ScreenShot
| Created | 2024.09.09 10:15 | Machine | s1_win7_x6403 |
| Filename | oclo.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 15 detected (AIDetectMalware, malicious, high confidence, Lazy, Unsafe, ai score=85, confidence) | ||
| md5 | 0d14677324fb1f05953aff5dfc889965 | ||
| sha256 | 33e42e7828cda7987d17342e0eb8134f590cd3d291dbc75f13334259a4908ba1 | ||
| ssdeep | 24576:A/VAFdBq01lUapCVXAyOtlru19eSVqhCv4pjX/I+4YTXa779BLwc3oe7X8tCHrfx:Qoz6XDl9jl7f+TgmA0sIM7bov | ||
| imphash | 6897e09add1836442c84d70f65d04a85 | ||
| impfuzzy | 96:cjcgyyc68bSGgcaecfQ+L4kDvnahIP2jDCT7NXlUcwcRwA7:DbexGJaahs2jDCT7NXlUKwy | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14023e200 GetConsoleScreenBufferInfo
0x14023e208 SetConsoleCursorInfo
0x14023e210 GetConsoleCursorInfo
0x14023e218 SetConsoleOutputCP
0x14023e220 SetConsoleCtrlHandler
0x14023e228 GetConsoleOutputCP
0x14023e230 GetUserDefaultLCID
0x14023e238 GetSystemDefaultLCID
0x14023e240 GetCurrencyFormatW
0x14023e248 SetLocaleInfoW
0x14023e250 GetCPInfoExW
0x14023e258 IsValidCodePage
0x14023e260 CompareStringW
0x14023e268 GetTimeFormatW
0x14023e270 GetDateFormatW
0x14023e278 GetNumaProcessorNode
0x14023e280 SetVolumeMountPointW
0x14023e288 FindFirstVolumeMountPointW
0x14023e290 CopyFileExW
0x14023e298 CopyFileW
0x14023e2a0 BackupSeek
0x14023e2a8 BackupRead
0x14023e2b0 lstrcatW
0x14023e2b8 lstrcmpW
0x14023e2c0 GetTapeParameters
0x14023e2c8 GetTapeStatus
0x14023e2d0 PrepareTape
0x14023e2d8 GetTapePosition
0x14023e2e0 SetTapePosition
0x14023e2e8 ConvertFiberToThread
0x14023e2f0 GetProcessIoCounters
0x14023e2f8 GetCurrentProcess
0x14023e300 SetProcessAffinityMask
0x14023e308 GetNumaHighestNodeNumber
0x14023e310 QueryInformationJobObject
0x14023e318 AssignProcessToJobObject
0x14023e320 GetLogicalProcessorInformation
0x14023e328 GetProcessPriorityBoost
0x14023e330 SetPriorityClass
0x14023e338 TlsSetValue
0x14023e340 TlsGetValue
0x14023e348 GetThreadPriorityBoost
0x14023e350 GetCurrentThreadId
0x14023e358 WriteConsoleW
0x14023e360 CloseHandle
0x14023e368 CreateFileW
0x14023e370 GetConsoleMode
0x14023e378 FlushFileBuffers
0x14023e380 HeapReAlloc
0x14023e388 HeapSize
0x14023e390 GetProcessHeap
0x14023e398 LCMapStringW
0x14023e3a0 FlsFree
0x14023e3a8 FlsSetValue
0x14023e3b0 FlsGetValue
0x14023e3b8 FlsAlloc
0x14023e3c0 SetFileApisToANSI
0x14023e3c8 AreFileApisANSI
0x14023e3d0 UnlockFileEx
0x14023e3d8 SetFilePointerEx
0x14023e3e0 SetEndOfFile
0x14023e3e8 QueryDosDeviceW
0x14023e3f0 LockFileEx
0x14023e3f8 GetLongPathNameW
0x14023e400 GetFileSizeEx
0x14023e408 GetModuleHandleA
0x14023e410 GetExitCodeProcess
0x14023e418 GetStringTypeW
0x14023e420 GetFileType
0x14023e428 FreeEnvironmentStringsW
0x14023e430 GetEnvironmentStringsW
0x14023e438 WideCharToMultiByte
0x14023e440 MultiByteToWideChar
0x14023e448 GetCommandLineW
0x14023e450 GetCommandLineA
0x14023e458 GetCPInfo
0x14023e460 GetOEMCP
0x14023e468 GetACP
0x14023e470 FindNextFileW
0x14023e478 FindFirstFileExW
0x14023e480 HeapFree
