ScreenShot
| Created | 2024.08.16 17:45 | Machine | s1_win7_x6403 |
| Filename | atualizarchavebb.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 2 detected (Detected) | ||
| md5 | 5f6ed924c5fc2a7134acad39c491e426 | ||
| sha256 | f814953290b4a89b9e70fa524b09eb9ea6c8725227d62fb847dab139f0533eeb | ||
| ssdeep | 49152:2JNg5cN1ccLoFG81ClWT1K+fOzxav9gEuyVT66xlGh:2FlEduc6El | ||
| imphash | b8a71eb0643804f985526dcb685fa9ab | ||
| impfuzzy | 96:OtLnFx9FrXvQcAqohoQW+Hb9kTNgSYd8YK6:OtrFAqQW+HxwYd8YK6 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
cryptprimitives.dll
0x1401be438 ProcessPrng
api-ms-win-core-synch-l1-2-0.dll
0x1401be328 WaitOnAddress
0x1401be330 WakeByAddressAll
0x1401be338 WakeByAddressSingle
ADVAPI32.dll
0x1401be000 RegQueryValueExW
0x1401be008 RegOpenKeyExW
0x1401be010 RegCloseKey
KERNEL32.dll
0x1401be020 IsDebuggerPresent
0x1401be028 IsProcessorFeaturePresent
0x1401be030 SetUnhandledExceptionFilter
0x1401be038 UnhandledExceptionFilter
0x1401be040 GetCurrentThreadId
0x1401be048 CloseHandle
0x1401be050 lstrlenW
0x1401be058 GetSystemTimeAsFileTime
0x1401be060 QueryPerformanceCounter
0x1401be068 QueryPerformanceFrequency
0x1401be070 SetHandleInformation
0x1401be078 CreateIoCompletionPort
0x1401be080 GetQueuedCompletionStatusEx
0x1401be088 PostQueuedCompletionStatus
0x1401be090 ReadFile
0x1401be098 GetOverlappedResult
0x1401be0a0 SetFileCompletionNotificationModes
0x1401be0a8 FreeEnvironmentStringsW
0x1401be0b0 DeleteProcThreadAttributeList
0x1401be0b8 CompareStringOrdinal
0x1401be0c0 GetLastError
0x1401be0c8 AddVectoredExceptionHandler
0x1401be0d0 SetThreadStackGuarantee
0x1401be0d8 GetCurrentThread
0x1401be0e0 SwitchToThread
0x1401be0e8 WaitForSingleObject
0x1401be0f0 RtlCaptureContext
0x1401be0f8 RtlLookupFunctionEntry
0x1401be100 RtlVirtualUnwind
0x1401be108 SetLastError
0x1401be110 GetCurrentDirectoryW
0x1401be118 GetEnvironmentStringsW
0x1401be120 GetEnvironmentVariableW
0x1401be128 SetFileInformationByHandle
0x1401be130 GetCurrentProcess
0x1401be138 DuplicateHandle
0x1401be140 SetFilePointerEx
0x1401be148 GetStdHandle
0x1401be150 GetCurrentProcessId
0x1401be158 WriteFileEx
0x1401be160 SleepEx
0x1401be168 GetExitCodeProcess
0x1401be170 TerminateProcess
0x1401be178 HeapFree
0x1401be180 HeapReAlloc
0x1401be188 ReleaseMutex
0x1401be190 GetProcessHeap
0x1401be198 HeapAlloc
0x1401be1a0 FindClose
0x1401be1a8 CreateFileW
0x1401be1b0 GetFileInformationByHandle
0x1401be1b8 GetFileInformationByHandleEx
0x1401be1c0 CreateDirectoryW
0x1401be1c8 FindFirstFileW
0x1401be1d0 DeleteFileW
0x1401be1d8 GetFinalPathNameByHandleW
0x1401be1e0 CreateEventW
0x1401be1e8 CancelIo
0x1401be1f0 GetConsoleMode
0x1401be1f8 GetModuleHandleW
0x1401be200 FormatMessageW
0x1401be208 GetModuleFileNameW
0x1401be210 CreateNamedPipeW
0x1401be218 ReadFileEx
0x1401be220 WaitForMultipleObjects
0x1401be228 GetSystemDirectoryW
