ScreenShot
| Created | 2024.09.09 10:10 | Machine | s1_win7_x6401 |
| Filename | lemon.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 11 detected (AIDetectMalware, malicious, moderate confidence, Unsafe, GenKryptik, GZUY, Static AI, Suspicious PE, confidence) | ||
| md5 | 06316232a5c4476deffee5872b5a9c0f | ||
| sha256 | 8e63b1f7f8e29b9a714f796e2e8ca0cd1094086e2d0a5de21601e23e1792a906 | ||
| ssdeep | 49152:W7edaPcjUzLZIpHoQmKFrl9zr05IdTpvBBvwj:H2mS | ||
| imphash | 8a0d4922e8722fe4880f97321db0e8ae | ||
| impfuzzy | 96:RgKtAxX17TpXLfpyug4XnR4Ar+rBa7gcaecfQ+LRvXew1K8w4Pz:+KcF7VNlLXlSA7JvwA2z | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 11 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14027c010 GetEnvironmentStringsW
0x14027c018 SetCurrentDirectoryW
0x14027c020 FindCloseChangeNotification
0x14027c028 FindFirstFileW
0x14027c030 FindFirstFileExW
0x14027c038 FindFirstVolumeW
0x14027c040 FindNextFileW
0x14027c048 FindVolumeClose
0x14027c050 GetDiskFreeSpaceW
0x14027c058 GetDriveTypeW
0x14027c060 GetFileAttributesW
0x14027c068 GetFileInformationByHandle
0x14027c070 GetFileSize
0x14027c078 GetFileSizeEx
0x14027c080 GetLogicalDriveStringsW
0x14027c088 GetTempFileNameW
0x14027c090 LockFile
0x14027c098 QueryDosDeviceW
0x14027c0a0 ReadFileEx
0x14027c0a8 SetEndOfFile
0x14027c0b0 SetFilePointer
0x14027c0b8 SetFilePointerEx
0x14027c0c0 SetFileValidData
0x14027c0c8 WriteFile
0x14027c0d0 GetVolumePathNamesForVolumeNameW
0x14027c0d8 AreFileApisANSI
0x14027c0e0 SetFileApisToANSI
0x14027c0e8 PostQueuedCompletionStatus
0x14027c0f0 SleepEx
0x14027c0f8 GetProcessTimes
0x14027c100 GetExitCodeProcess
0x14027c108 GetCurrentThreadId
0x14027c110 SetThreadPriority
0x14027c118 GetThreadPriority
0x14027c120 TerminateThread
0x14027c128 TlsGetValue
0x14027c130 TlsSetValue
0x14027c138 SetProcessShutdownParameters
0x14027c140 GetProcessVersion
0x14027c148 GetThreadTimes
0x14027c150 GetProcessHandleCount
0x14027c158 SetProcessPriorityBoost
0x14027c160 GetThreadIOPendingFlag
0x14027c168 SetThreadIdealProcessor
0x14027c170 GetLogicalProcessorInformation
0x14027c178 GetProcessWorkingSetSize
0x14027c180 AssignProcessToJobObject
0x14027c188 TerminateJobObject
0x14027c190 GetNumaHighestNodeNumber
0x14027c198 SetProcessAffinityMask
0x14027c1a0 ConvertFiberToThread
0x14027c1a8 ConvertThreadToFiber
0x14027c1b0 SetThreadAffinityMask
0x14027c1b8 SetTapePosition
0x14027c1c0 GetTapePosition
0x14027c1c8 GetTapeParameters
0x14027c1d0 SetTapeParameters
0x14027c1d8 lstrcpynW
0x14027c1e0 BackupRead
0x14027c1e8 BackupSeek
0x14027c1f0 CheckNameLegalDOS8Dot3W
0x14027c1f8 CopyFileW
0x14027c200 CopyFileExW
0x14027c208 MoveFileW
0x14027c210 FindNextVolumeMountPointW
0x14027c218 GetNumaNodeProcessorMask
0x14027c220 GetNumaAvailableMemoryNode
0x14027c228 GetOEMCP
0x14027c230 GetLocaleInfoW
0x14027c238 IsValidLanguageGroup
0x14027c240 GetGeoInfoW
0x14027c248 EnumSystemGeoID
0x14027c250 GetUserGeoID
0x14027c258 GetSystemDefaultUILanguage
0x14027c260 GetUserDefaultLangID
0x14027c268 GetSystemDefaultLangID
0x14027c270 GetUserDefaultLCID
