ScreenShot
| Created | 2024.08.19 14:08 | Machine | s1_win7_x6403 |
| Filename | l1n.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 58 detected (AIDetectMalware, Convagent, malicious, high confidence, score, Lazy, Unsafe, Save, Attribute, HighConfidence, GenKryptik, GZTQ, Artemis, CrypterX, Reline, TrojanPSW, kpsdts, Kryptik, CLASSIC, Lumma, vhsxu, LUMMASTEALER, YXEGPZ, Real Protect, high, Krypt, Static AI, Malicious PE, Detected, ai score=85, AMAN, Eldorado, R658051, ZexaF, GyW@au5tMlei, GdSda, susgen, PossibleThreat, PALLAS, confidence, 100%, AZZB3DGW) | ||
| md5 | 64814557c1c51f9ade40f3cb1d25996f | ||
| sha256 | 635e4920e9a87829f9ef6a4af8eeab9b0fad9a7c54034221450633e5a5bb1590 | ||
| ssdeep | 12288:wUfSMh1pXI36BQQ4BTSrPQO8Ri42hUnWQmRBA/kGZ:wUzhf4wLIo4EzUbm/bG | ||
| imphash | 0fe17fda7a69669d37b548e66f105967 | ||
| impfuzzy | 24:E54A9jlKEkBKAWJkbJcpVJ+ZQDvt8CbJBl39rYDZMv5GMACpOovbOPZX:E541v/WccpVJ2kt8C7pZOZG43d | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 58 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x42a000 SetPixel
USER32.dll
0x42a168 ReleaseDC
0x42a16c GetDC
0x42a170 OffsetRect
KERNEL32.dll
0x42a008 CreateFileW
0x42a00c HeapSize
0x42a010 SetStdHandle
0x42a014 WaitForSingleObject
0x42a018 CreateThread
0x42a01c VirtualAlloc
0x42a020 RaiseException
0x42a024 InitOnceBeginInitialize
0x42a028 InitOnceComplete
0x42a02c CloseHandle
0x42a030 GetCurrentThreadId
0x42a034 ReleaseSRWLockExclusive
0x42a038 AcquireSRWLockExclusive
0x42a03c TryAcquireSRWLockExclusive
0x42a040 WakeAllConditionVariable
0x42a044 SleepConditionVariableSRW
0x42a048 WideCharToMultiByte
0x42a04c MultiByteToWideChar
0x42a050 GetStringTypeW
0x42a054 GetLastError
0x42a058 FreeLibraryWhenCallbackReturns
0x42a05c CreateThreadpoolWork
0x42a060 SubmitThreadpoolWork
0x42a064 CloseThreadpoolWork
0x42a068 GetModuleHandleExW
0x42a06c IsProcessorFeaturePresent
0x42a070 EnterCriticalSection
0x42a074 LeaveCriticalSection
0x42a078 InitializeCriticalSectionEx
0x42a07c DeleteCriticalSection
0x42a080 QueryPerformanceCounter
0x42a084 EncodePointer
0x42a088 DecodePointer
0x42a08c LCMapStringEx
0x42a090 GetSystemTimeAsFileTime
0x42a094 GetModuleHandleW
0x42a098 GetProcAddress
0x42a09c GetCPInfo
0x42a0a0 IsDebuggerPresent
0x42a0a4 UnhandledExceptionFilter
0x42a0a8 SetUnhandledExceptionFilter
0x42a0ac GetStartupInfoW
0x42a0b0 GetCurrentProcess
0x42a0b4 TerminateProcess
0x42a0b8 GetCurrentProcessId
0x42a0bc InitializeSListHead
0x42a0c0 GetProcessHeap
0x42a0c4 RtlUnwind
0x42a0c8 SetLastError
0x42a0cc InitializeCriticalSectionAndSpinCount
0x42a0d0 TlsAlloc
0x42a0d4 TlsGetValue
0x42a0d8 TlsSetValue
0x42a0dc TlsFree
0x42a0e0 FreeLibrary
0x42a0e4 LoadLibraryExW
0x42a0e8 ExitProcess
0x42a0ec GetModuleFileNameW
0x42a0f0 GetStdHandle
0x42a0f4 WriteFile
0x42a0f8 HeapAlloc
0x42a0fc HeapFree
0x42a100 LCMapStringW
0x42a104 GetLocaleInfoW
0x42a108 IsValidLocale
0x42a10c GetUserDefaultLCID
0x42a110 EnumSystemLocalesW
