ScreenShot
| Created | 2024.08.19 15:13 | Machine | s1_win7_x6401 |
| Filename | FSB.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (AIDetectMalware, malicious, high confidence, score, Mikey, Unsafe, Attribute, HighConfidence, DropperX, Convagent, Detected, ai score=83, confidence) | ||
| md5 | 04c2bd9282a55152d9e640b0780b8a69 | ||
| sha256 | ef4e84bbd548bd86564af86b7154025a2e28d5f2e650464af56fed719140753a | ||
| ssdeep | 12288:rj7s+bMz7vDMuLP70gMRK/mG7X3nCkokBIoSq:jthyQKeIXlokBIu | ||
| imphash | 438d34bde39badbada8d0b9cc438db08 | ||
| impfuzzy | 48:UTBOcpV5QS1Yt2gGsunXZE9FSY/goCKX0WnB/KAlJVZS9:UccpV5QS1Yt2gGsuJEjKahjc | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14007f028 FreeLibrary
0x14007f030 GetProcAddress
0x14007f038 LoadLibraryA
0x14007f040 LoadLibraryW
0x14007f048 GetComputerNameA
0x14007f050 VerifyVersionInfoW
0x14007f058 WriteConsoleW
0x14007f060 CreateFileW
0x14007f068 HeapSize
0x14007f070 GetProcessHeap
0x14007f078 VirtualProtect
0x14007f080 FreeEnvironmentStringsW
0x14007f088 GetEnvironmentStringsW
0x14007f090 GetCommandLineW
0x14007f098 GetCommandLineA
0x14007f0a0 GetOEMCP
0x14007f0a8 GetACP
0x14007f0b0 IsValidCodePage
0x14007f0b8 FindNextFileW
0x14007f0c0 FindFirstFileExW
0x14007f0c8 CreateProcessA
0x14007f0d0 Sleep
0x14007f0d8 GetLastError
0x14007f0e0 SetStdHandle
0x14007f0e8 VerSetConditionMask
0x14007f0f0 FindClose
0x14007f0f8 HeapReAlloc
0x14007f100 WideCharToMultiByte
0x14007f108 EnterCriticalSection
0x14007f110 LeaveCriticalSection
0x14007f118 InitializeCriticalSectionEx
0x14007f120 DeleteCriticalSection
0x14007f128 EncodePointer
0x14007f130 DecodePointer
0x14007f138 MultiByteToWideChar
0x14007f140 LCMapStringEx
0x14007f148 GetStringTypeW
0x14007f150 GetCPInfo
0x14007f158 QueryPerformanceCounter
0x14007f160 GetCurrentProcessId
0x14007f168 GetCurrentThreadId
0x14007f170 GetSystemTimeAsFileTime
0x14007f178 InitializeSListHead
0x14007f180 RtlCaptureContext
0x14007f188 RtlLookupFunctionEntry
0x14007f190 RtlVirtualUnwind
0x14007f198 IsDebuggerPresent
0x14007f1a0 UnhandledExceptionFilter
0x14007f1a8 SetUnhandledExceptionFilter
0x14007f1b0 GetStartupInfoW
0x14007f1b8 IsProcessorFeaturePresent
0x14007f1c0 GetModuleHandleW
0x14007f1c8 GetCurrentProcess
0x14007f1d0 TerminateProcess
0x14007f1d8 RtlPcToFileHeader
0x14007f1e0 RaiseException
0x14007f1e8 RtlUnwindEx
0x14007f1f0 SetLastError
0x14007f1f8 InitializeCriticalSectionAndSpinCount
0x14007f200 TlsAlloc
0x14007f208 TlsGetValue
0x14007f210 TlsSetValue
0x14007f218 TlsFree
0x14007f220 LoadLibraryExW
0x14007f228 GetStdHandle
0x14007f230 WriteFile
0x14007f238 GetModuleFileNameW
0x14007f240 ExitProcess
0x14007f248 GetModuleHandleExW
0x14007f250 HeapAlloc
0x14007f258 HeapFree
0x14007f260 GetFileType
0x14007f268 FlsAlloc
0x14007f270 FlsGetValue
0x14007f278 FlsSetValue
0x14007f280 FlsFree
0x14007f288 LCMapStringW
0x14007f290 GetLocaleInfoW
0x14007f298 IsValidLocale
0x14007f2a0 GetUserDefaultLCID
0x14007f2a8 EnumSystemLocalesW
0x14007f2b0 CloseHandle
0x14007f2b8 FlushFileBuffers
0x14007f2c0 GetConsoleOutputCP
0x14007f2c8 GetConsoleMode
0x14007f2d0 ReadFile
0x14007f2d8 GetFileSizeEx
0x14007f2e0 SetFilePointerEx
0x14007f2e8 ReadConsoleW
0x14007f2f0 RtlUnwind
USER32.dll
0x14007f318 GetMessageW
0x14007f320 LoadIconW
0x14007f328 MessageBoxW
0x14007f330 GetClientRect
0x14007f338 UpdateWindow
0x14007f340 ShowWindow
0x14007f348 CreateWindowExW
0x14007f350 RegisterClassW
0x14007f358 PostQuitMessage
0x14007f360 DefWindowProcW
