ScreenShot
| Created | 2024.08.16 17:56 | Machine | s1_win7_x6401 |
| Filename | ChaveBB-2024.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 8 detected (malicious, moderate confidence, xxzxfm, Detected) | ||
| md5 | d46fbf03a71245869dc5c89805e6d8f1 | ||
| sha256 | 2890e9db681b276907864395745574c7ccc31081eed4265d9d65b0e588177a6e | ||
| ssdeep | 49152:t1Rm3dkgUvbbtB+ahDcdwfO9la2nt6yeV+BJ6H7kXO:tIFBA7kX | ||
| imphash | acf3f7939135abfa72527f5f78d99853 | ||
| impfuzzy | 96:AwtLngx9BrXIt/aI3q7Y0wFWptHuZiNgJO948wyHQ:/ir4tJ3q7GWLHuZa48wyHQ | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 8 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
cryptprimitives.dll
0x1401c4498 ProcessPrng
api-ms-win-core-synch-l1-2-0.dll
0x1401c4378 WakeByAddressAll
0x1401c4380 WaitOnAddress
0x1401c4388 WakeByAddressSingle
ADVAPI32.dll
0x1401c4000 SystemFunction036
0x1401c4008 OpenProcessToken
0x1401c4010 GetTokenInformation
0x1401c4018 RegQueryValueExW
0x1401c4020 RegOpenKeyExW
0x1401c4028 RegCloseKey
KERNEL32.dll
0x1401c4038 IsDebuggerPresent
0x1401c4040 IsProcessorFeaturePresent
0x1401c4048 SetUnhandledExceptionFilter
0x1401c4050 UnhandledExceptionFilter
0x1401c4058 GetCurrentThreadId
0x1401c4060 CloseHandle
0x1401c4068 GetCurrentProcess
0x1401c4070 GetLastError
0x1401c4078 GetSystemTimeAsFileTime
0x1401c4080 QueryPerformanceCounter
0x1401c4088 QueryPerformanceFrequency
0x1401c4090 SetHandleInformation
0x1401c4098 CreateIoCompletionPort
0x1401c40a0 GetQueuedCompletionStatusEx
0x1401c40a8 PostQueuedCompletionStatus
0x1401c40b0 ReadFile
0x1401c40b8 GetOverlappedResult
0x1401c40c0 SetFileCompletionNotificationModes
0x1401c40c8 FreeEnvironmentStringsW
0x1401c40d0 DeleteProcThreadAttributeList
0x1401c40d8 CompareStringOrdinal
0x1401c40e0 AddVectoredExceptionHandler
0x1401c40e8 SetThreadStackGuarantee
0x1401c40f0 GetCurrentThread
0x1401c40f8 SwitchToThread
0x1401c4100 CreateWaitableTimerExW
0x1401c4108 SetWaitableTimer
0x1401c4110 WaitForSingleObject
0x1401c4118 Sleep
0x1401c4120 RtlCaptureContext
0x1401c4128 RtlLookupFunctionEntry
0x1401c4130 RtlVirtualUnwind
0x1401c4138 SetLastError
0x1401c4140 GetCurrentDirectoryW
0x1401c4148 GetEnvironmentStringsW
0x1401c4150 GetEnvironmentVariableW
0x1401c4158 SetFileInformationByHandle
0x1401c4160 DuplicateHandle
0x1401c4168 SetFilePointerEx
0x1401c4170 GetStdHandle
0x1401c4178 GetCurrentProcessId
0x1401c4180 WriteFileEx
0x1401c4188 SleepEx
0x1401c4190 GetExitCodeProcess
0x1401c4198 TerminateProcess
0x1401c41a0 HeapFree
0x1401c41a8 HeapReAlloc
0x1401c41b0 lstrlenW
0x1401c41b8 ReleaseMutex
0x1401c41c0 GetProcessHeap
0x1401c41c8 HeapAlloc
0x1401c41d0 FindNextFileW
0x1401c41d8 FindClose
0x1401c41e0 CreateFileW
0x1401c41e8 GetFileInformationByHandle
0x1401c41f0 GetFileInformationByHandleEx
0x1401c41f8 CreateDirectoryW
0x1401c4200 FindFirstFileW
0x1401c4208 DeleteFileW
0x1401c4210 GetFinalPathNameByHandleW
0x1401c4218 CopyFileExW
0x1401c4220 CreateEventW
0x1401c4228 CancelIo
0x1401c4230 GetConsoleMode
0x1401c4238 GetModuleHandleW