0x42a114 GetFileType
0x42a118 GetFileSizeEx
0x42a11c SetFilePointerEx
0x42a120 FlushFileBuffers
0x42a124 GetConsoleOutputCP
0x42a128 GetConsoleMode
0x42a12c ReadFile
0x42a130 ReadConsoleW
0x42a134 HeapReAlloc
0x42a138 FindClose
0x42a13c FindFirstFileExW
0x42a140 FindNextFileW
0x42a144 IsValidCodePage
0x42a148 GetACP
0x42a14c GetOEMCP
0x42a150 GetCommandLineA
0x42a154 GetCommandLineW
0x42a158 GetEnvironmentStringsW
0x42a15c FreeEnvironmentStringsW
0x42a160 WriteConsoleW
EAT(Export Address Table) is none
GDI32.dll
0x42a000 SetPixel
USER32.dll
0x42a168 ReleaseDC
0x42a16c GetDC
0x42a170 OffsetRect
KERNEL32.dll
0x42a008 CreateFileW
0x42a00c HeapSize
0x42a010 SetStdHandle
0x42a014 WaitForSingleObject
0x42a018 CreateThread
0x42a01c VirtualAlloc
0x42a020 RaiseException
0x42a024 InitOnceBeginInitialize
0x42a028 InitOnceComplete
0x42a02c CloseHandle
0x42a030 GetCurrentThreadId
0x42a034 ReleaseSRWLockExclusive
0x42a038 AcquireSRWLockExclusive
0x42a03c TryAcquireSRWLockExclusive
0x42a040 WakeAllConditionVariable
0x42a044 SleepConditionVariableSRW
0x42a048 WideCharToMultiByte
0x42a04c MultiByteToWideChar
0x42a050 GetStringTypeW
0x42a054 GetLastError
0x42a058 FreeLibraryWhenCallbackReturns
0x42a05c CreateThreadpoolWork
0x42a060 SubmitThreadpoolWork
0x42a064 CloseThreadpoolWork
0x42a068 GetModuleHandleExW
0x42a06c IsProcessorFeaturePresent
0x42a070 EnterCriticalSection
0x42a074 LeaveCriticalSection
0x42a078 InitializeCriticalSectionEx
0x42a07c DeleteCriticalSection
0x42a080 QueryPerformanceCounter
0x42a084 EncodePointer
0x42a088 DecodePointer
0x42a08c LCMapStringEx
0x42a090 GetSystemTimeAsFileTime
0x42a094 GetModuleHandleW
0x42a098 GetProcAddress
0x42a09c GetCPInfo
0x42a0a0 IsDebuggerPresent
0x42a0a4 UnhandledExceptionFilter
0x42a0a8 SetUnhandledExceptionFilter
0x42a0ac GetStartupInfoW
0x42a0b0 GetCurrentProcess
0x42a0b4 TerminateProcess
0x42a0b8 GetCurrentProcessId
0x42a0bc InitializeSListHead
0x42a0c0 GetProcessHeap
0x42a0c4 RtlUnwind
0x42a0c8 SetLastError
0x42a0cc InitializeCriticalSectionAndSpinCount
0x42a0d0 TlsAlloc
0x42a0d4 TlsGetValue
0x42a0d8 TlsSetValue
0x42a0dc TlsFree
0x42a0e0 FreeLibrary
0x42a0e4 LoadLibraryExW
0x42a0e8 ExitProcess
0x42a0ec GetModuleFileNameW
0x42a0f0 GetStdHandle
0x42a0f4 WriteFile
0x42a0f8 HeapAlloc
0x42a0fc HeapFree
0x42a100 LCMapStringW
0x42a104 GetLocaleInfoW
0x42a108 IsValidLocale
0x42a10c GetUserDefaultLCID
0x42a110 EnumSystemLocalesW
0x42a114 GetFileType
0x42a118 GetFileSizeEx
0x42a11c SetFilePointerEx
0x42a120 FlushFileBuffers
0x42a124 GetConsoleOutputCP
0x42a128 GetConsoleMode
0x42a12c ReadFile
0x42a130 ReadConsoleW
0x42a134 HeapReAlloc
0x42a138 FindClose
0x42a13c FindFirstFileExW
0x42a140 FindNextFileW
0x42a144 IsValidCodePage
0x42a148 GetACP
0x42a14c GetOEMCP
0x42a150 GetCommandLineA
0x42a154 GetCommandLineW
0x42a158 GetEnvironmentStringsW
0x42a15c FreeEnvironmentStringsW
0x42a160 WriteConsoleW
EAT(Export Address Table) is none