ScreenShot
| Created | 2024.09.11 10:17 | Machine | s1_win7_x6401 |
| Filename | rk.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 6 detected (Malicious, score, Save, moderate confidence, AGEN) | ||
| md5 | 1da75b8429618aa83d899fc16e59f834 | ||
| sha256 | b8d90a6e3d811e7bee3d8827bfb19f5cb5c03696c15f911db475b4497c386274 | ||
| ssdeep | 3072:dmOLKlz7mL0Y1SNxgLBiu2T2F8fLTmxa:dmOLKV7mLmuLBi3T2cax | ||
| imphash | e824ca0c72805a08163cb2784b9a816c | ||
| impfuzzy | 24:8MbwL8HrXjDljD+0sJz3u9pOgTFmMxDfjEzRyWNwyWPWYgMLTwQiLOUKMO+YABzt:yLWrXJMZgUNgJqd9RhOP+ze/BMQSLMC | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
api-ms-win-core-synch-l1-2-0.dll
0x14001b1a8 WaitOnAddress
0x14001b1b0 WakeByAddressAll
0x14001b1b8 WakeByAddressSingle
KERNEL32.dll
0x14001b000 SetUnhandledExceptionFilter
0x14001b008 UnhandledExceptionFilter
0x14001b010 IsDebuggerPresent
0x14001b018 InitializeSListHead
0x14001b020 VirtualAlloc
0x14001b028 GetLastError
0x14001b030 CloseHandle
0x14001b038 AddVectoredExceptionHandler
0x14001b040 SetThreadStackGuarantee
0x14001b048 GetCurrentThread
0x14001b050 WaitForSingleObject
0x14001b058 QueryPerformanceCounter
0x14001b060 RtlCaptureContext
0x14001b068 RtlLookupFunctionEntry
0x14001b070 RtlVirtualUnwind
0x14001b078 SetLastError
0x14001b080 GetCurrentDirectoryW
0x14001b088 GetEnvironmentVariableW
0x14001b090 GetCommandLineW
0x14001b098 GetCurrentProcess
0x14001b0a0 GetStdHandle
0x14001b0a8 GetCurrentProcessId
0x14001b0b0 HeapFree
0x14001b0b8 HeapReAlloc
0x14001b0c0 lstrlenW
0x14001b0c8 ReleaseMutex
0x14001b0d0 GetProcessHeap
0x14001b0d8 HeapAlloc
0x14001b0e0 GetConsoleMode
0x14001b0e8 GetModuleHandleW
0x14001b0f0 GetModuleFileNameW
0x14001b0f8 MultiByteToWideChar
0x14001b100 WriteConsoleW
0x14001b108 WideCharToMultiByte
0x14001b110 IsProcessorFeaturePresent
0x14001b118 GetModuleHandleA
0x14001b120 GetProcAddress
0x14001b128 WaitForSingleObjectEx
0x14001b130 LoadLibraryA
0x14001b138 CreateMutexA
0x14001b140 GetSystemTimeAsFileTime
0x14001b148 GetCurrentThreadId
ntdll.dll
0x14001b2b0 RtlNtStatusToDosError
0x14001b2b8 NtWriteFile
VCRUNTIME140.dll
0x14001b158 __current_exception
0x14001b160 __current_exception_context
0x14001b168 __C_specific_handler
0x14001b170 _CxxThrowException
0x14001b178 memcmp
0x14001b180 memcpy
0x14001b188 __CxxFrameHandler3
0x14001b190 memmove
0x14001b198 memset
api-ms-win-crt-runtime-l1-1-0.dll
0x14001b200 _initterm_e
0x14001b208 exit
0x14001b210 _exit
0x14001b218 _initterm
0x14001b220 _get_initial_narrow_environment
0x14001b228 __p___argv
0x14001b230 _cexit
0x14001b238 _c_exit
0x14001b240 _register_thread_local_exe_atexit_callback
0x14001b248 _configure_narrow_argv
0x14001b250 __p___argc
0x14001b258 _initialize_onexit_table
0x14001b260 _initialize_narrow_environment
0x14001b268 _register_onexit_function
0x14001b270 _crt_atexit
0x14001b278 terminate
0x14001b280 _set_app_type
0x14001b288 _seh_filter_exe