0x1401be230 GetWindowsDirectoryW
0x1401be238 CreateProcessW
0x1401be240 GetFileAttributesW
0x1401be248 InitializeProcThreadAttributeList
0x1401be250 UpdateProcThreadAttribute
0x1401be258 MultiByteToWideChar
0x1401be260 WriteConsoleW
0x1401be268 CreateThread
0x1401be270 GetFullPathNameW
0x1401be278 GetModuleHandleA
0x1401be280 GetProcAddress
0x1401be288 WaitForSingleObjectEx
0x1401be290 LoadLibraryA
0x1401be298 CreateMutexA
0x1401be2a0 InitializeSListHead
ole32.dll
0x1401be4e0 CoTaskMemFree
SHELL32.dll
0x1401be2b0 ShellExecuteW
0x1401be2b8 SHGetKnownFolderPath
USER32.dll
0x1401be2c8 MessageBoxW
ws2_32.dll
0x1401be548 getpeername
0x1401be550 ind
0x1401be558 connect
0x1401be560 WSASocketW
0x1401be568 getaddrinfo
0x1401be570 freeaddrinfo
0x1401be578 getsockname
0x1401be580 WSACleanup
0x1401be588 WSAStartup
0x1401be590 WSAGetLastError
0x1401be598 WSAIoctl
0x1401be5a0 setsockopt
0x1401be5a8 WSASend
0x1401be5b0 send
0x1401be5b8 recv
0x1401be5c0 closesocket
0x1401be5c8 shutdown
0x1401be5d0 getsockopt
0x1401be5d8 ioctlsocket
secur32.dll
0x1401be4f0 FreeCredentialsHandle
0x1401be4f8 EncryptMessage
0x1401be500 QueryContextAttributesW
0x1401be508 ApplyControlToken
0x1401be510 InitializeSecurityContextW
0x1401be518 AcceptSecurityContext
0x1401be520 FreeContextBuffer
0x1401be528 DecryptMessage
0x1401be530 DeleteSecurityContext
0x1401be538 AcquireCredentialsHandleA
crypt32.dll
0x1401be448 CertGetCertificateChain
0x1401be450 CertVerifyCertificateChainPolicy
0x1401be458 CertDuplicateCertificateChain
0x1401be460 CertFreeCertificateChain
0x1401be468 CertDuplicateCertificateContext
0x1401be470 CertFreeCertificateContext
0x1401be478 CertCloseStore
0x1401be480 CertDuplicateStore
0x1401be488 CertOpenStore
0x1401be490 CertAddCertificateContextToStore
0x1401be498 CertEnumCertificatesInStore
ntdll.dll
0x1401be4a8 NtCreateFile
0x1401be4b0 NtDeviceIoControlFile
0x1401be4b8 RtlNtStatusToDosError
0x1401be4c0 NtCancelIoFileEx
0x1401be4c8 NtWriteFile
0x1401be4d0 NtReadFile
VCRUNTIME140.dll
0x1401be2d8 memcpy
0x1401be2e0 memmove
0x1401be2e8 memset
0x1401be2f0 memcmp
0x1401be2f8 _CxxThrowException
0x1401be300 __C_specific_handler
0x1401be308 __current_exception
0x1401be310 __current_exception_context
0x1401be318 __CxxFrameHandler3
api-ms-win-crt-heap-l1-1-0.dll
0x1401be348 free
0x1401be350 _set_new_mode
0x1401be358 malloc
api-ms-win-crt-runtime-l1-1-0.dll
0x1401be388 _cexit
0x1401be390 __p___argv
0x1401be398 __p___argc
0x1401be3a0 _register_onexit_function
0x1401be3a8 _exit
0x1401be3b0 exit
0x1401be3b8 _initterm_e
0x1401be3c0 _initialize_onexit_table
0x1401be3c8 _get_initial_narrow_environment
0x1401be3d0 _initialize_narrow_environment
0x1401be3d8 _configure_narrow_argv
0x1401be3e0 _register_thread_local_exe_atexit_callback
0x1401be3e8 _set_app_type
0x1401be3f0 _seh_filter_exe
0x1401be3f8 _crt_atexit
0x1401be400 terminate
