ScreenShot
| Created | 2024.09.02 10:36 | Machine | s1_win7_x6401 |
| Filename | 66d17d49c93d8_main.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 35 detected (AIDetectMalware, Agentb, Smokeloader, GenericKD, Vrdh, Attribute, HighConfidence, WinGo, Artemis, lamw, PRIVATELOADER, YXEH4Z, Detected, ai score=86, Casdet, MALICIOUS, Rozena, Chgt, susgen, Behavior, confidence) | ||
| md5 | 01a3155b62c88c17d864f9fd78745902 | ||
| sha256 | 82475d4397b6d833a0b170945b7fb607eb82e3609dc35dc51f04884be3a91155 | ||
| ssdeep | 98304:uc+40VBpa8viCvKTkPEuCMSwmh2L1wwPBEJ6kZDvoadMy:2pVBpa8viCqkMutmcuwqJ6k1gY | ||
| imphash | c2d457ad8ac36fc9f18d45bffcd450c2 | ||
| impfuzzy | 24:ibVjh9wOuuTkkboVaXOr6kwmDgUPMztxdEr6tl:AwOuUjXOmokx0ol | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x8ec1c0 WriteFile
0x8ec1c8 WriteConsoleW
0x8ec1d0 WerSetFlags
0x8ec1d8 WerGetFlags
0x8ec1e0 WaitForMultipleObjects
0x8ec1e8 WaitForSingleObject
0x8ec1f0 VirtualQuery
0x8ec1f8 VirtualFree
0x8ec200 VirtualAlloc
0x8ec208 TlsAlloc
0x8ec210 SwitchToThread
0x8ec218 SuspendThread
0x8ec220 SetWaitableTimer
0x8ec228 SetProcessPriorityBoost
0x8ec230 SetEvent
0x8ec238 SetErrorMode
0x8ec240 SetConsoleCtrlHandler
0x8ec248 RtlVirtualUnwind
0x8ec250 RtlLookupFunctionEntry
0x8ec258 ResumeThread
0x8ec260 RaiseFailFastException
0x8ec268 PostQueuedCompletionStatus
0x8ec270 LoadLibraryW
0x8ec278 LoadLibraryExW
0x8ec280 SetThreadContext
0x8ec288 GetThreadContext
0x8ec290 GetSystemInfo
0x8ec298 GetSystemDirectoryA
0x8ec2a0 GetStdHandle
0x8ec2a8 GetQueuedCompletionStatusEx
0x8ec2b0 GetProcessAffinityMask
0x8ec2b8 GetProcAddress
0x8ec2c0 GetErrorMode
0x8ec2c8 GetEnvironmentStringsW
0x8ec2d0 GetCurrentThreadId
0x8ec2d8 GetConsoleMode
0x8ec2e0 FreeEnvironmentStringsW
0x8ec2e8 ExitProcess
0x8ec2f0 DuplicateHandle
0x8ec2f8 CreateWaitableTimerExW
0x8ec300 CreateThread
0x8ec308 CreateIoCompletionPort
0x8ec310 CreateFileA
0x8ec318 CreateEventA
0x8ec320 CloseHandle
0x8ec328 AddVectoredExceptionHandler
0x8ec330 AddVectoredContinueHandler
EAT(Export Address Table) is none
kernel32.dll
0x8ec1c0 WriteFile
0x8ec1c8 WriteConsoleW
0x8ec1d0 WerSetFlags
0x8ec1d8 WerGetFlags
0x8ec1e0 WaitForMultipleObjects
0x8ec1e8 WaitForSingleObject
0x8ec1f0 VirtualQuery
0x8ec1f8 VirtualFree
0x8ec200 VirtualAlloc
0x8ec208 TlsAlloc
0x8ec210 SwitchToThread
0x8ec218 SuspendThread
0x8ec220 SetWaitableTimer
0x8ec228 SetProcessPriorityBoost
0x8ec230 SetEvent
0x8ec238 SetErrorMode
0x8ec240 SetConsoleCtrlHandler
0x8ec248 RtlVirtualUnwind
0x8ec250 RtlLookupFunctionEntry
0x8ec258 ResumeThread
0x8ec260 RaiseFailFastException
0x8ec268 PostQueuedCompletionStatus
0x8ec270 LoadLibraryW
0x8ec278 LoadLibraryExW
0x8ec280 SetThreadContext
0x8ec288 GetThreadContext
0x8ec290 GetSystemInfo
0x8ec298 GetSystemDirectoryA
0x8ec2a0 GetStdHandle
0x8ec2a8 GetQueuedCompletionStatusEx
0x8ec2b0 GetProcessAffinityMask
0x8ec2b8 GetProcAddress
0x8ec2c0 GetErrorMode
0x8ec2c8 GetEnvironmentStringsW
0x8ec2d0 GetCurrentThreadId
0x8ec2d8 GetConsoleMode
0x8ec2e0 FreeEnvironmentStringsW
0x8ec2e8 ExitProcess
0x8ec2f0 DuplicateHandle
0x8ec2f8 CreateWaitableTimerExW
0x8ec300 CreateThread
0x8ec308 CreateIoCompletionPort
0x8ec310 CreateFileA
0x8ec318 CreateEventA
0x8ec320 CloseHandle
0x8ec328 AddVectoredExceptionHandler
0x8ec330 AddVectoredContinueHandler
EAT(Export Address Table) is none