ScreenShot
| Created | 2024.09.02 13:34 | Machine | s1_win7_x6401 |
| Filename | Amadeus.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 31 detected (AIDetectMalware, Lumma, malicious, moderate confidence, V93o, Attribute, HighConfidence, a variant of WinGo, CLASSIC, AMADEY, YXEIAZ, high, score, Static AI, Suspicious PE, Server, Proxy, Detected, Wacatac, LEK0L0, ABRisk, HXEH, LummaC2, Artemis, Antis) | ||
| md5 | 36a627b26fae167e6009b4950ff15805 | ||
| sha256 | a2389de50f83a11d6fe99639fc5c644f6d4dcea6834ecbf90a4ead3d5f36274a | ||
| ssdeep | 49152:NXJxAIQfc7wXnJu1U30/jo5UJZUntHvVkgKJswamhqp1ROjyj/2wW0j94lNI/pB+:BAIdik7/junt/2wr3/ | ||
| imphash | 1aae8bf580c846f39c71c05898e57e88 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6UP:AwO+VUjXOmokx0nP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x8abce0 WriteFile
0x8abce4 WriteConsoleW
0x8abce8 WerSetFlags
0x8abcec WerGetFlags
0x8abcf0 WaitForMultipleObjects
0x8abcf4 WaitForSingleObject
0x8abcf8 VirtualQuery
0x8abcfc VirtualFree
0x8abd00 VirtualAlloc
0x8abd04 TlsAlloc
0x8abd08 SwitchToThread
0x8abd0c SuspendThread
0x8abd10 SetWaitableTimer
0x8abd14 SetUnhandledExceptionFilter
0x8abd18 SetProcessPriorityBoost
0x8abd1c SetEvent
0x8abd20 SetErrorMode
0x8abd24 SetConsoleCtrlHandler
0x8abd28 ResumeThread
0x8abd2c RaiseFailFastException
0x8abd30 PostQueuedCompletionStatus
0x8abd34 LoadLibraryW
0x8abd38 LoadLibraryExW
0x8abd3c SetThreadContext
0x8abd40 GetThreadContext
0x8abd44 GetSystemInfo
0x8abd48 GetSystemDirectoryA
0x8abd4c GetStdHandle
0x8abd50 GetQueuedCompletionStatusEx
0x8abd54 GetProcessAffinityMask
0x8abd58 GetProcAddress
0x8abd5c GetErrorMode
0x8abd60 GetEnvironmentStringsW
0x8abd64 GetCurrentThreadId
0x8abd68 GetConsoleMode
0x8abd6c FreeEnvironmentStringsW
0x8abd70 ExitProcess
0x8abd74 DuplicateHandle
0x8abd78 CreateWaitableTimerExW
0x8abd7c CreateThread
0x8abd80 CreateIoCompletionPort
0x8abd84 CreateEventA
0x8abd88 CloseHandle
0x8abd8c AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x8abce0 WriteFile
0x8abce4 WriteConsoleW
0x8abce8 WerSetFlags
0x8abcec WerGetFlags
0x8abcf0 WaitForMultipleObjects
0x8abcf4 WaitForSingleObject
0x8abcf8 VirtualQuery
0x8abcfc VirtualFree
0x8abd00 VirtualAlloc
0x8abd04 TlsAlloc
0x8abd08 SwitchToThread
0x8abd0c SuspendThread
0x8abd10 SetWaitableTimer
0x8abd14 SetUnhandledExceptionFilter
0x8abd18 SetProcessPriorityBoost
0x8abd1c SetEvent
0x8abd20 SetErrorMode
0x8abd24 SetConsoleCtrlHandler
0x8abd28 ResumeThread
0x8abd2c RaiseFailFastException
0x8abd30 PostQueuedCompletionStatus
0x8abd34 LoadLibraryW
0x8abd38 LoadLibraryExW
0x8abd3c SetThreadContext
0x8abd40 GetThreadContext
0x8abd44 GetSystemInfo
0x8abd48 GetSystemDirectoryA
0x8abd4c GetStdHandle
0x8abd50 GetQueuedCompletionStatusEx
0x8abd54 GetProcessAffinityMask
0x8abd58 GetProcAddress
0x8abd5c GetErrorMode
0x8abd60 GetEnvironmentStringsW
0x8abd64 GetCurrentThreadId
0x8abd68 GetConsoleMode
0x8abd6c FreeEnvironmentStringsW
0x8abd70 ExitProcess
0x8abd74 DuplicateHandle
0x8abd78 CreateWaitableTimerExW
0x8abd7c CreateThread
0x8abd80 CreateIoCompletionPort
0x8abd84 CreateEventA
0x8abd88 CloseHandle
0x8abd8c AddVectoredExceptionHandler
EAT(Export Address Table) is none