api-ms-win-crt-math-l1-1-0.dll
0x14001b1f0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x14001b298 _set_fmode
0x14001b2a0 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x14001b1e0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x14001b1c8 free
0x14001b1d0 _set_new_mode
EAT(Export Address Table) is none
api-ms-win-core-synch-l1-2-0.dll
0x14001b1a8 WaitOnAddress
0x14001b1b0 WakeByAddressAll
0x14001b1b8 WakeByAddressSingle
KERNEL32.dll
0x14001b000 SetUnhandledExceptionFilter
0x14001b008 UnhandledExceptionFilter
0x14001b010 IsDebuggerPresent
0x14001b018 InitializeSListHead
0x14001b020 VirtualAlloc
0x14001b028 GetLastError
0x14001b030 CloseHandle
0x14001b038 AddVectoredExceptionHandler
0x14001b040 SetThreadStackGuarantee
0x14001b048 GetCurrentThread
0x14001b050 WaitForSingleObject
0x14001b058 QueryPerformanceCounter
0x14001b060 RtlCaptureContext
0x14001b068 RtlLookupFunctionEntry
0x14001b070 RtlVirtualUnwind
0x14001b078 SetLastError
0x14001b080 GetCurrentDirectoryW
0x14001b088 GetEnvironmentVariableW
0x14001b090 GetCommandLineW
0x14001b098 GetCurrentProcess
0x14001b0a0 GetStdHandle
0x14001b0a8 GetCurrentProcessId
0x14001b0b0 HeapFree
0x14001b0b8 HeapReAlloc
0x14001b0c0 lstrlenW
0x14001b0c8 ReleaseMutex
0x14001b0d0 GetProcessHeap
0x14001b0d8 HeapAlloc
0x14001b0e0 GetConsoleMode
0x14001b0e8 GetModuleHandleW
0x14001b0f0 GetModuleFileNameW
0x14001b0f8 MultiByteToWideChar
0x14001b100 WriteConsoleW
0x14001b108 WideCharToMultiByte
0x14001b110 IsProcessorFeaturePresent
0x14001b118 GetModuleHandleA
0x14001b120 GetProcAddress
0x14001b128 WaitForSingleObjectEx
0x14001b130 LoadLibraryA
0x14001b138 CreateMutexA
0x14001b140 GetSystemTimeAsFileTime
0x14001b148 GetCurrentThreadId
ntdll.dll
0x14001b2b0 RtlNtStatusToDosError
0x14001b2b8 NtWriteFile
VCRUNTIME140.dll
0x14001b158 __current_exception
0x14001b160 __current_exception_context
0x14001b168 __C_specific_handler
0x14001b170 _CxxThrowException
0x14001b178 memcmp
0x14001b180 memcpy
0x14001b188 __CxxFrameHandler3
0x14001b190 memmove
0x14001b198 memset
api-ms-win-crt-runtime-l1-1-0.dll
0x14001b200 _initterm_e
0x14001b208 exit
0x14001b210 _exit
0x14001b218 _initterm
0x14001b220 _get_initial_narrow_environment
0x14001b228 __p___argv
0x14001b230 _cexit
0x14001b238 _c_exit
0x14001b240 _register_thread_local_exe_atexit_callback
0x14001b248 _configure_narrow_argv
0x14001b250 __p___argc
0x14001b258 _initialize_onexit_table
0x14001b260 _initialize_narrow_environment
0x14001b268 _register_onexit_function
0x14001b270 _crt_atexit
0x14001b278 terminate
0x14001b280 _set_app_type
0x14001b288 _seh_filter_exe
api-ms-win-crt-math-l1-1-0.dll
0x14001b1f0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x14001b298 _set_fmode
0x14001b2a0 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x14001b1e0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x14001b1c8 free
0x14001b1d0 _set_new_mode
EAT(Export Address Table) is none