0x14023e488 HeapAlloc
0x14023e490 GetModuleHandleExW
0x14023e498 TerminateProcess
0x14023e4a0 ExitProcess
0x14023e4a8 GetModuleFileNameW
0x14023e4b0 WriteFile
0x14023e4b8 GetStdHandle
0x14023e4c0 RtlPcToFileHeader
0x14023e4c8 RaiseException
0x14023e4d0 EncodePointer
0x14023e4d8 LoadLibraryExW
0x14023e4e0 GetProcAddress
0x14023e4e8 FreeLibrary
0x14023e4f0 TlsFree
0x14023e4f8 TlsAlloc
0x14023e500 InitializeCriticalSectionAndSpinCount
0x14023e508 DeleteCriticalSection
0x14023e510 LeaveCriticalSection
0x14023e518 EnterCriticalSection
0x14023e520 SetLastError
0x14023e528 GetLastError
0x14023e530 RtlUnwindEx
0x14023e538 GetModuleHandleW
0x14023e540 IsProcessorFeaturePresent
0x14023e548 GetStartupInfoW
0x14023e550 SetUnhandledExceptionFilter
0x14023e558 UnhandledExceptionFilter
0x14023e560 IsDebuggerPresent
0x14023e568 GetFileInformationByHandle
0x14023e570 GetFileAttributesExW
0x14023e578 FindClose
0x14023e580 DefineDosDeviceW
0x14023e588 GetCurrentDirectoryW
0x14023e590 SetStdHandle
0x14023e598 GetCurrentProcessId
0x14023e5a0 RtlVirtualUnwind
0x14023e5a8 RtlLookupFunctionEntry
0x14023e5b0 QueryPerformanceCounter
0x14023e5b8 GetSystemTimeAsFileTime
0x14023e5c0 InitializeSListHead
0x14023e5c8 RtlCaptureContext
GDI32.dll
0x14023e090 SetWindowOrgEx
0x14023e098 GetKerningPairsW
0x14023e0a0 SetBrushOrgEx
0x14023e0a8 GetWinMetaFileBits
0x14023e0b0 PolylineTo
0x14023e0b8 Polygon
0x14023e0c0 LPtoDP
0x14023e0c8 PolyTextOutW
0x14023e0d0 StrokeAndFillPath
0x14023e0d8 SetArcDirection
0x14023e0e0 AbortPath
0x14023e0e8 SetWinMetaFileBits
0x14023e0f0 GetEnhMetaFileBits
0x14023e0f8 GdiTransparentBlt
0x14023e100 SetTextColor
0x14023e108 SetSystemPaletteUse
0x14023e110 SetMetaFileBitsEx
0x14023e118 SetMapMode
0x14023e120 SetDIBitsToDevice
0x14023e128 SetBkMode
0x14023e130 SetDCPenColor
0x14023e138 SaveDC
0x14023e140 PtVisible
0x14023e148 PtInRegion
0x14023e150 OffsetClipRgn
0x14023e158 MaskBlt
0x14023e160 GetWindowExtEx
0x14023e168 GetViewportOrgEx
0x14023e170 RemoveFontResourceExW
0x14023e178 GetGlyphIndicesW
0x14023e180 GetTextExtentExPointW
0x14023e188 GetTextAlign
0x14023e190 GetSystemPaletteUse
0x14023e198 GetSystemPaletteEntries
0x14023e1a0 GetMetaFileBitsEx
0x14023e1a8 GetCurrentPositionEx
0x14023e1b0 GetCharWidth32W
0x14023e1b8 GetCharWidthW
0x14023e1c0 EnumFontFamiliesW
0x14023e1c8 DrawEscape
0x14023e1d0 CreateBrushIndirect
0x14023e1d8 CancelDC
0x14023e1e0 BitBlt
0x14023e1e8 Arc
0x14023e1f0 AnimatePalette
WINSPOOL.DRV
0x14023e608 ConnectToPrinterDlg
0x14023e610 EnumPrintersW
0x14023e618 ResetPrinterW
0x14023e620 SetJobW
0x14023e628 GetJobW
0x14023e630 EnumJobsW
0x14023e638 SetPrinterW
0x14023e640 FlushPrinter
0x14023e648 GetPrinterDataW
0x14023e650 EnumPrinterDataW
0x14023e658 SetPrinterDataW
0x14023e660 SetPrinterDataExW
0x14023e668 GetFormW
0x14023e670 ConfigurePortW
0x14023e678 SetPortW
COMDLG32.dll
0x14023e038 PrintDlgExW
0x14023e040 PrintDlgW
0x14023e048 ChooseFontW
0x14023e050 ReplaceTextW
0x14023e058 FindTextW
0x14023e060 ChooseColorW
