ScreenShot
| Created | 2024.08.18 14:21 | Machine | s1_win7_x6403 |
| Filename | dl | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetectMalware, malicious, high confidence, score, PWSZbot, Unsafe, Save, Hacktool, Attribute, HighConfidence, Ransomware, Convagent, Kryptik@AI, RDML, naABxuChdvp6eVccrjcn7g, Real Protect, high, Static AI, Malicious PE, Detected, Wacatac, ZexaF, tu0@ay54rjhG, BScope, TrojanPSW, Azorult, susgen, confidence, 100%) | ||
| md5 | af0ebffab2ca7cffdc8a6aba7021e347 | ||
| sha256 | 4a307c765869fcb287d589ee45551df67719284bedf4fee51a21d858d857cea3 | ||
| ssdeep | 3072:vuVwBgNHtPU98/62kLm2SEg3FKTKK/Iv6FuDbXPziC5ulN+LkNot1YhLwP6:1gTkI624m2SEGFKTKK/sfv/z6SkNoA | ||
| imphash | 7088fae66f33648923ca587bcd49e86e | ||
| impfuzzy | 24:j4xT2bG2SK/nHkrkR19/TdcDoEdQBmvWTjDz2oxOovtte2cfLeJ37TFBRzT42luZ:Mp1AnYU9b0dRCKktvcfS7tc2sqwSm | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| watch | Looks for the Windows Idle Time to determine the uptime |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x433000 GetComputerNameA
0x433004 GetFullPathNameA
0x433008 FillConsoleOutputCharacterA
0x43300c TryEnterCriticalSection
0x433010 GetDefaultCommConfigW
0x433014 InterlockedDecrement
0x433018 GetNamedPipeHandleStateA
0x43301c FindCloseChangeNotification
0x433020 GetModuleHandleW
0x433024 GetConsoleAliasesLengthA
0x433028 FormatMessageA
0x43302c ReadConsoleOutputA
0x433030 GetDateFormatA
0x433034 GetSystemTimes
0x433038 LocalShrink
0x43303c HeapDestroy
0x433040 GlobalFlags
0x433044 GetFileAttributesW
0x433048 GetBinaryTypeA
0x43304c GetStartupInfoW
0x433050 RaiseException
0x433054 GetLastError
0x433058 GetProcAddress
0x43305c LoadLibraryA
0x433060 InterlockedExchangeAdd
0x433064 LocalAlloc
0x433068 GetFileType
0x43306c FoldStringW
0x433070 EnumDateFormatsA
0x433074 lstrcatW
0x433078 FreeEnvironmentStringsW
0x43307c VirtualProtect
0x433080 WaitForDebugEvent
0x433084 FindAtomW
0x433088 CloseHandle
0x43308c DeleteAtom
0x433090 GetConsoleSelectionInfo
0x433094 HeapFree
0x433098 MultiByteToWideChar
0x43309c HeapAlloc
0x4330a0 GetCommandLineA
0x4330a4 GetStartupInfoA
0x4330a8 TerminateProcess
0x4330ac GetCurrentProcess
0x4330b0 UnhandledExceptionFilter
0x4330b4 SetUnhandledExceptionFilter
0x4330b8 IsDebuggerPresent
0x4330bc HeapCreate
0x4330c0 VirtualFree
0x4330c4 DeleteCriticalSection
0x4330c8 LeaveCriticalSection
0x4330cc EnterCriticalSection
0x4330d0 VirtualAlloc
0x4330d4 HeapReAlloc
0x4330d8 GetCPInfo
0x4330dc InterlockedIncrement
0x4330e0 GetACP
0x4330e4 GetOEMCP
0x4330e8 IsValidCodePage
0x4330ec TlsGetValue
0x4330f0 TlsAlloc
0x4330f4 TlsSetValue
0x4330f8 TlsFree
0x4330fc SetLastError
0x433100 GetCurrentThreadId
0x433104 Sleep
0x433108 ExitProcess
0x43310c WriteFile
0x433110 GetStdHandle
0x433114 GetModuleFileNameA
0x433118 HeapSize
0x43311c FreeEnvironmentStringsA
