ScreenShot
| Created | 2024.09.11 10:43 | Machine | s1_win7_x6401 |
| Filename | 666.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (Hacktool, Windows, RingQ, Agentagen, Vmnl, Attribute, HighConfidence, AGen, MalwareX, Undefined, sy5EmBBHpeS, Redcap, xdvdm, Generic Reputation PUA, Detected, GrayWare, Wacapew, DI2U6A, Artemis, MALICIOUS, Krypt, Gencirc) | ||
| md5 | 2616e7ec2d6c4b86a7fa1f4a762ae918 | ||
| sha256 | 23c2ebc8f9bac96b2fbbb9b00b457c48d65a9f66ec24fbfba339eeefd0539ad7 | ||
| ssdeep | 6144:wKv8MuGM08RgAEe/XfMbAt0RAwK7el7nBFRDtPqw+dN6vGRGdijZ6:vZucAdPt0RAwKoRDtyw+dN6S4 | ||
| imphash | 01d8f6a119992e272b3a0c448af44452 | ||
| impfuzzy | 96:hxi1IbR28KLKKTApxfayqb/9HYZsSSzxkqT38xt1:OIuyqbZYsS+xzT3O | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140041010 GetFileSize
0x140041018 ReadFile
0x140041020 WriteFile
0x140041028 CloseHandle
0x140041030 GetLastError
0x140041038 QueryPerformanceCounter
0x140041040 QueryPerformanceFrequency
0x140041048 GetProcessHeap
0x140041050 SetCriticalSectionSpinCount
0x140041058 Sleep
0x140041060 GetCurrentProcess
0x140041068 WriteProcessMemory
0x140041070 FreeLibrary
0x140041078 GetModuleHandleW
0x140041080 GetProcAddress
0x140041088 LoadLibraryW
0x140041090 MultiByteToWideChar
0x140041098 ConvertDefaultLocale
0x1400410a0 GetModuleHandleExW
0x1400410a8 ExitProcess
0x1400410b0 CreateFileW
0x1400410b8 RaiseException
0x1400410c0 VirtualQuery
0x1400410c8 RtlUnwindEx
0x1400410d0 TerminateProcess
0x1400410d8 InitializeSListHead
0x1400410e0 GetSystemTimeAsFileTime
0x1400410e8 GetCurrentThreadId
0x1400410f0 GetCurrentProcessId
0x1400410f8 IsProcessorFeaturePresent
0x140041100 SetUnhandledExceptionFilter
0x140041108 UnhandledExceptionFilter
0x140041110 IsDebuggerPresent
0x140041118 RtlVirtualUnwind
0x140041120 RtlLookupFunctionEntry
0x140041128 RtlCaptureContext
0x140041130 GetCPInfo
0x140041138 CompareStringEx
0x140041140 GetStringTypeW
0x140041148 LCMapStringEx
0x140041150 DecodePointer
0x140041158 LCIDToLocaleName
0x140041160 CreateFileA
0x140041168 EncodePointer
0x140041170 GetLocaleInfoEx
0x140041178 DeleteCriticalSection
0x140041180 InitializeCriticalSectionEx
0x140041188 LeaveCriticalSection
0x140041190 EnterCriticalSection
0x140041198 WideCharToMultiByte
USER32.dll
0x1400411a8 PostMessageW
0x1400411b0 RegisterClassW
0x1400411b8 DestroyWindow
0x1400411c0 ShowWindow
0x1400411c8 MoveWindow
0x1400411d0 IsWindowVisible
0x1400411d8 IsIconic
0x1400411e0 UpdateWindow
0x1400411e8 GetDC
0x1400411f0 SetWindowRgn
0x1400411f8 InvalidateRect
0x140041200 RedrawWindow
0x140041208 ScrollWindow
0x140041210 SetScrollPos
0x140041218 EnumPropsExW
0x140041220 EnumPropsW
0x140041228 GetWindowTextW
0x140041230 GetWindowContextHelpId
0x140041238 MessageBoxA
0x140041240 GetWindowLongPtrW
0x140041248 EnumChildWindows
0x140041250 GetClassNameW
0x140041258 IsDialogMessageW
0x140041260 LoadStringW
GDI32.dll
0x140041000 EnumFontFamiliesExW
WININET.dll
0x140041270 InternetCloseHandle
0x140041278 InternetOpenUrlA
0x140041280 InternetReadFile
