Report - Chrome.exe

Gen1 Generic Malware Malicious Library ASPack UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check DLL ZIP Format
ScreenShot
Created 2024.09.07 17:05 Machine s1_win7_x6401
Filename Chrome.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score Not founds Behavior Score
2.4
ZERO API file : malware
VT API (file) 24 detected (AIDetectMalware, tsD1, malicious, high confidence, score, Unsafe, Pyinstaller, Python, Redcap, tytkx, Static AI, Suspicious PE, Detected, Wacatac, ABTrojan, YQHX, Outbreak, Wacapew, C9nj)
md5 f90a0ca2766ad3e02c15fe5622546d01
sha256 ac6b3de2692e7ddc7fbb6c3fea5ce6faa724ee34819c0c9c149d01fa0c37ead3
ssdeep 393216:jn4ZpgPYVnNSMF1+TtIiFvY9Z8D8CclsdEA5UBnmwGXKb:b4ZpgPQH1QtI6a8DZcSdUmfKb
imphash f4f2e2b03fe5666a721620fcea3aea9b
impfuzzy 48:tn6gF/gub6EwoQ54rzSv6xviMMke59afteS1HEc+pIuCmcgTkOtV0Kq14r:pfh9ne50teS1HEc+pIuptkiWHS
  Network IP location

Signature (5cnts)

Level Description
warning File has been identified by 24 AntiVirus engines on VirusTotal as malicious
watch One or more non-whitelisted processes were created
notice Creates executable files on the filesystem
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (18cnts)

Level Name Description Collection
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (download)
warning Generic_Malware_Zero Generic Malware binaries (download)
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch ASPack_Zero ASPack packed file binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (download)
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
notice anti_vm_detect Possibly employs anti-virtualization techniques binaries (download)
info IsDLL (no description) binaries (download)
info IsPE64 (no description) binaries (download)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (download)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info zip_file_format ZIP file format binaries (download)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

