ScreenShot
| Created | 2024.08.19 14:26 | Machine | s1_win7_x6403 |
| Filename | cvef.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 14 detected (AIDetectMalware, malicious, moderate confidence, score, Unsafe, Attribute, HighConfidence, Static AI, Suspicious PE, confidence) | ||
| md5 | 5b24b568922198941e4bd8f8c7ac35c8 | ||
| sha256 | 492e4abc2f6b4082f4b68fa44ee624765a4c37e06f4322987e0a4c5e18122ccd | ||
| ssdeep | 3072:3jt1xQ4yHDe4Nr8alivPgk3M0dQYJzcT9IjkY3lT1QYFUsC93:ztt4Nr8alivPgWM0dQF9IjkY8rs | ||
| imphash | 778e226e50e43647e84050d58900e2ed | ||
| impfuzzy | 48:EQS1YtSsBc+pyYZJ3vCF/KA/gXlKJ0WGSYoniZS9:EQS1YtSsBc+pyYofYcMc | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| notice | Creates executable files on the filesystem |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14002e028 CreateProcessA
0x14002e030 WriteConsoleW
0x14002e038 CreateFileW
0x14002e040 CloseHandle
0x14002e048 GetConsoleMode
0x14002e050 FreeLibrary
0x14002e058 FlushFileBuffers
0x14002e060 HeapReAlloc
0x14002e068 HeapSize
0x14002e070 SetFilePointerEx
0x14002e078 GetProcessHeap
0x14002e080 GetStringTypeW
0x14002e088 GetProcAddress
0x14002e090 LoadLibraryW
0x14002e098 Sleep
0x14002e0a0 GetConsoleOutputCP
0x14002e0a8 VirtualProtect
0x14002e0b0 SetStdHandle
0x14002e0b8 FreeEnvironmentStringsW
0x14002e0c0 GetEnvironmentStringsW
0x14002e0c8 WideCharToMultiByte
0x14002e0d0 QueryPerformanceCounter
0x14002e0d8 GetCurrentProcessId
0x14002e0e0 GetCurrentThreadId
0x14002e0e8 GetSystemTimeAsFileTime
0x14002e0f0 InitializeSListHead
0x14002e0f8 RtlCaptureContext
0x14002e100 RtlLookupFunctionEntry
0x14002e108 RtlVirtualUnwind
0x14002e110 IsDebuggerPresent
0x14002e118 UnhandledExceptionFilter
0x14002e120 SetUnhandledExceptionFilter
0x14002e128 GetStartupInfoW
0x14002e130 IsProcessorFeaturePresent
0x14002e138 GetModuleHandleW
0x14002e140 RtlUnwindEx
0x14002e148 GetLastError
0x14002e150 SetLastError
0x14002e158 EncodePointer
0x14002e160 RaiseException
0x14002e168 EnterCriticalSection
0x14002e170 LeaveCriticalSection
0x14002e178 DeleteCriticalSection
0x14002e180 InitializeCriticalSectionAndSpinCount
0x14002e188 TlsAlloc
0x14002e190 TlsGetValue
0x14002e198 TlsSetValue
0x14002e1a0 TlsFree
0x14002e1a8 LoadLibraryExW
0x14002e1b0 RtlPcToFileHeader
0x14002e1b8 GetStdHandle
0x14002e1c0 WriteFile
0x14002e1c8 GetModuleFileNameW
0x14002e1d0 GetCurrentProcess
0x14002e1d8 ExitProcess
0x14002e1e0 TerminateProcess
0x14002e1e8 GetModuleHandleExW
0x14002e1f0 HeapFree
0x14002e1f8 HeapAlloc
0x14002e200 GetFileType
0x14002e208 FlsAlloc
0x14002e210 FlsGetValue
0x14002e218 FlsSetValue
0x14002e220 FlsFree
0x14002e228 LCMapStringW
0x14002e230 FindClose
0x14002e238 FindFirstFileExW
0x14002e240 FindNextFileW
0x14002e248 IsValidCodePage
0x14002e250 GetACP
0x14002e258 GetOEMCP
0x14002e260 GetCPInfo
0x14002e268 GetCommandLineA
0x14002e270 GetCommandLineW
0x14002e278 MultiByteToWideChar
USER32.dll
0x14002e2a0 UpdateWindow
0x14002e2a8 GetMessageW
0x14002e2b0 DefWindowProcW
0x14002e2b8 MessageBoxW
0x14002e2c0 CreateWindowExW
0x14002e2c8 SendMessageW
0x14002e2d0 ShowWindow
0x14002e2d8 DispatchMessageW
