ScreenShot
| Created | 2024.08.15 15:22 | Machine | s1_win7_x6403 |
| Filename | u.png | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 6 detected (AIDetectMalware, Save, Malicious, confidence) | ||
| md5 | ca9e2fafc81b855386aaf7a50906efa4 | ||
| sha256 | 563d3e127d92bd8b8e15ee95f7d30e950ec30d41d4cd20658f5443273eea96c7 | ||
| ssdeep | 49152:eHm7mYKephZAXZgM82TkxR/oYqJuF5Nan4nPjzkwsRC460hOa41:eP9CKkra4 | ||
| imphash | 5585b0e8bd7b95f85318c79385189be7 | ||
| impfuzzy | 96:WST1rXwPCBvWAdcGOWKHaiCN4j9QqmTjH:freVVWKHaCQqmTjH | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
cryptprimitives.dll
0x1401a8180 ProcessPrng
api-ms-win-core-synch-l1-2-0.dll
0x1401a8070 WaitOnAddress
0x1401a8078 WakeByAddressAll
0x1401a8080 WakeByAddressSingle
kernel32.dll
0x1401a81f0 SetHandleInformation
0x1401a81f8 GetCurrentProcess
0x1401a8200 CreateIoCompletionPort
0x1401a8208 GetCurrentThreadId
0x1401a8210 GetQueuedCompletionStatusEx
0x1401a8218 PostQueuedCompletionStatus
0x1401a8220 GetSystemTimeAsFileTime
0x1401a8228 InitializeSListHead
0x1401a8230 SetFileCompletionNotificationModes
0x1401a8238 Sleep
0x1401a8240 GetModuleHandleA
0x1401a8248 GetProcAddress
0x1401a8250 IsDebuggerPresent
0x1401a8258 UnhandledExceptionFilter
0x1401a8260 AddVectoredExceptionHandler
0x1401a8268 SetThreadStackGuarantee
0x1401a8270 GetCurrentThread
0x1401a8278 SwitchToThread
0x1401a8280 WaitForSingleObject
0x1401a8288 QueryPerformanceCounter
0x1401a8290 GetSystemInfo
0x1401a8298 RtlCaptureContext
0x1401a82a0 RtlLookupFunctionEntry
0x1401a82a8 RtlVirtualUnwind
0x1401a82b0 SetLastError
0x1401a82b8 GetCurrentDirectoryW
0x1401a82c0 GetEnvironmentVariableW
0x1401a82c8 SetUnhandledExceptionFilter
0x1401a82d0 GetStdHandle
0x1401a82d8 GetCurrentProcessId
0x1401a82e0 QueryPerformanceFrequency
0x1401a82e8 HeapFree
0x1401a82f0 GetLastError
0x1401a82f8 HeapReAlloc
0x1401a8300 lstrlenW
0x1401a8308 ReleaseMutex
0x1401a8310 GetProcessHeap
0x1401a8318 HeapAlloc
0x1401a8320 GetFinalPathNameByHandleW
0x1401a8328 SwitchToFiber
0x1401a8330 CreateFiber
0x1401a8338 GetConsoleMode
0x1401a8340 VirtualProtect
0x1401a8348 GetModuleHandleW
0x1401a8350 FormatMessageW
0x1401a8358 MultiByteToWideChar
0x1401a8360 WriteConsoleW
0x1401a8368 WideCharToMultiByte
0x1401a8370 CreateThread
0x1401a8378 WaitForSingleObjectEx
0x1401a8380 LoadLibraryA
0x1401a8388 CreateMutexA
0x1401a8390 VirtualAlloc
0x1401a8398 ConvertThreadToFiber
0x1401a83a0 CloseHandle
0x1401a83a8 IsProcessorFeaturePresent
ws2_32.dll
0x1401a8440 WSASend
0x1401a8448 WSAIoctl
0x1401a8450 recv
0x1401a8458 shutdown
0x1401a8460 ioctlsocket
0x1401a8468 connect
0x1401a8470 ind
0x1401a8478 WSASocketW
0x1401a8480 getsockname
0x1401a8488 getpeername
0x1401a8490 setsockopt
0x1401a8498 closesocket
0x1401a84a0 getaddrinfo
0x1401a84a8 WSAGetLastError
0x1401a84b0 freeaddrinfo
0x1401a84b8 WSAStartup
0x1401a84c0 WSACleanup
0x1401a84c8 getsockopt
0x1401a84d0 send
advapi32.dll
0x1401a8050 RegCloseKey
0x1401a8058 RegQueryValueExW
0x1401a8060 RegOpenKeyExW
secur32.dll
0x1401a83e8 ApplyControlToken
0x1401a83f0 EncryptMessage
0x1401a83f8 AcceptSecurityContext
0x1401a8400 InitializeSecurityContextW
0x1401a8408 FreeContextBuffer
0x1401a8410 DecryptMessage
