ScreenShot
| Created | 2024.08.14 13:39 | Machine | s1_win7_x6401 |
| Filename | vsrfdgej.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 42 detected (AIDetectMalware, malicious, high confidence, score, Artemis, DeepScan, Loader, Marte, Vaux, TrojanX, Sheller, CLOUD, AGEN, R002C0XEF24, ai score=89, Wacapew, Gencirc, Static AI, Suspicious PE, susgen, PossibleThreat, confidence, Labqct) | ||
| md5 | 319cc8df286242b248cf442ca4e87220 | ||
| sha256 | 5461ed9bfe7bb882cef5d0375ad962c4004b4fb84102451adc99f6029f1ecec0 | ||
| ssdeep | 6144:BLlDKP3ZEdD1qtUJ1K+u6PiHDkSQCKO5fDp1O7mnkgBkA/EyG8XjMsXA:LKBEPgUJHkHDkSHP0mkgBkABTMN | ||
| imphash | 2f7f7af2eab30b7eb6756d354f206577 | ||
| impfuzzy | 48:w7MCWyXW9OftriW1ZiRj9AN3nBDHP+sjVQSLMC:w7MCWyXWAftriWLiRj9ANxDmsj7 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Command line console output was observed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x14001e138 InitializeSListHead
0x14001e140 GetCurrentThreadId
0x14001e148 IsDebuggerPresent
0x14001e150 GetCurrentProcess
0x14001e158 GetEnvironmentVariableW
0x14001e160 GetCurrentDirectoryW
0x14001e168 SetLastError
0x14001e170 GetStdHandle
0x14001e178 GetCurrentProcessId
0x14001e180 RtlLookupFunctionEntry
0x14001e188 RtlVirtualUnwind
0x14001e190 TryAcquireSRWLockExclusive
0x14001e198 HeapFree
0x14001e1a0 RtlCaptureContext
0x14001e1a8 HeapReAlloc
0x14001e1b0 AcquireSRWLockExclusive
0x14001e1b8 ReleaseSRWLockShared
0x14001e1c0 ReleaseMutex
0x14001e1c8 GetModuleHandleA
0x14001e1d0 GetProcessHeap
0x14001e1d8 HeapAlloc
0x14001e1e0 WaitForSingleObject
0x14001e1e8 GetConsoleMode
0x14001e1f0 SetThreadStackGuarantee
0x14001e1f8 GetModuleHandleW
0x14001e200 FormatMessageW
0x14001e208 MultiByteToWideChar
0x14001e210 WriteConsoleW
0x14001e218 AddVectoredExceptionHandler
0x14001e220 WaitForSingleObjectEx
0x14001e228 CreateMutexA
0x14001e230 ReleaseSRWLockExclusive
0x14001e238 UnhandledExceptionFilter
0x14001e240 SetUnhandledExceptionFilter
0x14001e248 CloseHandle
0x14001e250 QueryPerformanceCounter
0x14001e258 GetSystemTimeAsFileTime
0x14001e260 GetLastError
0x14001e268 GetCurrentThread
0x14001e270 VirtualProtect
0x14001e278 VirtualAlloc
0x14001e280 GetProcAddress
0x14001e288 LoadLibraryA
0x14001e290 GetConsoleWindow
0x14001e298 AcquireSRWLockShared
0x14001e2a0 IsProcessorFeaturePresent
user32.dll
0x14001e2c8 ShowWindow
ntdll.dll
0x14001e2b0 RtlNtStatusToDosError
0x14001e2b8 NtWriteFile
VCRUNTIME140.dll
0x14001e000 __CxxFrameHandler3
0x14001e008 __current_exception_context
0x14001e010 memcmp
0x14001e018 _CxxThrowException
0x14001e020 memmove
0x14001e028 memcpy
0x14001e030 __C_specific_handler
0x14001e038 __current_exception
0x14001e040 memset
api-ms-win-crt-math-l1-1-0.dll
0x14001e078 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x14001e088 _initterm
0x14001e090 _initterm_e
0x14001e098 _initialize_narrow_environment
0x14001e0a0 _exit
0x14001e0a8 _set_app_type
0x14001e0b0 __p___argc
0x14001e0b8 __p___argv
0x14001e0c0 _cexit
0x14001e0c8 _c_exit
0x14001e0d0 _register_thread_local_exe_atexit_callback
0x14001e0d8 _configure_narrow_argv
