Created | 2024.08.14 10:59 | Machine | s1_win7_x6401 |
| Filename | backdoor.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (AIDetectMalware, GenericFCA, Malicious, score, Unsafe, Vp2d, Genus, Attribute, HighConfidence, MalwareX, CLOUD, rxfqc, ZexaF, e0Y@amuQCij, Detected, ai score=81, Wacatac, ABTrojan, WPND, PWRS, Chgt, R002H09DQ24, Rnkl, susgen) | ||
| md5 | 698f5896ec35c84909344dc08b7cae67 | ||
| sha256 | 9cc2e2d5feeb360b2ea9a650809468f08e13c0e997ebadf5baa69ae3c27a958e | ||
| ssdeep | 768:VprWOayEeJqYEs4fmZn5gzVwKXlhK2FkHPP3lLuzZPKqcPOI+HhM81+idVNH:Vk7fmDgZhHFkHPP3lLuBZc9AroidVNH | ||
| imphash | 8e93afb33c433eede3fd358369a7f47e | ||
| impfuzzy | 48:4fCCalc5VXl1NXqWaGhv/shqos1os/xPp47N:4fCCUc51lLXqWa6ssF1F/pp4h | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40c25c AllocConsole
0x40c260 DeleteCriticalSection
0x40c264 EnterCriticalSection
0x40c268 ExitProcess
0x40c26c FindClose
0x40c270 FindFirstFileA
0x40c274 FindNextFileA
0x40c278 FreeLibrary
0x40c27c GetCommandLineA
0x40c280 GetLastError
0x40c284 GetModuleHandleA
0x40c288 GetProcAddress
0x40c28c GetStartupInfoA
0x40c290 InitializeCriticalSection
0x40c294 LeaveCriticalSection
0x40c298 LoadLibraryA
0x40c29c SetUnhandledExceptionFilter
0x40c2a0 Sleep
0x40c2a4 TlsGetValue
0x40c2a8 VirtualProtect
0x40c2ac VirtualQuery
msvcrt.dll
0x40c2b4 _chdir
0x40c2b8 _strdup
0x40c2bc _stricoll
msvcrt.dll
0x40c2c4 __getmainargs
0x40c2c8 __mb_cur_max
0x40c2cc __p__environ
0x40c2d0 __p__fmode
0x40c2d4 __set_app_type
0x40c2d8 _cexit
0x40c2dc _errno
0x40c2e0 _fpreset
0x40c2e4 _fullpath
0x40c2e8 _iob
0x40c2ec _isctype
0x40c2f0 _onexit
0x40c2f4 _pclose
0x40c2f8 _pctype
0x40c2fc _popen
0x40c300 _setmode
0x40c304 abort
0x40c308 atexit
0x40c30c calloc
0x40c310 exit
0x40c314 fgets
0x40c318 free
0x40c31c fwrite
0x40c320 malloc
0x40c324 mbstowcs
0x40c328 memcmp
0x40c32c memcpy
0x40c330 memset
0x40c334 printf
0x40c338 puts
0x40c33c realloc
0x40c340 setlocale
0x40c344 signal
0x40c348 strcat
0x40c34c strcmp
0x40c350 strcoll
0x40c354 strcpy
0x40c358 strlen
0x40c35c strncmp
0x40c360 strncpy
0x40c364 strtok
0x40c368 tolower
0x40c36c vfprintf
0x40c370 wcstombs
USER32.dll
0x40c378 FindWindowA
0x40c37c ShowWindow
WSOCK32.DLL
0x40c384 WSACleanup
0x40c388 WSAStartup
0x40c38c closesocket
0x40c390 connect
0x40c394 htons
0x40c398 inet_addr
0x40c39c recv
0x40c3a0 send
0x40c3a4 socket
libgcc_s_dw2-1.dll
0x40c3ac _Unwind_Resume
0x40c3b0 __deregister_frame_info
0x40c3b4 __register_frame_info
0x40c3b8 __udivdi3
libstdc++-6.dll
0x40c3c0 _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4dataEv
0x40c3c4 _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEPKcj
0x40c3c8 _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv
0x40c3cc _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv
0x40c3d0 _ZNSaIcEC1Ev
0x40c3d4 _ZNSaIcED1Ev
0x40c3d8 _ZNSolsEPFRSoS_E
0x40c3dc _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EPKcRKS3_
0x40c3e0 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1ERKS4_
0x40c3e4 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED1Ev
0x40c3e8 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEOS4_
0x40c3ec _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEPKc
0x40c3f0 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSERKS4_
