ScreenShot
| Created | 2024.08.19 15:05 | Machine | s1_win7_x6401 |
| Filename | 66bf353c38733_Grids.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 25 detected (AIDetectMalware, malicious, high confidence, score, Vdsi, Attribute, HighConfidence, qwiuzp, avpom, PRIVATELOADER, YXEHPZ, Detected, Wacatac, WinGo, Sabsik) | ||
| md5 | efd6377cf1f3e1efd885db9343a9a686 | ||
| sha256 | a461cb4287fb32a2b34bb3ad04c1535f009887189c35bb1fb945b2e3735351bf | ||
| ssdeep | 98304:nU2cl1gL63HtoMuyNO9Oq6C7k5H43mhS9EogmZXrppEzkkw0IuP7uypNdh26Alp+:U2c3s16C7mlS2otXIRj3pw/c1cEVv | ||
| imphash | 8c7872cbd8d3fd8d4fc62eb1fe42cece | ||
| impfuzzy | 96:qB0x8CxX7+CJS5pmeTYqHx4OxQ2/0XiX1Pg37TJGQ6d61mcqgVn4:qKiCJ77JS5dTYRu0SFoMQ6d+SgV4 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14148f63c AddAtomA
0x14148f644 AddVectoredExceptionHandler
0x14148f64c AreFileApisANSI
0x14148f654 CloseHandle
0x14148f65c CreateEventA
0x14148f664 CreateFileA
0x14148f66c CreateFileMappingA
0x14148f674 CreateFileMappingW
0x14148f67c CreateFileW
0x14148f684 CreateIoCompletionPort
0x14148f68c CreateMutexA
0x14148f694 CreateMutexW
0x14148f69c CreateSemaphoreA
0x14148f6a4 CreateThread
0x14148f6ac CreateWaitableTimerA
0x14148f6b4 CreateWaitableTimerExW
0x14148f6bc DeleteAtom
0x14148f6c4 DeleteCriticalSection
0x14148f6cc DeleteFileA
0x14148f6d4 DeleteFileW
0x14148f6dc DuplicateHandle
0x14148f6e4 EnterCriticalSection
0x14148f6ec ExitProcess
0x14148f6f4 FindAtomA
0x14148f6fc FlushFileBuffers
0x14148f704 FlushViewOfFile
0x14148f70c FormatMessageA
0x14148f714 FormatMessageW
0x14148f71c FreeEnvironmentStringsW
0x14148f724 FreeLibrary
0x14148f72c GetAtomNameA
0x14148f734 GetConsoleMode
0x14148f73c GetCurrentProcess
0x14148f744 GetCurrentProcessId
0x14148f74c GetCurrentThread
0x14148f754 GetCurrentThreadId
0x14148f75c GetDiskFreeSpaceA
0x14148f764 GetDiskFreeSpaceW
0x14148f76c GetEnvironmentStringsW
0x14148f774 GetErrorMode
0x14148f77c GetFileAttributesA
0x14148f784 GetFileAttributesExW
0x14148f78c GetFileAttributesW
0x14148f794 GetFileSize
0x14148f79c GetFullPathNameA
0x14148f7a4 GetFullPathNameW
0x14148f7ac GetHandleInformation
0x14148f7b4 GetLastError
0x14148f7bc GetProcAddress
0x14148f7c4 GetProcessAffinityMask
0x14148f7cc GetProcessHeap
0x14148f7d4 GetQueuedCompletionStatusEx
0x14148f7dc GetStartupInfoA
0x14148f7e4 GetStdHandle
0x14148f7ec GetSystemDirectoryA
0x14148f7f4 GetSystemInfo
0x14148f7fc GetSystemTime
0x14148f804 GetSystemTimeAsFileTime
0x14148f80c GetTempPathA
0x14148f814 GetTempPathW
0x14148f81c GetThreadContext
0x14148f824 GetThreadPriority
0x14148f82c GetTickCount
0x14148f834 GetVersionExA
0x14148f83c GetVersionExW
0x14148f844 HeapAlloc
0x14148f84c HeapCompact
0x14148f854 HeapCreate
0x14148f85c HeapDestroy
0x14148f864 HeapFree
0x14148f86c HeapReAlloc
0x14148f874 HeapSize
0x14148f87c HeapValidate
0x14148f884 InitializeCriticalSection
