ScreenShot
| Created | 2024.08.30 18:13 | Machine | s1_win7_x6401 |
| Filename | vvware_v3.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 20 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Attribute, HighConfidence, Khalesi, moderate, Static AI, Malicious PE, Detected, Wacapew, Krypt, susgen, confidence) | ||
| md5 | f277e1eea63502240b9c2183248fdfca | ||
| sha256 | 27abe6f4dc371d7e7008dc5c4b079d85f6e2c5b583b2fd831674186e92d583fd | ||
| ssdeep | 49152:kwgIVz/f/pxyOF+wTSZ1ItH7oTcCYnENFvBZe2tYLv:jHp+wuYsfUv | ||
| imphash | 89d9bdf7d3c852bcb78b6fe261098187 | ||
| impfuzzy | 96:/Q8t6l454b6e0ya3aX1dazJ8bTcpVTmmWOck5EfCQqoV3Ln:bt6DvLa3aF0VWXHq4b | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140180000 RegOpenKeyExA
0x140180008 RegSetValueExA
0x140180010 RegQueryValueExA
0x140180018 GetCurrentHwProfileA
0x140180020 RegCloseKey
0x140180028 RegOpenKeyW
0x140180030 RegCreateKeyW
0x140180038 RegDeleteTreeW
0x140180040 RegSetKeyValueW
0x140180048 CryptReleaseContext
0x140180050 CryptGetHashParam
0x140180058 CryptGenRandom
0x140180060 CryptCreateHash
0x140180068 CryptHashData
0x140180070 CryptDestroyHash
0x140180078 CryptDestroyKey
0x140180080 CryptImportKey
0x140180088 CryptAcquireContextA
0x140180090 CryptEncrypt
ole32.dll
0x1401808a0 CoTaskMemFree
SHELL32.dll
0x1401805c0 ShellExecuteA
0x1401805c8 SHBrowseForFolderA
0x1401805d0 SHGetPathFromIDListA
d3d11.dll
0x140180840 D3D11CreateDeviceAndSwapChain
d3dx11_43.dll
0x140180850 D3DX11CreateShaderResourceViewFromMemory
0x140180858 D3DX11CreateShaderResourceViewFromFileW
ntdll.dll
0x140180868 RtlInitUnicodeString
0x140180870 RtlUnwindEx
0x140180878 NtQuerySystemInformation
0x140180880 VerSetConditionMask
0x140180888 RtlPcToFileHeader
0x140180890 RtlUnwind
USER32.dll
0x1401805e0 ScreenToClient
0x1401805e8 GetKeyState
0x1401805f0 LoadCursorA
0x1401805f8 ClientToScreen
0x140180600 GetKeyboardLayout
0x140180608 SetCursor
0x140180610 UpdateWindow
0x140180618 FindWindowA
0x140180620 GetClipboardData
0x140180628 GetForegroundWindow
0x140180630 MessageBoxA
0x140180638 MapVirtualKeyA
0x140180640 CloseClipboard
0x140180648 GetCursorInfo
0x140180650 OpenClipboard
0x140180658 GetAsyncKeyState
0x140180660 GetKeyNameTextA
0x140180668 ShowWindow
0x140180670 GetSystemMetrics
0x140180678 SetWindowPos
0x140180680 SendMessageTimeoutA
0x140180688 SetClipboardData
0x140180690 EmptyClipboard
0x140180698 GetCursorPos
0x1401806a0 SetCursorPos
0x1401806a8 GetClientRect
KERNEL32.dll
0x140180160 SystemTimeToTzSpecificLocalTime
0x140180168 GetDriveTypeW
0x140180170 DeleteFileW
0x140180178 WriteConsoleW
0x140180180 GetModuleFileNameW
0x140180188 FreeLibraryAndExitThread
0x140180190 ExitThread
0x140180198 CreateThread
0x1401801a0 GetModuleHandleExW
0x1401801a8 ExitProcess
0x1401801b0 LoadLibraryExW
0x1401801b8 TlsFree
0x1401801c0 TlsSetValue
0x1401801c8 Process32First
0x1401801d0 DeviceIoControl
0x1401801d8 SetThreadPriority
0x1401801e0 CreateToolhelp32Snapshot
0x1401801e8 MultiByteToWideChar
0x1401801f0 Sleep
0x1401801f8 GetLastError
0x140180200 CreateFileA
0x140180208 Process32Next
0x140180210 CloseHandle
0x140180218 Beep