0x140041288 InternetOpenW
msvcrt.dll
0x140041298 fgetc
0x1400412a0 fgetpos
0x1400412a8 fread
0x1400412b0 memset
0x1400412b8 _fseeki64
0x1400412c0 setvbuf
0x1400412c8 ungetc
0x1400412d0 abort
0x1400412d8 __strncnt
0x1400412e0 _Getdays
0x1400412e8 _Getmonths
0x1400412f0 _Gettnames
0x1400412f8 _Strftime
0x140041300 isspace
0x140041308 tolower
0x140041310 ___lc_collate_cp_func
0x140041318 wcsnlen
0x140041320 _callnewh
0x140041328 _initterm
0x140041330 _initterm_e
0x140041338 _set_fmode
0x140041340 strcpy_s
0x140041348 _lock
0x140041350 _unlock
0x140041358 ___lc_handle_func
0x140041360 strnlen
0x140041368 fclose
0x140041370 strtol
0x140041378 wctomb_s
0x140041380 _iob
0x140041388 ?terminate@@YAXXZ
0x140041390 __getmainargs
0x140041398 _environ
0x1400413a0 _msize
0x1400413a8 _XcptFilter
0x1400413b0 __set_app_type
0x1400413b8 __argc
0x1400413c0 __argv
0x1400413c8 ?_set_new_mode@@YAHH@Z
0x1400413d0 _commode
0x1400413d8 _isatty
0x1400413e0 _fileno
0x1400413e8 ceil
0x1400413f0 log10
0x1400413f8 _clearfp
0x140041400 memmove
0x140041408 memcpy
0x140041410 memcmp
0x140041418 memchr
0x140041420 fflush
0x140041428 rand_s
0x140041430 strcspn
0x140041438 strtod
0x140041440 frexp
0x140041448 realloc
0x140041450 islower
0x140041458 ___mb_cur_max_func
0x140041460 _errno
0x140041468 _wcsdup
0x140041470 calloc
0x140041478 ___lc_codepage_func
0x140041480 isupper
0x140041488 __pctype_func
0x140041490 _time64
0x140041498 ceilf
0x1400414a0 rand
0x1400414a8 srand
0x1400414b0 malloc
0x1400414b8 free
0x1400414c0 strlen
0x1400414c8 wcslen
0x1400414d0 _local_unwind
0x1400414d8 __DestructExceptionObject
0x1400414e0 __CxxFrameHandler3
0x1400414e8 _amsg_exit
0x1400414f0 __C_specific_handler
0x1400414f8 __uncaught_exception
0x140041500 _CxxThrowException
0x140041508 fsetpos
0x140041510 strchr
0x140041518 wcsrchr
0x140041520 strrchr
EAT(Export Address Table) is none
KERNEL32.dll
0x140041010 GetFileSize
0x140041018 ReadFile
0x140041020 WriteFile
0x140041028 CloseHandle
0x140041030 GetLastError
0x140041038 QueryPerformanceCounter
0x140041040 QueryPerformanceFrequency
0x140041048 GetProcessHeap
0x140041050 SetCriticalSectionSpinCount
0x140041058 Sleep
0x140041060 GetCurrentProcess
0x140041068 WriteProcessMemory
0x140041070 FreeLibrary
0x140041078 GetModuleHandleW
0x140041080 GetProcAddress
0x140041088 LoadLibraryW
0x140041090 MultiByteToWideChar
0x140041098 ConvertDefaultLocale
0x1400410a0 GetModuleHandleExW
0x1400410a8 ExitProcess
0x1400410b0 CreateFileW
0x1400410b8 RaiseException
0x1400410c0 VirtualQuery
0x1400410c8 RtlUnwindEx
0x1400410d0 TerminateProcess
0x1400410d8 InitializeSListHead
0x1400410e0 GetSystemTimeAsFileTime
0x1400410e8 GetCurrentThreadId
0x1400410f0 GetCurrentProcessId
0x1400410f8 IsProcessorFeaturePresent
0x140041100 SetUnhandledExceptionFilter
0x140041108 UnhandledExceptionFilter
0x140041110 IsDebuggerPresent
0x140041118 RtlVirtualUnwind
0x140041120 RtlLookupFunctionEntry
0x140041128 RtlCaptureContext
0x140041130 GetCPInfo
0x140041138 CompareStringEx
