ScreenShot
| Created | 2024.08.19 14:46 | Machine | s1_win7_x6401 |
| Filename | fskn.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (AIDetectMalware, Malicious, score, Zusy, Unsafe, Vr18, Attribute, HighConfidence, a variant of Generik, FVMIHLF, PWSX, Kryptik@AI, RDML, JR9o00o51sd8hKzPgJZMFA, hifno, LUMMASTEALER, YXEGVZ, Real Protect, Static AI, Suspicious PE, Detected, ai score=87, Wacatac, Malware@#i5zz6oncg2xo, ABRisk, ZAOT, ZexaF, qqW@a0oL70d, Chgt, Gencirc, PossibleThreat, confidence) | ||
| md5 | 47f6d152f5e20e8599def568c3b4dd2a | ||
| sha256 | 5ad9caca41a823495722c82f963244b6d52fdd9ed5a7fd8ab2b97db7f2ce76cf | ||
| ssdeep | 6144:CxxaCOjFEStQfy6KL01U50lMrmrzPuoKR:Cx8jFEStrZ0lMrmrzP5KR | ||
| imphash | db586abab713e528e4136d7acc5f1ac8 | ||
| impfuzzy | 24:UNqDYFHuOGOovq3/MUhZQv20BcpVWZjXjtZhlJBlmrow:UNtB9ZyLBcpVejXjtZnE5 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x435000 FreeLibrary
0x435004 CreateFileW
0x435008 GetCurrentProcessId
0x43500c GetProcAddress
0x435010 CloseHandle
0x435014 LoadLibraryA
0x435018 GetCurrentProcess
0x43501c HeapSize
0x435020 GetProcessHeap
0x435024 SetStdHandle
0x435028 FreeEnvironmentStringsW
0x43502c GetEnvironmentStringsW
0x435030 GetCommandLineW
0x435034 GetCommandLineA
0x435038 GetOEMCP
0x43503c GetACP
0x435040 IsValidCodePage
0x435044 FindNextFileW
0x435048 FindFirstFileExW
0x43504c FindClose
0x435050 HeapReAlloc
0x435054 ReadConsoleW
0x435058 SetFilePointerEx
0x43505c GetFileSizeEx
0x435060 ReadFile
0x435064 GetConsoleMode
0x435068 GetConsoleOutputCP
0x43506c FlushFileBuffers
0x435070 EnumSystemLocalesW
0x435074 GetUserDefaultLCID
0x435078 IsValidLocale
0x43507c GetLocaleInfoW
0x435080 LCMapStringW
0x435084 GetFileType
0x435088 HeapFree
0x43508c MultiByteToWideChar
0x435090 GetStringTypeW
0x435094 WideCharToMultiByte
0x435098 RaiseException
0x43509c EnterCriticalSection
0x4350a0 LeaveCriticalSection
0x4350a4 InitializeCriticalSectionEx
0x4350a8 DeleteCriticalSection
0x4350ac EncodePointer
0x4350b0 DecodePointer
0x4350b4 LCMapStringEx
0x4350b8 GetCPInfo
0x4350bc IsProcessorFeaturePresent
0x4350c0 QueryPerformanceCounter
0x4350c4 GetCurrentThreadId
0x4350c8 GetSystemTimeAsFileTime
0x4350cc InitializeSListHead
0x4350d0 IsDebuggerPresent
0x4350d4 UnhandledExceptionFilter
0x4350d8 SetUnhandledExceptionFilter
0x4350dc GetStartupInfoW
0x4350e0 GetModuleHandleW
0x4350e4 TerminateProcess
0x4350e8 RtlUnwind
0x4350ec GetLastError
0x4350f0 SetLastError
0x4350f4 InitializeCriticalSectionAndSpinCount
0x4350f8 TlsAlloc
0x4350fc TlsGetValue
0x435100 TlsSetValue
0x435104 TlsFree
0x435108 LoadLibraryExW
0x43510c ExitProcess
0x435110 GetModuleHandleExW
0x435114 GetStdHandle
0x435118 WriteFile
0x43511c GetModuleFileNameW
0x435120 HeapAlloc
0x435124 WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x435000 FreeLibrary
0x435004 CreateFileW
0x435008 GetCurrentProcessId
0x43500c GetProcAddress
0x435010 CloseHandle
0x435014 LoadLibraryA
0x435018 GetCurrentProcess
0x43501c HeapSize
0x435020 GetProcessHeap
0x435024 SetStdHandle
0x435028 FreeEnvironmentStringsW
0x43502c GetEnvironmentStringsW
0x435030 GetCommandLineW
0x435034 GetCommandLineA
0x435038 GetOEMCP
0x43503c GetACP
0x435040 IsValidCodePage
0x435044 FindNextFileW
0x435048 FindFirstFileExW
0x43504c FindClose
0x435050 HeapReAlloc
0x435054 ReadConsoleW
0x435058 SetFilePointerEx
0x43505c GetFileSizeEx
0x435060 ReadFile
0x435064 GetConsoleMode
0x435068 GetConsoleOutputCP
0x43506c FlushFileBuffers
0x435070 EnumSystemLocalesW
0x435074 GetUserDefaultLCID
0x435078 IsValidLocale
0x43507c GetLocaleInfoW
0x435080 LCMapStringW
0x435084 GetFileType
0x435088 HeapFree
0x43508c MultiByteToWideChar
0x435090 GetStringTypeW
0x435094 WideCharToMultiByte
0x435098 RaiseException
0x43509c EnterCriticalSection
0x4350a0 LeaveCriticalSection
0x4350a4 InitializeCriticalSectionEx
0x4350a8 DeleteCriticalSection
0x4350ac EncodePointer
0x4350b0 DecodePointer
0x4350b4 LCMapStringEx
0x4350b8 GetCPInfo
0x4350bc IsProcessorFeaturePresent
0x4350c0 QueryPerformanceCounter
0x4350c4 GetCurrentThreadId
0x4350c8 GetSystemTimeAsFileTime
0x4350cc InitializeSListHead
0x4350d0 IsDebuggerPresent
0x4350d4 UnhandledExceptionFilter
0x4350d8 SetUnhandledExceptionFilter
0x4350dc GetStartupInfoW
0x4350e0 GetModuleHandleW
0x4350e4 TerminateProcess
0x4350e8 RtlUnwind
0x4350ec GetLastError
0x4350f0 SetLastError
0x4350f4 InitializeCriticalSectionAndSpinCount
0x4350f8 TlsAlloc
0x4350fc TlsGetValue
0x435100 TlsSetValue
0x435104 TlsFree
0x435108 LoadLibraryExW
0x43510c ExitProcess
0x435110 GetModuleHandleExW
0x435114 GetStdHandle
0x435118 WriteFile
0x43511c GetModuleFileNameW
0x435120 HeapAlloc
0x435124 WriteConsoleW
EAT(Export Address Table) is none