ScreenShot
| Created | 2024.09.03 09:00 | Machine | s1_win7_x6403 |
| Filename | byebyefronbypass.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | b5128526be8a6b02a0ea3dcb4bef1478 | ||
| sha256 | cdddb70fc2836d52d8fe97b8bf301ffb9386ca7fe611b5a4b8bc055f9d344cc1 | ||
| ssdeep | 393216:/PuxYjFHQAmcWBfVuQaFMR8D7fwveOn92/wnMU+j5QzFeY:/Pux6F2Bf5aFMR8DoewQW650F | ||
| imphash | 16bdacb1c91a7c4b568bce4938368cda | ||
| impfuzzy | 24:QsX58TLOYu9CjFhCgD7J9v02tyXaUJk+pl39/CuYoEOovw9RPvRzZHGMr:QsX59YJ97tyXav+ppQuYctnN | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | Drops a binary and executes it |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (26cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (download) |
| info | ftp_command | ftp command | binaries (download) |
| info | Is_DotNET_DLL | (no description) | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | wget_command | wget command | binaries (download) |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHELL32.dll
0x1400222c0 SHFileOperationW
0x1400222c8 SHGetFolderPathW
KERNEL32.dll
0x140022000 EnterCriticalSection
0x140022008 WriteConsoleW
0x140022010 CreateDirectoryW
0x140022018 SizeofResource
0x140022020 SetConsoleCtrlHandler
0x140022028 GetCommandLineW
0x140022030 WriteFile
0x140022038 TerminateProcess
0x140022040 GetModuleFileNameW
0x140022048 SetEnvironmentVariableW
0x140022050 GetTempPathW
0x140022058 FindResourceA
0x140022060 WaitForSingleObject
0x140022068 CreateFileW
0x140022070 GetFileAttributesW
0x140022078 Sleep
0x140022080 GetLastError
0x140022088 LockResource
0x140022090 CloseHandle
0x140022098 LoadResource
0x1400220a0 GetProcAddress
0x1400220a8 GetCurrentProcessId
0x1400220b0 CreateProcessW
0x1400220b8 WideCharToMultiByte
0x1400220c0 GetSystemTimeAsFileTime
0x1400220c8 FormatMessageA
0x1400220d0 GetExitCodeProcess
0x1400220d8 RtlCaptureContext
0x1400220e0 RtlLookupFunctionEntry
0x1400220e8 RtlVirtualUnwind
0x1400220f0 UnhandledExceptionFilter
0x1400220f8 SetUnhandledExceptionFilter
0x140022100 GetCurrentProcess
0x140022108 IsProcessorFeaturePresent
0x140022110 QueryPerformanceCounter
0x140022118 GetCurrentThreadId
0x140022120 InitializeSListHead
0x140022128 IsDebuggerPresent
0x140022130 GetStartupInfoW
0x140022138 GetModuleHandleW
0x140022140 HeapReAlloc
0x140022148 RtlUnwindEx
0x140022150 SetLastError
0x140022158 LeaveCriticalSection
0x140022160 DeleteCriticalSection
0x140022168 InitializeCriticalSectionAndSpinCount
0x140022170 TlsAlloc
0x140022178 TlsGetValue
0x140022180 TlsSetValue
0x140022188 TlsFree
0x140022190 FreeLibrary
0x140022198 LoadLibraryExW
0x1400221a0 EncodePointer
0x1400221a8 RaiseException
0x1400221b0 RtlPcToFileHeader
0x1400221b8 ExitProcess
0x1400221c0 GetModuleHandleExW
0x1400221c8 GetCommandLineA
0x1400221d0 GetStdHandle
0x1400221d8 HeapAlloc
0x1400221e0 MultiByteToWideChar
0x1400221e8 HeapFree
0x1400221f0 FlsAlloc
0x1400221f8 FlsGetValue
0x140022200 FlsSetValue
0x140022208 FlsFree
0x140022210 CompareStringW
0x140022218 LCMapStringW
0x140022220 GetFileType
0x140022228 FindClose