0x1401c4240 FormatMessageW
0x1401c4248 GetModuleFileNameW
0x1401c4250 ExitProcess
0x1401c4258 CreateNamedPipeW
0x1401c4260 ReadFileEx
0x1401c4268 WaitForMultipleObjects
0x1401c4270 GetSystemDirectoryW
0x1401c4278 GetWindowsDirectoryW
0x1401c4280 CreateProcessW
0x1401c4288 GetFileAttributesW
0x1401c4290 InitializeProcThreadAttributeList
0x1401c4298 UpdateProcThreadAttribute
0x1401c42a0 MultiByteToWideChar
0x1401c42a8 WriteConsoleW
0x1401c42b0 CreateThread
0x1401c42b8 GetFullPathNameW
0x1401c42c0 GetModuleHandleA
0x1401c42c8 GetProcAddress
0x1401c42d0 WaitForSingleObjectEx
0x1401c42d8 LoadLibraryA
0x1401c42e0 CreateMutexA
0x1401c42e8 InitializeSListHead
SHELL32.dll
0x1401c42f8 ShellExecuteW
USER32.dll
0x1401c4308 MessageBoxW
0x1401c4310 SetWindowPos
0x1401c4318 GetForegroundWindow
ws2_32.dll
0x1401c4598 WSASocketW
0x1401c45a0 getpeername
0x1401c45a8 connect
0x1401c45b0 ioctlsocket
0x1401c45b8 getsockopt
0x1401c45c0 ind
0x1401c45c8 getaddrinfo
0x1401c45d0 freeaddrinfo
0x1401c45d8 getsockname
0x1401c45e0 WSACleanup
0x1401c45e8 WSAStartup
0x1401c45f0 shutdown
0x1401c45f8 WSAGetLastError
0x1401c4600 WSAIoctl
0x1401c4608 setsockopt
0x1401c4610 WSASend
0x1401c4618 send
0x1401c4620 closesocket
0x1401c4628 recv
secur32.dll
0x1401c4540 ApplyControlToken
0x1401c4548 DecryptMessage
0x1401c4550 EncryptMessage
0x1401c4558 AcquireCredentialsHandleA
0x1401c4560 QueryContextAttributesW
0x1401c4568 DeleteSecurityContext
0x1401c4570 InitializeSecurityContextW
0x1401c4578 AcceptSecurityContext
0x1401c4580 FreeContextBuffer
0x1401c4588 FreeCredentialsHandle
crypt32.dll
0x1401c44a8 CertGetCertificateChain
0x1401c44b0 CertVerifyCertificateChainPolicy
0x1401c44b8 CertDuplicateCertificateChain
0x1401c44c0 CertFreeCertificateChain
0x1401c44c8 CertDuplicateCertificateContext
0x1401c44d0 CertFreeCertificateContext
0x1401c44d8 CertCloseStore
0x1401c44e0 CertDuplicateStore
0x1401c44e8 CertOpenStore
0x1401c44f0 CertAddCertificateContextToStore
0x1401c44f8 CertEnumCertificatesInStore
ntdll.dll
0x1401c4508 NtWriteFile
0x1401c4510 NtReadFile
0x1401c4518 NtCancelIoFileEx
0x1401c4520 NtCreateFile
0x1401c4528 NtDeviceIoControlFile
0x1401c4530 RtlNtStatusToDosError
crypt.dll
0x1401c4488 BCryptGenRandom
VCRUNTIME140.dll
0x1401c4328 __CxxFrameHandler3
0x1401c4330 __current_exception
0x1401c4338 __current_exception_context
0x1401c4340 __C_specific_handler
0x1401c4348 _CxxThrowException
0x1401c4350 memcmp
0x1401c4358 memcpy
0x1401c4360 memset
0x1401c4368 memmove
api-ms-win-crt-heap-l1-1-0.dll
0x1401c4398 free
0x1401c43a0 malloc
0x1401c43a8 _set_new_mode
api-ms-win-crt-runtime-l1-1-0.dll
0x1401c43d8 _cexit
0x1401c43e0 __p___argv
0x1401c43e8 __p___argc
0x1401c43f0 _crt_atexit
0x1401c43f8 _exit
0x1401c4400 _c_exit
0x1401c4408 _initterm_e
0x1401c4410 _initterm
0x1401c4418 _get_initial_narrow_environment
0x1401c4420 _initialize_narrow_environment
0x1401c4428 _configure_narrow_argv
0x1401c4430 _register_thread_local_exe_atexit_callback
0x1401c4438 _set_app_type
0x1401c4440 _seh_filter_exe
0x1401c4448 _initialize_onexit_table