0x140180220 GlobalLock
0x140180228 GetConsoleWindow
0x140180230 GlobalUnlock
0x140180238 IsDebuggerPresent
0x140180240 GlobalAlloc
0x140180248 GlobalFree
0x140180250 WideCharToMultiByte
0x140180258 GetModuleHandleA
0x140180260 GetLocaleInfoA
0x140180268 LoadLibraryA
0x140180270 QueryPerformanceFrequency
0x140180278 GetProcAddress
0x140180280 FreeLibrary
0x140180288 QueryPerformanceCounter
0x140180290 VirtualFree
0x140180298 VirtualAlloc
0x1401802a0 CreateFileW
0x1401802a8 GetCurrentThreadId
0x1401802b0 GetCurrentProcessId
0x1401802b8 SetUnhandledExceptionFilter
0x1401802c0 GetTempPathW
0x1401802c8 EnterCriticalSection
0x1401802d0 LeaveCriticalSection
0x1401802d8 InitializeCriticalSectionEx
0x1401802e0 DeleteCriticalSection
0x1401802e8 SleepEx
0x1401802f0 GetSystemDirectoryA
0x1401802f8 VerifyVersionInfoA
0x140180300 GetTickCount
0x140180308 MoveFileExA
0x140180310 WaitForSingleObjectEx
0x140180318 GetEnvironmentVariableA
0x140180320 GetStdHandle
0x140180328 GetFileType
0x140180330 ReadFile
0x140180338 PeekNamedPipe
0x140180340 WaitForMultipleObjects
0x140180348 SetLastError
0x140180350 FlsAlloc
0x140180358 GetFileSizeEx
0x140180360 FileTimeToSystemTime
0x140180368 GetLocaleInfoEx
0x140180370 GetCurrentDirectoryW
0x140180378 FindClose
0x140180380 FindFirstFileW
0x140180388 FindFirstFileExW
0x140180390 FindNextFileW
0x140180398 GetFileAttributesExW
0x1401803a0 GetFileInformationByHandle
0x1401803a8 GetFullPathNameW
0x1401803b0 SetFileInformationByHandle
0x1401803b8 AreFileApisANSI
0x1401803c0 GetModuleHandleW
0x1401803c8 GetFileInformationByHandleEx
0x1401803d0 SwitchToThread
0x1401803d8 GetExitCodeThread
0x1401803e0 ReleaseSRWLockExclusive
0x1401803e8 AcquireSRWLockExclusive
0x1401803f0 GetStringTypeW
0x1401803f8 WakeAllConditionVariable
0x140180400 SleepConditionVariableSRW
0x140180408 LCMapStringEx
0x140180410 GetSystemTimeAsFileTime
0x140180418 EncodePointer
0x140180420 DecodePointer
0x140180428 GetCPInfo
0x140180430 RtlCaptureContext
0x140180438 RtlLookupFunctionEntry
0x140180440 RtlVirtualUnwind
0x140180448 UnhandledExceptionFilter
0x140180450 GetCurrentProcess
0x140180458 TerminateProcess
0x140180460 IsProcessorFeaturePresent
0x140180468 GetStartupInfoW
0x140180470 InitializeSListHead
0x140180478 TlsGetValue
0x140180480 SetFilePointerEx
0x140180488 WriteFile
0x140180490 GetCommandLineA
0x140180498 GetConsoleMode
0x1401804a0 GetCommandLineW
0x1401804a8 ReadConsoleW
0x1401804b0 GetConsoleOutputCP
0x1401804b8 HeapAlloc
0x1401804c0 FlushFileBuffers
0x1401804c8 LocalFree
0x1401804d0 TlsAlloc
0x1401804d8 InitializeCriticalSectionAndSpinCount
0x1401804e0 FlsGetValue
0x1401804e8 FlsSetValue
0x1401804f0 FlsFree
0x1401804f8 CompareStringW
0x140180500 LCMapStringW
0x140180508 GetLocaleInfoW
0x140180510 IsValidLocale
0x140180518 GetUserDefaultLCID
0x140180520 RaiseException
0x140180528 HeapFree
0x140180530 EnumSystemLocalesW
0x140180538 HeapReAlloc
0x140180540 OutputDebugStringW
0x140180548 SetStdHandle
0x140180550 GetTimeZoneInformation
0x140180558 IsValidCodePage
0x140180560 GetACP
0x140180568 GetOEMCP
0x140180570 GetEnvironmentStringsW
0x140180578 FreeEnvironmentStringsW