0x1401be408 _initterm
0x1401be410 _c_exit
api-ms-win-crt-math-l1-1-0.dll
0x1401be378 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x1401be420 _set_fmode
0x1401be428 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1401be368 _configthreadlocale
EAT(Export Address Table) is none
cryptprimitives.dll
0x1401be438 ProcessPrng
api-ms-win-core-synch-l1-2-0.dll
0x1401be328 WaitOnAddress
0x1401be330 WakeByAddressAll
0x1401be338 WakeByAddressSingle
ADVAPI32.dll
0x1401be000 RegQueryValueExW
0x1401be008 RegOpenKeyExW
0x1401be010 RegCloseKey
KERNEL32.dll
0x1401be020 IsDebuggerPresent
0x1401be028 IsProcessorFeaturePresent
0x1401be030 SetUnhandledExceptionFilter
0x1401be038 UnhandledExceptionFilter
0x1401be040 GetCurrentThreadId
0x1401be048 CloseHandle
0x1401be050 lstrlenW
0x1401be058 GetSystemTimeAsFileTime
0x1401be060 QueryPerformanceCounter
0x1401be068 QueryPerformanceFrequency
0x1401be070 SetHandleInformation
0x1401be078 CreateIoCompletionPort
0x1401be080 GetQueuedCompletionStatusEx
0x1401be088 PostQueuedCompletionStatus
0x1401be090 ReadFile
0x1401be098 GetOverlappedResult
0x1401be0a0 SetFileCompletionNotificationModes
0x1401be0a8 FreeEnvironmentStringsW
0x1401be0b0 DeleteProcThreadAttributeList
0x1401be0b8 CompareStringOrdinal
0x1401be0c0 GetLastError
0x1401be0c8 AddVectoredExceptionHandler
0x1401be0d0 SetThreadStackGuarantee
0x1401be0d8 GetCurrentThread
0x1401be0e0 SwitchToThread
0x1401be0e8 WaitForSingleObject
0x1401be0f0 RtlCaptureContext
0x1401be0f8 RtlLookupFunctionEntry
0x1401be100 RtlVirtualUnwind
0x1401be108 SetLastError
0x1401be110 GetCurrentDirectoryW
0x1401be118 GetEnvironmentStringsW
0x1401be120 GetEnvironmentVariableW
0x1401be128 SetFileInformationByHandle
0x1401be130 GetCurrentProcess
0x1401be138 DuplicateHandle
0x1401be140 SetFilePointerEx
0x1401be148 GetStdHandle
0x1401be150 GetCurrentProcessId
0x1401be158 WriteFileEx
0x1401be160 SleepEx
0x1401be168 GetExitCodeProcess
0x1401be170 TerminateProcess
0x1401be178 HeapFree
0x1401be180 HeapReAlloc
0x1401be188 ReleaseMutex
0x1401be190 GetProcessHeap
0x1401be198 HeapAlloc
0x1401be1a0 FindClose
0x1401be1a8 CreateFileW
0x1401be1b0 GetFileInformationByHandle
0x1401be1b8 GetFileInformationByHandleEx
0x1401be1c0 CreateDirectoryW
0x1401be1c8 FindFirstFileW
0x1401be1d0 DeleteFileW
0x1401be1d8 GetFinalPathNameByHandleW
0x1401be1e0 CreateEventW
0x1401be1e8 CancelIo
0x1401be1f0 GetConsoleMode
0x1401be1f8 GetModuleHandleW
0x1401be200 FormatMessageW
0x1401be208 GetModuleFileNameW
0x1401be210 CreateNamedPipeW
0x1401be218 ReadFileEx
0x1401be220 WaitForMultipleObjects
0x1401be228 GetSystemDirectoryW
0x1401be230 GetWindowsDirectoryW
0x1401be238 CreateProcessW
0x1401be240 GetFileAttributesW
0x1401be248 InitializeProcThreadAttributeList
0x1401be250 UpdateProcThreadAttribute
0x1401be258 MultiByteToWideChar
0x1401be260 WriteConsoleW
0x1401be268 CreateThread
0x1401be270 GetFullPathNameW
