ScreenShot
| Created | 2024.09.07 17:05 | Machine | s1_win7_x6401 |
| Filename | Chrome.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetectMalware, tsD1, malicious, high confidence, score, Unsafe, Pyinstaller, Python, Redcap, tytkx, Static AI, Suspicious PE, Detected, Wacatac, ABTrojan, YQHX, Outbreak, Wacapew, C9nj) | ||
| md5 | f90a0ca2766ad3e02c15fe5622546d01 | ||
| sha256 | ac6b3de2692e7ddc7fbb6c3fea5ce6faa724ee34819c0c9c149d01fa0c37ead3 | ||
| ssdeep | 393216:jn4ZpgPYVnNSMF1+TtIiFvY9Z8D8CclsdEA5UBnmwGXKb:b4ZpgPQH1QtI6a8DZcSdUmfKb | ||
| imphash | f4f2e2b03fe5666a721620fcea3aea9b | ||
| impfuzzy | 48:tn6gF/gub6EwoQ54rzSv6xviMMke59afteS1HEc+pIuCmcgTkOtV0Kq14r:pfh9ne50teS1HEc+pIuptkiWHS | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| watch | One or more non-whitelisted processes were created |
| notice | Creates executable files on the filesystem |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (18cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x14002c398 CreateWindowExW
0x14002c3a0 PostMessageW
0x14002c3a8 GetMessageW
0x14002c3b0 MessageBoxW
0x14002c3b8 MessageBoxA
0x14002c3c0 SystemParametersInfoW
0x14002c3c8 DestroyIcon
0x14002c3d0 SetWindowLongPtrW
0x14002c3d8 GetWindowLongPtrW
0x14002c3e0 GetClientRect
0x14002c3e8 InvalidateRect
0x14002c3f0 ReleaseDC
0x14002c3f8 GetDC
0x14002c400 DrawTextW
0x14002c408 GetDialogBaseUnits
0x14002c410 EndDialog
0x14002c418 DialogBoxIndirectParamW
0x14002c420 MoveWindow
0x14002c428 SendMessageW
COMCTL32.dll
0x14002c028 None
KERNEL32.dll
0x14002c058 IsValidCodePage
0x14002c060 GetStringTypeW
0x14002c068 GetFileAttributesExW
0x14002c070 HeapReAlloc
0x14002c078 FlushFileBuffers
0x14002c080 GetCurrentDirectoryW
0x14002c088 GetACP
0x14002c090 GetOEMCP
0x14002c098 GetModuleHandleW
0x14002c0a0 MulDiv
0x14002c0a8 GetLastError
0x14002c0b0 SetDllDirectoryW
0x14002c0b8 CreateFileW
0x14002c0c0 GetFinalPathNameByHandleW
0x14002c0c8 CloseHandle
0x14002c0d0 GetModuleFileNameW
0x14002c0d8 CreateSymbolicLinkW
0x14002c0e0 GetCPInfo
0x14002c0e8 GetCommandLineW
0x14002c0f0 GetEnvironmentVariableW
0x14002c0f8 SetEnvironmentVariableW
0x14002c100 ExpandEnvironmentStringsW
0x14002c108 CreateDirectoryW
0x14002c110 GetTempPathW
0x14002c118 WaitForSingleObject
0x14002c120 Sleep
0x14002c128 GetExitCodeProcess
0x14002c130 CreateProcessW
0x14002c138 GetStartupInfoW
0x14002c140 FreeLibrary
0x14002c148 LoadLibraryExW
0x14002c150 SetConsoleCtrlHandler
0x14002c158 FindClose
0x14002c160 FindFirstFileExW
0x14002c168 GetCurrentProcess
0x14002c170 LocalFree
0x14002c178 FormatMessageW
0x14002c180 MultiByteToWideChar
0x14002c188 WideCharToMultiByte
0x14002c190 GetEnvironmentStringsW
0x14002c198 FreeEnvironmentStringsW
0x14002c1a0 GetProcessHeap
0x14002c1a8 GetTimeZoneInformation
0x14002c1b0 HeapSize
0x14002c1b8 WriteConsoleW
0x14002c1c0 SetEndOfFile
0x14002c1c8 GetProcAddress