0x140180580 SetEnvironmentVariableW
0x140180588 GetProcessHeap
0x140180590 SetEndOfFile
0x140180598 HeapSize
0x1401805a0 FormatMessageA
IMM32.dll
0x140180138 ImmReleaseContext
0x140180140 ImmSetCompositionWindow
0x140180148 ImmSetCandidateWindow
0x140180150 ImmGetContext
D3DCOMPILER_43.dll
0x140180128 D3DCompile
WLDAP32.dll
0x1401806b8 None
0x1401806c0 None
0x1401806c8 None
0x1401806d0 None
0x1401806d8 None
0x1401806e0 None
0x1401806e8 None
0x1401806f0 None
0x1401806f8 None
0x140180700 None
0x140180708 None
0x140180710 None
0x140180718 None
0x140180720 None
0x140180728 None
0x140180730 None
0x140180738 None
0x140180740 None
CRYPT32.dll
0x1401800a0 CryptQueryObject
0x1401800a8 CertCreateCertificateChainEngine
0x1401800b0 CertFreeCertificateChainEngine
0x1401800b8 CertGetCertificateChain
0x1401800c0 CertFreeCertificateChain
0x1401800c8 CertFindExtension
0x1401800d0 CryptDecodeObjectEx
0x1401800d8 PFXImportCertStore
0x1401800e0 CryptStringToBinaryA
0x1401800e8 CertFreeCertificateContext
0x1401800f0 CertFindCertificateInStore
0x1401800f8 CertEnumCertificatesInStore
0x140180100 CertCloseStore
0x140180108 CertGetNameStringA
0x140180110 CertAddCertificateContextToStore
0x140180118 CertOpenStore
WS2_32.dll
0x140180750 WSASetLastError
0x140180758 closesocket
0x140180760 recv
0x140180768 send
0x140180770 ntohl
0x140180778 gethostname
0x140180780 sendto
0x140180788 recvfrom
0x140180790 freeaddrinfo
0x140180798 getaddrinfo
0x1401807a0 select
0x1401807a8 __WSAFDIsSet
0x1401807b0 ioctlsocket
0x1401807b8 listen
0x1401807c0 htonl
0x1401807c8 accept
0x1401807d0 WSACleanup
0x1401807d8 WSAStartup
0x1401807e0 WSAIoctl
0x1401807e8 WSAGetLastError
0x1401807f0 socket
0x1401807f8 setsockopt
0x140180800 ntohs
0x140180808 htons
0x140180810 getsockopt
0x140180818 getsockname
0x140180820 getpeername
0x140180828 connect
0x140180830 ind
Normaliz.dll
0x1401805b0 IdnToAscii
EAT(Export Address Table) is none
ADVAPI32.dll
0x140180000 RegOpenKeyExA
0x140180008 RegSetValueExA
0x140180010 RegQueryValueExA
0x140180018 GetCurrentHwProfileA
0x140180020 RegCloseKey
0x140180028 RegOpenKeyW
0x140180030 RegCreateKeyW
0x140180038 RegDeleteTreeW
0x140180040 RegSetKeyValueW
0x140180048 CryptReleaseContext
0x140180050 CryptGetHashParam
0x140180058 CryptGenRandom
0x140180060 CryptCreateHash
0x140180068 CryptHashData
0x140180070 CryptDestroyHash
0x140180078 CryptDestroyKey
0x140180080 CryptImportKey
0x140180088 CryptAcquireContextA
0x140180090 CryptEncrypt
ole32.dll
0x1401808a0 CoTaskMemFree
SHELL32.dll
0x1401805c0 ShellExecuteA
0x1401805c8 SHBrowseForFolderA
0x1401805d0 SHGetPathFromIDListA
d3d11.dll
0x140180840 D3D11CreateDeviceAndSwapChain
d3dx11_43.dll
0x140180850 D3DX11CreateShaderResourceViewFromMemory
0x140180858 D3DX11CreateShaderResourceViewFromFileW
ntdll.dll
0x140180868 RtlInitUnicodeString
0x140180870 RtlUnwindEx
0x140180878 NtQuerySystemInformation
0x140180880 VerSetConditionMask
0x140180888 RtlPcToFileHeader
0x140180890 RtlUnwind
USER32.dll
0x1401805e0 ScreenToClient
0x1401805e8 GetKeyState
0x1401805f0 LoadCursorA
0x1401805f8 ClientToScreen
0x140180600 GetKeyboardLayout
0x140180608 SetCursor