0x14027c278 AttachConsole
0x14027c280 GetConsoleCP
0x14027c288 GetConsoleOutputCP
0x14027c290 GetConsoleMode
0x14027c298 ReadConsoleInputW
0x14027c2a0 ReadConsoleW
0x14027c2a8 WriteConsoleW
0x14027c2b0 SetStdHandle
0x14027c2b8 GenerateConsoleCtrlEvent
0x14027c2c0 FlushConsoleInputBuffer
0x14027c2c8 GetConsoleCursorInfo
0x14027c2d0 SetConsoleCursorInfo
0x14027c2d8 SetConsoleScreenBufferSize
0x14027c2e0 GetLargestConsoleWindowSize
0x14027c2e8 SetConsoleTextAttribute
0x14027c2f0 WriteConsoleOutputCharacterW
0x14027c2f8 WriteConsoleOutputAttribute
0x14027c300 ReadConsoleOutputCharacterW
0x14027c308 ReadConsoleOutputAttribute
0x14027c310 GetCurrentConsoleFont
0x14027c318 GetConsoleSelectionInfo
0x14027c320 CloseHandle
0x14027c328 CreateFileW
0x14027c330 FlushFileBuffers
0x14027c338 HeapReAlloc
0x14027c340 HeapSize
0x14027c348 GetProcessHeap
0x14027c350 LCMapStringW
0x14027c358 FlsFree
0x14027c360 FlsSetValue
0x14027c368 FlsGetValue
0x14027c370 FlsAlloc
0x14027c378 GetStringTypeW
0x14027c380 GetFileType
0x14027c388 FreeEnvironmentStringsW
0x14027c390 WideCharToMultiByte
0x14027c398 MultiByteToWideChar
0x14027c3a0 GetCommandLineW
0x14027c3a8 GetCommandLineA
0x14027c3b0 GetCPInfo
0x14027c3b8 GetACP
0x14027c3c0 IsValidCodePage
0x14027c3c8 FindClose
0x14027c3d0 HeapFree
0x14027c3d8 HeapAlloc
0x14027c3e0 GetModuleHandleExW
0x14027c3e8 TerminateProcess
0x14027c3f0 ExitProcess
0x14027c3f8 GetCurrentProcess
0x14027c400 GetModuleFileNameW
0x14027c408 GetStdHandle
0x14027c410 RtlPcToFileHeader
0x14027c418 RaiseException
0x14027c420 EncodePointer
0x14027c428 LoadLibraryExW
0x14027c430 GetProcAddress
0x14027c438 FreeLibrary
0x14027c440 TlsFree
0x14027c448 TlsAlloc
0x14027c450 InitializeCriticalSectionAndSpinCount
0x14027c458 DeleteCriticalSection
0x14027c460 LeaveCriticalSection
0x14027c468 EnterCriticalSection
0x14027c470 SetLastError
0x14027c478 GetLastError
0x14027c480 RtlUnwindEx
0x14027c488 GetModuleHandleW
0x14027c490 IsProcessorFeaturePresent
0x14027c498 GetStartupInfoW
0x14027c4a0 SetUnhandledExceptionFilter
0x14027c4a8 UnhandledExceptionFilter
0x14027c4b0 IsDebuggerPresent
0x14027c4b8 RtlVirtualUnwind
0x14027c4c0 RtlLookupFunctionEntry
0x14027c4c8 RtlCaptureContext
0x14027c4d0 InitializeSListHead
0x14027c4d8 GetSystemTimeAsFileTime
0x14027c4e0 GetCurrentProcessId
0x14027c4e8 QueryPerformanceCounter
0x14027c4f0 SetConsoleCtrlHandler
0x14027c4f8 GetModuleHandleA
WINSPOOL.DRV
0x14027c538 WritePrinter
0x14027c540 ReadPrinter
0x14027c548 ScheduleJob
0x14027c550 FindFirstPrinterChangeNotification
0x14027c558 FindNextPrinterChangeNotification
0x14027c560 FindClosePrinterChangeNotification
0x14027c568 AbortPrinter
ole32.dll
0x14027c588 IsAccelerator
0x14027c590 GetRunningObjectTable
0x14027c598 GetClassFile
0x14027c5a0 MonikerRelativePathTo
0x14027c5a8 MkParseDisplayName
0x14027c5b0 BindMoniker
0x14027c5b8 CoTreatAsClass
0x14027c5c0 CoDosDateTimeToFileTime
0x14027c5c8 CoFileTimeToDosDateTime
0x14027c5d0 CoIsOle1Class
0x14027c5d8 CoAllowSetForegroundWindow
0x14027c5e0 CoGetInstanceFromIStorage
0x14027c5e8 CoGetInstanceFromFile
