ScreenShot
| Created | 2024.09.04 10:34 | Machine | s1_win7_x6401 |
| Filename | BitLockerToGo.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 41 detected (AIDetectMalware, Artemis, Lazy, Vio6, Attribute, HighConfidence, a variant of WinGo, FileRepMalware, Misc, Lumma, Antis, CLASSIC, Redcap, eawoi, LUMMASTEALER, YXEICZ, malicious, moderate, score, Detected, ai score=81, Wacatac, ABRisk, XCAE, TrojanStealer, B9nj) | ||
| md5 | 0c349af12bacc3cda19ae8a9a4acb428 | ||
| sha256 | 653d40e0e9493f76c18b9852a30c7ed16106fb71854cb4f0f11953d2d7e8e43f | ||
| ssdeep | 98304:1TI3duijmKvoElRysAFxkI+dMGN6NwqEcizcn:cdTndMK | ||
| imphash | 1aae8bf580c846f39c71c05898e57e88 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6UP:AwO+VUjXOmokx0nP | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1108280 WriteFile
0x1108284 WriteConsoleW
0x1108288 WerSetFlags
0x110828c WerGetFlags
0x1108290 WaitForMultipleObjects
0x1108294 WaitForSingleObject
0x1108298 VirtualQuery
0x110829c VirtualFree
0x11082a0 VirtualAlloc
0x11082a4 TlsAlloc
0x11082a8 SwitchToThread
0x11082ac SuspendThread
0x11082b0 SetWaitableTimer
0x11082b4 SetUnhandledExceptionFilter
0x11082b8 SetProcessPriorityBoost
0x11082bc SetEvent
0x11082c0 SetErrorMode
0x11082c4 SetConsoleCtrlHandler
0x11082c8 ResumeThread
0x11082cc RaiseFailFastException
0x11082d0 PostQueuedCompletionStatus
0x11082d4 LoadLibraryW
0x11082d8 LoadLibraryExW
0x11082dc SetThreadContext
0x11082e0 GetThreadContext
0x11082e4 GetSystemInfo
0x11082e8 GetSystemDirectoryA
0x11082ec GetStdHandle
0x11082f0 GetQueuedCompletionStatusEx
0x11082f4 GetProcessAffinityMask
0x11082f8 GetProcAddress
0x11082fc GetErrorMode
0x1108300 GetEnvironmentStringsW
0x1108304 GetCurrentThreadId
0x1108308 GetConsoleMode
0x110830c FreeEnvironmentStringsW
0x1108310 ExitProcess
0x1108314 DuplicateHandle
0x1108318 CreateWaitableTimerExW
0x110831c CreateThread
0x1108320 CreateIoCompletionPort
0x1108324 CreateEventA
0x1108328 CloseHandle
0x110832c AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x1108280 WriteFile
0x1108284 WriteConsoleW
0x1108288 WerSetFlags
0x110828c WerGetFlags
0x1108290 WaitForMultipleObjects
0x1108294 WaitForSingleObject
0x1108298 VirtualQuery
0x110829c VirtualFree
0x11082a0 VirtualAlloc
0x11082a4 TlsAlloc
0x11082a8 SwitchToThread
0x11082ac SuspendThread
0x11082b0 SetWaitableTimer
0x11082b4 SetUnhandledExceptionFilter
0x11082b8 SetProcessPriorityBoost
0x11082bc SetEvent
0x11082c0 SetErrorMode
0x11082c4 SetConsoleCtrlHandler
0x11082c8 ResumeThread
0x11082cc RaiseFailFastException
0x11082d0 PostQueuedCompletionStatus
0x11082d4 LoadLibraryW
0x11082d8 LoadLibraryExW
0x11082dc SetThreadContext
0x11082e0 GetThreadContext
0x11082e4 GetSystemInfo
0x11082e8 GetSystemDirectoryA
0x11082ec GetStdHandle
0x11082f0 GetQueuedCompletionStatusEx
0x11082f4 GetProcessAffinityMask
0x11082f8 GetProcAddress
0x11082fc GetErrorMode
0x1108300 GetEnvironmentStringsW
0x1108304 GetCurrentThreadId
0x1108308 GetConsoleMode
0x110830c FreeEnvironmentStringsW
0x1108310 ExitProcess
0x1108314 DuplicateHandle
0x1108318 CreateWaitableTimerExW
0x110831c CreateThread
0x1108320 CreateIoCompletionPort
0x1108324 CreateEventA
0x1108328 CloseHandle
0x110832c AddVectoredExceptionHandler
EAT(Export Address Table) is none