ScreenShot
| Created | 2024.08.21 13:54 | Machine | s1_win7_x6401 |
| Filename | Dtrade_v1.3.6.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 6 detected (AIDetectMalware, Detected, Wacapew, WinGo, Merlin, PossibleThreat, PALLAS, malicious, confidence) | ||
| md5 | 1f6c6f36d126cd027ded1915e321c693 | ||
| sha256 | cc3557f4fdaad9aa47bf46dce4f0a8e0a45d7e81084962a54b67b4f55f8bf64c | ||
| ssdeep | 98304:8WJWZ3fhw2RuB0yZ8KhBc18zCEy5h3RUcNikFElaeDiyilOIN+gkypKuZ8U:ZWfhwH0L18zPy1Nik+RmJkhypn | ||
| imphash | c2d457ad8ac36fc9f18d45bffcd450c2 | ||
| impfuzzy | 24:ibVjh9wOuuTkkboVaXOr6kwmDgUPMztxdEr6tl:AwOuUjXOmokx0ol | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1091300 WriteFile
0x1091308 WriteConsoleW
0x1091310 WerSetFlags
0x1091318 WerGetFlags
0x1091320 WaitForMultipleObjects
0x1091328 WaitForSingleObject
0x1091330 VirtualQuery
0x1091338 VirtualFree
0x1091340 VirtualAlloc
0x1091348 TlsAlloc
0x1091350 SwitchToThread
0x1091358 SuspendThread
0x1091360 SetWaitableTimer
0x1091368 SetProcessPriorityBoost
0x1091370 SetEvent
0x1091378 SetErrorMode
0x1091380 SetConsoleCtrlHandler
0x1091388 RtlVirtualUnwind
0x1091390 RtlLookupFunctionEntry
0x1091398 ResumeThread
0x10913a0 RaiseFailFastException
0x10913a8 PostQueuedCompletionStatus
0x10913b0 LoadLibraryW
0x10913b8 LoadLibraryExW
0x10913c0 SetThreadContext
0x10913c8 GetThreadContext
0x10913d0 GetSystemInfo
0x10913d8 GetSystemDirectoryA
0x10913e0 GetStdHandle
0x10913e8 GetQueuedCompletionStatusEx
0x10913f0 GetProcessAffinityMask
0x10913f8 GetProcAddress
0x1091400 GetErrorMode
0x1091408 GetEnvironmentStringsW
0x1091410 GetCurrentThreadId
0x1091418 GetConsoleMode
0x1091420 FreeEnvironmentStringsW
0x1091428 ExitProcess
0x1091430 DuplicateHandle
0x1091438 CreateWaitableTimerExW
0x1091440 CreateThread
0x1091448 CreateIoCompletionPort
0x1091450 CreateFileA
0x1091458 CreateEventA
0x1091460 CloseHandle
0x1091468 AddVectoredExceptionHandler
0x1091470 AddVectoredContinueHandler
EAT(Export Address Table) is none
kernel32.dll
0x1091300 WriteFile
0x1091308 WriteConsoleW
0x1091310 WerSetFlags
0x1091318 WerGetFlags
0x1091320 WaitForMultipleObjects
0x1091328 WaitForSingleObject
0x1091330 VirtualQuery
0x1091338 VirtualFree
0x1091340 VirtualAlloc
0x1091348 TlsAlloc
0x1091350 SwitchToThread
0x1091358 SuspendThread
0x1091360 SetWaitableTimer
0x1091368 SetProcessPriorityBoost
0x1091370 SetEvent
0x1091378 SetErrorMode
0x1091380 SetConsoleCtrlHandler
0x1091388 RtlVirtualUnwind
0x1091390 RtlLookupFunctionEntry
0x1091398 ResumeThread
0x10913a0 RaiseFailFastException
0x10913a8 PostQueuedCompletionStatus
0x10913b0 LoadLibraryW
0x10913b8 LoadLibraryExW
0x10913c0 SetThreadContext
0x10913c8 GetThreadContext
0x10913d0 GetSystemInfo
0x10913d8 GetSystemDirectoryA
0x10913e0 GetStdHandle
0x10913e8 GetQueuedCompletionStatusEx
0x10913f0 GetProcessAffinityMask
0x10913f8 GetProcAddress
0x1091400 GetErrorMode
0x1091408 GetEnvironmentStringsW
0x1091410 GetCurrentThreadId
0x1091418 GetConsoleMode
0x1091420 FreeEnvironmentStringsW
0x1091428 ExitProcess
0x1091430 DuplicateHandle
0x1091438 CreateWaitableTimerExW
0x1091440 CreateThread
0x1091448 CreateIoCompletionPort
0x1091450 CreateFileA
0x1091458 CreateEventA
0x1091460 CloseHandle
0x1091468 AddVectoredExceptionHandler
0x1091470 AddVectoredContinueHandler
EAT(Export Address Table) is none