0x14027c5f0 CoRevokeInitializeSpy
0x14027c5f8 CoRevokeMallocSpy
0x14027c600 CLSIDFromProgIDEx
0x14027c608 CoTaskMemFree
0x14027c610 CoTaskMemRealloc
0x14027c618 CoTaskMemAlloc
0x14027c620 CoInvalidateRemoteMachineBindings
0x14027c628 CoGetTreatAsClass
0x14027c630 StringFromGUID2
0x14027c638 IIDFromString
0x14027c640 OleRegGetMiscStatus
0x14027c648 CLSIDFromString
0x14027c650 StringFromCLSID
0x14027c658 CoDisableCallCancellation
0x14027c660 CoTestCancel
0x14027c668 OleGetIconOfFile
0x14027c670 CoSetCancelObject
0x14027c678 CoGetCancelObject
0x14027c680 CoSwitchCallContext
0x14027c688 CoQueryAuthenticationServices
0x14027c690 CoRevertToSelf
0x14027c698 CoImpersonateClient
0x14027c6a0 CoQueryClientBlanket
0x14027c6a8 CoCopyProxy
0x14027c6b0 CoGetInterfaceAndReleaseStream
0x14027c6b8 CoMarshalInterThreadInterfaceInStream
0x14027c6c0 CoIsHandlerConnected
0x14027c6c8 CoGetStdMarshalEx
0x14027c6d0 CoGetStandardMarshal
0x14027c6d8 CoLockObjectExternal
0x14027c6e0 CoUnmarshalHresult
0x14027c6e8 CoMarshalHresult
0x14027c6f0 CoUnmarshalInterface
0x14027c6f8 CoMarshalInterface
0x14027c700 CoGetPSClsid
0x14027c708 CoSuspendClassObjects
0x14027c710 CoResumeClassObjects
0x14027c718 CoRevokeClassObject
0x14027c720 CoGetClassObject
0x14027c728 CoGetObjectContext
0x14027c730 CoGetContextToken
0x14027c738 CoGetCurrentLogicalThreadId
0x14027c740 CoGetMalloc
0x14027c748 OleGetIconOfClass
0x14027c750 OleDoAutoConvert
0x14027c758 CoCancelCall
0x14027c760 OleRegGetUserType
0x14027c768 OleGetAutoConvert
0x14027c770 OleSetAutoConvert
0x14027c778 StringFromIID
0x14027c780 CoGetInterceptor
0x14027c788 CoQueryProxyBlanket
VERSION.dll
0x14027c508 VerFindFileW
0x14027c510 VerInstallFileW
0x14027c518 GetFileVersionInfoSizeW
0x14027c520 GetFileVersionInfoW
0x14027c528 VerQueryValueW
COMCTL32.dll
0x14027c000 None
dxgi.dll
0x14027c578 CreateDXGIFactory
EAT(Export Address Table) is none
KERNEL32.dll
0x14027c010 GetEnvironmentStringsW
0x14027c018 SetCurrentDirectoryW
0x14027c020 FindCloseChangeNotification
0x14027c028 FindFirstFileW
0x14027c030 FindFirstFileExW
0x14027c038 FindFirstVolumeW
0x14027c040 FindNextFileW
0x14027c048 FindVolumeClose
0x14027c050 GetDiskFreeSpaceW
0x14027c058 GetDriveTypeW
0x14027c060 GetFileAttributesW
0x14027c068 GetFileInformationByHandle
0x14027c070 GetFileSize
0x14027c078 GetFileSizeEx
0x14027c080 GetLogicalDriveStringsW
0x14027c088 GetTempFileNameW
0x14027c090 LockFile
0x14027c098 QueryDosDeviceW
0x14027c0a0 ReadFileEx
0x14027c0a8 SetEndOfFile
0x14027c0b0 SetFilePointer
0x14027c0b8 SetFilePointerEx
0x14027c0c0 SetFileValidData
0x14027c0c8 WriteFile
0x14027c0d0 GetVolumePathNamesForVolumeNameW
0x14027c0d8 AreFileApisANSI
0x14027c0e0 SetFileApisToANSI
0x14027c0e8 PostQueuedCompletionStatus
0x14027c0f0 SleepEx
0x14027c0f8 GetProcessTimes
0x14027c100 GetExitCodeProcess
0x14027c108 GetCurrentThreadId
0x14027c110 SetThreadPriority
0x14027c118 GetThreadPriority
0x14027c120 TerminateThread
0x14027c128 TlsGetValue
0x14027c130 TlsSetValue
0x14027c138 SetProcessShutdownParameters
0x14027c140 GetProcessVersion
0x14027c148 GetThreadTimes