0x14148f88c IsDBCSLeadByteEx
0x14148f894 IsDebuggerPresent
0x14148f89c LeaveCriticalSection
0x14148f8a4 LoadLibraryA
0x14148f8ac LoadLibraryExW
0x14148f8b4 LoadLibraryW
0x14148f8bc LocalFree
0x14148f8c4 LockFile
0x14148f8cc LockFileEx
0x14148f8d4 MapViewOfFile
0x14148f8dc MultiByteToWideChar
0x14148f8e4 OpenProcess
0x14148f8ec OutputDebugStringA
0x14148f8f4 OutputDebugStringW
0x14148f8fc PostQueuedCompletionStatus
0x14148f904 QueryPerformanceCounter
0x14148f90c QueryPerformanceFrequency
0x14148f914 RaiseException
0x14148f91c RaiseFailFastException
0x14148f924 ReadFile
0x14148f92c ReleaseMutex
0x14148f934 ReleaseSemaphore
0x14148f93c RemoveVectoredExceptionHandler
0x14148f944 ResetEvent
0x14148f94c ResumeThread
0x14148f954 SetConsoleCtrlHandler
0x14148f95c SetEndOfFile
0x14148f964 SetErrorMode
0x14148f96c SetEvent
0x14148f974 SetFilePointer
0x14148f97c SetLastError
0x14148f984 SetProcessAffinityMask
0x14148f98c SetProcessPriorityBoost
0x14148f994 SetThreadContext
0x14148f99c SetThreadPriority
0x14148f9a4 SetUnhandledExceptionFilter
0x14148f9ac SetWaitableTimer
0x14148f9b4 Sleep
0x14148f9bc SuspendThread
0x14148f9c4 SwitchToThread
0x14148f9cc SystemTimeToFileTime
0x14148f9d4 TlsAlloc
0x14148f9dc TlsGetValue
0x14148f9e4 TlsSetValue
0x14148f9ec TryEnterCriticalSection
0x14148f9f4 UnlockFile
0x14148f9fc UnlockFileEx
0x14148fa04 UnmapViewOfFile
0x14148fa0c VirtualAlloc
0x14148fa14 VirtualFree
0x14148fa1c VirtualProtect
0x14148fa24 VirtualQuery
0x14148fa2c WaitForMultipleObjects
0x14148fa34 WaitForSingleObject
0x14148fa3c WaitForSingleObjectEx
0x14148fa44 WerGetFlags
0x14148fa4c WerSetFlags
0x14148fa54 WideCharToMultiByte
0x14148fa5c WriteConsoleW
0x14148fa64 WriteFile
0x14148fa6c __C_specific_handler
msvcrt.dll
0x14148fa7c ___lc_codepage_func
0x14148fa84 ___mb_cur_max_func
0x14148fa8c __getmainargs
0x14148fa94 __initenv
0x14148fa9c __iob_func
0x14148faa4 __lconv_init
0x14148faac __set_app_type
0x14148fab4 __setusermatherr
0x14148fabc _acmdln
0x14148fac4 _amsg_exit
0x14148facc _beginthread
0x14148fad4 _beginthreadex
0x14148fadc _cexit
0x14148fae4 _commode
0x14148faec _endthreadex
0x14148faf4 _errno
0x14148fafc _fmode
0x14148fb04 _initterm
0x14148fb0c _localtime64
0x14148fb14 _lock
0x14148fb1c _memccpy
0x14148fb24 _onexit
0x14148fb2c _setjmp
0x14148fb34 _strdup
0x14148fb3c _ultoa
0x14148fb44 _unlock
0x14148fb4c abort
0x14148fb54 calloc
0x14148fb5c exit
0x14148fb64 fprintf
0x14148fb6c fputc
0x14148fb74 free
0x14148fb7c fwrite
0x14148fb84 localeconv
0x14148fb8c longjmp
0x14148fb94 malloc
0x14148fb9c memchr
0x14148fba4 memcmp
0x14148fbac memcpy
0x14148fbb4 memmove
0x14148fbbc memset
0x14148fbc4 printf
0x14148fbcc qsort
0x14148fbd4 realloc
0x14148fbdc signal
0x14148fbe4 strchr
0x14148fbec strcmp
0x14148fbf4 strcspn
0x14148fbfc strerror
0x14148fc04 strlen
0x14148fc0c strncmp
0x14148fc14 strrchr
0x14148fc1c strspn