0x1401a8418 DeleteSecurityContext
0x1401a8420 QueryContextAttributesW
0x1401a8428 AcquireCredentialsHandleA
0x1401a8430 FreeCredentialsHandle
crypt32.dll
0x1401a8190 CertDuplicateCertificateChain
0x1401a8198 CertFreeCertificateChain
0x1401a81a0 CertGetCertificateChain
0x1401a81a8 CertVerifyCertificateChainPolicy
0x1401a81b0 CertFreeCertificateContext
0x1401a81b8 CertDuplicateCertificateContext
0x1401a81c0 CertEnumCertificatesInStore
0x1401a81c8 CertAddCertificateContextToStore
0x1401a81d0 CertOpenStore
0x1401a81d8 CertCloseStore
0x1401a81e0 CertDuplicateStore
ntdll.dll
0x1401a83b8 NtCancelIoFileEx
0x1401a83c0 NtDeviceIoControlFile
0x1401a83c8 RtlNtStatusToDosError
0x1401a83d0 NtWriteFile
0x1401a83d8 NtCreateFile
VCRUNTIME140.dll
0x1401a8000 __CxxFrameHandler3
0x1401a8008 __current_exception_context
0x1401a8010 __current_exception
0x1401a8018 memcpy
0x1401a8020 __C_specific_handler
0x1401a8028 _CxxThrowException
0x1401a8030 memmove
0x1401a8038 memcmp
0x1401a8040 memset
api-ms-win-crt-math-l1-1-0.dll
0x1401a80b8 pow
0x1401a80c0 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x1401a80d0 _exit
0x1401a80d8 exit
0x1401a80e0 __p___argc
0x1401a80e8 __p___argv
0x1401a80f0 _cexit
0x1401a80f8 _c_exit
0x1401a8100 _register_thread_local_exe_atexit_callback
0x1401a8108 _initterm_e
0x1401a8110 _configure_narrow_argv
0x1401a8118 _seh_filter_exe
0x1401a8120 _initialize_onexit_table
0x1401a8128 _register_onexit_function
0x1401a8130 _crt_atexit
0x1401a8138 terminate
0x1401a8140 _initialize_narrow_environment
0x1401a8148 _set_app_type
0x1401a8150 _get_initial_narrow_environment
0x1401a8158 _initterm
api-ms-win-crt-stdio-l1-1-0.dll
0x1401a8168 __p__commode
0x1401a8170 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1401a80a8 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1401a8090 _set_new_mode
0x1401a8098 free
EAT(Export Address Table) is none
cryptprimitives.dll
0x1401a8180 ProcessPrng
api-ms-win-core-synch-l1-2-0.dll
0x1401a8070 WaitOnAddress
0x1401a8078 WakeByAddressAll
0x1401a8080 WakeByAddressSingle
kernel32.dll
0x1401a81f0 SetHandleInformation
0x1401a81f8 GetCurrentProcess
0x1401a8200 CreateIoCompletionPort
0x1401a8208 GetCurrentThreadId
0x1401a8210 GetQueuedCompletionStatusEx
0x1401a8218 PostQueuedCompletionStatus
0x1401a8220 GetSystemTimeAsFileTime
0x1401a8228 InitializeSListHead
0x1401a8230 SetFileCompletionNotificationModes
0x1401a8238 Sleep
0x1401a8240 GetModuleHandleA
0x1401a8248 GetProcAddress
0x1401a8250 IsDebuggerPresent
0x1401a8258 UnhandledExceptionFilter
0x1401a8260 AddVectoredExceptionHandler
0x1401a8268 SetThreadStackGuarantee
0x1401a8270 GetCurrentThread
0x1401a8278 SwitchToThread
0x1401a8280 WaitForSingleObject
0x1401a8288 QueryPerformanceCounter
0x1401a8290 GetSystemInfo
0x1401a8298 RtlCaptureContext
0x1401a82a0 RtlLookupFunctionEntry
0x1401a82a8 RtlVirtualUnwind
0x1401a82b0 SetLastError
0x1401a82b8 GetCurrentDirectoryW
0x1401a82c0 GetEnvironmentVariableW
0x1401a82c8 SetUnhandledExceptionFilter
0x1401a82d0 GetStdHandle
0x1401a82d8 GetCurrentProcessId
0x1401a82e0 QueryPerformanceFrequency
0x1401a82e8 HeapFree
0x1401a82f0 GetLastError
0x1401a82f8 HeapReAlloc
0x1401a8300 lstrlenW