0x14027c150 GetProcessHandleCount
0x14027c158 SetProcessPriorityBoost
0x14027c160 GetThreadIOPendingFlag
0x14027c168 SetThreadIdealProcessor
0x14027c170 GetLogicalProcessorInformation
0x14027c178 GetProcessWorkingSetSize
0x14027c180 AssignProcessToJobObject
0x14027c188 TerminateJobObject
0x14027c190 GetNumaHighestNodeNumber
0x14027c198 SetProcessAffinityMask
0x14027c1a0 ConvertFiberToThread
0x14027c1a8 ConvertThreadToFiber
0x14027c1b0 SetThreadAffinityMask
0x14027c1b8 SetTapePosition
0x14027c1c0 GetTapePosition
0x14027c1c8 GetTapeParameters
0x14027c1d0 SetTapeParameters
0x14027c1d8 lstrcpynW
0x14027c1e0 BackupRead
0x14027c1e8 BackupSeek
0x14027c1f0 CheckNameLegalDOS8Dot3W
0x14027c1f8 CopyFileW
0x14027c200 CopyFileExW
0x14027c208 MoveFileW
0x14027c210 FindNextVolumeMountPointW
0x14027c218 GetNumaNodeProcessorMask
0x14027c220 GetNumaAvailableMemoryNode
0x14027c228 GetOEMCP
0x14027c230 GetLocaleInfoW
0x14027c238 IsValidLanguageGroup
0x14027c240 GetGeoInfoW
0x14027c248 EnumSystemGeoID
0x14027c250 GetUserGeoID
0x14027c258 GetSystemDefaultUILanguage
0x14027c260 GetUserDefaultLangID
0x14027c268 GetSystemDefaultLangID
0x14027c270 GetUserDefaultLCID
0x14027c278 AttachConsole
0x14027c280 GetConsoleCP
0x14027c288 GetConsoleOutputCP
0x14027c290 GetConsoleMode
0x14027c298 ReadConsoleInputW
0x14027c2a0 ReadConsoleW
0x14027c2a8 WriteConsoleW
0x14027c2b0 SetStdHandle
0x14027c2b8 GenerateConsoleCtrlEvent
0x14027c2c0 FlushConsoleInputBuffer
0x14027c2c8 GetConsoleCursorInfo
0x14027c2d0 SetConsoleCursorInfo
0x14027c2d8 SetConsoleScreenBufferSize
0x14027c2e0 GetLargestConsoleWindowSize
0x14027c2e8 SetConsoleTextAttribute
0x14027c2f0 WriteConsoleOutputCharacterW
0x14027c2f8 WriteConsoleOutputAttribute
0x14027c300 ReadConsoleOutputCharacterW
0x14027c308 ReadConsoleOutputAttribute
0x14027c310 GetCurrentConsoleFont
0x14027c318 GetConsoleSelectionInfo
0x14027c320 CloseHandle
0x14027c328 CreateFileW
0x14027c330 FlushFileBuffers
0x14027c338 HeapReAlloc
0x14027c340 HeapSize
0x14027c348 GetProcessHeap
0x14027c350 LCMapStringW
0x14027c358 FlsFree
0x14027c360 FlsSetValue
0x14027c368 FlsGetValue
0x14027c370 FlsAlloc
0x14027c378 GetStringTypeW
0x14027c380 GetFileType
0x14027c388 FreeEnvironmentStringsW
0x14027c390 WideCharToMultiByte
0x14027c398 MultiByteToWideChar
0x14027c3a0 GetCommandLineW
0x14027c3a8 GetCommandLineA
0x14027c3b0 GetCPInfo
0x14027c3b8 GetACP
0x14027c3c0 IsValidCodePage
0x14027c3c8 FindClose
0x14027c3d0 HeapFree
0x14027c3d8 HeapAlloc
0x14027c3e0 GetModuleHandleExW
0x14027c3e8 TerminateProcess
0x14027c3f0 ExitProcess
0x14027c3f8 GetCurrentProcess
0x14027c400 GetModuleFileNameW
0x14027c408 GetStdHandle
0x14027c410 RtlPcToFileHeader
0x14027c418 RaiseException
0x14027c420 EncodePointer
0x14027c428 LoadLibraryExW
0x14027c430 GetProcAddress
0x14027c438 FreeLibrary
0x14027c440 TlsFree
0x14027c448 TlsAlloc
0x14027c450 InitializeCriticalSectionAndSpinCount
0x14027c458 DeleteCriticalSection
0x14027c460 LeaveCriticalSection
0x14027c468 EnterCriticalSection
0x14027c470 SetLastError
0x14027c478 GetLastError
0x14027c480 RtlUnwindEx