0x14002e2e0 RegisterClassW
0x14002e2e8 TranslateMessage
0x14002e2f0 LoadIconW
0x14002e2f8 GetClientRect
0x14002e300 PostQuitMessage
GDI32.dll
0x14002e000 SetTextColor
0x14002e008 SetBkColor
0x14002e010 CreateSolidBrush
0x14002e018 CreateFontW
SHELL32.dll
0x14002e288 SHGetFolderPathW
0x14002e290 ShellExecuteW
urlmon.dll
0x14002e310 URLDownloadToFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x14002e028 CreateProcessA
0x14002e030 WriteConsoleW
0x14002e038 CreateFileW
0x14002e040 CloseHandle
0x14002e048 GetConsoleMode
0x14002e050 FreeLibrary
0x14002e058 FlushFileBuffers
0x14002e060 HeapReAlloc
0x14002e068 HeapSize
0x14002e070 SetFilePointerEx
0x14002e078 GetProcessHeap
0x14002e080 GetStringTypeW
0x14002e088 GetProcAddress
0x14002e090 LoadLibraryW
0x14002e098 Sleep
0x14002e0a0 GetConsoleOutputCP
0x14002e0a8 VirtualProtect
0x14002e0b0 SetStdHandle
0x14002e0b8 FreeEnvironmentStringsW
0x14002e0c0 GetEnvironmentStringsW
0x14002e0c8 WideCharToMultiByte
0x14002e0d0 QueryPerformanceCounter
0x14002e0d8 GetCurrentProcessId
0x14002e0e0 GetCurrentThreadId
0x14002e0e8 GetSystemTimeAsFileTime
0x14002e0f0 InitializeSListHead
0x14002e0f8 RtlCaptureContext
0x14002e100 RtlLookupFunctionEntry
0x14002e108 RtlVirtualUnwind
0x14002e110 IsDebuggerPresent
0x14002e118 UnhandledExceptionFilter
0x14002e120 SetUnhandledExceptionFilter
0x14002e128 GetStartupInfoW
0x14002e130 IsProcessorFeaturePresent
0x14002e138 GetModuleHandleW
0x14002e140 RtlUnwindEx
0x14002e148 GetLastError
0x14002e150 SetLastError
0x14002e158 EncodePointer
0x14002e160 RaiseException
0x14002e168 EnterCriticalSection
0x14002e170 LeaveCriticalSection
0x14002e178 DeleteCriticalSection
0x14002e180 InitializeCriticalSectionAndSpinCount
0x14002e188 TlsAlloc
0x14002e190 TlsGetValue
0x14002e198 TlsSetValue
0x14002e1a0 TlsFree
0x14002e1a8 LoadLibraryExW
0x14002e1b0 RtlPcToFileHeader
0x14002e1b8 GetStdHandle
0x14002e1c0 WriteFile
0x14002e1c8 GetModuleFileNameW
0x14002e1d0 GetCurrentProcess
0x14002e1d8 ExitProcess
0x14002e1e0 TerminateProcess
0x14002e1e8 GetModuleHandleExW
0x14002e1f0 HeapFree
0x14002e1f8 HeapAlloc
0x14002e200 GetFileType
0x14002e208 FlsAlloc
0x14002e210 FlsGetValue
0x14002e218 FlsSetValue
0x14002e220 FlsFree
0x14002e228 LCMapStringW
0x14002e230 FindClose
0x14002e238 FindFirstFileExW
0x14002e240 FindNextFileW
0x14002e248 IsValidCodePage
0x14002e250 GetACP
0x14002e258 GetOEMCP
0x14002e260 GetCPInfo
0x14002e268 GetCommandLineA
0x14002e270 GetCommandLineW
0x14002e278 MultiByteToWideChar
USER32.dll
0x14002e2a0 UpdateWindow
0x14002e2a8 GetMessageW
0x14002e2b0 DefWindowProcW
0x14002e2b8 MessageBoxW
0x14002e2c0 CreateWindowExW
0x14002e2c8 SendMessageW
0x14002e2d0 ShowWindow
0x14002e2d8 DispatchMessageW
0x14002e2e0 RegisterClassW
0x14002e2e8 TranslateMessage
0x14002e2f0 LoadIconW
0x14002e2f8 GetClientRect
0x14002e300 PostQuitMessage
GDI32.dll
0x14002e000 SetTextColor
0x14002e008 SetBkColor
0x14002e010 CreateSolidBrush
0x14002e018 CreateFontW
SHELL32.dll
0x14002e288 SHGetFolderPathW
0x14002e290 ShellExecuteW
urlmon.dll
0x14002e310 URLDownloadToFileW
EAT(Export Address Table) is none