USER32.dll
 0x14002c398 CreateWindowExW
 0x14002c3a0 PostMessageW
 0x14002c3a8 GetMessageW
 0x14002c3b0 MessageBoxW
 0x14002c3b8 MessageBoxA
 0x14002c3c0 SystemParametersInfoW
 0x14002c3c8 DestroyIcon
 0x14002c3d0 SetWindowLongPtrW
 0x14002c3d8 GetWindowLongPtrW
 0x14002c3e0 GetClientRect
 0x14002c3e8 InvalidateRect
 0x14002c3f0 ReleaseDC
 0x14002c3f8 GetDC
 0x14002c400 DrawTextW
 0x14002c408 GetDialogBaseUnits
 0x14002c410 EndDialog
 0x14002c418 DialogBoxIndirectParamW
 0x14002c420 MoveWindow
 0x14002c428 SendMessageW
COMCTL32.dll
 0x14002c028 None
KERNEL32.dll
 0x14002c058 IsValidCodePage
 0x14002c060 GetStringTypeW
 0x14002c068 GetFileAttributesExW
 0x14002c070 HeapReAlloc
 0x14002c078 FlushFileBuffers
 0x14002c080 GetCurrentDirectoryW
 0x14002c088 GetACP
 0x14002c090 GetOEMCP
 0x14002c098 GetModuleHandleW
 0x14002c0a0 MulDiv
 0x14002c0a8 GetLastError
 0x14002c0b0 SetDllDirectoryW
 0x14002c0b8 CreateFileW
 0x14002c0c0 GetFinalPathNameByHandleW
 0x14002c0c8 CloseHandle
 0x14002c0d0 GetModuleFileNameW
 0x14002c0d8 CreateSymbolicLinkW
 0x14002c0e0 GetCPInfo
 0x14002c0e8 GetCommandLineW
 0x14002c0f0 GetEnvironmentVariableW
 0x14002c0f8 SetEnvironmentVariableW
 0x14002c100 ExpandEnvironmentStringsW
 0x14002c108 CreateDirectoryW
 0x14002c110 GetTempPathW
 0x14002c118 WaitForSingleObject
 0x14002c120 Sleep
 0x14002c128 GetExitCodeProcess
 0x14002c130 CreateProcessW
 0x14002c138 GetStartupInfoW
 0x14002c140 FreeLibrary
 0x14002c148 LoadLibraryExW
 0x14002c150 SetConsoleCtrlHandler
 0x14002c158 FindClose
 0x14002c160 FindFirstFileExW
 0x14002c168 GetCurrentProcess
 0x14002c170 LocalFree
 0x14002c178 FormatMessageW
 0x14002c180 MultiByteToWideChar
 0x14002c188 WideCharToMultiByte
 0x14002c190 GetEnvironmentStringsW
 0x14002c198 FreeEnvironmentStringsW
 0x14002c1a0 GetProcessHeap
 0x14002c1a8 GetTimeZoneInformation
 0x14002c1b0 HeapSize
 0x14002c1b8 WriteConsoleW
 0x14002c1c0 SetEndOfFile
 0x14002c1c8 GetProcAddress
 0x14002c1d0 GetSystemTimeAsFileTime
 0x14002c1d8 RtlCaptureContext
 0x14002c1e0 RtlLookupFunctionEntry
 0x14002c1e8 RtlVirtualUnwind
 0x14002c1f0 UnhandledExceptionFilter
 0x14002c1f8 SetUnhandledExceptionFilter
 0x14002c200 TerminateProcess
 0x14002c208 IsProcessorFeaturePresent
 0x14002c210 QueryPerformanceCounter
 0x14002c218 GetCurrentProcessId
 0x14002c220 GetCurrentThreadId
 0x14002c228 InitializeSListHead
 0x14002c230 IsDebuggerPresent
 0x14002c238 RtlUnwindEx
 0x14002c240 SetLastError
 0x14002c248 EnterCriticalSection
 0x14002c250 LeaveCriticalSection
 0x14002c258 DeleteCriticalSection
 0x14002c260 InitializeCriticalSectionAndSpinCount
 0x14002c268 TlsAlloc
 0x14002c270 TlsGetValue
 0x14002c278 TlsSetValue
 0x14002c280 TlsFree
 0x14002c288 EncodePointer
 0x14002c290 RaiseException
 0x14002c298 RtlPcToFileHeader
 0x14002c2a0 GetCommandLineA
 0x14002c2a8 GetDriveTypeW
 0x14002c2b0 GetFileInformationByHandle
 0x14002c2b8 GetFileType
 0x14002c2c0 PeekNamedPipe
 0x14002c2c8 SystemTimeToTzSpecificLocalTime
 0x14002c2d0 FileTimeToSystemTime
 0x14002c2d8 GetFullPathNameW
 0x14002c2e0 RemoveDirectoryW
 0x14002c2e8 FindNextFileW
 0x14002c2f0 SetStdHandle
 0x14002c2f8 DeleteFileW
 0x14002c300 ReadFile
 0x14002c308 GetStdHandle
 0x14002c310 WriteFile
 0x14002c318 ExitProcess
 0x14002c320 GetModuleHandleExW
 0x14002c328 HeapFree
 0x14002c330 GetConsoleMode
 0x14002c338 ReadConsoleW
 0x14002c340 SetFilePointerEx
 0x14002c348 GetConsoleOutputCP
 0x14002c350 GetFileSizeEx
 0x14002c358 HeapAlloc
 0x14002c360 FlsAlloc
 0x14002c368 FlsGetValue
 0x14002c370 FlsSetValue
 0x14002c378 FlsFree
 0x14002c380 CompareStringW
 0x14002c388 LCMapStringW
ADVAPI32.dll
 0x14002c000 OpenProcessToken
 0x14002c008 GetTokenInformation
 0x14002c010 ConvertStringSecurityDescriptorToSecurityDescriptorW
 0x14002c018 ConvertSidToStringSidW
GDI32.dll
 0x14002c038 SelectObject
 0x14002c040 DeleteObject
 0x14002c048 CreateFontIndirectW

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure