ScreenShot
| Created | 2024.09.02 09:55 | Machine | s1_win7_x6401 |
| Filename | Authenticator.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (Artemis, Attribute, HighConfidence, a variant of WinGo, Reline, CLASSIC, Redcap, wqkqs, LUMMASTEALER, YXEIAZ, Detected, Wacatac, Redline, 984S8G, ABRisk, EWNE, LummaC2, MALICIOUS, Zbot) | ||
| md5 | b7aa705ae0273c87a7af8c79f47247d2 | ||
| sha256 | 01db4e69578d9b424087b90550463a1a1ce88e36f77050fc443d3b6b50b85b23 | ||
| ssdeep | 98304:FR+Yc7N8PztpYLPMQQ2WdqQUeDrUw3oCKB8vxFCJYpRB58C1e2gOsGlVeTXUTzv3:HqKYzfQtvoC1zAQVZpOFK/dq+7oEB | ||
| imphash | 1aae8bf580c846f39c71c05898e57e88 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6UP:AwO+VUjXOmokx0nP | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x151efe0 WriteFile
0x151efe4 WriteConsoleW
0x151efe8 WerSetFlags
0x151efec WerGetFlags
0x151eff0 WaitForMultipleObjects
0x151eff4 WaitForSingleObject
0x151eff8 VirtualQuery
0x151effc VirtualFree
0x151f000 VirtualAlloc
0x151f004 TlsAlloc
0x151f008 SwitchToThread
0x151f00c SuspendThread
0x151f010 SetWaitableTimer
0x151f014 SetUnhandledExceptionFilter
0x151f018 SetProcessPriorityBoost
0x151f01c SetEvent
0x151f020 SetErrorMode
0x151f024 SetConsoleCtrlHandler
0x151f028 ResumeThread
0x151f02c RaiseFailFastException
0x151f030 PostQueuedCompletionStatus
0x151f034 LoadLibraryW
0x151f038 LoadLibraryExW
0x151f03c SetThreadContext
0x151f040 GetThreadContext
0x151f044 GetSystemInfo
0x151f048 GetSystemDirectoryA
0x151f04c GetStdHandle
0x151f050 GetQueuedCompletionStatusEx
0x151f054 GetProcessAffinityMask
0x151f058 GetProcAddress
0x151f05c GetErrorMode
0x151f060 GetEnvironmentStringsW
0x151f064 GetCurrentThreadId
0x151f068 GetConsoleMode
0x151f06c FreeEnvironmentStringsW
0x151f070 ExitProcess
0x151f074 DuplicateHandle
0x151f078 CreateWaitableTimerExW
0x151f07c CreateThread
0x151f080 CreateIoCompletionPort
0x151f084 CreateEventA
0x151f088 CloseHandle
0x151f08c AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x151efe0 WriteFile
0x151efe4 WriteConsoleW
0x151efe8 WerSetFlags
0x151efec WerGetFlags
0x151eff0 WaitForMultipleObjects
0x151eff4 WaitForSingleObject
0x151eff8 VirtualQuery
0x151effc VirtualFree
0x151f000 VirtualAlloc
0x151f004 TlsAlloc
0x151f008 SwitchToThread
0x151f00c SuspendThread
0x151f010 SetWaitableTimer
0x151f014 SetUnhandledExceptionFilter
0x151f018 SetProcessPriorityBoost
0x151f01c SetEvent
0x151f020 SetErrorMode
0x151f024 SetConsoleCtrlHandler
0x151f028 ResumeThread
0x151f02c RaiseFailFastException
0x151f030 PostQueuedCompletionStatus
0x151f034 LoadLibraryW
0x151f038 LoadLibraryExW
0x151f03c SetThreadContext
0x151f040 GetThreadContext
0x151f044 GetSystemInfo
0x151f048 GetSystemDirectoryA
0x151f04c GetStdHandle
0x151f050 GetQueuedCompletionStatusEx
0x151f054 GetProcessAffinityMask
0x151f058 GetProcAddress
0x151f05c GetErrorMode
0x151f060 GetEnvironmentStringsW
0x151f064 GetCurrentThreadId
0x151f068 GetConsoleMode
0x151f06c FreeEnvironmentStringsW
0x151f070 ExitProcess
0x151f074 DuplicateHandle
0x151f078 CreateWaitableTimerExW
0x151f07c CreateThread
0x151f080 CreateIoCompletionPort
0x151f084 CreateEventA
0x151f088 CloseHandle
0x151f08c AddVectoredExceptionHandler
EAT(Export Address Table) is none