ScreenShot
| Created | 2024.08.19 14:07 | Machine | s1_win7_x6401 |
| Filename | ConsoleApplication6.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 10 detected (AIDetectMalware, malicious, high confidence, score, NetLoader, Static AI, Suspicious PE, confidence, 100%) | ||
| md5 | e3454ebec6c620ea8547121080a4634e | ||
| sha256 | d4ff3691a8f6e2e3d5dc2dbc23d222f1547e4addf2b8b7f598b213cd7559d5fd | ||
| ssdeep | 6144:r6U8gPcMcHsSB6+1zrXsEvKXchoQfaSEX:O8cHsSB6IzzsHshoTX | ||
| imphash | aaa962afcd2ab125e1039491af99cc68 | ||
| impfuzzy | 48:J3S1YtCgG1c+p6nwX3MFSY/goCKX0WnB/KAlJVZS9:J3S1YtCgG1c+p6ZKahjc | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 10 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Performs some HTTP requests |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140047028 CreateFileW
0x140047030 GetConsoleMode
0x140047038 GetConsoleOutputCP
0x140047040 FlushFileBuffers
0x140047048 WriteConsoleW
0x140047050 HeapSize
0x140047058 SetFilePointerEx
0x140047060 GetProcessHeap
0x140047068 GetStringTypeW
0x140047070 SetStdHandle
0x140047078 LoadLibraryW
0x140047080 GetProcAddress
0x140047088 FreeLibrary
0x140047090 HeapReAlloc
0x140047098 VirtualProtect
0x1400470a0 SetEnvironmentVariableW
0x1400470a8 FreeEnvironmentStringsW
0x1400470b0 GetEnvironmentStringsW
0x1400470b8 WideCharToMultiByte
0x1400470c0 MultiByteToWideChar
0x1400470c8 QueryPerformanceCounter
0x1400470d0 GetCurrentProcessId
0x1400470d8 GetCurrentThreadId
0x1400470e0 GetSystemTimeAsFileTime
0x1400470e8 InitializeSListHead
0x1400470f0 RtlCaptureContext
0x1400470f8 RtlLookupFunctionEntry
0x140047100 RtlVirtualUnwind
0x140047108 IsDebuggerPresent
0x140047110 UnhandledExceptionFilter
0x140047118 SetUnhandledExceptionFilter
0x140047120 GetStartupInfoW
0x140047128 IsProcessorFeaturePresent
0x140047130 GetModuleHandleW
0x140047138 RtlPcToFileHeader
0x140047140 RaiseException
0x140047148 RtlUnwindEx
0x140047150 GetLastError
0x140047158 SetLastError
0x140047160 EncodePointer
0x140047168 EnterCriticalSection
0x140047170 LeaveCriticalSection
0x140047178 DeleteCriticalSection
0x140047180 InitializeCriticalSectionAndSpinCount
0x140047188 TlsAlloc
0x140047190 TlsGetValue
0x140047198 TlsSetValue
0x1400471a0 TlsFree
0x1400471a8 LoadLibraryExW
0x1400471b0 GetCurrentProcess
0x1400471b8 TerminateProcess
0x1400471c0 GetStdHandle
0x1400471c8 WriteFile
0x1400471d0 GetModuleFileNameW
0x1400471d8 ExitProcess
0x1400471e0 GetModuleHandleExW
0x1400471e8 HeapFree
0x1400471f0 CloseHandle
0x1400471f8 WaitForSingleObject
0x140047200 GetExitCodeProcess
0x140047208 CreateProcessW
0x140047210 GetFileAttributesExW
0x140047218 HeapAlloc
0x140047220 GetFileType
0x140047228 FlsAlloc
0x140047230 FlsGetValue
0x140047238 FlsSetValue
0x140047240 FlsFree
0x140047248 CompareStringW
0x140047250 LCMapStringW
0x140047258 FindClose
0x140047260 FindFirstFileExW
0x140047268 FindNextFileW
0x140047270 IsValidCodePage
0x140047278 GetACP
0x140047280 GetOEMCP
0x140047288 GetCPInfo
0x140047290 GetCommandLineA
0x140047298 GetCommandLineW
USER32.dll
0x1400472c0 GetMessageW
0x1400472c8 LoadIconW
0x1400472d0 MessageBoxW
0x1400472d8 GetClientRect
0x1400472e0 UpdateWindow
0x1400472e8 ShowWindow
0x1400472f0 CreateWindowExW
0x1400472f8 RegisterClassW