0x14002c1d0 GetSystemTimeAsFileTime
0x14002c1d8 RtlCaptureContext
0x14002c1e0 RtlLookupFunctionEntry
0x14002c1e8 RtlVirtualUnwind
0x14002c1f0 UnhandledExceptionFilter
0x14002c1f8 SetUnhandledExceptionFilter
0x14002c200 TerminateProcess
0x14002c208 IsProcessorFeaturePresent
0x14002c210 QueryPerformanceCounter
0x14002c218 GetCurrentProcessId
0x14002c220 GetCurrentThreadId
0x14002c228 InitializeSListHead
0x14002c230 IsDebuggerPresent
0x14002c238 RtlUnwindEx
0x14002c240 SetLastError
0x14002c248 EnterCriticalSection
0x14002c250 LeaveCriticalSection
0x14002c258 DeleteCriticalSection
0x14002c260 InitializeCriticalSectionAndSpinCount
0x14002c268 TlsAlloc
0x14002c270 TlsGetValue
0x14002c278 TlsSetValue
0x14002c280 TlsFree
0x14002c288 EncodePointer
0x14002c290 RaiseException
0x14002c298 RtlPcToFileHeader
0x14002c2a0 GetCommandLineA
0x14002c2a8 GetDriveTypeW
0x14002c2b0 GetFileInformationByHandle
0x14002c2b8 GetFileType
0x14002c2c0 PeekNamedPipe
0x14002c2c8 SystemTimeToTzSpecificLocalTime
0x14002c2d0 FileTimeToSystemTime
0x14002c2d8 GetFullPathNameW
0x14002c2e0 RemoveDirectoryW
0x14002c2e8 FindNextFileW
0x14002c2f0 SetStdHandle
0x14002c2f8 DeleteFileW
0x14002c300 ReadFile
0x14002c308 GetStdHandle
0x14002c310 WriteFile
0x14002c318 ExitProcess
0x14002c320 GetModuleHandleExW
0x14002c328 HeapFree
0x14002c330 GetConsoleMode
0x14002c338 ReadConsoleW
0x14002c340 SetFilePointerEx
0x14002c348 GetConsoleOutputCP
0x14002c350 GetFileSizeEx
0x14002c358 HeapAlloc
0x14002c360 FlsAlloc
0x14002c368 FlsGetValue
0x14002c370 FlsSetValue
0x14002c378 FlsFree
0x14002c380 CompareStringW
0x14002c388 LCMapStringW
ADVAPI32.dll
0x14002c000 OpenProcessToken
0x14002c008 GetTokenInformation
0x14002c010 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x14002c018 ConvertSidToStringSidW
GDI32.dll
0x14002c038 SelectObject
0x14002c040 DeleteObject
0x14002c048 CreateFontIndirectW
EAT(Export Address Table) is none
USER32.dll
0x14002c398 CreateWindowExW
0x14002c3a0 PostMessageW
0x14002c3a8 GetMessageW
0x14002c3b0 MessageBoxW
0x14002c3b8 MessageBoxA
0x14002c3c0 SystemParametersInfoW
0x14002c3c8 DestroyIcon
0x14002c3d0 SetWindowLongPtrW
0x14002c3d8 GetWindowLongPtrW
0x14002c3e0 GetClientRect
0x14002c3e8 InvalidateRect
0x14002c3f0 ReleaseDC
0x14002c3f8 GetDC
0x14002c400 DrawTextW
0x14002c408 GetDialogBaseUnits
0x14002c410 EndDialog
0x14002c418 DialogBoxIndirectParamW
0x14002c420 MoveWindow
0x14002c428 SendMessageW
COMCTL32.dll
0x14002c028 None
KERNEL32.dll
0x14002c058 IsValidCodePage
0x14002c060 GetStringTypeW
0x14002c068 GetFileAttributesExW
0x14002c070 HeapReAlloc
0x14002c078 FlushFileBuffers
0x14002c080 GetCurrentDirectoryW
0x14002c088 GetACP
0x14002c090 GetOEMCP
0x14002c098 GetModuleHandleW
0x14002c0a0 MulDiv
0x14002c0a8 GetLastError
0x14002c0b0 SetDllDirectoryW
0x14002c0b8 CreateFileW
0x14002c0c0 GetFinalPathNameByHandleW