0x40c3f4 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLEPKc
0x40c3f8 _ZNSt8ios_base4InitC1Ev
0x40c3fc _ZNSt8ios_base4InitD1Ev
0x40c400 _ZSt4cerr
0x40c404 _ZSt4cout
0x40c408 _ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
0x40c40c _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
0x40c410 __gxx_personality_v0
EAT(Export Address Table) is none
KERNEL32.dll
0x40c25c AllocConsole
0x40c260 DeleteCriticalSection
0x40c264 EnterCriticalSection
0x40c268 ExitProcess
0x40c26c FindClose
0x40c270 FindFirstFileA
0x40c274 FindNextFileA
0x40c278 FreeLibrary
0x40c27c GetCommandLineA
0x40c280 GetLastError
0x40c284 GetModuleHandleA
0x40c288 GetProcAddress
0x40c28c GetStartupInfoA
0x40c290 InitializeCriticalSection
0x40c294 LeaveCriticalSection
0x40c298 LoadLibraryA
0x40c29c SetUnhandledExceptionFilter
0x40c2a0 Sleep
0x40c2a4 TlsGetValue
0x40c2a8 VirtualProtect
0x40c2ac VirtualQuery
msvcrt.dll
0x40c2b4 _chdir
0x40c2b8 _strdup
0x40c2bc _stricoll
msvcrt.dll
0x40c2c4 __getmainargs
0x40c2c8 __mb_cur_max
0x40c2cc __p__environ
0x40c2d0 __p__fmode
0x40c2d4 __set_app_type
0x40c2d8 _cexit
0x40c2dc _errno
0x40c2e0 _fpreset
0x40c2e4 _fullpath
0x40c2e8 _iob
0x40c2ec _isctype
0x40c2f0 _onexit
0x40c2f4 _pclose
0x40c2f8 _pctype
0x40c2fc _popen
0x40c300 _setmode
0x40c304 abort
0x40c308 atexit
0x40c30c calloc
0x40c310 exit
0x40c314 fgets
0x40c318 free
0x40c31c fwrite
0x40c320 malloc
0x40c324 mbstowcs
0x40c328 memcmp
0x40c32c memcpy
0x40c330 memset
0x40c334 printf
0x40c338 puts
0x40c33c realloc
0x40c340 setlocale
0x40c344 signal
0x40c348 strcat
0x40c34c strcmp
0x40c350 strcoll
0x40c354 strcpy
0x40c358 strlen
0x40c35c strncmp
0x40c360 strncpy
0x40c364 strtok
0x40c368 tolower
0x40c36c vfprintf
0x40c370 wcstombs
USER32.dll
0x40c378 FindWindowA
0x40c37c ShowWindow
WSOCK32.DLL
0x40c384 WSACleanup
0x40c388 WSAStartup
0x40c38c closesocket
0x40c390 connect
0x40c394 htons
0x40c398 inet_addr
0x40c39c recv
0x40c3a0 send
0x40c3a4 socket
libgcc_s_dw2-1.dll
0x40c3ac _Unwind_Resume
0x40c3b0 __deregister_frame_info
0x40c3b4 __register_frame_info
0x40c3b8 __udivdi3
libstdc++-6.dll
0x40c3c0 _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4dataEv
0x40c3c4 _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEPKcj
0x40c3c8 _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv
0x40c3cc _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv
0x40c3d0 _ZNSaIcEC1Ev
0x40c3d4 _ZNSaIcED1Ev
0x40c3d8 _ZNSolsEPFRSoS_E
0x40c3dc _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EPKcRKS3_
0x40c3e0 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1ERKS4_
0x40c3e4 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED1Ev
0x40c3e8 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEOS4_
0x40c3ec _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEPKc
0x40c3f0 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSERKS4_
0x40c3f4 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLEPKc
0x40c3f8 _ZNSt8ios_base4InitC1Ev
0x40c3fc _ZNSt8ios_base4InitD1Ev
0x40c400 _ZSt4cerr
0x40c404 _ZSt4cout
0x40c408 _ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
0x40c40c _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
0x40c410 __gxx_personality_v0
EAT(Export Address Table) is none