0x1401a8308 ReleaseMutex
0x1401a8310 GetProcessHeap
0x1401a8318 HeapAlloc
0x1401a8320 GetFinalPathNameByHandleW
0x1401a8328 SwitchToFiber
0x1401a8330 CreateFiber
0x1401a8338 GetConsoleMode
0x1401a8340 VirtualProtect
0x1401a8348 GetModuleHandleW
0x1401a8350 FormatMessageW
0x1401a8358 MultiByteToWideChar
0x1401a8360 WriteConsoleW
0x1401a8368 WideCharToMultiByte
0x1401a8370 CreateThread
0x1401a8378 WaitForSingleObjectEx
0x1401a8380 LoadLibraryA
0x1401a8388 CreateMutexA
0x1401a8390 VirtualAlloc
0x1401a8398 ConvertThreadToFiber
0x1401a83a0 CloseHandle
0x1401a83a8 IsProcessorFeaturePresent
ws2_32.dll
0x1401a8440 WSASend
0x1401a8448 WSAIoctl
0x1401a8450 recv
0x1401a8458 shutdown
0x1401a8460 ioctlsocket
0x1401a8468 connect
0x1401a8470 ind
0x1401a8478 WSASocketW
0x1401a8480 getsockname
0x1401a8488 getpeername
0x1401a8490 setsockopt
0x1401a8498 closesocket
0x1401a84a0 getaddrinfo
0x1401a84a8 WSAGetLastError
0x1401a84b0 freeaddrinfo
0x1401a84b8 WSAStartup
0x1401a84c0 WSACleanup
0x1401a84c8 getsockopt
0x1401a84d0 send
advapi32.dll
0x1401a8050 RegCloseKey
0x1401a8058 RegQueryValueExW
0x1401a8060 RegOpenKeyExW
secur32.dll
0x1401a83e8 ApplyControlToken
0x1401a83f0 EncryptMessage
0x1401a83f8 AcceptSecurityContext
0x1401a8400 InitializeSecurityContextW
0x1401a8408 FreeContextBuffer
0x1401a8410 DecryptMessage
0x1401a8418 DeleteSecurityContext
0x1401a8420 QueryContextAttributesW
0x1401a8428 AcquireCredentialsHandleA
0x1401a8430 FreeCredentialsHandle
crypt32.dll
0x1401a8190 CertDuplicateCertificateChain
0x1401a8198 CertFreeCertificateChain
0x1401a81a0 CertGetCertificateChain
0x1401a81a8 CertVerifyCertificateChainPolicy
0x1401a81b0 CertFreeCertificateContext
0x1401a81b8 CertDuplicateCertificateContext
0x1401a81c0 CertEnumCertificatesInStore
0x1401a81c8 CertAddCertificateContextToStore
0x1401a81d0 CertOpenStore
0x1401a81d8 CertCloseStore
0x1401a81e0 CertDuplicateStore
ntdll.dll
0x1401a83b8 NtCancelIoFileEx
0x1401a83c0 NtDeviceIoControlFile
0x1401a83c8 RtlNtStatusToDosError
0x1401a83d0 NtWriteFile
0x1401a83d8 NtCreateFile
VCRUNTIME140.dll
0x1401a8000 __CxxFrameHandler3
0x1401a8008 __current_exception_context
0x1401a8010 __current_exception
0x1401a8018 memcpy
0x1401a8020 __C_specific_handler
0x1401a8028 _CxxThrowException
0x1401a8030 memmove
0x1401a8038 memcmp
0x1401a8040 memset
api-ms-win-crt-math-l1-1-0.dll
0x1401a80b8 pow
0x1401a80c0 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x1401a80d0 _exit
0x1401a80d8 exit
0x1401a80e0 __p___argc
0x1401a80e8 __p___argv
0x1401a80f0 _cexit
0x1401a80f8 _c_exit
0x1401a8100 _register_thread_local_exe_atexit_callback
0x1401a8108 _initterm_e
0x1401a8110 _configure_narrow_argv
0x1401a8118 _seh_filter_exe
0x1401a8120 _initialize_onexit_table
0x1401a8128 _register_onexit_function
0x1401a8130 _crt_atexit
0x1401a8138 terminate
0x1401a8140 _initialize_narrow_environment
0x1401a8148 _set_app_type
0x1401a8150 _get_initial_narrow_environment
0x1401a8158 _initterm
api-ms-win-crt-stdio-l1-1-0.dll
0x1401a8168 __p__commode
0x1401a8170 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1401a80a8 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1401a8090 _set_new_mode
0x1401a8098 free
EAT(Export Address Table) is none