0x140180610 UpdateWindow
0x140180618 FindWindowA
0x140180620 GetClipboardData
0x140180628 GetForegroundWindow
0x140180630 MessageBoxA
0x140180638 MapVirtualKeyA
0x140180640 CloseClipboard
0x140180648 GetCursorInfo
0x140180650 OpenClipboard
0x140180658 GetAsyncKeyState
0x140180660 GetKeyNameTextA
0x140180668 ShowWindow
0x140180670 GetSystemMetrics
0x140180678 SetWindowPos
0x140180680 SendMessageTimeoutA
0x140180688 SetClipboardData
0x140180690 EmptyClipboard
0x140180698 GetCursorPos
0x1401806a0 SetCursorPos
0x1401806a8 GetClientRect
KERNEL32.dll
0x140180160 SystemTimeToTzSpecificLocalTime
0x140180168 GetDriveTypeW
0x140180170 DeleteFileW
0x140180178 WriteConsoleW
0x140180180 GetModuleFileNameW
0x140180188 FreeLibraryAndExitThread
0x140180190 ExitThread
0x140180198 CreateThread
0x1401801a0 GetModuleHandleExW
0x1401801a8 ExitProcess
0x1401801b0 LoadLibraryExW
0x1401801b8 TlsFree
0x1401801c0 TlsSetValue
0x1401801c8 Process32First
0x1401801d0 DeviceIoControl
0x1401801d8 SetThreadPriority
0x1401801e0 CreateToolhelp32Snapshot
0x1401801e8 MultiByteToWideChar
0x1401801f0 Sleep
0x1401801f8 GetLastError
0x140180200 CreateFileA
0x140180208 Process32Next
0x140180210 CloseHandle
0x140180218 Beep
0x140180220 GlobalLock
0x140180228 GetConsoleWindow
0x140180230 GlobalUnlock
0x140180238 IsDebuggerPresent
0x140180240 GlobalAlloc
0x140180248 GlobalFree
0x140180250 WideCharToMultiByte
0x140180258 GetModuleHandleA
0x140180260 GetLocaleInfoA
0x140180268 LoadLibraryA
0x140180270 QueryPerformanceFrequency
0x140180278 GetProcAddress
0x140180280 FreeLibrary
0x140180288 QueryPerformanceCounter
0x140180290 VirtualFree
0x140180298 VirtualAlloc
0x1401802a0 CreateFileW
0x1401802a8 GetCurrentThreadId
0x1401802b0 GetCurrentProcessId
0x1401802b8 SetUnhandledExceptionFilter
0x1401802c0 GetTempPathW
0x1401802c8 EnterCriticalSection
0x1401802d0 LeaveCriticalSection
0x1401802d8 InitializeCriticalSectionEx
0x1401802e0 DeleteCriticalSection
0x1401802e8 SleepEx
0x1401802f0 GetSystemDirectoryA
0x1401802f8 VerifyVersionInfoA
0x140180300 GetTickCount
0x140180308 MoveFileExA
0x140180310 WaitForSingleObjectEx
0x140180318 GetEnvironmentVariableA
0x140180320 GetStdHandle
0x140180328 GetFileType
0x140180330 ReadFile
0x140180338 PeekNamedPipe
0x140180340 WaitForMultipleObjects
0x140180348 SetLastError
0x140180350 FlsAlloc
0x140180358 GetFileSizeEx
0x140180360 FileTimeToSystemTime
0x140180368 GetLocaleInfoEx
0x140180370 GetCurrentDirectoryW
0x140180378 FindClose
0x140180380 FindFirstFileW
0x140180388 FindFirstFileExW
0x140180390 FindNextFileW
0x140180398 GetFileAttributesExW
0x1401803a0 GetFileInformationByHandle
0x1401803a8 GetFullPathNameW
0x1401803b0 SetFileInformationByHandle
0x1401803b8 AreFileApisANSI
0x1401803c0 GetModuleHandleW
0x1401803c8 GetFileInformationByHandleEx
0x1401803d0 SwitchToThread
0x1401803d8 GetExitCodeThread
0x1401803e0 ReleaseSRWLockExclusive
0x1401803e8 AcquireSRWLockExclusive
0x1401803f0 GetStringTypeW
0x1401803f8 WakeAllConditionVariable
0x140180400 SleepConditionVariableSRW
0x140180408 LCMapStringEx
0x140180410 GetSystemTimeAsFileTime
0x140180418 EncodePointer
0x140180420 DecodePointer