0x433120 GetEnvironmentStrings
0x433124 WideCharToMultiByte
0x433128 GetEnvironmentStringsW
0x43312c SetHandleCount
0x433130 QueryPerformanceCounter
0x433134 GetTickCount
0x433138 GetCurrentProcessId
0x43313c GetSystemTimeAsFileTime
0x433140 InitializeCriticalSectionAndSpinCount
0x433144 RtlUnwind
0x433148 LCMapStringA
0x43314c LCMapStringW
0x433150 GetStringTypeA
0x433154 GetStringTypeW
0x433158 GetLocaleInfoA
0x43315c GetModuleHandleA
USER32.dll
0x433164 LoadIconW
EAT(Export Address Table) is none
KERNEL32.dll
0x433000 GetComputerNameA
0x433004 GetFullPathNameA
0x433008 FillConsoleOutputCharacterA
0x43300c TryEnterCriticalSection
0x433010 GetDefaultCommConfigW
0x433014 InterlockedDecrement
0x433018 GetNamedPipeHandleStateA
0x43301c FindCloseChangeNotification
0x433020 GetModuleHandleW
0x433024 GetConsoleAliasesLengthA
0x433028 FormatMessageA
0x43302c ReadConsoleOutputA
0x433030 GetDateFormatA
0x433034 GetSystemTimes
0x433038 LocalShrink
0x43303c HeapDestroy
0x433040 GlobalFlags
0x433044 GetFileAttributesW
0x433048 GetBinaryTypeA
0x43304c GetStartupInfoW
0x433050 RaiseException
0x433054 GetLastError
0x433058 GetProcAddress
0x43305c LoadLibraryA
0x433060 InterlockedExchangeAdd
0x433064 LocalAlloc
0x433068 GetFileType
0x43306c FoldStringW
0x433070 EnumDateFormatsA
0x433074 lstrcatW
0x433078 FreeEnvironmentStringsW
0x43307c VirtualProtect
0x433080 WaitForDebugEvent
0x433084 FindAtomW
0x433088 CloseHandle
0x43308c DeleteAtom
0x433090 GetConsoleSelectionInfo
0x433094 HeapFree
0x433098 MultiByteToWideChar
0x43309c HeapAlloc
0x4330a0 GetCommandLineA
0x4330a4 GetStartupInfoA
0x4330a8 TerminateProcess
0x4330ac GetCurrentProcess
0x4330b0 UnhandledExceptionFilter
0x4330b4 SetUnhandledExceptionFilter
0x4330b8 IsDebuggerPresent
0x4330bc HeapCreate
0x4330c0 VirtualFree
0x4330c4 DeleteCriticalSection
0x4330c8 LeaveCriticalSection
0x4330cc EnterCriticalSection
0x4330d0 VirtualAlloc
0x4330d4 HeapReAlloc
0x4330d8 GetCPInfo
0x4330dc InterlockedIncrement
0x4330e0 GetACP
0x4330e4 GetOEMCP
0x4330e8 IsValidCodePage
0x4330ec TlsGetValue
0x4330f0 TlsAlloc
0x4330f4 TlsSetValue
0x4330f8 TlsFree
0x4330fc SetLastError
0x433100 GetCurrentThreadId
0x433104 Sleep
0x433108 ExitProcess
0x43310c WriteFile
0x433110 GetStdHandle
0x433114 GetModuleFileNameA
0x433118 HeapSize
0x43311c FreeEnvironmentStringsA
0x433120 GetEnvironmentStrings
0x433124 WideCharToMultiByte
0x433128 GetEnvironmentStringsW
0x43312c SetHandleCount
0x433130 QueryPerformanceCounter
0x433134 GetTickCount
0x433138 GetCurrentProcessId
0x43313c GetSystemTimeAsFileTime
0x433140 InitializeCriticalSectionAndSpinCount
0x433144 RtlUnwind
0x433148 LCMapStringA
0x43314c LCMapStringW
0x433150 GetStringTypeA
0x433154 GetStringTypeW
0x433158 GetLocaleInfoA
0x43315c GetModuleHandleA
USER32.dll
0x433164 LoadIconW
EAT(Export Address Table) is none