0x140041140 GetStringTypeW
0x140041148 LCMapStringEx
0x140041150 DecodePointer
0x140041158 LCIDToLocaleName
0x140041160 CreateFileA
0x140041168 EncodePointer
0x140041170 GetLocaleInfoEx
0x140041178 DeleteCriticalSection
0x140041180 InitializeCriticalSectionEx
0x140041188 LeaveCriticalSection
0x140041190 EnterCriticalSection
0x140041198 WideCharToMultiByte
USER32.dll
0x1400411a8 PostMessageW
0x1400411b0 RegisterClassW
0x1400411b8 DestroyWindow
0x1400411c0 ShowWindow
0x1400411c8 MoveWindow
0x1400411d0 IsWindowVisible
0x1400411d8 IsIconic
0x1400411e0 UpdateWindow
0x1400411e8 GetDC
0x1400411f0 SetWindowRgn
0x1400411f8 InvalidateRect
0x140041200 RedrawWindow
0x140041208 ScrollWindow
0x140041210 SetScrollPos
0x140041218 EnumPropsExW
0x140041220 EnumPropsW
0x140041228 GetWindowTextW
0x140041230 GetWindowContextHelpId
0x140041238 MessageBoxA
0x140041240 GetWindowLongPtrW
0x140041248 EnumChildWindows
0x140041250 GetClassNameW
0x140041258 IsDialogMessageW
0x140041260 LoadStringW
GDI32.dll
0x140041000 EnumFontFamiliesExW
WININET.dll
0x140041270 InternetCloseHandle
0x140041278 InternetOpenUrlA
0x140041280 InternetReadFile
0x140041288 InternetOpenW
msvcrt.dll
0x140041298 fgetc
0x1400412a0 fgetpos
0x1400412a8 fread
0x1400412b0 memset
0x1400412b8 _fseeki64
0x1400412c0 setvbuf
0x1400412c8 ungetc
0x1400412d0 abort
0x1400412d8 __strncnt
0x1400412e0 _Getdays
0x1400412e8 _Getmonths
0x1400412f0 _Gettnames
0x1400412f8 _Strftime
0x140041300 isspace
0x140041308 tolower
0x140041310 ___lc_collate_cp_func
0x140041318 wcsnlen
0x140041320 _callnewh
0x140041328 _initterm
0x140041330 _initterm_e
0x140041338 _set_fmode
0x140041340 strcpy_s
0x140041348 _lock
0x140041350 _unlock
0x140041358 ___lc_handle_func
0x140041360 strnlen
0x140041368 fclose
0x140041370 strtol
0x140041378 wctomb_s
0x140041380 _iob
0x140041388 ?terminate@@YAXXZ
0x140041390 __getmainargs
0x140041398 _environ
0x1400413a0 _msize
0x1400413a8 _XcptFilter
0x1400413b0 __set_app_type
0x1400413b8 __argc
0x1400413c0 __argv
0x1400413c8 ?_set_new_mode@@YAHH@Z
0x1400413d0 _commode
0x1400413d8 _isatty
0x1400413e0 _fileno
0x1400413e8 ceil
0x1400413f0 log10
0x1400413f8 _clearfp
0x140041400 memmove
0x140041408 memcpy
0x140041410 memcmp
0x140041418 memchr
0x140041420 fflush
0x140041428 rand_s
0x140041430 strcspn
0x140041438 strtod
0x140041440 frexp
0x140041448 realloc
0x140041450 islower
0x140041458 ___mb_cur_max_func
0x140041460 _errno
0x140041468 _wcsdup
0x140041470 calloc
0x140041478 ___lc_codepage_func
0x140041480 isupper
0x140041488 __pctype_func
0x140041490 _time64
0x140041498 ceilf
0x1400414a0 rand
0x1400414a8 srand
0x1400414b0 malloc
0x1400414b8 free
0x1400414c0 strlen
0x1400414c8 wcslen
0x1400414d0 _local_unwind
0x1400414d8 __DestructExceptionObject
0x1400414e0 __CxxFrameHandler3
0x1400414e8 _amsg_exit
0x1400414f0 __C_specific_handler
0x1400414f8 __uncaught_exception
0x140041500 _CxxThrowException
0x140041508 fsetpos
0x140041510 strchr
0x140041518 wcsrchr
0x140041520 strrchr
EAT(Export Address Table) is none