0x1401c4450 terminate
0x1401c4458 _register_onexit_function
0x1401c4460 exit
api-ms-win-crt-math-l1-1-0.dll
0x1401c43c8 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x1401c4470 __p__commode
0x1401c4478 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1401c43b8 _configthreadlocale
EAT(Export Address Table) is none
cryptprimitives.dll
0x1401c4498 ProcessPrng
api-ms-win-core-synch-l1-2-0.dll
0x1401c4378 WakeByAddressAll
0x1401c4380 WaitOnAddress
0x1401c4388 WakeByAddressSingle
ADVAPI32.dll
0x1401c4000 SystemFunction036
0x1401c4008 OpenProcessToken
0x1401c4010 GetTokenInformation
0x1401c4018 RegQueryValueExW
0x1401c4020 RegOpenKeyExW
0x1401c4028 RegCloseKey
KERNEL32.dll
0x1401c4038 IsDebuggerPresent
0x1401c4040 IsProcessorFeaturePresent
0x1401c4048 SetUnhandledExceptionFilter
0x1401c4050 UnhandledExceptionFilter
0x1401c4058 GetCurrentThreadId
0x1401c4060 CloseHandle
0x1401c4068 GetCurrentProcess
0x1401c4070 GetLastError
0x1401c4078 GetSystemTimeAsFileTime
0x1401c4080 QueryPerformanceCounter
0x1401c4088 QueryPerformanceFrequency
0x1401c4090 SetHandleInformation
0x1401c4098 CreateIoCompletionPort
0x1401c40a0 GetQueuedCompletionStatusEx
0x1401c40a8 PostQueuedCompletionStatus
0x1401c40b0 ReadFile
0x1401c40b8 GetOverlappedResult
0x1401c40c0 SetFileCompletionNotificationModes
0x1401c40c8 FreeEnvironmentStringsW
0x1401c40d0 DeleteProcThreadAttributeList
0x1401c40d8 CompareStringOrdinal
0x1401c40e0 AddVectoredExceptionHandler
0x1401c40e8 SetThreadStackGuarantee
0x1401c40f0 GetCurrentThread
0x1401c40f8 SwitchToThread
0x1401c4100 CreateWaitableTimerExW
0x1401c4108 SetWaitableTimer
0x1401c4110 WaitForSingleObject
0x1401c4118 Sleep
0x1401c4120 RtlCaptureContext
0x1401c4128 RtlLookupFunctionEntry
0x1401c4130 RtlVirtualUnwind
0x1401c4138 SetLastError
0x1401c4140 GetCurrentDirectoryW
0x1401c4148 GetEnvironmentStringsW
0x1401c4150 GetEnvironmentVariableW
0x1401c4158 SetFileInformationByHandle
0x1401c4160 DuplicateHandle
0x1401c4168 SetFilePointerEx
0x1401c4170 GetStdHandle
0x1401c4178 GetCurrentProcessId
0x1401c4180 WriteFileEx
0x1401c4188 SleepEx
0x1401c4190 GetExitCodeProcess
0x1401c4198 TerminateProcess
0x1401c41a0 HeapFree
0x1401c41a8 HeapReAlloc
0x1401c41b0 lstrlenW
0x1401c41b8 ReleaseMutex
0x1401c41c0 GetProcessHeap
0x1401c41c8 HeapAlloc
0x1401c41d0 FindNextFileW
0x1401c41d8 FindClose
0x1401c41e0 CreateFileW
0x1401c41e8 GetFileInformationByHandle
0x1401c41f0 GetFileInformationByHandleEx
0x1401c41f8 CreateDirectoryW
0x1401c4200 FindFirstFileW
0x1401c4208 DeleteFileW
0x1401c4210 GetFinalPathNameByHandleW
0x1401c4218 CopyFileExW
0x1401c4220 CreateEventW
0x1401c4228 CancelIo
0x1401c4230 GetConsoleMode
0x1401c4238 GetModuleHandleW
0x1401c4240 FormatMessageW
0x1401c4248 GetModuleFileNameW
0x1401c4250 ExitProcess
0x1401c4258 CreateNamedPipeW
0x1401c4260 ReadFileEx
0x1401c4268 WaitForMultipleObjects
0x1401c4270 GetSystemDirectoryW
0x1401c4278 GetWindowsDirectoryW
0x1401c4280 CreateProcessW
0x1401c4288 GetFileAttributesW
0x1401c4290 InitializeProcThreadAttributeList
