ScreenShot
| Created | 2024.08.15 11:07 | Machine | s1_win7_x6401 |
| Filename | b.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 35 detected (AIDetectMalware, malicious, high confidence, score, Sdbot, Unsafe, Whisperer, Barys, Attribute, HighConfidence, Kryptik, CobaltStrike, AGEN, Static AI, Suspicious PE, Detected, ai score=82, Eldorado, R561237, Shellcoderunner, confidence, 100%) | ||
| md5 | 01359d7d9ec82b16108b98fb6d31ce22 | ||
| sha256 | 74952004f8e87a5742e42764ec6452e6d4ecd1af90b4da715d34b043c5faa7bf | ||
| ssdeep | 6144:7w8X//F0GMuUBhKsw/bhPXer9N9rkRZtJRK+nW:x//FDMxnKsCFOroZDR | ||
| imphash | 2d3ad4e365f4516a6665dced40797507 | ||
| impfuzzy | 24:FwunEQfCTlDKn+kEqjIlMblRf5XGfqXZIkomvlxcqdZ4:COfCc+kEJslJJGfqJIk1vkqM | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x14005b248 RegisterServiceCtrlHandlerA
0x14005b250 SetServiceStatus
0x14005b258 StartServiceCtrlDispatcherA
KERNEL32.dll
0x14005b268 CreateProcessA
0x14005b270 DeleteCriticalSection
0x14005b278 EnterCriticalSection
0x14005b280 ExitProcess
0x14005b288 GetCurrentProcess
0x14005b290 GetLastError
0x14005b298 GetModuleHandleA
0x14005b2a0 GetProcAddress
0x14005b2a8 GetTickCount
0x14005b2b0 InitializeCriticalSection
0x14005b2b8 IsDBCSLeadByteEx
0x14005b2c0 LeaveCriticalSection
0x14005b2c8 MultiByteToWideChar
0x14005b2d0 SetUnhandledExceptionFilter
0x14005b2d8 Sleep
0x14005b2e0 TlsGetValue
0x14005b2e8 VirtualProtect
0x14005b2f0 VirtualQuery
0x14005b2f8 WaitForSingleObject
0x14005b300 WideCharToMultiByte
msvcrt.dll
0x14005b310 __C_specific_handler
0x14005b318 ___lc_codepage_func
0x14005b320 ___mb_cur_max_func
0x14005b328 __getmainargs
0x14005b330 __initenv
0x14005b338 __iob_func
0x14005b340 __set_app_type
0x14005b348 __setusermatherr
0x14005b350 _amsg_exit
0x14005b358 _cexit
0x14005b360 _commode
0x14005b368 _errno
0x14005b370 _fmode
0x14005b378 _initterm
0x14005b380 _onexit
0x14005b388 _snprintf
0x14005b390 abort
0x14005b398 calloc
0x14005b3a0 exit
0x14005b3a8 fprintf
0x14005b3b0 fputc
0x14005b3b8 free
0x14005b3c0 fwrite
0x14005b3c8 localeconv
0x14005b3d0 malloc
0x14005b3d8 mbstowcs
0x14005b3e0 memcpy
0x14005b3e8 memset
0x14005b3f0 rand
0x14005b3f8 signal
0x14005b400 strerror
0x14005b408 strlen
0x14005b410 strncmp
0x14005b418 vfprintf
0x14005b420 wcslen
0x14005b428 wcsncat
0x14005b430 wcsncpy
EAT(Export Address Table) is none
ADVAPI32.dll
0x14005b248 RegisterServiceCtrlHandlerA
0x14005b250 SetServiceStatus
0x14005b258 StartServiceCtrlDispatcherA
KERNEL32.dll
0x14005b268 CreateProcessA
0x14005b270 DeleteCriticalSection
0x14005b278 EnterCriticalSection
0x14005b280 ExitProcess
0x14005b288 GetCurrentProcess
0x14005b290 GetLastError
0x14005b298 GetModuleHandleA
0x14005b2a0 GetProcAddress
0x14005b2a8 GetTickCount
0x14005b2b0 InitializeCriticalSection
0x14005b2b8 IsDBCSLeadByteEx
0x14005b2c0 LeaveCriticalSection
0x14005b2c8 MultiByteToWideChar
0x14005b2d0 SetUnhandledExceptionFilter
0x14005b2d8 Sleep
0x14005b2e0 TlsGetValue
0x14005b2e8 VirtualProtect
0x14005b2f0 VirtualQuery
0x14005b2f8 WaitForSingleObject
0x14005b300 WideCharToMultiByte
msvcrt.dll
0x14005b310 __C_specific_handler
0x14005b318 ___lc_codepage_func
0x14005b320 ___mb_cur_max_func
0x14005b328 __getmainargs
0x14005b330 __initenv
0x14005b338 __iob_func
0x14005b340 __set_app_type
0x14005b348 __setusermatherr
0x14005b350 _amsg_exit
0x14005b358 _cexit
0x14005b360 _commode
0x14005b368 _errno
0x14005b370 _fmode
0x14005b378 _initterm
0x14005b380 _onexit
0x14005b388 _snprintf
0x14005b390 abort
0x14005b398 calloc
0x14005b3a0 exit
0x14005b3a8 fprintf
0x14005b3b0 fputc
0x14005b3b8 free
0x14005b3c0 fwrite
0x14005b3c8 localeconv
0x14005b3d0 malloc
0x14005b3d8 mbstowcs
0x14005b3e0 memcpy
0x14005b3e8 memset
0x14005b3f0 rand
0x14005b3f8 signal
0x14005b400 strerror
0x14005b408 strlen
0x14005b410 strncmp
0x14005b418 vfprintf
0x14005b420 wcslen
0x14005b428 wcsncat
0x14005b430 wcsncpy
EAT(Export Address Table) is none