ScreenShot
| Created | 2024.09.02 10:16 | Machine | s1_win7_x6401 |
| Filename | feishu_update.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 56 detected (Common, ShellcodeRunner, malicious, high confidence, score, Artemis, GenericKD, Unsafe, V48b, Attribute, HighConfidence, MalwareX, CLOUD, jhzyv, Meterpreter, COBEACON, YXEHQZ, GenKD, Detected, ai score=87, ApplicUnwnt@#3r5pdwcrgwicn, Casdet, ABTrojan, VNTL, CobaltStrike, susgen, confidence, Wacatac, B9nj) | ||
| md5 | 1b8f93f22f2aee44c16f9886b44549b8 | ||
| sha256 | 25333e6a6f1ad7c3aee8b2d61919176542a8fd0050f72dc7d411448c8c3426f3 | ||
| ssdeep | 384:noXGUH57yQqZLR/P/e+fqnFYVA0kclVQC71nVctV4hlrs:nkGUH573qHBfqnFYHzlVQCJnytIt | ||
| imphash | da36125deb24d606380bce8191d29e62 | ||
| impfuzzy | 24:8fjBcVbb9L0uBbS6bi6926mMt6Cq6F0Yh29HD4Tg94upAbzAKaihfHRtBy7JYDMt:8fNcVNL5BbrFirkdk1YwLSYSV06iWGT | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400092d8 DeleteCriticalSection
0x1400092e0 EnterCriticalSection
0x1400092e8 GetLastError
0x1400092f0 InitializeCriticalSection
0x1400092f8 LeaveCriticalSection
0x140009300 SetUnhandledExceptionFilter
0x140009308 Sleep
0x140009310 TlsGetValue
0x140009318 VirtualAlloc
0x140009320 VirtualProtect
0x140009328 VirtualQuery
api-ms-win-crt-environment-l1-1-0.dll
0x140009338 __p__environ
0x140009340 __p__wenviron
api-ms-win-crt-heap-l1-1-0.dll
0x140009350 _set_new_mode
0x140009358 calloc
0x140009360 free
0x140009368 malloc
api-ms-win-crt-math-l1-1-0.dll
0x140009378 __setusermatherr
api-ms-win-crt-private-l1-1-0.dll
0x140009388 __C_specific_handler
0x140009390 memcpy
0x140009398 memmove
0x1400093a0 strchr
0x1400093a8 strstr
api-ms-win-crt-runtime-l1-1-0.dll
0x1400093b8 __p___argc
0x1400093c0 __p___argv
0x1400093c8 __p___wargv
0x1400093d0 _cexit
0x1400093d8 _configure_narrow_argv
0x1400093e0 _configure_wide_argv
0x1400093e8 _crt_at_quick_exit
0x1400093f0 _crt_atexit
0x1400093f8 _exit
0x140009400 _initialize_narrow_environment
0x140009408 _initialize_wide_environment
0x140009410 _initterm
0x140009418 _set_app_type
0x140009420 _set_invalid_parameter_handler
0x140009428 abort
0x140009430 exit
0x140009438 signal
api-ms-win-crt-stdio-l1-1-0.dll
0x140009448 __acrt_iob_func
0x140009450 __p__commode
0x140009458 __p__fmode
0x140009460 __stdio_common_vfprintf
0x140009468 __stdio_common_vfwprintf
0x140009470 __stdio_common_vsscanf
0x140009478 fwrite
api-ms-win-crt-string-l1-1-0.dll
0x140009488 memset
0x140009490 strcat
0x140009498 strcpy
0x1400094a0 strlen
0x1400094a8 strncmp
api-ms-win-crt-time-l1-1-0.dll
0x1400094b8 __daylight
0x1400094c0 __timezone
0x1400094c8 __tzname
0x1400094d0 _tzset
0x1400094d8 clock
EAT(Export Address Table) is none
KERNEL32.dll
0x1400092d8 DeleteCriticalSection
0x1400092e0 EnterCriticalSection
0x1400092e8 GetLastError
0x1400092f0 InitializeCriticalSection
0x1400092f8 LeaveCriticalSection
0x140009300 SetUnhandledExceptionFilter
0x140009308 Sleep
0x140009310 TlsGetValue
0x140009318 VirtualAlloc
0x140009320 VirtualProtect
0x140009328 VirtualQuery
api-ms-win-crt-environment-l1-1-0.dll
0x140009338 __p__environ
0x140009340 __p__wenviron
api-ms-win-crt-heap-l1-1-0.dll
0x140009350 _set_new_mode
0x140009358 calloc
0x140009360 free
0x140009368 malloc
api-ms-win-crt-math-l1-1-0.dll
0x140009378 __setusermatherr
api-ms-win-crt-private-l1-1-0.dll
0x140009388 __C_specific_handler
0x140009390 memcpy
0x140009398 memmove
0x1400093a0 strchr
0x1400093a8 strstr
api-ms-win-crt-runtime-l1-1-0.dll
0x1400093b8 __p___argc
0x1400093c0 __p___argv
0x1400093c8 __p___wargv
0x1400093d0 _cexit
0x1400093d8 _configure_narrow_argv
0x1400093e0 _configure_wide_argv
0x1400093e8 _crt_at_quick_exit
0x1400093f0 _crt_atexit
0x1400093f8 _exit
0x140009400 _initialize_narrow_environment
0x140009408 _initialize_wide_environment
0x140009410 _initterm
0x140009418 _set_app_type
0x140009420 _set_invalid_parameter_handler
0x140009428 abort
0x140009430 exit
0x140009438 signal
api-ms-win-crt-stdio-l1-1-0.dll
0x140009448 __acrt_iob_func
0x140009450 __p__commode
0x140009458 __p__fmode
0x140009460 __stdio_common_vfprintf
0x140009468 __stdio_common_vfwprintf
0x140009470 __stdio_common_vsscanf
0x140009478 fwrite
api-ms-win-crt-string-l1-1-0.dll
0x140009488 memset
0x140009490 strcat
0x140009498 strcpy
0x1400094a0 strlen
0x1400094a8 strncmp
api-ms-win-crt-time-l1-1-0.dll
0x1400094b8 __daylight
0x1400094c0 __timezone
0x1400094c8 __tzname
0x1400094d0 _tzset
0x1400094d8 clock
EAT(Export Address Table) is none