0x14002c0c8 CloseHandle
0x14002c0d0 GetModuleFileNameW
0x14002c0d8 CreateSymbolicLinkW
0x14002c0e0 GetCPInfo
0x14002c0e8 GetCommandLineW
0x14002c0f0 GetEnvironmentVariableW
0x14002c0f8 SetEnvironmentVariableW
0x14002c100 ExpandEnvironmentStringsW
0x14002c108 CreateDirectoryW
0x14002c110 GetTempPathW
0x14002c118 WaitForSingleObject
0x14002c120 Sleep
0x14002c128 GetExitCodeProcess
0x14002c130 CreateProcessW
0x14002c138 GetStartupInfoW
0x14002c140 FreeLibrary
0x14002c148 LoadLibraryExW
0x14002c150 SetConsoleCtrlHandler
0x14002c158 FindClose
0x14002c160 FindFirstFileExW
0x14002c168 GetCurrentProcess
0x14002c170 LocalFree
0x14002c178 FormatMessageW
0x14002c180 MultiByteToWideChar
0x14002c188 WideCharToMultiByte
0x14002c190 GetEnvironmentStringsW
0x14002c198 FreeEnvironmentStringsW
0x14002c1a0 GetProcessHeap
0x14002c1a8 GetTimeZoneInformation
0x14002c1b0 HeapSize
0x14002c1b8 WriteConsoleW
0x14002c1c0 SetEndOfFile
0x14002c1c8 GetProcAddress
0x14002c1d0 GetSystemTimeAsFileTime
0x14002c1d8 RtlCaptureContext
0x14002c1e0 RtlLookupFunctionEntry
0x14002c1e8 RtlVirtualUnwind
0x14002c1f0 UnhandledExceptionFilter
0x14002c1f8 SetUnhandledExceptionFilter
0x14002c200 TerminateProcess
0x14002c208 IsProcessorFeaturePresent
0x14002c210 QueryPerformanceCounter
0x14002c218 GetCurrentProcessId
0x14002c220 GetCurrentThreadId
0x14002c228 InitializeSListHead
0x14002c230 IsDebuggerPresent
0x14002c238 RtlUnwindEx
0x14002c240 SetLastError
0x14002c248 EnterCriticalSection
0x14002c250 LeaveCriticalSection
0x14002c258 DeleteCriticalSection
0x14002c260 InitializeCriticalSectionAndSpinCount
0x14002c268 TlsAlloc
0x14002c270 TlsGetValue
0x14002c278 TlsSetValue
0x14002c280 TlsFree
0x14002c288 EncodePointer
0x14002c290 RaiseException
0x14002c298 RtlPcToFileHeader
0x14002c2a0 GetCommandLineA
0x14002c2a8 GetDriveTypeW
0x14002c2b0 GetFileInformationByHandle
0x14002c2b8 GetFileType
0x14002c2c0 PeekNamedPipe
0x14002c2c8 SystemTimeToTzSpecificLocalTime
0x14002c2d0 FileTimeToSystemTime
0x14002c2d8 GetFullPathNameW
0x14002c2e0 RemoveDirectoryW
0x14002c2e8 FindNextFileW
0x14002c2f0 SetStdHandle
0x14002c2f8 DeleteFileW
0x14002c300 ReadFile
0x14002c308 GetStdHandle
0x14002c310 WriteFile
0x14002c318 ExitProcess
0x14002c320 GetModuleHandleExW
0x14002c328 HeapFree
0x14002c330 GetConsoleMode
0x14002c338 ReadConsoleW
0x14002c340 SetFilePointerEx
0x14002c348 GetConsoleOutputCP
0x14002c350 GetFileSizeEx
0x14002c358 HeapAlloc
0x14002c360 FlsAlloc
0x14002c368 FlsGetValue
0x14002c370 FlsSetValue
0x14002c378 FlsFree
0x14002c380 CompareStringW
0x14002c388 LCMapStringW
ADVAPI32.dll
0x14002c000 OpenProcessToken
0x14002c008 GetTokenInformation
0x14002c010 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x14002c018 ConvertSidToStringSidW
GDI32.dll
0x14002c038 SelectObject
0x14002c040 DeleteObject
0x14002c048 CreateFontIndirectW
EAT(Export Address Table) is none