ScreenShot
| Created | 2024.08.27 15:25 | Machine | s1_win7_x6403 |
| Filename | restart1.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (Common, Fragtor, malicious, moderate confidence, score, Unsafe, Vq9z, GenericKD, Attribute, HighConfidence, MalwareX, ai score=87, Casdet, ZexaF, guW@aWTkADpi, Chgt, R011H09GS24, PossibleThreat, confidence) | ||
| md5 | a53afb86a8787bf91dcb86a37dd4ba0b | ||
| sha256 | f160df8cb420723233504fbbc0a5ae559c8d911cd191035e1fff9f4d7ddcac02 | ||
| ssdeep | 3072:dYYCwJDfaCDo1KBgOR1ataNqQN2IJBNo3t/ko4pej3LZHSjY:dl5DYIgO3IPQNdJB2PHOY | ||
| imphash | 42847d4634d50d324793794a61253375 | ||
| impfuzzy | 24:AtMS17MdlJeDc+pl3eDolxfoEOovbOI9AOLjzZHu93vwJGMfizKwd:AtMS17Mic+ppnfc3mAOewn0KW | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x413000 Sleep
0x413004 WriteConsoleW
0x413008 CreateFileW
0x41300c SetFilePointerEx
0x413010 UnhandledExceptionFilter
0x413014 SetUnhandledExceptionFilter
0x413018 GetCurrentProcess
0x41301c TerminateProcess
0x413020 IsProcessorFeaturePresent
0x413024 QueryPerformanceCounter
0x413028 GetCurrentProcessId
0x41302c GetCurrentThreadId
0x413030 GetSystemTimeAsFileTime
0x413034 InitializeSListHead
0x413038 IsDebuggerPresent
0x41303c GetStartupInfoW
0x413040 GetModuleHandleW
0x413044 RtlUnwind
0x413048 RaiseException
0x41304c GetLastError
0x413050 SetLastError
0x413054 EncodePointer
0x413058 EnterCriticalSection
0x41305c LeaveCriticalSection
0x413060 DeleteCriticalSection
0x413064 InitializeCriticalSectionAndSpinCount
0x413068 TlsAlloc
0x41306c TlsGetValue
0x413070 TlsSetValue
0x413074 TlsFree
0x413078 FreeLibrary
0x41307c GetProcAddress
0x413080 LoadLibraryExW
0x413084 FindClose
0x413088 FindFirstFileExW
0x41308c FindNextFileW
0x413090 SystemTimeToTzSpecificLocalTime
0x413094 FileTimeToSystemTime
0x413098 GetStdHandle
0x41309c WriteFile
0x4130a0 GetModuleFileNameW
0x4130a4 ExitProcess
0x4130a8 GetModuleHandleExW
0x4130ac GetCommandLineA
0x4130b0 GetCommandLineW
0x4130b4 HeapFree
0x4130b8 HeapAlloc
0x4130bc MultiByteToWideChar
0x4130c0 WideCharToMultiByte
0x4130c4 CompareStringW
0x4130c8 LCMapStringW
0x4130cc DeleteFileW
0x4130d0 CloseHandle
0x4130d4 WaitForSingleObject
0x4130d8 GetExitCodeProcess
0x4130dc CreateProcessW
0x4130e0 GetFileAttributesExW
0x4130e4 MoveFileExW
0x4130e8 CreateDirectoryW
0x4130ec IsValidCodePage
0x4130f0 GetACP
0x4130f4 GetOEMCP
0x4130f8 GetCPInfo
0x4130fc GetEnvironmentStringsW
0x413100 FreeEnvironmentStringsW
0x413104 SetEnvironmentVariableW
0x413108 SetStdHandle
0x41310c GetFileType
0x413110 GetStringTypeW
0x413114 GetProcessHeap
0x413118 GetTimeZoneInformation
0x41311c HeapSize
0x413120 HeapReAlloc
0x413124 FlushFileBuffers
0x413128 GetConsoleOutputCP
0x41312c GetConsoleMode
0x413130 DecodePointer
USER32.dll
0x413138 GetForegroundWindow
0x41313c ShowWindow
0x413140 MessageBoxW
EAT(Export Address Table) is none
KERNEL32.dll
0x413000 Sleep
0x413004 WriteConsoleW
0x413008 CreateFileW
0x41300c SetFilePointerEx
0x413010 UnhandledExceptionFilter
0x413014 SetUnhandledExceptionFilter
0x413018 GetCurrentProcess
0x41301c TerminateProcess
0x413020 IsProcessorFeaturePresent
0x413024 QueryPerformanceCounter
0x413028 GetCurrentProcessId
0x41302c GetCurrentThreadId
0x413030 GetSystemTimeAsFileTime
0x413034 InitializeSListHead
0x413038 IsDebuggerPresent
0x41303c GetStartupInfoW
0x413040 GetModuleHandleW
0x413044 RtlUnwind
0x413048 RaiseException
0x41304c GetLastError
0x413050 SetLastError
0x413054 EncodePointer
0x413058 EnterCriticalSection
0x41305c LeaveCriticalSection
0x413060 DeleteCriticalSection
0x413064 InitializeCriticalSectionAndSpinCount
0x413068 TlsAlloc
0x41306c TlsGetValue
0x413070 TlsSetValue
0x413074 TlsFree
0x413078 FreeLibrary
0x41307c GetProcAddress
0x413080 LoadLibraryExW
0x413084 FindClose
0x413088 FindFirstFileExW
0x41308c FindNextFileW
0x413090 SystemTimeToTzSpecificLocalTime
0x413094 FileTimeToSystemTime
0x413098 GetStdHandle
0x41309c WriteFile
0x4130a0 GetModuleFileNameW
0x4130a4 ExitProcess
0x4130a8 GetModuleHandleExW
0x4130ac GetCommandLineA
0x4130b0 GetCommandLineW
0x4130b4 HeapFree
0x4130b8 HeapAlloc
0x4130bc MultiByteToWideChar
0x4130c0 WideCharToMultiByte
0x4130c4 CompareStringW
0x4130c8 LCMapStringW
0x4130cc DeleteFileW
0x4130d0 CloseHandle
0x4130d4 WaitForSingleObject
0x4130d8 GetExitCodeProcess
0x4130dc CreateProcessW
0x4130e0 GetFileAttributesExW
0x4130e4 MoveFileExW
0x4130e8 CreateDirectoryW
0x4130ec IsValidCodePage
0x4130f0 GetACP
0x4130f4 GetOEMCP
0x4130f8 GetCPInfo
0x4130fc GetEnvironmentStringsW
0x413100 FreeEnvironmentStringsW
0x413104 SetEnvironmentVariableW
0x413108 SetStdHandle
0x41310c GetFileType
0x413110 GetStringTypeW
0x413114 GetProcessHeap
0x413118 GetTimeZoneInformation
0x41311c HeapSize
0x413120 HeapReAlloc
0x413124 FlushFileBuffers
0x413128 GetConsoleOutputCP
0x41312c GetConsoleMode
0x413130 DecodePointer
USER32.dll
0x413138 GetForegroundWindow
0x41313c ShowWindow
0x413140 MessageBoxW
EAT(Export Address Table) is none