ScreenShot
| Created | 2024.09.03 09:12 | Machine | s1_win7_x6401 |
| Filename | Launcher.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 57 detected (AIDetectMalware, ShellcodeRunner, malicious, high confidence, score, Tedy, Unsafe, Vlzk, Attribute, HighConfidence, Artemis, HacktoolX, dhhal, GNzgW5uk77Q, Swrort, wuwvd, R002C0DEO24, HackTool, Detected, ai score=84, ASDF, Eldorado, R641641, Runner, GdSda, Gencirc, MunRZtUPg+Q, ShellLoader, susgen, confidence) | ||
| md5 | 1788ecdad15cd02d42475133faa38cce | ||
| sha256 | fed7c9c13dfcf26d6abf8231857a66b3676e79829975b8fe43ee9e4dd4c4235e | ||
| ssdeep | 384:MuPJRlNhSP00DDPrhiNsHxc6fd5okf15GC8sQm23N2Ub:FPJRlNhSP00/sL8UkftrQr38 | ||
| imphash | 2c2c290b31d72b5de180c9426897666e | ||
| impfuzzy | 48:XzUvvLFpBS1tARAONQ9clsQVwQSLFcjM8BBTBSA:QvvLFpBS1fONQ9clDjM8dV | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140004010 CloseHandle
0x140004018 GetFileSize
0x140004020 WriteProcessMemory
0x140004028 RtlAddFunctionTable
0x140004030 Sleep
0x140004038 GetLastError
0x140004040 LoadLibraryA
0x140004048 VirtualProtectEx
0x140004050 GetProcAddress
0x140004058 VirtualAllocEx
0x140004060 ReadProcessMemory
0x140004068 CreateFileA
0x140004070 VirtualFreeEx
0x140004078 GetExitCodeProcess
0x140004080 TerminateProcess
0x140004088 GetCurrentDirectoryA
0x140004090 ResumeThread
0x140004098 SetCurrentDirectoryA
0x1400040a0 WritePrivateProfileStringA
0x1400040a8 CreateProcessA
0x1400040b0 GetPrivateProfileStringA
0x1400040b8 RtlLookupFunctionEntry
0x1400040c0 RtlVirtualUnwind
0x1400040c8 UnhandledExceptionFilter
0x1400040d0 CreateRemoteThread
0x1400040d8 ReadFile
0x1400040e0 SetUnhandledExceptionFilter
0x1400040e8 RtlCaptureContext
0x1400040f0 GetCurrentProcess
0x1400040f8 IsProcessorFeaturePresent
0x140004100 QueryPerformanceCounter
0x140004108 GetCurrentProcessId
0x140004110 GetCurrentThreadId
0x140004118 GetSystemTimeAsFileTime
0x140004120 InitializeSListHead
0x140004128 IsDebuggerPresent
0x140004130 GetModuleHandleW
USER32.dll
0x140004160 FindWindowA
COMDLG32.dll
0x140004000 GetOpenFileNameA
MSVCP140.dll
0x140004140 ?_Xlength_error@std@@YAXPEBD@Z
SHLWAPI.dll
0x140004150 PathRemoveFileSpecA
VCRUNTIME140.dll
0x140004170 __current_exception
0x140004178 __std_exception_copy
0x140004180 memmove
0x140004188 _CxxThrowException
0x140004190 memset
0x140004198 __C_specific_handler
0x1400041a0 __std_exception_destroy
0x1400041a8 memcpy
0x1400041b0 __current_exception_context
VCRUNTIME140_1.dll
0x1400041c0 __CxxFrameHandler4
api-ms-win-crt-stdio-l1-1-0.dll
0x1400042c0 __stdio_common_vfprintf
0x1400042c8 __acrt_iob_func
0x1400042d0 _set_fmode
0x1400042d8 __p__commode
api-ms-win-crt-heap-l1-1-0.dll
0x1400041d0 malloc
0x1400041d8 free
0x1400041e0 _set_new_mode
0x1400041e8 _callnewh
api-ms-win-crt-runtime-l1-1-0.dll
0x140004218 _initterm_e
0x140004220 _initialize_onexit_table
0x140004228 _register_onexit_function
0x140004230 _crt_atexit
0x140004238 _register_thread_local_exe_atexit_callback
0x140004240 exit
0x140004248 __p___argv
0x140004250 _exit
0x140004258 system
0x140004260 _cexit
0x140004268 _c_exit
0x140004270 _get_initial_narrow_environment
0x140004278 _initialize_narrow_environment
