ScreenShot
| Created | 2024.09.06 10:38 | Machine | s1_win7_x6401 |
| Filename | 66d9f6e9330e4_deep.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetectMalware, Unsafe, Kryptik, Vknr, Attribute, HighConfidence, GenKryptik, GXZZ, Malicious, MalwareX, CLOUD, RedLine, Detplock, Donut, 6EBODU, Outbreak, confidence) | ||
| md5 | 6a94b94ba557d5d85a1da20213d48974 | ||
| sha256 | e4a125aa374a939c07ee3172dd5cdb23990096efe7059e9d647f1eaadc32e3dd | ||
| ssdeep | 24576:kik8FMmBmInQorsb2d4abb3+RaiHmd/on97e5oX5QOGXI+sYSkX:Xk8JB5nQYsbY4abb3j/onlGYAS | ||
| imphash | 65b1d87ac1af301c77dd3ab457ef3a84 | ||
| impfuzzy | 24:8fpcmGRGf5XGf6ZxVkoDqxZ9vZF+vOy19GMOWu9wFCD3GRbL0sJTXjDnbj8FC:8fpcmGWJGfw7koqt/GD94qbHXHZ | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14020b388 DeleteCriticalSection
0x14020b390 EnterCriticalSection
0x14020b398 InitializeCriticalSection
0x14020b3a0 LeaveCriticalSection
0x14020b3a8 RaiseException
0x14020b3b0 RtlUnwindEx
0x14020b3b8 VirtualProtect
0x14020b3c0 VirtualQuery
0x14020b3c8 __C_specific_handler
msvcrt.dll
0x14020b3d8 __getmainargs
0x14020b3e0 __initenv
0x14020b3e8 __iob_func
0x14020b3f0 __set_app_type
0x14020b3f8 __setusermatherr
0x14020b400 _amsg_exit
0x14020b408 _cexit
0x14020b410 _commode
0x14020b418 _fmode
0x14020b420 _fpreset
0x14020b428 _initterm
0x14020b430 _onexit
0x14020b438 abort
0x14020b440 calloc
0x14020b448 exit
0x14020b450 fprintf
0x14020b458 free
0x14020b460 fwrite
0x14020b468 malloc
0x14020b470 memcmp
0x14020b478 memcpy
0x14020b480 memmove
0x14020b488 memset
0x14020b490 signal
0x14020b498 strlen
0x14020b4a0 strncmp
0x14020b4a8 vfprintf
kernel32.dll
0x14020b4b8 AddVectoredExceptionHandler
0x14020b4c0 CloseHandle
0x14020b4c8 CreateFileMappingA
0x14020b4d0 CreateFileW
0x14020b4d8 CreateMutexA
0x14020b4e0 CreateThread
0x14020b4e8 CreateToolhelp32Snapshot
0x14020b4f0 DuplicateHandle
0x14020b4f8 FormatMessageW
0x14020b500 GetConsoleMode
0x14020b508 GetCurrentDirectoryW
0x14020b510 GetCurrentProcess
0x14020b518 GetCurrentThread
0x14020b520 GetEnvironmentVariableW
0x14020b528 GetFileInformationByHandle
0x14020b530 GetFileInformationByHandleEx
0x14020b538 GetFullPathNameW
0x14020b540 GetLastError
0x14020b548 GetModuleHandleA
0x14020b550 GetModuleHandleW
0x14020b558 GetProcAddress
0x14020b560 GetProcessHeap
0x14020b568 GetStdHandle
0x14020b570 HeapAlloc
0x14020b578 HeapCreate
0x14020b580 HeapFree
0x14020b588 HeapReAlloc
0x14020b590 InitOnceBeginInitialize
0x14020b598 InitOnceComplete
0x14020b5a0 MapViewOfFile
0x14020b5a8 Module32FirstW
0x14020b5b0 Module32NextW
0x14020b5b8 MultiByteToWideChar
0x14020b5c0 RtlCaptureContext
0x14020b5c8 RtlLookupFunctionEntry
0x14020b5d0 RtlVirtualUnwind
0x14020b5d8 SetLastError
0x14020b5e0 SetThreadStackGuarantee
0x14020b5e8 SetUnhandledExceptionFilter
0x14020b5f0 Sleep
0x14020b5f8 TlsAlloc
0x14020b600 TlsFree
0x14020b608 TlsGetValue