0x140180428 GetCPInfo
0x140180430 RtlCaptureContext
0x140180438 RtlLookupFunctionEntry
0x140180440 RtlVirtualUnwind
0x140180448 UnhandledExceptionFilter
0x140180450 GetCurrentProcess
0x140180458 TerminateProcess
0x140180460 IsProcessorFeaturePresent
0x140180468 GetStartupInfoW
0x140180470 InitializeSListHead
0x140180478 TlsGetValue
0x140180480 SetFilePointerEx
0x140180488 WriteFile
0x140180490 GetCommandLineA
0x140180498 GetConsoleMode
0x1401804a0 GetCommandLineW
0x1401804a8 ReadConsoleW
0x1401804b0 GetConsoleOutputCP
0x1401804b8 HeapAlloc
0x1401804c0 FlushFileBuffers
0x1401804c8 LocalFree
0x1401804d0 TlsAlloc
0x1401804d8 InitializeCriticalSectionAndSpinCount
0x1401804e0 FlsGetValue
0x1401804e8 FlsSetValue
0x1401804f0 FlsFree
0x1401804f8 CompareStringW
0x140180500 LCMapStringW
0x140180508 GetLocaleInfoW
0x140180510 IsValidLocale
0x140180518 GetUserDefaultLCID
0x140180520 RaiseException
0x140180528 HeapFree
0x140180530 EnumSystemLocalesW
0x140180538 HeapReAlloc
0x140180540 OutputDebugStringW
0x140180548 SetStdHandle
0x140180550 GetTimeZoneInformation
0x140180558 IsValidCodePage
0x140180560 GetACP
0x140180568 GetOEMCP
0x140180570 GetEnvironmentStringsW
0x140180578 FreeEnvironmentStringsW
0x140180580 SetEnvironmentVariableW
0x140180588 GetProcessHeap
0x140180590 SetEndOfFile
0x140180598 HeapSize
0x1401805a0 FormatMessageA
IMM32.dll
0x140180138 ImmReleaseContext
0x140180140 ImmSetCompositionWindow
0x140180148 ImmSetCandidateWindow
0x140180150 ImmGetContext
D3DCOMPILER_43.dll
0x140180128 D3DCompile
WLDAP32.dll
0x1401806b8 None
0x1401806c0 None
0x1401806c8 None
0x1401806d0 None
0x1401806d8 None
0x1401806e0 None
0x1401806e8 None
0x1401806f0 None
0x1401806f8 None
0x140180700 None
0x140180708 None
0x140180710 None
0x140180718 None
0x140180720 None
0x140180728 None
0x140180730 None
0x140180738 None
0x140180740 None
CRYPT32.dll
0x1401800a0 CryptQueryObject
0x1401800a8 CertCreateCertificateChainEngine
0x1401800b0 CertFreeCertificateChainEngine
0x1401800b8 CertGetCertificateChain
0x1401800c0 CertFreeCertificateChain
0x1401800c8 CertFindExtension
0x1401800d0 CryptDecodeObjectEx
0x1401800d8 PFXImportCertStore
0x1401800e0 CryptStringToBinaryA
0x1401800e8 CertFreeCertificateContext
0x1401800f0 CertFindCertificateInStore
0x1401800f8 CertEnumCertificatesInStore
0x140180100 CertCloseStore
0x140180108 CertGetNameStringA
0x140180110 CertAddCertificateContextToStore
0x140180118 CertOpenStore
WS2_32.dll
0x140180750 WSASetLastError
0x140180758 closesocket
0x140180760 recv
0x140180768 send
0x140180770 ntohl
0x140180778 gethostname
0x140180780 sendto
0x140180788 recvfrom
0x140180790 freeaddrinfo
0x140180798 getaddrinfo
0x1401807a0 select
0x1401807a8 __WSAFDIsSet
0x1401807b0 ioctlsocket
0x1401807b8 listen
0x1401807c0 htonl
0x1401807c8 accept
0x1401807d0 WSACleanup
0x1401807d8 WSAStartup
0x1401807e0 WSAIoctl
0x1401807e8 WSAGetLastError
0x1401807f0 socket
0x1401807f8 setsockopt
0x140180800 ntohs
0x140180808 htons
0x140180810 getsockopt
0x140180818 getsockname
0x140180820 getpeername
0x140180828 connect
0x140180830 ind
Normaliz.dll
0x1401805b0 IdnToAscii
EAT(Export Address Table) is none