0x140004280 _configure_narrow_argv
0x140004288 terminate
0x140004290 _set_app_type
0x140004298 _seh_filter_exe
0x1400042a0 __p___argc
0x1400042a8 _invalid_parameter_noinfo_noreturn
0x1400042b0 _initterm
api-ms-win-crt-string-l1-1-0.dll
0x1400042e8 strcat_s
api-ms-win-crt-math-l1-1-0.dll
0x140004208 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x1400041f8 _configthreadlocale
EAT(Export Address Table) is none
KERNEL32.dll
0x140004010 CloseHandle
0x140004018 GetFileSize
0x140004020 WriteProcessMemory
0x140004028 RtlAddFunctionTable
0x140004030 Sleep
0x140004038 GetLastError
0x140004040 LoadLibraryA
0x140004048 VirtualProtectEx
0x140004050 GetProcAddress
0x140004058 VirtualAllocEx
0x140004060 ReadProcessMemory
0x140004068 CreateFileA
0x140004070 VirtualFreeEx
0x140004078 GetExitCodeProcess
0x140004080 TerminateProcess
0x140004088 GetCurrentDirectoryA
0x140004090 ResumeThread
0x140004098 SetCurrentDirectoryA
0x1400040a0 WritePrivateProfileStringA
0x1400040a8 CreateProcessA
0x1400040b0 GetPrivateProfileStringA
0x1400040b8 RtlLookupFunctionEntry
0x1400040c0 RtlVirtualUnwind
0x1400040c8 UnhandledExceptionFilter
0x1400040d0 CreateRemoteThread
0x1400040d8 ReadFile
0x1400040e0 SetUnhandledExceptionFilter
0x1400040e8 RtlCaptureContext
0x1400040f0 GetCurrentProcess
0x1400040f8 IsProcessorFeaturePresent
0x140004100 QueryPerformanceCounter
0x140004108 GetCurrentProcessId
0x140004110 GetCurrentThreadId
0x140004118 GetSystemTimeAsFileTime
0x140004120 InitializeSListHead
0x140004128 IsDebuggerPresent
0x140004130 GetModuleHandleW
USER32.dll
0x140004160 FindWindowA
COMDLG32.dll
0x140004000 GetOpenFileNameA
MSVCP140.dll
0x140004140 ?_Xlength_error@std@@YAXPEBD@Z
SHLWAPI.dll
0x140004150 PathRemoveFileSpecA
VCRUNTIME140.dll
0x140004170 __current_exception
0x140004178 __std_exception_copy
0x140004180 memmove
0x140004188 _CxxThrowException
0x140004190 memset
0x140004198 __C_specific_handler
0x1400041a0 __std_exception_destroy
0x1400041a8 memcpy
0x1400041b0 __current_exception_context
VCRUNTIME140_1.dll
0x1400041c0 __CxxFrameHandler4
api-ms-win-crt-stdio-l1-1-0.dll
0x1400042c0 __stdio_common_vfprintf
0x1400042c8 __acrt_iob_func
0x1400042d0 _set_fmode
0x1400042d8 __p__commode
api-ms-win-crt-heap-l1-1-0.dll
0x1400041d0 malloc
0x1400041d8 free
0x1400041e0 _set_new_mode
0x1400041e8 _callnewh
api-ms-win-crt-runtime-l1-1-0.dll
0x140004218 _initterm_e
0x140004220 _initialize_onexit_table
0x140004228 _register_onexit_function
0x140004230 _crt_atexit
0x140004238 _register_thread_local_exe_atexit_callback
0x140004240 exit
0x140004248 __p___argv
0x140004250 _exit
0x140004258 system
0x140004260 _cexit
0x140004268 _c_exit
0x140004270 _get_initial_narrow_environment
0x140004278 _initialize_narrow_environment
0x140004280 _configure_narrow_argv
0x140004288 terminate
0x140004290 _set_app_type
0x140004298 _seh_filter_exe
0x1400042a0 __p___argc
0x1400042a8 _invalid_parameter_noinfo_noreturn
0x1400042b0 _initterm
api-ms-win-crt-string-l1-1-0.dll
0x1400042e8 strcat_s
api-ms-win-crt-math-l1-1-0.dll
0x140004208 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x1400041f8 _configthreadlocale
EAT(Export Address Table) is none