0x14023e068 GetFileTitleW
0x14023e070 GetSaveFileNameW
0x14023e078 GetOpenFileNameW
0x14023e080 CommDlgExtendedError
ole32.dll
0x14023e698 StringFromIID
0x14023e6a0 CLSIDFromString
0x14023e6a8 CoEnableCallCancellation
0x14023e6b0 CoTestCancel
0x14023e6b8 CoCancelCall
0x14023e6c0 CoQueryAuthenticationServices
0x14023e6c8 CoQueryClientBlanket
0x14023e6d0 CoSetProxyBlanket
0x14023e6d8 IIDFromString
0x14023e6e0 CoGetInterfaceAndReleaseStream
0x14023e6e8 CoMarshalInterThreadInterfaceInStream
0x14023e6f0 CoGetStdMarshalEx
0x14023e6f8 CoLockObjectExternal
0x14023e700 CoDisconnectObject
0x14023e708 CoMarshalHresult
0x14023e710 CoUnmarshalInterface
0x14023e718 CoMarshalInterface
0x14023e720 CoGetMarshalSizeMax
0x14023e728 CoGetPSClsid
0x14023e730 CoResumeClassObjects
0x14023e738 CoGetObjectContext
0x14023e740 CoGetContextToken
0x14023e748 CoGetCurrentLogicalThreadId
0x14023e750 CoGetCurrentProcess
0x14023e758 CoUninitialize
0x14023e760 ProgIDFromCLSID
0x14023e768 CLSIDFromProgID
0x14023e770 CoInvalidateRemoteMachineBindings
0x14023e778 CLSIDFromProgIDEx
0x14023e780 CoGetInstanceFromIStorage
0x14023e788 CoAllowSetForegroundWindow
0x14023e790 CoIsOle1Class
0x14023e798 CoFileTimeToDosDateTime
0x14023e7a0 CoInstall
0x14023e7a8 BindMoniker
0x14023e7b0 MkParseDisplayName
0x14023e7b8 MonikerRelativePathTo
0x14023e7c0 GetClassFile
0x14023e7c8 OleGetIconOfClass
0x14023e7d0 OleSetAutoConvert
0x14023e7d8 CoGetInterceptor
0x14023e7e0 CoGetCallContext
VERSION.dll
0x14023e5d8 VerQueryValueW
0x14023e5e0 GetFileVersionInfoW
0x14023e5e8 GetFileVersionInfoSizeW
0x14023e5f0 VerInstallFileW
0x14023e5f8 VerFindFileW
COMCTL32.dll
0x14023e000 None
0x14023e008 None
0x14023e010 None
0x14023e018 None
0x14023e020 None
0x14023e028 PropertySheetW
dxgi.dll
0x14023e688 CreateDXGIFactory
EAT(Export Address Table) is none
KERNEL32.dll
0x14023e200 GetConsoleScreenBufferInfo
0x14023e208 SetConsoleCursorInfo
0x14023e210 GetConsoleCursorInfo
0x14023e218 SetConsoleOutputCP
0x14023e220 SetConsoleCtrlHandler
0x14023e228 GetConsoleOutputCP
0x14023e230 GetUserDefaultLCID
0x14023e238 GetSystemDefaultLCID
0x14023e240 GetCurrencyFormatW
0x14023e248 SetLocaleInfoW
0x14023e250 GetCPInfoExW
0x14023e258 IsValidCodePage
0x14023e260 CompareStringW
0x14023e268 GetTimeFormatW
0x14023e270 GetDateFormatW
0x14023e278 GetNumaProcessorNode
0x14023e280 SetVolumeMountPointW
0x14023e288 FindFirstVolumeMountPointW
0x14023e290 CopyFileExW
0x14023e298 CopyFileW
0x14023e2a0 BackupSeek
0x14023e2a8 BackupRead
0x14023e2b0 lstrcatW
0x14023e2b8 lstrcmpW
0x14023e2c0 GetTapeParameters
0x14023e2c8 GetTapeStatus
0x14023e2d0 PrepareTape
0x14023e2d8 GetTapePosition
0x14023e2e0 SetTapePosition
0x14023e2e8 ConvertFiberToThread
0x14023e2f0 GetProcessIoCounters
0x14023e2f8 GetCurrentProcess
0x14023e300 SetProcessAffinityMask
0x14023e308 GetNumaHighestNodeNumber
0x14023e310 QueryInformationJobObject
0x14023e318 AssignProcessToJobObject
0x14023e320 GetLogicalProcessorInformation
0x14023e328 GetProcessPriorityBoost