0x1401be278 GetModuleHandleA
0x1401be280 GetProcAddress
0x1401be288 WaitForSingleObjectEx
0x1401be290 LoadLibraryA
0x1401be298 CreateMutexA
0x1401be2a0 InitializeSListHead
ole32.dll
0x1401be4e0 CoTaskMemFree
SHELL32.dll
0x1401be2b0 ShellExecuteW
0x1401be2b8 SHGetKnownFolderPath
USER32.dll
0x1401be2c8 MessageBoxW
ws2_32.dll
0x1401be548 getpeername
0x1401be550 ind
0x1401be558 connect
0x1401be560 WSASocketW
0x1401be568 getaddrinfo
0x1401be570 freeaddrinfo
0x1401be578 getsockname
0x1401be580 WSACleanup
0x1401be588 WSAStartup
0x1401be590 WSAGetLastError
0x1401be598 WSAIoctl
0x1401be5a0 setsockopt
0x1401be5a8 WSASend
0x1401be5b0 send
0x1401be5b8 recv
0x1401be5c0 closesocket
0x1401be5c8 shutdown
0x1401be5d0 getsockopt
0x1401be5d8 ioctlsocket
secur32.dll
0x1401be4f0 FreeCredentialsHandle
0x1401be4f8 EncryptMessage
0x1401be500 QueryContextAttributesW
0x1401be508 ApplyControlToken
0x1401be510 InitializeSecurityContextW
0x1401be518 AcceptSecurityContext
0x1401be520 FreeContextBuffer
0x1401be528 DecryptMessage
0x1401be530 DeleteSecurityContext
0x1401be538 AcquireCredentialsHandleA
crypt32.dll
0x1401be448 CertGetCertificateChain
0x1401be450 CertVerifyCertificateChainPolicy
0x1401be458 CertDuplicateCertificateChain
0x1401be460 CertFreeCertificateChain
0x1401be468 CertDuplicateCertificateContext
0x1401be470 CertFreeCertificateContext
0x1401be478 CertCloseStore
0x1401be480 CertDuplicateStore
0x1401be488 CertOpenStore
0x1401be490 CertAddCertificateContextToStore
0x1401be498 CertEnumCertificatesInStore
ntdll.dll
0x1401be4a8 NtCreateFile
0x1401be4b0 NtDeviceIoControlFile
0x1401be4b8 RtlNtStatusToDosError
0x1401be4c0 NtCancelIoFileEx
0x1401be4c8 NtWriteFile
0x1401be4d0 NtReadFile
VCRUNTIME140.dll
0x1401be2d8 memcpy
0x1401be2e0 memmove
0x1401be2e8 memset
0x1401be2f0 memcmp
0x1401be2f8 _CxxThrowException
0x1401be300 __C_specific_handler
0x1401be308 __current_exception
0x1401be310 __current_exception_context
0x1401be318 __CxxFrameHandler3
api-ms-win-crt-heap-l1-1-0.dll
0x1401be348 free
0x1401be350 _set_new_mode
0x1401be358 malloc
api-ms-win-crt-runtime-l1-1-0.dll
0x1401be388 _cexit
0x1401be390 __p___argv
0x1401be398 __p___argc
0x1401be3a0 _register_onexit_function
0x1401be3a8 _exit
0x1401be3b0 exit
0x1401be3b8 _initterm_e
0x1401be3c0 _initialize_onexit_table
0x1401be3c8 _get_initial_narrow_environment
0x1401be3d0 _initialize_narrow_environment
0x1401be3d8 _configure_narrow_argv
0x1401be3e0 _register_thread_local_exe_atexit_callback
0x1401be3e8 _set_app_type
0x1401be3f0 _seh_filter_exe
0x1401be3f8 _crt_atexit
0x1401be400 terminate
0x1401be408 _initterm
0x1401be410 _c_exit
api-ms-win-crt-math-l1-1-0.dll
0x1401be378 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x1401be420 _set_fmode
0x1401be428 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1401be368 _configthreadlocale
EAT(Export Address Table) is none