ScreenShot
| Created | 2024.09.11 10:12 | Machine | s1_win7_x6401 |
| Filename | rkcms.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 7 detected (AIDetectMalware, malicious, high confidence, Attribute, HighConfidence, confidence) | ||
| md5 | 06077fd4b5e75f2d730ca61e2bf0f4e7 | ||
| sha256 | 546bd73bca7e70f8597b7841f90214b86c0a04163a6ac0b5023b0ebebe81c043 | ||
| ssdeep | 384:G6hkVTL6dQ1lKE8elazyonf87vQu0et5jrgrx:PmVmFfwwtnU7vAet5jk | ||
| imphash | c4631f4d6e96dca90c09fbad041b2727 | ||
| impfuzzy | 24:dkfg15mncJ8a0meO3j9MG95XGDZjkoDqHZn:Sfg1scJLe8RJGVjkoq5 | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x409214 CloseHandle
0x40921c CreateRemoteThread
0x409224 DeleteCriticalSection
0x40922c EnterCriticalSection
0x409234 GetCurrentProcess
0x40923c GetCurrentProcessId
0x409244 GetCurrentThreadId
0x40924c GetFileAttributesA
0x409254 GetLastError
0x40925c GetStartupInfoA
0x409264 GetSystemTimeAsFileTime
0x40926c GetTickCount
0x409274 InitializeCriticalSection
0x40927c LeaveCriticalSection
0x409284 QueryPerformanceCounter
0x40928c RtlAddFunctionTable
0x409294 RtlCaptureContext
0x40929c RtlLookupFunctionEntry
0x4092a4 RtlVirtualUnwind
0x4092ac SetUnhandledExceptionFilter
0x4092b4 Sleep
0x4092bc TerminateProcess
0x4092c4 TlsGetValue
0x4092cc UnhandledExceptionFilter
0x4092d4 VirtualAlloc
0x4092dc VirtualFree
0x4092e4 VirtualProtect
0x4092ec VirtualQuery
0x4092f4 WaitForSingleObject
msvcrt.dll
0x409304 __C_specific_handler
0x40930c __getmainargs
0x409314 __initenv
0x40931c __iob_func
0x409324 __lconv_init
0x40932c __set_app_type
0x409334 __setusermatherr
0x40933c _acmdln
0x409344 _amsg_exit
0x40934c _cexit
0x409354 _fmode
0x40935c _initterm
0x409364 _onexit
0x40936c _time64
0x409374 abort
0x40937c calloc
0x409384 exit
0x40938c fprintf
0x409394 free
0x40939c fwrite
0x4093a4 malloc
0x4093ac memcpy
0x4093b4 printf
0x4093bc signal
0x4093c4 strchr
0x4093cc strlen
0x4093d4 strncmp
0x4093dc vfprintf
EAT(Export Address Table) is none
KERNEL32.dll
0x409214 CloseHandle
0x40921c CreateRemoteThread
0x409224 DeleteCriticalSection
0x40922c EnterCriticalSection
0x409234 GetCurrentProcess
0x40923c GetCurrentProcessId
0x409244 GetCurrentThreadId
0x40924c GetFileAttributesA
0x409254 GetLastError
0x40925c GetStartupInfoA
0x409264 GetSystemTimeAsFileTime
0x40926c GetTickCount
0x409274 InitializeCriticalSection
0x40927c LeaveCriticalSection
0x409284 QueryPerformanceCounter
0x40928c RtlAddFunctionTable
0x409294 RtlCaptureContext
0x40929c RtlLookupFunctionEntry
0x4092a4 RtlVirtualUnwind
0x4092ac SetUnhandledExceptionFilter
0x4092b4 Sleep
0x4092bc TerminateProcess
0x4092c4 TlsGetValue
0x4092cc UnhandledExceptionFilter
0x4092d4 VirtualAlloc
0x4092dc VirtualFree
0x4092e4 VirtualProtect
0x4092ec VirtualQuery
0x4092f4 WaitForSingleObject
msvcrt.dll
0x409304 __C_specific_handler
0x40930c __getmainargs
0x409314 __initenv
0x40931c __iob_func
0x409324 __lconv_init
0x40932c __set_app_type
0x409334 __setusermatherr
0x40933c _acmdln
0x409344 _amsg_exit
0x40934c _cexit
0x409354 _fmode
0x40935c _initterm
0x409364 _onexit
0x40936c _time64
0x409374 abort
0x40937c calloc
0x409384 exit
0x40938c fprintf
0x409394 free
0x40939c fwrite
0x4093a4 malloc
0x4093ac memcpy
0x4093b4 printf
0x4093bc signal
0x4093c4 strchr
0x4093cc strlen
0x4093d4 strncmp
0x4093dc vfprintf
EAT(Export Address Table) is none