0x14023e330 SetPriorityClass
0x14023e338 TlsSetValue
0x14023e340 TlsGetValue
0x14023e348 GetThreadPriorityBoost
0x14023e350 GetCurrentThreadId
0x14023e358 WriteConsoleW
0x14023e360 CloseHandle
0x14023e368 CreateFileW
0x14023e370 GetConsoleMode
0x14023e378 FlushFileBuffers
0x14023e380 HeapReAlloc
0x14023e388 HeapSize
0x14023e390 GetProcessHeap
0x14023e398 LCMapStringW
0x14023e3a0 FlsFree
0x14023e3a8 FlsSetValue
0x14023e3b0 FlsGetValue
0x14023e3b8 FlsAlloc
0x14023e3c0 SetFileApisToANSI
0x14023e3c8 AreFileApisANSI
0x14023e3d0 UnlockFileEx
0x14023e3d8 SetFilePointerEx
0x14023e3e0 SetEndOfFile
0x14023e3e8 QueryDosDeviceW
0x14023e3f0 LockFileEx
0x14023e3f8 GetLongPathNameW
0x14023e400 GetFileSizeEx
0x14023e408 GetModuleHandleA
0x14023e410 GetExitCodeProcess
0x14023e418 GetStringTypeW
0x14023e420 GetFileType
0x14023e428 FreeEnvironmentStringsW
0x14023e430 GetEnvironmentStringsW
0x14023e438 WideCharToMultiByte
0x14023e440 MultiByteToWideChar
0x14023e448 GetCommandLineW
0x14023e450 GetCommandLineA
0x14023e458 GetCPInfo
0x14023e460 GetOEMCP
0x14023e468 GetACP
0x14023e470 FindNextFileW
0x14023e478 FindFirstFileExW
0x14023e480 HeapFree
0x14023e488 HeapAlloc
0x14023e490 GetModuleHandleExW
0x14023e498 TerminateProcess
0x14023e4a0 ExitProcess
0x14023e4a8 GetModuleFileNameW
0x14023e4b0 WriteFile
0x14023e4b8 GetStdHandle
0x14023e4c0 RtlPcToFileHeader
0x14023e4c8 RaiseException
0x14023e4d0 EncodePointer
0x14023e4d8 LoadLibraryExW
0x14023e4e0 GetProcAddress
0x14023e4e8 FreeLibrary
0x14023e4f0 TlsFree
0x14023e4f8 TlsAlloc
0x14023e500 InitializeCriticalSectionAndSpinCount
0x14023e508 DeleteCriticalSection
0x14023e510 LeaveCriticalSection
0x14023e518 EnterCriticalSection
0x14023e520 SetLastError
0x14023e528 GetLastError
0x14023e530 RtlUnwindEx
0x14023e538 GetModuleHandleW
0x14023e540 IsProcessorFeaturePresent
0x14023e548 GetStartupInfoW
0x14023e550 SetUnhandledExceptionFilter
0x14023e558 UnhandledExceptionFilter
0x14023e560 IsDebuggerPresent
0x14023e568 GetFileInformationByHandle
0x14023e570 GetFileAttributesExW
0x14023e578 FindClose
0x14023e580 DefineDosDeviceW
0x14023e588 GetCurrentDirectoryW
0x14023e590 SetStdHandle
0x14023e598 GetCurrentProcessId
0x14023e5a0 RtlVirtualUnwind
0x14023e5a8 RtlLookupFunctionEntry
0x14023e5b0 QueryPerformanceCounter
0x14023e5b8 GetSystemTimeAsFileTime
0x14023e5c0 InitializeSListHead
0x14023e5c8 RtlCaptureContext
GDI32.dll
0x14023e090 SetWindowOrgEx
0x14023e098 GetKerningPairsW
0x14023e0a0 SetBrushOrgEx
0x14023e0a8 GetWinMetaFileBits
0x14023e0b0 PolylineTo
0x14023e0b8 Polygon
0x14023e0c0 LPtoDP
0x14023e0c8 PolyTextOutW
0x14023e0d0 StrokeAndFillPath
0x14023e0d8 SetArcDirection
0x14023e0e0 AbortPath
0x14023e0e8 SetWinMetaFileBits
0x14023e0f0 GetEnhMetaFileBits
0x14023e0f8 GdiTransparentBlt
0x14023e100 SetTextColor
0x14023e108 SetSystemPaletteUse
0x14023e110 SetMetaFileBitsEx
0x14023e118 SetMapMode
0x14023e120 SetDIBitsToDevice
0x14023e128 SetBkMode
0x14023e130 SetDCPenColor
0x14023e138 SaveDC