0x14148fc24 vfprintf
0x14148fc2c wcslen
EAT(Export Address Table) Library
0x14148cf70 _cgo_dummy_export
0x140929220 authorizerTrampoline
0x140928f40 callbackTrampoline
0x140929100 commitHookTrampoline
0x140929060 compareTrampoline
0x140929010 doneTrampoline
0x1409292a0 preUpdateHookTrampoline
0x140929160 rollbackHookTrampoline
0x140928fa0 stepTrampoline
0x1409291b0 updateHookTrampoline
KERNEL32.dll
0x14148f63c AddAtomA
0x14148f644 AddVectoredExceptionHandler
0x14148f64c AreFileApisANSI
0x14148f654 CloseHandle
0x14148f65c CreateEventA
0x14148f664 CreateFileA
0x14148f66c CreateFileMappingA
0x14148f674 CreateFileMappingW
0x14148f67c CreateFileW
0x14148f684 CreateIoCompletionPort
0x14148f68c CreateMutexA
0x14148f694 CreateMutexW
0x14148f69c CreateSemaphoreA
0x14148f6a4 CreateThread
0x14148f6ac CreateWaitableTimerA
0x14148f6b4 CreateWaitableTimerExW
0x14148f6bc DeleteAtom
0x14148f6c4 DeleteCriticalSection
0x14148f6cc DeleteFileA
0x14148f6d4 DeleteFileW
0x14148f6dc DuplicateHandle
0x14148f6e4 EnterCriticalSection
0x14148f6ec ExitProcess
0x14148f6f4 FindAtomA
0x14148f6fc FlushFileBuffers
0x14148f704 FlushViewOfFile
0x14148f70c FormatMessageA
0x14148f714 FormatMessageW
0x14148f71c FreeEnvironmentStringsW
0x14148f724 FreeLibrary
0x14148f72c GetAtomNameA
0x14148f734 GetConsoleMode
0x14148f73c GetCurrentProcess
0x14148f744 GetCurrentProcessId
0x14148f74c GetCurrentThread
0x14148f754 GetCurrentThreadId
0x14148f75c GetDiskFreeSpaceA
0x14148f764 GetDiskFreeSpaceW
0x14148f76c GetEnvironmentStringsW
0x14148f774 GetErrorMode
0x14148f77c GetFileAttributesA
0x14148f784 GetFileAttributesExW
0x14148f78c GetFileAttributesW
0x14148f794 GetFileSize
0x14148f79c GetFullPathNameA
0x14148f7a4 GetFullPathNameW
0x14148f7ac GetHandleInformation
0x14148f7b4 GetLastError
0x14148f7bc GetProcAddress
0x14148f7c4 GetProcessAffinityMask
0x14148f7cc GetProcessHeap
0x14148f7d4 GetQueuedCompletionStatusEx
0x14148f7dc GetStartupInfoA
0x14148f7e4 GetStdHandle
0x14148f7ec GetSystemDirectoryA
0x14148f7f4 GetSystemInfo
0x14148f7fc GetSystemTime
0x14148f804 GetSystemTimeAsFileTime
0x14148f80c GetTempPathA
0x14148f814 GetTempPathW
0x14148f81c GetThreadContext
0x14148f824 GetThreadPriority
0x14148f82c GetTickCount
0x14148f834 GetVersionExA
0x14148f83c GetVersionExW
0x14148f844 HeapAlloc
0x14148f84c HeapCompact
0x14148f854 HeapCreate
0x14148f85c HeapDestroy
0x14148f864 HeapFree
0x14148f86c HeapReAlloc
0x14148f874 HeapSize
0x14148f87c HeapValidate
0x14148f884 InitializeCriticalSection
0x14148f88c IsDBCSLeadByteEx
0x14148f894 IsDebuggerPresent
0x14148f89c LeaveCriticalSection
0x14148f8a4 LoadLibraryA
0x14148f8ac LoadLibraryExW
0x14148f8b4 LoadLibraryW
0x14148f8bc LocalFree
0x14148f8c4 LockFile
0x14148f8cc LockFileEx
0x14148f8d4 MapViewOfFile
0x14148f8dc MultiByteToWideChar
0x14148f8e4 OpenProcess
0x14148f8ec OutputDebugStringA
0x14148f8f4 OutputDebugStringW