0x1401c4298 UpdateProcThreadAttribute
0x1401c42a0 MultiByteToWideChar
0x1401c42a8 WriteConsoleW
0x1401c42b0 CreateThread
0x1401c42b8 GetFullPathNameW
0x1401c42c0 GetModuleHandleA
0x1401c42c8 GetProcAddress
0x1401c42d0 WaitForSingleObjectEx
0x1401c42d8 LoadLibraryA
0x1401c42e0 CreateMutexA
0x1401c42e8 InitializeSListHead
SHELL32.dll
0x1401c42f8 ShellExecuteW
USER32.dll
0x1401c4308 MessageBoxW
0x1401c4310 SetWindowPos
0x1401c4318 GetForegroundWindow
ws2_32.dll
0x1401c4598 WSASocketW
0x1401c45a0 getpeername
0x1401c45a8 connect
0x1401c45b0 ioctlsocket
0x1401c45b8 getsockopt
0x1401c45c0 ind
0x1401c45c8 getaddrinfo
0x1401c45d0 freeaddrinfo
0x1401c45d8 getsockname
0x1401c45e0 WSACleanup
0x1401c45e8 WSAStartup
0x1401c45f0 shutdown
0x1401c45f8 WSAGetLastError
0x1401c4600 WSAIoctl
0x1401c4608 setsockopt
0x1401c4610 WSASend
0x1401c4618 send
0x1401c4620 closesocket
0x1401c4628 recv
secur32.dll
0x1401c4540 ApplyControlToken
0x1401c4548 DecryptMessage
0x1401c4550 EncryptMessage
0x1401c4558 AcquireCredentialsHandleA
0x1401c4560 QueryContextAttributesW
0x1401c4568 DeleteSecurityContext
0x1401c4570 InitializeSecurityContextW
0x1401c4578 AcceptSecurityContext
0x1401c4580 FreeContextBuffer
0x1401c4588 FreeCredentialsHandle
crypt32.dll
0x1401c44a8 CertGetCertificateChain
0x1401c44b0 CertVerifyCertificateChainPolicy
0x1401c44b8 CertDuplicateCertificateChain
0x1401c44c0 CertFreeCertificateChain
0x1401c44c8 CertDuplicateCertificateContext
0x1401c44d0 CertFreeCertificateContext
0x1401c44d8 CertCloseStore
0x1401c44e0 CertDuplicateStore
0x1401c44e8 CertOpenStore
0x1401c44f0 CertAddCertificateContextToStore
0x1401c44f8 CertEnumCertificatesInStore
ntdll.dll
0x1401c4508 NtWriteFile
0x1401c4510 NtReadFile
0x1401c4518 NtCancelIoFileEx
0x1401c4520 NtCreateFile
0x1401c4528 NtDeviceIoControlFile
0x1401c4530 RtlNtStatusToDosError
crypt.dll
0x1401c4488 BCryptGenRandom
VCRUNTIME140.dll
0x1401c4328 __CxxFrameHandler3
0x1401c4330 __current_exception
0x1401c4338 __current_exception_context
0x1401c4340 __C_specific_handler
0x1401c4348 _CxxThrowException
0x1401c4350 memcmp
0x1401c4358 memcpy
0x1401c4360 memset
0x1401c4368 memmove
api-ms-win-crt-heap-l1-1-0.dll
0x1401c4398 free
0x1401c43a0 malloc
0x1401c43a8 _set_new_mode
api-ms-win-crt-runtime-l1-1-0.dll
0x1401c43d8 _cexit
0x1401c43e0 __p___argv
0x1401c43e8 __p___argc
0x1401c43f0 _crt_atexit
0x1401c43f8 _exit
0x1401c4400 _c_exit
0x1401c4408 _initterm_e
0x1401c4410 _initterm
0x1401c4418 _get_initial_narrow_environment
0x1401c4420 _initialize_narrow_environment
0x1401c4428 _configure_narrow_argv
0x1401c4430 _register_thread_local_exe_atexit_callback
0x1401c4438 _set_app_type
0x1401c4440 _seh_filter_exe
0x1401c4448 _initialize_onexit_table
0x1401c4450 terminate
0x1401c4458 _register_onexit_function
0x1401c4460 exit
api-ms-win-crt-math-l1-1-0.dll
0x1401c43c8 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x1401c4470 __p__commode
0x1401c4478 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1401c43b8 _configthreadlocale
EAT(Export Address Table) is none