0x14023e140 PtVisible
0x14023e148 PtInRegion
0x14023e150 OffsetClipRgn
0x14023e158 MaskBlt
0x14023e160 GetWindowExtEx
0x14023e168 GetViewportOrgEx
0x14023e170 RemoveFontResourceExW
0x14023e178 GetGlyphIndicesW
0x14023e180 GetTextExtentExPointW
0x14023e188 GetTextAlign
0x14023e190 GetSystemPaletteUse
0x14023e198 GetSystemPaletteEntries
0x14023e1a0 GetMetaFileBitsEx
0x14023e1a8 GetCurrentPositionEx
0x14023e1b0 GetCharWidth32W
0x14023e1b8 GetCharWidthW
0x14023e1c0 EnumFontFamiliesW
0x14023e1c8 DrawEscape
0x14023e1d0 CreateBrushIndirect
0x14023e1d8 CancelDC
0x14023e1e0 BitBlt
0x14023e1e8 Arc
0x14023e1f0 AnimatePalette
WINSPOOL.DRV
0x14023e608 ConnectToPrinterDlg
0x14023e610 EnumPrintersW
0x14023e618 ResetPrinterW
0x14023e620 SetJobW
0x14023e628 GetJobW
0x14023e630 EnumJobsW
0x14023e638 SetPrinterW
0x14023e640 FlushPrinter
0x14023e648 GetPrinterDataW
0x14023e650 EnumPrinterDataW
0x14023e658 SetPrinterDataW
0x14023e660 SetPrinterDataExW
0x14023e668 GetFormW
0x14023e670 ConfigurePortW
0x14023e678 SetPortW
COMDLG32.dll
0x14023e038 PrintDlgExW
0x14023e040 PrintDlgW
0x14023e048 ChooseFontW
0x14023e050 ReplaceTextW
0x14023e058 FindTextW
0x14023e060 ChooseColorW
0x14023e068 GetFileTitleW
0x14023e070 GetSaveFileNameW
0x14023e078 GetOpenFileNameW
0x14023e080 CommDlgExtendedError
ole32.dll
0x14023e698 StringFromIID
0x14023e6a0 CLSIDFromString
0x14023e6a8 CoEnableCallCancellation
0x14023e6b0 CoTestCancel
0x14023e6b8 CoCancelCall
0x14023e6c0 CoQueryAuthenticationServices
0x14023e6c8 CoQueryClientBlanket
0x14023e6d0 CoSetProxyBlanket
0x14023e6d8 IIDFromString
0x14023e6e0 CoGetInterfaceAndReleaseStream
0x14023e6e8 CoMarshalInterThreadInterfaceInStream
0x14023e6f0 CoGetStdMarshalEx
0x14023e6f8 CoLockObjectExternal
0x14023e700 CoDisconnectObject
0x14023e708 CoMarshalHresult
0x14023e710 CoUnmarshalInterface
0x14023e718 CoMarshalInterface
0x14023e720 CoGetMarshalSizeMax
0x14023e728 CoGetPSClsid
0x14023e730 CoResumeClassObjects
0x14023e738 CoGetObjectContext
0x14023e740 CoGetContextToken
0x14023e748 CoGetCurrentLogicalThreadId
0x14023e750 CoGetCurrentProcess
0x14023e758 CoUninitialize
0x14023e760 ProgIDFromCLSID
0x14023e768 CLSIDFromProgID
0x14023e770 CoInvalidateRemoteMachineBindings
0x14023e778 CLSIDFromProgIDEx
0x14023e780 CoGetInstanceFromIStorage
0x14023e788 CoAllowSetForegroundWindow
0x14023e790 CoIsOle1Class
0x14023e798 CoFileTimeToDosDateTime
0x14023e7a0 CoInstall
0x14023e7a8 BindMoniker
0x14023e7b0 MkParseDisplayName
0x14023e7b8 MonikerRelativePathTo
0x14023e7c0 GetClassFile
0x14023e7c8 OleGetIconOfClass
0x14023e7d0 OleSetAutoConvert
0x14023e7d8 CoGetInterceptor
0x14023e7e0 CoGetCallContext
VERSION.dll
0x14023e5d8 VerQueryValueW
0x14023e5e0 GetFileVersionInfoW
0x14023e5e8 GetFileVersionInfoSizeW
0x14023e5f0 VerInstallFileW
0x14023e5f8 VerFindFileW
COMCTL32.dll
0x14023e000 None
0x14023e008 None
0x14023e010 None
0x14023e018 None
0x14023e020 None
0x14023e028 PropertySheetW
dxgi.dll
0x14023e688 CreateDXGIFactory
EAT(Export Address Table) is none