0x14027c488 GetModuleHandleW
0x14027c490 IsProcessorFeaturePresent
0x14027c498 GetStartupInfoW
0x14027c4a0 SetUnhandledExceptionFilter
0x14027c4a8 UnhandledExceptionFilter
0x14027c4b0 IsDebuggerPresent
0x14027c4b8 RtlVirtualUnwind
0x14027c4c0 RtlLookupFunctionEntry
0x14027c4c8 RtlCaptureContext
0x14027c4d0 InitializeSListHead
0x14027c4d8 GetSystemTimeAsFileTime
0x14027c4e0 GetCurrentProcessId
0x14027c4e8 QueryPerformanceCounter
0x14027c4f0 SetConsoleCtrlHandler
0x14027c4f8 GetModuleHandleA
WINSPOOL.DRV
0x14027c538 WritePrinter
0x14027c540 ReadPrinter
0x14027c548 ScheduleJob
0x14027c550 FindFirstPrinterChangeNotification
0x14027c558 FindNextPrinterChangeNotification
0x14027c560 FindClosePrinterChangeNotification
0x14027c568 AbortPrinter
ole32.dll
0x14027c588 IsAccelerator
0x14027c590 GetRunningObjectTable
0x14027c598 GetClassFile
0x14027c5a0 MonikerRelativePathTo
0x14027c5a8 MkParseDisplayName
0x14027c5b0 BindMoniker
0x14027c5b8 CoTreatAsClass
0x14027c5c0 CoDosDateTimeToFileTime
0x14027c5c8 CoFileTimeToDosDateTime
0x14027c5d0 CoIsOle1Class
0x14027c5d8 CoAllowSetForegroundWindow
0x14027c5e0 CoGetInstanceFromIStorage
0x14027c5e8 CoGetInstanceFromFile
0x14027c5f0 CoRevokeInitializeSpy
0x14027c5f8 CoRevokeMallocSpy
0x14027c600 CLSIDFromProgIDEx
0x14027c608 CoTaskMemFree
0x14027c610 CoTaskMemRealloc
0x14027c618 CoTaskMemAlloc
0x14027c620 CoInvalidateRemoteMachineBindings
0x14027c628 CoGetTreatAsClass
0x14027c630 StringFromGUID2
0x14027c638 IIDFromString
0x14027c640 OleRegGetMiscStatus
0x14027c648 CLSIDFromString
0x14027c650 StringFromCLSID
0x14027c658 CoDisableCallCancellation
0x14027c660 CoTestCancel
0x14027c668 OleGetIconOfFile
0x14027c670 CoSetCancelObject
0x14027c678 CoGetCancelObject
0x14027c680 CoSwitchCallContext
0x14027c688 CoQueryAuthenticationServices
0x14027c690 CoRevertToSelf
0x14027c698 CoImpersonateClient
0x14027c6a0 CoQueryClientBlanket
0x14027c6a8 CoCopyProxy
0x14027c6b0 CoGetInterfaceAndReleaseStream
0x14027c6b8 CoMarshalInterThreadInterfaceInStream
0x14027c6c0 CoIsHandlerConnected
0x14027c6c8 CoGetStdMarshalEx
0x14027c6d0 CoGetStandardMarshal
0x14027c6d8 CoLockObjectExternal
0x14027c6e0 CoUnmarshalHresult
0x14027c6e8 CoMarshalHresult
0x14027c6f0 CoUnmarshalInterface
0x14027c6f8 CoMarshalInterface
0x14027c700 CoGetPSClsid
0x14027c708 CoSuspendClassObjects
0x14027c710 CoResumeClassObjects
0x14027c718 CoRevokeClassObject
0x14027c720 CoGetClassObject
0x14027c728 CoGetObjectContext
0x14027c730 CoGetContextToken
0x14027c738 CoGetCurrentLogicalThreadId
0x14027c740 CoGetMalloc
0x14027c748 OleGetIconOfClass
0x14027c750 OleDoAutoConvert
0x14027c758 CoCancelCall
0x14027c760 OleRegGetUserType
0x14027c768 OleGetAutoConvert
0x14027c770 OleSetAutoConvert
0x14027c778 StringFromIID
0x14027c780 CoGetInterceptor
0x14027c788 CoQueryProxyBlanket
VERSION.dll
0x14027c508 VerFindFileW
0x14027c510 VerInstallFileW
0x14027c518 GetFileVersionInfoSizeW
0x14027c520 GetFileVersionInfoW
0x14027c528 VerQueryValueW
COMCTL32.dll
0x14027c000 None
dxgi.dll
0x14027c578 CreateDXGIFactory
EAT(Export Address Table) is none