0x140022230 FindFirstFileExW
0x140022238 FindNextFileW
0x140022240 IsValidCodePage
0x140022248 GetACP
0x140022250 GetOEMCP
0x140022258 GetCPInfo
0x140022260 GetEnvironmentStringsW
0x140022268 FreeEnvironmentStringsW
0x140022270 SetStdHandle
0x140022278 GetStringTypeW
0x140022280 GetProcessHeap
0x140022288 FlushFileBuffers
0x140022290 GetConsoleOutputCP
0x140022298 GetConsoleMode
0x1400222a0 GetFileSizeEx
0x1400222a8 SetFilePointerEx
0x1400222b0 HeapSize
EAT(Export Address Table) is none
SHELL32.dll
0x1400222c0 SHFileOperationW
0x1400222c8 SHGetFolderPathW
KERNEL32.dll
0x140022000 EnterCriticalSection
0x140022008 WriteConsoleW
0x140022010 CreateDirectoryW
0x140022018 SizeofResource
0x140022020 SetConsoleCtrlHandler
0x140022028 GetCommandLineW
0x140022030 WriteFile
0x140022038 TerminateProcess
0x140022040 GetModuleFileNameW
0x140022048 SetEnvironmentVariableW
0x140022050 GetTempPathW
0x140022058 FindResourceA
0x140022060 WaitForSingleObject
0x140022068 CreateFileW
0x140022070 GetFileAttributesW
0x140022078 Sleep
0x140022080 GetLastError
0x140022088 LockResource
0x140022090 CloseHandle
0x140022098 LoadResource
0x1400220a0 GetProcAddress
0x1400220a8 GetCurrentProcessId
0x1400220b0 CreateProcessW
0x1400220b8 WideCharToMultiByte
0x1400220c0 GetSystemTimeAsFileTime
0x1400220c8 FormatMessageA
0x1400220d0 GetExitCodeProcess
0x1400220d8 RtlCaptureContext
0x1400220e0 RtlLookupFunctionEntry
0x1400220e8 RtlVirtualUnwind
0x1400220f0 UnhandledExceptionFilter
0x1400220f8 SetUnhandledExceptionFilter
0x140022100 GetCurrentProcess
0x140022108 IsProcessorFeaturePresent
0x140022110 QueryPerformanceCounter
0x140022118 GetCurrentThreadId
0x140022120 InitializeSListHead
0x140022128 IsDebuggerPresent
0x140022130 GetStartupInfoW
0x140022138 GetModuleHandleW
0x140022140 HeapReAlloc
0x140022148 RtlUnwindEx
0x140022150 SetLastError
0x140022158 LeaveCriticalSection
0x140022160 DeleteCriticalSection
0x140022168 InitializeCriticalSectionAndSpinCount
0x140022170 TlsAlloc
0x140022178 TlsGetValue
0x140022180 TlsSetValue
0x140022188 TlsFree
0x140022190 FreeLibrary
0x140022198 LoadLibraryExW
0x1400221a0 EncodePointer
0x1400221a8 RaiseException
0x1400221b0 RtlPcToFileHeader
0x1400221b8 ExitProcess
0x1400221c0 GetModuleHandleExW
0x1400221c8 GetCommandLineA
0x1400221d0 GetStdHandle
0x1400221d8 HeapAlloc
0x1400221e0 MultiByteToWideChar
0x1400221e8 HeapFree
0x1400221f0 FlsAlloc
0x1400221f8 FlsGetValue
0x140022200 FlsSetValue
0x140022208 FlsFree
0x140022210 CompareStringW
0x140022218 LCMapStringW
0x140022220 GetFileType
0x140022228 FindClose
0x140022230 FindFirstFileExW
0x140022238 FindNextFileW
0x140022240 IsValidCodePage
0x140022248 GetACP
0x140022250 GetOEMCP
0x140022258 GetCPInfo
0x140022260 GetEnvironmentStringsW
0x140022268 FreeEnvironmentStringsW
0x140022270 SetStdHandle
0x140022278 GetStringTypeW
0x140022280 GetProcessHeap
0x140022288 FlushFileBuffers
0x140022290 GetConsoleOutputCP
0x140022298 GetConsoleMode
0x1400222a0 GetFileSizeEx
0x1400222a8 SetFilePointerEx
0x1400222b0 HeapSize
EAT(Export Address Table) is none