0x14148f8fc PostQueuedCompletionStatus
0x14148f904 QueryPerformanceCounter
0x14148f90c QueryPerformanceFrequency
0x14148f914 RaiseException
0x14148f91c RaiseFailFastException
0x14148f924 ReadFile
0x14148f92c ReleaseMutex
0x14148f934 ReleaseSemaphore
0x14148f93c RemoveVectoredExceptionHandler
0x14148f944 ResetEvent
0x14148f94c ResumeThread
0x14148f954 SetConsoleCtrlHandler
0x14148f95c SetEndOfFile
0x14148f964 SetErrorMode
0x14148f96c SetEvent
0x14148f974 SetFilePointer
0x14148f97c SetLastError
0x14148f984 SetProcessAffinityMask
0x14148f98c SetProcessPriorityBoost
0x14148f994 SetThreadContext
0x14148f99c SetThreadPriority
0x14148f9a4 SetUnhandledExceptionFilter
0x14148f9ac SetWaitableTimer
0x14148f9b4 Sleep
0x14148f9bc SuspendThread
0x14148f9c4 SwitchToThread
0x14148f9cc SystemTimeToFileTime
0x14148f9d4 TlsAlloc
0x14148f9dc TlsGetValue
0x14148f9e4 TlsSetValue
0x14148f9ec TryEnterCriticalSection
0x14148f9f4 UnlockFile
0x14148f9fc UnlockFileEx
0x14148fa04 UnmapViewOfFile
0x14148fa0c VirtualAlloc
0x14148fa14 VirtualFree
0x14148fa1c VirtualProtect
0x14148fa24 VirtualQuery
0x14148fa2c WaitForMultipleObjects
0x14148fa34 WaitForSingleObject
0x14148fa3c WaitForSingleObjectEx
0x14148fa44 WerGetFlags
0x14148fa4c WerSetFlags
0x14148fa54 WideCharToMultiByte
0x14148fa5c WriteConsoleW
0x14148fa64 WriteFile
0x14148fa6c __C_specific_handler
msvcrt.dll
0x14148fa7c ___lc_codepage_func
0x14148fa84 ___mb_cur_max_func
0x14148fa8c __getmainargs
0x14148fa94 __initenv
0x14148fa9c __iob_func
0x14148faa4 __lconv_init
0x14148faac __set_app_type
0x14148fab4 __setusermatherr
0x14148fabc _acmdln
0x14148fac4 _amsg_exit
0x14148facc _beginthread
0x14148fad4 _beginthreadex
0x14148fadc _cexit
0x14148fae4 _commode
0x14148faec _endthreadex
0x14148faf4 _errno
0x14148fafc _fmode
0x14148fb04 _initterm
0x14148fb0c _localtime64
0x14148fb14 _lock
0x14148fb1c _memccpy
0x14148fb24 _onexit
0x14148fb2c _setjmp
0x14148fb34 _strdup
0x14148fb3c _ultoa
0x14148fb44 _unlock
0x14148fb4c abort
0x14148fb54 calloc
0x14148fb5c exit
0x14148fb64 fprintf
0x14148fb6c fputc
0x14148fb74 free
0x14148fb7c fwrite
0x14148fb84 localeconv
0x14148fb8c longjmp
0x14148fb94 malloc
0x14148fb9c memchr
0x14148fba4 memcmp
0x14148fbac memcpy
0x14148fbb4 memmove
0x14148fbbc memset
0x14148fbc4 printf
0x14148fbcc qsort
0x14148fbd4 realloc
0x14148fbdc signal
0x14148fbe4 strchr
0x14148fbec strcmp
0x14148fbf4 strcspn
0x14148fbfc strerror
0x14148fc04 strlen
0x14148fc0c strncmp
0x14148fc14 strrchr
0x14148fc1c strspn
0x14148fc24 vfprintf
0x14148fc2c wcslen
EAT(Export Address Table) Library
0x14148cf70 _cgo_dummy_export
0x140929220 authorizerTrampoline
0x140928f40 callbackTrampoline
0x140929100 commitHookTrampoline
0x140929060 compareTrampoline
0x140929010 doneTrampoline
0x1409292a0 preUpdateHookTrampoline
0x140929160 rollbackHookTrampoline
0x140928fa0 stepTrampoline
0x1409291b0 updateHookTrampoline