0x140047300 PostQuitMessage
0x140047308 DefWindowProcW
0x140047310 SendMessageW
0x140047318 DispatchMessageW
0x140047320 TranslateMessage
GDI32.dll
0x140047000 SetBkColor
0x140047008 CreateSolidBrush
0x140047010 CreateFontW
0x140047018 SetTextColor
SHELL32.dll
0x1400472a8 SHGetFolderPathW
0x1400472b0 ShellExecuteW
urlmon.dll
0x140047330 URLDownloadToFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x140047028 CreateFileW
0x140047030 GetConsoleMode
0x140047038 GetConsoleOutputCP
0x140047040 FlushFileBuffers
0x140047048 WriteConsoleW
0x140047050 HeapSize
0x140047058 SetFilePointerEx
0x140047060 GetProcessHeap
0x140047068 GetStringTypeW
0x140047070 SetStdHandle
0x140047078 LoadLibraryW
0x140047080 GetProcAddress
0x140047088 FreeLibrary
0x140047090 HeapReAlloc
0x140047098 VirtualProtect
0x1400470a0 SetEnvironmentVariableW
0x1400470a8 FreeEnvironmentStringsW
0x1400470b0 GetEnvironmentStringsW
0x1400470b8 WideCharToMultiByte
0x1400470c0 MultiByteToWideChar
0x1400470c8 QueryPerformanceCounter
0x1400470d0 GetCurrentProcessId
0x1400470d8 GetCurrentThreadId
0x1400470e0 GetSystemTimeAsFileTime
0x1400470e8 InitializeSListHead
0x1400470f0 RtlCaptureContext
0x1400470f8 RtlLookupFunctionEntry
0x140047100 RtlVirtualUnwind
0x140047108 IsDebuggerPresent
0x140047110 UnhandledExceptionFilter
0x140047118 SetUnhandledExceptionFilter
0x140047120 GetStartupInfoW
0x140047128 IsProcessorFeaturePresent
0x140047130 GetModuleHandleW
0x140047138 RtlPcToFileHeader
0x140047140 RaiseException
0x140047148 RtlUnwindEx
0x140047150 GetLastError
0x140047158 SetLastError
0x140047160 EncodePointer
0x140047168 EnterCriticalSection
0x140047170 LeaveCriticalSection
0x140047178 DeleteCriticalSection
0x140047180 InitializeCriticalSectionAndSpinCount
0x140047188 TlsAlloc
0x140047190 TlsGetValue
0x140047198 TlsSetValue
0x1400471a0 TlsFree
0x1400471a8 LoadLibraryExW
0x1400471b0 GetCurrentProcess
0x1400471b8 TerminateProcess
0x1400471c0 GetStdHandle
0x1400471c8 WriteFile
0x1400471d0 GetModuleFileNameW
0x1400471d8 ExitProcess
0x1400471e0 GetModuleHandleExW
0x1400471e8 HeapFree
0x1400471f0 CloseHandle
0x1400471f8 WaitForSingleObject
0x140047200 GetExitCodeProcess
0x140047208 CreateProcessW
0x140047210 GetFileAttributesExW
0x140047218 HeapAlloc
0x140047220 GetFileType
0x140047228 FlsAlloc
0x140047230 FlsGetValue
0x140047238 FlsSetValue
0x140047240 FlsFree
0x140047248 CompareStringW
0x140047250 LCMapStringW
0x140047258 FindClose
0x140047260 FindFirstFileExW
0x140047268 FindNextFileW
0x140047270 IsValidCodePage
0x140047278 GetACP
0x140047280 GetOEMCP
0x140047288 GetCPInfo
0x140047290 GetCommandLineA
0x140047298 GetCommandLineW
USER32.dll
0x1400472c0 GetMessageW
0x1400472c8 LoadIconW
0x1400472d0 MessageBoxW
0x1400472d8 GetClientRect
0x1400472e0 UpdateWindow
0x1400472e8 ShowWindow
0x1400472f0 CreateWindowExW
0x1400472f8 RegisterClassW
0x140047300 PostQuitMessage
0x140047308 DefWindowProcW
0x140047310 SendMessageW
0x140047318 DispatchMessageW
0x140047320 TranslateMessage
GDI32.dll
0x140047000 SetBkColor
0x140047008 CreateSolidBrush
0x140047010 CreateFontW
0x140047018 SetTextColor
SHELL32.dll
0x1400472a8 SHGetFolderPathW
0x1400472b0 ShellExecuteW
urlmon.dll
0x140047330 URLDownloadToFileW
EAT(Export Address Table) is none