ScreenShot
| Created | 2024.08.19 15:00 | Machine | s1_win7_x6401 |
| Filename | CFGG.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (AIDetectMalware, Shelm, GenericKD, Unsafe, V6wr, malicious, Attribute, HighConfidence, TrojanX, Kryptik@AI, RDML, T9l0KpjC87Z4nQrAQfj6gA, Detected, ai score=89, ABRisk, LDTA, ZexaF, fuW@a8vWslpi, R002H09FF24, susgen) | ||
| md5 | d042c41a79787fb48e3bdf6ededd7a9a | ||
| sha256 | 590d4bc44495d6341809bc7a3b3be225ec3d63e5bed76f0a85accf13a26d8f91 | ||
| ssdeep | 1536:9uhl/CHwGNOp77i/GqP1/K95cIYwrFyXau5luxL5oR2N21qpKsWdNEcdlJajdia3:8o6ktP1JwrFyXD5kx1N2nllJajsa3 | ||
| imphash | d9b0fc6ecf89dc560865c417800980d4 | ||
| impfuzzy | 24:SftMS17hlJnc+pl3eDo/CyoEOovbO4URZHu93vB3GM8:qtMS175c+ppmyc3CBK | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x40e10c MessageBoxW
KERNEL32.dll
0x40e000 HeapAlloc
0x40e004 DecodePointer
0x40e008 UnhandledExceptionFilter
0x40e00c SetUnhandledExceptionFilter
0x40e010 GetCurrentProcess
0x40e014 TerminateProcess
0x40e018 IsProcessorFeaturePresent
0x40e01c QueryPerformanceCounter
0x40e020 GetCurrentProcessId
0x40e024 GetCurrentThreadId
0x40e028 GetSystemTimeAsFileTime
0x40e02c InitializeSListHead
0x40e030 IsDebuggerPresent
0x40e034 GetStartupInfoW
0x40e038 GetModuleHandleW
0x40e03c RtlUnwind
0x40e040 GetLastError
0x40e044 SetLastError
0x40e048 EnterCriticalSection
0x40e04c LeaveCriticalSection
0x40e050 DeleteCriticalSection
0x40e054 InitializeCriticalSectionAndSpinCount
0x40e058 TlsAlloc
0x40e05c TlsGetValue
0x40e060 TlsSetValue
0x40e064 TlsFree
0x40e068 FreeLibrary
0x40e06c GetProcAddress
0x40e070 LoadLibraryExW
0x40e074 EncodePointer
0x40e078 RaiseException
0x40e07c GetStdHandle
0x40e080 WriteFile
0x40e084 GetModuleFileNameW
0x40e088 ExitProcess
0x40e08c GetModuleHandleExW
0x40e090 GetCommandLineA
0x40e094 GetCommandLineW
0x40e098 CloseHandle
0x40e09c HeapFree
0x40e0a0 FindClose
0x40e0a4 FindFirstFileExW
0x40e0a8 FindNextFileW
0x40e0ac IsValidCodePage
0x40e0b0 GetACP
0x40e0b4 GetOEMCP
0x40e0b8 GetCPInfo
0x40e0bc MultiByteToWideChar
0x40e0c0 WideCharToMultiByte
0x40e0c4 GetEnvironmentStringsW
0x40e0c8 FreeEnvironmentStringsW
0x40e0cc SetEnvironmentVariableW
0x40e0d0 SetStdHandle
0x40e0d4 GetFileType
0x40e0d8 GetStringTypeW
0x40e0dc CompareStringW
0x40e0e0 LCMapStringW
0x40e0e4 GetProcessHeap
0x40e0e8 HeapSize
0x40e0ec HeapReAlloc
0x40e0f0 FlushFileBuffers
0x40e0f4 GetConsoleOutputCP
0x40e0f8 GetConsoleMode
0x40e0fc SetFilePointerEx
0x40e100 CreateFileW
0x40e104 WriteConsoleW
EAT(Export Address Table) is none
USER32.dll
0x40e10c MessageBoxW
KERNEL32.dll
0x40e000 HeapAlloc
0x40e004 DecodePointer
0x40e008 UnhandledExceptionFilter
0x40e00c SetUnhandledExceptionFilter
0x40e010 GetCurrentProcess
0x40e014 TerminateProcess
0x40e018 IsProcessorFeaturePresent
0x40e01c QueryPerformanceCounter
0x40e020 GetCurrentProcessId
0x40e024 GetCurrentThreadId
0x40e028 GetSystemTimeAsFileTime
0x40e02c InitializeSListHead
0x40e030 IsDebuggerPresent
0x40e034 GetStartupInfoW
0x40e038 GetModuleHandleW
0x40e03c RtlUnwind
0x40e040 GetLastError
0x40e044 SetLastError
0x40e048 EnterCriticalSection
0x40e04c LeaveCriticalSection
0x40e050 DeleteCriticalSection
0x40e054 InitializeCriticalSectionAndSpinCount
0x40e058 TlsAlloc
0x40e05c TlsGetValue
0x40e060 TlsSetValue
0x40e064 TlsFree
0x40e068 FreeLibrary
0x40e06c GetProcAddress
0x40e070 LoadLibraryExW
0x40e074 EncodePointer
0x40e078 RaiseException
0x40e07c GetStdHandle
0x40e080 WriteFile
0x40e084 GetModuleFileNameW
0x40e088 ExitProcess
0x40e08c GetModuleHandleExW
0x40e090 GetCommandLineA
0x40e094 GetCommandLineW
0x40e098 CloseHandle
0x40e09c HeapFree
0x40e0a0 FindClose
0x40e0a4 FindFirstFileExW
0x40e0a8 FindNextFileW
0x40e0ac IsValidCodePage
0x40e0b0 GetACP
0x40e0b4 GetOEMCP
0x40e0b8 GetCPInfo
0x40e0bc MultiByteToWideChar
0x40e0c0 WideCharToMultiByte
0x40e0c4 GetEnvironmentStringsW
0x40e0c8 FreeEnvironmentStringsW
0x40e0cc SetEnvironmentVariableW
0x40e0d0 SetStdHandle
0x40e0d4 GetFileType
0x40e0d8 GetStringTypeW
0x40e0dc CompareStringW
0x40e0e0 LCMapStringW
0x40e0e4 GetProcessHeap
0x40e0e8 HeapSize
0x40e0ec HeapReAlloc
0x40e0f0 FlushFileBuffers
0x40e0f4 GetConsoleOutputCP
0x40e0f8 GetConsoleMode
0x40e0fc SetFilePointerEx
0x40e100 CreateFileW
0x40e104 WriteConsoleW
EAT(Export Address Table) is none