0x14007f368 SendMessageW
0x14007f370 DispatchMessageW
0x14007f378 TranslateMessage
GDI32.dll
0x14007f000 SetBkColor
0x14007f008 CreateSolidBrush
0x14007f010 CreateFontW
0x14007f018 SetTextColor
SHELL32.dll
0x14007f300 SHGetFolderPathW
0x14007f308 ShellExecuteW
urlmon.dll
0x14007f388 URLDownloadToFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x14007f028 FreeLibrary
0x14007f030 GetProcAddress
0x14007f038 LoadLibraryA
0x14007f040 LoadLibraryW
0x14007f048 GetComputerNameA
0x14007f050 VerifyVersionInfoW
0x14007f058 WriteConsoleW
0x14007f060 CreateFileW
0x14007f068 HeapSize
0x14007f070 GetProcessHeap
0x14007f078 VirtualProtect
0x14007f080 FreeEnvironmentStringsW
0x14007f088 GetEnvironmentStringsW
0x14007f090 GetCommandLineW
0x14007f098 GetCommandLineA
0x14007f0a0 GetOEMCP
0x14007f0a8 GetACP
0x14007f0b0 IsValidCodePage
0x14007f0b8 FindNextFileW
0x14007f0c0 FindFirstFileExW
0x14007f0c8 CreateProcessA
0x14007f0d0 Sleep
0x14007f0d8 GetLastError
0x14007f0e0 SetStdHandle
0x14007f0e8 VerSetConditionMask
0x14007f0f0 FindClose
0x14007f0f8 HeapReAlloc
0x14007f100 WideCharToMultiByte
0x14007f108 EnterCriticalSection
0x14007f110 LeaveCriticalSection
0x14007f118 InitializeCriticalSectionEx
0x14007f120 DeleteCriticalSection
0x14007f128 EncodePointer
0x14007f130 DecodePointer
0x14007f138 MultiByteToWideChar
0x14007f140 LCMapStringEx
0x14007f148 GetStringTypeW
0x14007f150 GetCPInfo
0x14007f158 QueryPerformanceCounter
0x14007f160 GetCurrentProcessId
0x14007f168 GetCurrentThreadId
0x14007f170 GetSystemTimeAsFileTime
0x14007f178 InitializeSListHead
0x14007f180 RtlCaptureContext
0x14007f188 RtlLookupFunctionEntry
0x14007f190 RtlVirtualUnwind
0x14007f198 IsDebuggerPresent
0x14007f1a0 UnhandledExceptionFilter
0x14007f1a8 SetUnhandledExceptionFilter
0x14007f1b0 GetStartupInfoW
0x14007f1b8 IsProcessorFeaturePresent
0x14007f1c0 GetModuleHandleW
0x14007f1c8 GetCurrentProcess
0x14007f1d0 TerminateProcess
0x14007f1d8 RtlPcToFileHeader
0x14007f1e0 RaiseException
0x14007f1e8 RtlUnwindEx
0x14007f1f0 SetLastError
0x14007f1f8 InitializeCriticalSectionAndSpinCount
0x14007f200 TlsAlloc
0x14007f208 TlsGetValue
0x14007f210 TlsSetValue
0x14007f218 TlsFree
0x14007f220 LoadLibraryExW
0x14007f228 GetStdHandle
0x14007f230 WriteFile
0x14007f238 GetModuleFileNameW
0x14007f240 ExitProcess
0x14007f248 GetModuleHandleExW
0x14007f250 HeapAlloc
0x14007f258 HeapFree
0x14007f260 GetFileType
0x14007f268 FlsAlloc
0x14007f270 FlsGetValue
0x14007f278 FlsSetValue
0x14007f280 FlsFree
0x14007f288 LCMapStringW
0x14007f290 GetLocaleInfoW
0x14007f298 IsValidLocale
0x14007f2a0 GetUserDefaultLCID
0x14007f2a8 EnumSystemLocalesW
0x14007f2b0 CloseHandle
0x14007f2b8 FlushFileBuffers
0x14007f2c0 GetConsoleOutputCP
0x14007f2c8 GetConsoleMode
0x14007f2d0 ReadFile
0x14007f2d8 GetFileSizeEx
0x14007f2e0 SetFilePointerEx
0x14007f2e8 ReadConsoleW
0x14007f2f0 RtlUnwind
USER32.dll
0x14007f318 GetMessageW
0x14007f320 LoadIconW
0x14007f328 MessageBoxW
0x14007f330 GetClientRect
0x14007f338 UpdateWindow
0x14007f340 ShowWindow
0x14007f348 CreateWindowExW
0x14007f350 RegisterClassW
0x14007f358 PostQuitMessage
0x14007f360 DefWindowProcW
0x14007f368 SendMessageW
0x14007f370 DispatchMessageW
0x14007f378 TranslateMessage
GDI32.dll
0x14007f000 SetBkColor
0x14007f008 CreateSolidBrush
0x14007f010 CreateFontW
0x14007f018 SetTextColor
SHELL32.dll
0x14007f300 SHGetFolderPathW
0x14007f308 ShellExecuteW
urlmon.dll
0x14007f388 URLDownloadToFileW
EAT(Export Address Table) is none