0x14001e0e0 _get_initial_narrow_environment
0x14001e0e8 _seh_filter_exe
0x14001e0f0 exit
0x14001e0f8 _initialize_onexit_table
0x14001e100 _register_onexit_function
0x14001e108 _crt_atexit
0x14001e110 terminate
api-ms-win-crt-stdio-l1-1-0.dll
0x14001e120 _set_fmode
0x14001e128 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x14001e068 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x14001e050 free
0x14001e058 _set_new_mode
EAT(Export Address Table) is none
kernel32.dll
0x14001e138 InitializeSListHead
0x14001e140 GetCurrentThreadId
0x14001e148 IsDebuggerPresent
0x14001e150 GetCurrentProcess
0x14001e158 GetEnvironmentVariableW
0x14001e160 GetCurrentDirectoryW
0x14001e168 SetLastError
0x14001e170 GetStdHandle
0x14001e178 GetCurrentProcessId
0x14001e180 RtlLookupFunctionEntry
0x14001e188 RtlVirtualUnwind
0x14001e190 TryAcquireSRWLockExclusive
0x14001e198 HeapFree
0x14001e1a0 RtlCaptureContext
0x14001e1a8 HeapReAlloc
0x14001e1b0 AcquireSRWLockExclusive
0x14001e1b8 ReleaseSRWLockShared
0x14001e1c0 ReleaseMutex
0x14001e1c8 GetModuleHandleA
0x14001e1d0 GetProcessHeap
0x14001e1d8 HeapAlloc
0x14001e1e0 WaitForSingleObject
0x14001e1e8 GetConsoleMode
0x14001e1f0 SetThreadStackGuarantee
0x14001e1f8 GetModuleHandleW
0x14001e200 FormatMessageW
0x14001e208 MultiByteToWideChar
0x14001e210 WriteConsoleW
0x14001e218 AddVectoredExceptionHandler
0x14001e220 WaitForSingleObjectEx
0x14001e228 CreateMutexA
0x14001e230 ReleaseSRWLockExclusive
0x14001e238 UnhandledExceptionFilter
0x14001e240 SetUnhandledExceptionFilter
0x14001e248 CloseHandle
0x14001e250 QueryPerformanceCounter
0x14001e258 GetSystemTimeAsFileTime
0x14001e260 GetLastError
0x14001e268 GetCurrentThread
0x14001e270 VirtualProtect
0x14001e278 VirtualAlloc
0x14001e280 GetProcAddress
0x14001e288 LoadLibraryA
0x14001e290 GetConsoleWindow
0x14001e298 AcquireSRWLockShared
0x14001e2a0 IsProcessorFeaturePresent
user32.dll
0x14001e2c8 ShowWindow
ntdll.dll
0x14001e2b0 RtlNtStatusToDosError
0x14001e2b8 NtWriteFile
VCRUNTIME140.dll
0x14001e000 __CxxFrameHandler3
0x14001e008 __current_exception_context
0x14001e010 memcmp
0x14001e018 _CxxThrowException
0x14001e020 memmove
0x14001e028 memcpy
0x14001e030 __C_specific_handler
0x14001e038 __current_exception
0x14001e040 memset
api-ms-win-crt-math-l1-1-0.dll
0x14001e078 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x14001e088 _initterm
0x14001e090 _initterm_e
0x14001e098 _initialize_narrow_environment
0x14001e0a0 _exit
0x14001e0a8 _set_app_type
0x14001e0b0 __p___argc
0x14001e0b8 __p___argv
0x14001e0c0 _cexit
0x14001e0c8 _c_exit
0x14001e0d0 _register_thread_local_exe_atexit_callback
0x14001e0d8 _configure_narrow_argv
0x14001e0e0 _get_initial_narrow_environment
0x14001e0e8 _seh_filter_exe
0x14001e0f0 exit
0x14001e0f8 _initialize_onexit_table
0x14001e100 _register_onexit_function
0x14001e108 _crt_atexit
0x14001e110 terminate
api-ms-win-crt-stdio-l1-1-0.dll
0x14001e120 _set_fmode
0x14001e128 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x14001e068 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x14001e050 free
0x14001e058 _set_new_mode
EAT(Export Address Table) is none