0x14020b610 TlsSetValue
0x14020b618 UnmapViewOfFile
0x14020b620 WaitForSingleObject
0x14020b628 WriteConsoleW
ntdll.dll
0x14020b638 NtWriteFile
0x14020b640 RtlNtStatusToDosError
api-ms-win-core-synch-l1-2-0.dll
0x14020b650 WaitOnAddress
0x14020b658 WakeByAddressAll
0x14020b660 WakeByAddressSingle
cryptprimitives.dll
0x14020b670 ProcessPrng
EAT(Export Address Table) is none
KERNEL32.dll
0x14020b388 DeleteCriticalSection
0x14020b390 EnterCriticalSection
0x14020b398 InitializeCriticalSection
0x14020b3a0 LeaveCriticalSection
0x14020b3a8 RaiseException
0x14020b3b0 RtlUnwindEx
0x14020b3b8 VirtualProtect
0x14020b3c0 VirtualQuery
0x14020b3c8 __C_specific_handler
msvcrt.dll
0x14020b3d8 __getmainargs
0x14020b3e0 __initenv
0x14020b3e8 __iob_func
0x14020b3f0 __set_app_type
0x14020b3f8 __setusermatherr
0x14020b400 _amsg_exit
0x14020b408 _cexit
0x14020b410 _commode
0x14020b418 _fmode
0x14020b420 _fpreset
0x14020b428 _initterm
0x14020b430 _onexit
0x14020b438 abort
0x14020b440 calloc
0x14020b448 exit
0x14020b450 fprintf
0x14020b458 free
0x14020b460 fwrite
0x14020b468 malloc
0x14020b470 memcmp
0x14020b478 memcpy
0x14020b480 memmove
0x14020b488 memset
0x14020b490 signal
0x14020b498 strlen
0x14020b4a0 strncmp
0x14020b4a8 vfprintf
kernel32.dll
0x14020b4b8 AddVectoredExceptionHandler
0x14020b4c0 CloseHandle
0x14020b4c8 CreateFileMappingA
0x14020b4d0 CreateFileW
0x14020b4d8 CreateMutexA
0x14020b4e0 CreateThread
0x14020b4e8 CreateToolhelp32Snapshot
0x14020b4f0 DuplicateHandle
0x14020b4f8 FormatMessageW
0x14020b500 GetConsoleMode
0x14020b508 GetCurrentDirectoryW
0x14020b510 GetCurrentProcess
0x14020b518 GetCurrentThread
0x14020b520 GetEnvironmentVariableW
0x14020b528 GetFileInformationByHandle
0x14020b530 GetFileInformationByHandleEx
0x14020b538 GetFullPathNameW
0x14020b540 GetLastError
0x14020b548 GetModuleHandleA
0x14020b550 GetModuleHandleW
0x14020b558 GetProcAddress
0x14020b560 GetProcessHeap
0x14020b568 GetStdHandle
0x14020b570 HeapAlloc
0x14020b578 HeapCreate
0x14020b580 HeapFree
0x14020b588 HeapReAlloc
0x14020b590 InitOnceBeginInitialize
0x14020b598 InitOnceComplete
0x14020b5a0 MapViewOfFile
0x14020b5a8 Module32FirstW
0x14020b5b0 Module32NextW
0x14020b5b8 MultiByteToWideChar
0x14020b5c0 RtlCaptureContext
0x14020b5c8 RtlLookupFunctionEntry
0x14020b5d0 RtlVirtualUnwind
0x14020b5d8 SetLastError
0x14020b5e0 SetThreadStackGuarantee
0x14020b5e8 SetUnhandledExceptionFilter
0x14020b5f0 Sleep
0x14020b5f8 TlsAlloc
0x14020b600 TlsFree
0x14020b608 TlsGetValue
0x14020b610 TlsSetValue
0x14020b618 UnmapViewOfFile
0x14020b620 WaitForSingleObject
0x14020b628 WriteConsoleW
ntdll.dll
0x14020b638 NtWriteFile
0x14020b640 RtlNtStatusToDosError
api-ms-win-core-synch-l1-2-0.dll
0x14020b650 WaitOnAddress
0x14020b658 WakeByAddressAll
0x14020b660 WakeByAddressSingle
cryptprimitives.dll
0x14020b670 ProcessPrng
EAT(Export Address Table) is none