ScreenShot
| Created | 2024.08.18 14:17 | Machine | s1_win7_x6401 |
| Filename | dl | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetectMalware, malicious, high confidence, score, PWSZbot, Unsafe, Save, Hacktool, Attribute, HighConfidence, Ransomware, Convagent, Kryptik@AI, RDML, yFY19vBUnWt20Iqod2tlsQ, Real Protect, high, Static AI, Malicious PE, Detected, Wacatac, ZexaF, vu0@aOEnkDkG, BScope, TrojanPSW, Azorult, susgen, confidence, 100%) | ||
| md5 | c110bf099b4b7f2591ba377488be0bf4 | ||
| sha256 | 47ebcc44aa43c4bb12bb06e8c50e7f70be8306a361a9f172522a3848e536f1d0 | ||
| ssdeep | 3072:m+wXTtdxfHs8DFOZTeM31BsJ9oILB//syrAi5tDE+dOKN29j0UboU7fS1X5nlN+H:gtdxfHs8YENxrA+HdfN4j0AmNSkNoH1 | ||
| imphash | 7088fae66f33648923ca587bcd49e86e | ||
| impfuzzy | 24:j4xT2bG2SK/nHkrkR19/TdcDoEdQBmvWTjDz2oxOovtte2cfLeJ37TFBRzT42luZ:Mp1AnYU9b0dRCKktvcfS7tc2sqwSm | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| watch | Looks for the Windows Idle Time to determine the uptime |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43b000 GetComputerNameA
0x43b004 GetFullPathNameA
0x43b008 FillConsoleOutputCharacterA
0x43b00c TryEnterCriticalSection
0x43b010 GetDefaultCommConfigW
0x43b014 InterlockedDecrement
0x43b018 GetNamedPipeHandleStateA
0x43b01c FindCloseChangeNotification
0x43b020 GetModuleHandleW
0x43b024 GetConsoleAliasesLengthA
0x43b028 FormatMessageA
0x43b02c ReadConsoleOutputA
0x43b030 GetDateFormatA
0x43b034 GetSystemTimes
0x43b038 LocalShrink
0x43b03c HeapDestroy
0x43b040 GlobalFlags
0x43b044 GetFileAttributesW
0x43b048 GetBinaryTypeA
0x43b04c GetStartupInfoW
0x43b050 RaiseException
0x43b054 GetLastError
0x43b058 GetProcAddress
0x43b05c LoadLibraryA
0x43b060 InterlockedExchangeAdd
0x43b064 LocalAlloc
0x43b068 GetFileType
0x43b06c FoldStringW
0x43b070 EnumDateFormatsA
0x43b074 lstrcatW
0x43b078 FreeEnvironmentStringsW
0x43b07c VirtualProtect
0x43b080 WaitForDebugEvent
0x43b084 FindAtomW
0x43b088 CloseHandle
0x43b08c DeleteAtom
0x43b090 GetConsoleSelectionInfo
0x43b094 HeapFree
0x43b098 MultiByteToWideChar
0x43b09c HeapAlloc
0x43b0a0 GetCommandLineA
0x43b0a4 GetStartupInfoA
0x43b0a8 TerminateProcess
0x43b0ac GetCurrentProcess
0x43b0b0 UnhandledExceptionFilter
0x43b0b4 SetUnhandledExceptionFilter
0x43b0b8 IsDebuggerPresent
0x43b0bc HeapCreate
0x43b0c0 VirtualFree
0x43b0c4 DeleteCriticalSection
0x43b0c8 LeaveCriticalSection
0x43b0cc EnterCriticalSection
0x43b0d0 VirtualAlloc
0x43b0d4 HeapReAlloc
0x43b0d8 GetCPInfo
0x43b0dc InterlockedIncrement
0x43b0e0 GetACP
0x43b0e4 GetOEMCP
0x43b0e8 IsValidCodePage
0x43b0ec TlsGetValue
0x43b0f0 TlsAlloc
0x43b0f4 TlsSetValue
0x43b0f8 TlsFree
0x43b0fc SetLastError
0x43b100 GetCurrentThreadId
0x43b104 Sleep
0x43b108 ExitProcess
0x43b10c WriteFile
0x43b110 GetStdHandle
0x43b114 GetModuleFileNameA
0x43b118 HeapSize
0x43b11c FreeEnvironmentStringsA
