ScreenShot
| Created | 2024.08.21 15:28 | Machine | s1_win7_x6401 |
| Filename | photo.jpeg.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 45 detected (AIDetectMalware, Kryplod, malicious, high confidence, score, Unsafe, Vfge, Attribute, HighConfidence, Artemis, bxaf, CLOUD, AGEN, VSNTHE24, Detected, ai score=83, Wacapew, ABTrojan, OWYK, Chgt, Gencirc, susgen, PossibleThreat, confidence, 100%, bsbi) | ||
| md5 | 1a530b88ea994df4c9cc20d9a9470a36 | ||
| sha256 | f16faa26f8871692c49c5bc4a047b33aad0dcffdba5c6d8f08ad636b94859cf7 | ||
| ssdeep | 6144:CTgFA7en1gI5fuJDL8sdwVCRMb1jVPZvoLGdJJV3bfmXp:t/1gsfuJDLhdG6MRjVPZvoC7V3zm | ||
| imphash | 2c3a34c87d1a5a72279d165a75e702d8 | ||
| impfuzzy | 12:eOLaPXJmD8ZGw1HRiARlyvzRW2JVZnJ91Lhl4NQqRJRLAG1XJezW32vQLRo:eOmMDk31HRnlyv9W2J3J9JT4RfL1Qzdl | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | Generates some ICMP traffic |
| watch | Communicates with host for which no DNS query was performed |
| watch | Installs itself for autorun at Windows startup |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140006000 VirtualAlloc
0x140006008 Sleep
0x140006010 GetCommandLineW
0x140006018 GetStartupInfoW
0x140006020 SetUnhandledExceptionFilter
0x140006028 GetProcAddress
0x140006030 GetModuleHandleW
0x140006038 ExitProcess
0x140006040 DecodePointer
0x140006048 WriteFile
0x140006050 GetStdHandle
0x140006058 GetModuleFileNameW
0x140006060 RtlUnwindEx
0x140006068 FreeEnvironmentStringsW
0x140006070 GetEnvironmentStringsW
0x140006078 SetHandleCount
0x140006080 InitializeCriticalSectionAndSpinCount
0x140006088 GetFileType
0x140006090 DeleteCriticalSection
0x140006098 EncodePointer
0x1400060a0 FlsGetValue
0x1400060a8 FlsSetValue
0x1400060b0 FlsFree
0x1400060b8 SetLastError
0x1400060c0 GetCurrentThreadId
0x1400060c8 GetLastError
0x1400060d0 FlsAlloc
0x1400060d8 HeapSetInformation
0x1400060e0 GetVersion
0x1400060e8 HeapCreate
0x1400060f0 QueryPerformanceCounter
0x1400060f8 GetTickCount
0x140006100 GetCurrentProcessId
0x140006108 GetSystemTimeAsFileTime
0x140006110 LeaveCriticalSection
0x140006118 EnterCriticalSection
0x140006120 LoadLibraryW
0x140006128 UnhandledExceptionFilter
0x140006130 IsDebuggerPresent
0x140006138 RtlVirtualUnwind
0x140006140 RtlLookupFunctionEntry
0x140006148 RtlCaptureContext
0x140006150 TerminateProcess
0x140006158 GetCurrentProcess
0x140006160 HeapFree
0x140006168 GetCPInfo
0x140006170 GetACP
0x140006178 GetOEMCP
0x140006180 IsValidCodePage
0x140006188 WideCharToMultiByte
0x140006190 HeapSize
0x140006198 HeapAlloc
0x1400061a0 HeapReAlloc
0x1400061a8 LCMapStringW
0x1400061b0 MultiByteToWideChar
0x1400061b8 GetStringTypeW
EAT(Export Address Table) is none
KERNEL32.dll
0x140006000 VirtualAlloc
0x140006008 Sleep
0x140006010 GetCommandLineW
0x140006018 GetStartupInfoW
0x140006020 SetUnhandledExceptionFilter
0x140006028 GetProcAddress
0x140006030 GetModuleHandleW
0x140006038 ExitProcess
0x140006040 DecodePointer
0x140006048 WriteFile
0x140006050 GetStdHandle
0x140006058 GetModuleFileNameW
0x140006060 RtlUnwindEx
0x140006068 FreeEnvironmentStringsW
0x140006070 GetEnvironmentStringsW
0x140006078 SetHandleCount
0x140006080 InitializeCriticalSectionAndSpinCount
0x140006088 GetFileType
0x140006090 DeleteCriticalSection
0x140006098 EncodePointer
0x1400060a0 FlsGetValue
0x1400060a8 FlsSetValue
0x1400060b0 FlsFree
0x1400060b8 SetLastError
0x1400060c0 GetCurrentThreadId
0x1400060c8 GetLastError
0x1400060d0 FlsAlloc
0x1400060d8 HeapSetInformation
0x1400060e0 GetVersion
0x1400060e8 HeapCreate
0x1400060f0 QueryPerformanceCounter
0x1400060f8 GetTickCount
0x140006100 GetCurrentProcessId
0x140006108 GetSystemTimeAsFileTime
0x140006110 LeaveCriticalSection
0x140006118 EnterCriticalSection
0x140006120 LoadLibraryW
0x140006128 UnhandledExceptionFilter
0x140006130 IsDebuggerPresent
0x140006138 RtlVirtualUnwind
0x140006140 RtlLookupFunctionEntry
0x140006148 RtlCaptureContext
0x140006150 TerminateProcess
0x140006158 GetCurrentProcess
0x140006160 HeapFree
0x140006168 GetCPInfo
0x140006170 GetACP
0x140006178 GetOEMCP
0x140006180 IsValidCodePage
0x140006188 WideCharToMultiByte
0x140006190 HeapSize
0x140006198 HeapAlloc
0x1400061a0 HeapReAlloc
0x1400061a8 LCMapStringW
0x1400061b0 MultiByteToWideChar
0x1400061b8 GetStringTypeW
EAT(Export Address Table) is none