ScreenShot
| Created | 2024.09.02 13:52 | Machine | s1_win7_x6401 |
| Filename | GetSys.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 21 detected (AIDetectMalware, Fragtor, Lazy, malicious, a variant of WinGo, Artemis, FileRepMalware, Misc, CLASSIC, moderate, score, Detected, ai score=84, Wacatac, LummaC2, Antis) | ||
| md5 | 87939a5b42854b08804a9a0ae605b260 | ||
| sha256 | d742a6ae9c12e159c3f74559899934cbf1a4ec7e1e4ae8620f372c59789d8ace | ||
| ssdeep | 98304:Kg2TEd+xbEHT/M7j/oEg7xl5eilKAUuSVVf6zG:OEcCJrlKA7G | ||
| imphash | 1aae8bf580c846f39c71c05898e57e88 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6UP:AwO+VUjXOmokx0nP | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0xdf3340 WriteFile
0xdf3344 WriteConsoleW
0xdf3348 WerSetFlags
0xdf334c WerGetFlags
0xdf3350 WaitForMultipleObjects
0xdf3354 WaitForSingleObject
0xdf3358 VirtualQuery
0xdf335c VirtualFree
0xdf3360 VirtualAlloc
0xdf3364 TlsAlloc
0xdf3368 SwitchToThread
0xdf336c SuspendThread
0xdf3370 SetWaitableTimer
0xdf3374 SetUnhandledExceptionFilter
0xdf3378 SetProcessPriorityBoost
0xdf337c SetEvent
0xdf3380 SetErrorMode
0xdf3384 SetConsoleCtrlHandler
0xdf3388 ResumeThread
0xdf338c RaiseFailFastException
0xdf3390 PostQueuedCompletionStatus
0xdf3394 LoadLibraryW
0xdf3398 LoadLibraryExW
0xdf339c SetThreadContext
0xdf33a0 GetThreadContext
0xdf33a4 GetSystemInfo
0xdf33a8 GetSystemDirectoryA
0xdf33ac GetStdHandle
0xdf33b0 GetQueuedCompletionStatusEx
0xdf33b4 GetProcessAffinityMask
0xdf33b8 GetProcAddress
0xdf33bc GetErrorMode
0xdf33c0 GetEnvironmentStringsW
0xdf33c4 GetCurrentThreadId
0xdf33c8 GetConsoleMode
0xdf33cc FreeEnvironmentStringsW
0xdf33d0 ExitProcess
0xdf33d4 DuplicateHandle
0xdf33d8 CreateWaitableTimerExW
0xdf33dc CreateThread
0xdf33e0 CreateIoCompletionPort
0xdf33e4 CreateEventA
0xdf33e8 CloseHandle
0xdf33ec AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0xdf3340 WriteFile
0xdf3344 WriteConsoleW
0xdf3348 WerSetFlags
0xdf334c WerGetFlags
0xdf3350 WaitForMultipleObjects
0xdf3354 WaitForSingleObject
0xdf3358 VirtualQuery
0xdf335c VirtualFree
0xdf3360 VirtualAlloc
0xdf3364 TlsAlloc
0xdf3368 SwitchToThread
0xdf336c SuspendThread
0xdf3370 SetWaitableTimer
0xdf3374 SetUnhandledExceptionFilter
0xdf3378 SetProcessPriorityBoost
0xdf337c SetEvent
0xdf3380 SetErrorMode
0xdf3384 SetConsoleCtrlHandler
0xdf3388 ResumeThread
0xdf338c RaiseFailFastException
0xdf3390 PostQueuedCompletionStatus
0xdf3394 LoadLibraryW
0xdf3398 LoadLibraryExW
0xdf339c SetThreadContext
0xdf33a0 GetThreadContext
0xdf33a4 GetSystemInfo
0xdf33a8 GetSystemDirectoryA
0xdf33ac GetStdHandle
0xdf33b0 GetQueuedCompletionStatusEx
0xdf33b4 GetProcessAffinityMask
0xdf33b8 GetProcAddress
0xdf33bc GetErrorMode
0xdf33c0 GetEnvironmentStringsW
0xdf33c4 GetCurrentThreadId
0xdf33c8 GetConsoleMode
0xdf33cc FreeEnvironmentStringsW
0xdf33d0 ExitProcess
0xdf33d4 DuplicateHandle
0xdf33d8 CreateWaitableTimerExW
0xdf33dc CreateThread
0xdf33e0 CreateIoCompletionPort
0xdf33e4 CreateEventA
0xdf33e8 CloseHandle
0xdf33ec AddVectoredExceptionHandler
EAT(Export Address Table) is none