0x43b120 GetEnvironmentStrings
0x43b124 WideCharToMultiByte
0x43b128 GetEnvironmentStringsW
0x43b12c SetHandleCount
0x43b130 QueryPerformanceCounter
0x43b134 GetTickCount
0x43b138 GetCurrentProcessId
0x43b13c GetSystemTimeAsFileTime
0x43b140 InitializeCriticalSectionAndSpinCount
0x43b144 RtlUnwind
0x43b148 LCMapStringA
0x43b14c LCMapStringW
0x43b150 GetStringTypeA
0x43b154 GetStringTypeW
0x43b158 GetLocaleInfoA
0x43b15c GetModuleHandleA
USER32.dll
0x43b164 LoadIconW
EAT(Export Address Table) is none
KERNEL32.dll
0x43b000 GetComputerNameA
0x43b004 GetFullPathNameA
0x43b008 FillConsoleOutputCharacterA
0x43b00c TryEnterCriticalSection
0x43b010 GetDefaultCommConfigW
0x43b014 InterlockedDecrement
0x43b018 GetNamedPipeHandleStateA
0x43b01c FindCloseChangeNotification
0x43b020 GetModuleHandleW
0x43b024 GetConsoleAliasesLengthA
0x43b028 FormatMessageA
0x43b02c ReadConsoleOutputA
0x43b030 GetDateFormatA
0x43b034 GetSystemTimes
0x43b038 LocalShrink
0x43b03c HeapDestroy
0x43b040 GlobalFlags
0x43b044 GetFileAttributesW
0x43b048 GetBinaryTypeA
0x43b04c GetStartupInfoW
0x43b050 RaiseException
0x43b054 GetLastError
0x43b058 GetProcAddress
0x43b05c LoadLibraryA
0x43b060 InterlockedExchangeAdd
0x43b064 LocalAlloc
0x43b068 GetFileType
0x43b06c FoldStringW
0x43b070 EnumDateFormatsA
0x43b074 lstrcatW
0x43b078 FreeEnvironmentStringsW
0x43b07c VirtualProtect
0x43b080 WaitForDebugEvent
0x43b084 FindAtomW
0x43b088 CloseHandle
0x43b08c DeleteAtom
0x43b090 GetConsoleSelectionInfo
0x43b094 HeapFree
0x43b098 MultiByteToWideChar
0x43b09c HeapAlloc
0x43b0a0 GetCommandLineA
0x43b0a4 GetStartupInfoA
0x43b0a8 TerminateProcess
0x43b0ac GetCurrentProcess
0x43b0b0 UnhandledExceptionFilter
0x43b0b4 SetUnhandledExceptionFilter
0x43b0b8 IsDebuggerPresent
0x43b0bc HeapCreate
0x43b0c0 VirtualFree
0x43b0c4 DeleteCriticalSection
0x43b0c8 LeaveCriticalSection
0x43b0cc EnterCriticalSection
0x43b0d0 VirtualAlloc
0x43b0d4 HeapReAlloc
0x43b0d8 GetCPInfo
0x43b0dc InterlockedIncrement
0x43b0e0 GetACP
0x43b0e4 GetOEMCP
0x43b0e8 IsValidCodePage
0x43b0ec TlsGetValue
0x43b0f0 TlsAlloc
0x43b0f4 TlsSetValue
0x43b0f8 TlsFree
0x43b0fc SetLastError
0x43b100 GetCurrentThreadId
0x43b104 Sleep
0x43b108 ExitProcess
0x43b10c WriteFile
0x43b110 GetStdHandle
0x43b114 GetModuleFileNameA
0x43b118 HeapSize
0x43b11c FreeEnvironmentStringsA
0x43b120 GetEnvironmentStrings
0x43b124 WideCharToMultiByte
0x43b128 GetEnvironmentStringsW
0x43b12c SetHandleCount
0x43b130 QueryPerformanceCounter
0x43b134 GetTickCount
0x43b138 GetCurrentProcessId
0x43b13c GetSystemTimeAsFileTime
0x43b140 InitializeCriticalSectionAndSpinCount
0x43b144 RtlUnwind
0x43b148 LCMapStringA
0x43b14c LCMapStringW
0x43b150 GetStringTypeA
0x43b154 GetStringTypeW
0x43b158 GetLocaleInfoA
0x43b15c GetModuleHandleA
USER32.dll
0x43b164 LoadIconW
EAT(Export Address Table) is none