ScreenShot
| Created | 2024.09.13 09:35 | Machine | s1_win7_x6401 |
| Filename | 66e2cce3eae78_Pink_0x000872A650EA3FB.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 00465490b449aa57d0e1ac7cba51af72 | ||
| sha256 | 198cfb15fb19d39c268055e6162ad0c4145f6e4eb39ca0669717e689d2e25e8c | ||
| ssdeep | 24576:Hou10+rz8ZczgG/l34KLem5IOa5+agTWy0Mo:HX1Mc16NxaiZ | ||
| imphash | 0f535e6ba576db6e12644a3b2a593597 | ||
| impfuzzy | 96:p9tX19X1SVXRfbgBlW4cwtxEZeS1YtSkc+ppmuc5R:p9tF9FSVpi3txEyZcn | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140161078 GetFileType
0x140161080 GetLogicalDrives
0x140161088 LockFile
0x140161090 ReadFile
0x140161098 ReadFileEx
0x1401610a0 RemoveDirectoryA
0x1401610a8 SetEndOfFile
0x1401610b0 SetFilePointer
0x1401610b8 UnlockFile
0x1401610c0 WriteFileEx
0x1401610c8 GetCompressedFileSizeA
0x1401610d0 GetTempPathA
0x1401610d8 GetVolumeInformationA
0x1401610e0 GetTempFileNameA
0x1401610e8 GetQueuedCompletionStatus
0x1401610f0 PostQueuedCompletionStatus
0x1401610f8 ExitProcess
0x140161100 SwitchToThread
0x140161108 GetCurrentThread
0x140161110 SetThreadPriority
0x140161118 SetThreadPriorityBoost
0x140161120 GetThreadPriorityBoost
0x140161128 ExitThread
0x140161130 ResumeThread
0x140161138 SetProcessShutdownParameters
0x140161140 GetPriorityClass
0x140161148 GetProcessHandleCount
0x140161150 GetProcessPriorityBoost
0x140161158 GetThreadIOPendingFlag
0x140161160 SetThreadIdealProcessor
0x140161168 SetProcessWorkingSetSize
0x140161170 QueueUserWorkItem
0x140161178 IsProcessInJob
0x140161180 AssignProcessToJobObject
0x140161188 TerminateJobObject
0x140161190 SetInformationJobObject
0x140161198 GetShortPathNameA
0x1401611a0 SetProcessAffinityMask
0x1401611a8 GetProcessIoCounters
0x1401611b0 SwitchToFiber
0x1401611b8 ConvertFiberToThread
0x1401611c0 ConvertThreadToFiber
0x1401611c8 SetFileShortNameA
0x1401611d0 SetTapePosition
0x1401611d8 WriteTapemark
0x1401611e0 lstrcmpiA
0x1401611e8 lstrcpynA
0x1401611f0 BackupSeek
0x1401611f8 GetLogicalDriveStringsA
0x140161200 DefineDosDeviceA
0x140161208 QueryDosDeviceA
0x140161210 CheckNameLegalDOS8Dot3A
0x140161218 MoveFileWithProgressA
0x140161220 ReplaceFileA
0x140161228 ReadDirectoryChangesW
0x140161230 FindNextVolumeA
0x140161238 GetFileSizeEx
0x140161240 FindNextVolumeMountPointA
0x140161248 FindVolumeMountPointClose
0x140161250 SetVolumeMountPointA
0x140161258 GetVolumePathNamesForVolumeNameA
0x140161260 GetNumaProcessorNode
0x140161268 GetNumaNodeProcessorMask
0x140161270 GetTimeFormatA
0x140161278 GetStringTypeW
0x140161280 IsValidCodePage
0x140161288 GetCPInfo
0x140161290 GetCPInfoExA
0x140161298 GetCalendarInfoA
0x1401612a0 SetCalendarInfoA
0x1401612a8 GetNumberFormatA
0x1401612b0 GetCurrencyFormatA
0x1401612b8 IsValidLanguageGroup
0x1401612c0 IsValidLocale
0x1401612c8 GetGeoInfoA
0x1401612d0 EnumSystemGeoID
0x1401612d8 GetUserGeoID
0x1401612e0 SetUserGeoID
0x1401612e8 ConvertDefaultLocale
0x1401612f0 GetSystemDefaultUILanguage
0x1401612f8 GetThreadLocale
0x140161300 GetStringTypeExA
0x140161308 EnumUILanguagesA
0x140161310 GetConsoleOutputCP
0x140161318 SetConsoleMode
0x140161320 ReadConsoleA
0x140161328 FillConsoleOutputAttribute
0x140161330 GenerateConsoleCtrlEvent
0x140161338 SetConsoleActiveScreenBuffer
0x140161340 FlushConsoleInputBuffer
0x140161348 SetConsoleOutputCP
0x140161350 GetConsoleCursorInfo
0x140161358 SetConsoleScreenBufferSize
0x140161360 SetConsoleWindowInfo
0x140161368 WriteConsoleOutputCharacterA
0x140161370 WriteConsoleOutputAttribute
0x140161378 ReadConsoleOutputCharacterA
0x140161380 WriteConsoleInputA
0x140161388 WriteConsoleOutputA
0x140161390 SetConsoleTitleA
0x140161398 GetNumberOfConsoleMouseButtons
0x1401613a0 GetConsoleFontSize
0x1401613a8 GetCurrentConsoleFont
0x1401613b0 GetConsoleSelectionInfo
0x1401613b8 WriteConsoleW
0x1401613c0 CloseHandle
0x1401613c8 CreateFileW
0x1401613d0 SetFilePointerEx
0x1401613d8 GetConsoleMode
0x1401613e0 FlushFileBuffers
0x1401613e8 HeapReAlloc
0x1401613f0 HeapSize
0x1401613f8 GetFileInformationByHandle
0x140161400 GetFileAttributesExA
0x140161408 GetFileAttributesA
0x140161410 GetDriveTypeA
0x140161418 GetDiskFreeSpaceExA
0x140161420 GetDiskFreeSpaceA
0x140161428 FindCloseChangeNotification
0x140161430 FindClose
0x140161438 SearchPathA
0x140161440 GetCurrentDirectoryA
0x140161448 GetCommandLineA
0x140161450 GetEnvironmentStringsW
0x140161458 GetStdHandle
0x140161460 FindFirstVolumeMountPointA
0x140161468 GetModuleHandleA
0x140161470 GetProcessHeap
0x140161478 LCMapStringW
0x140161480 FlsFree
0x140161488 FlsSetValue
0x140161490 FlsGetValue
0x140161498 FlsAlloc
0x1401614a0 QueryPerformanceCounter
0x1401614a8 GetCurrentProcessId
0x1401614b0 GetCurrentThreadId
0x1401614b8 GetSystemTimeAsFileTime
0x1401614c0 InitializeSListHead
0x1401614c8 RtlCaptureContext
0x1401614d0 RtlLookupFunctionEntry
0x1401614d8 RtlVirtualUnwind
0x1401614e0 IsDebuggerPresent
0x1401614e8 UnhandledExceptionFilter
0x1401614f0 SetUnhandledExceptionFilter
0x1401614f8 GetStartupInfoW
0x140161500 IsProcessorFeaturePresent
0x140161508 GetModuleHandleW
0x140161510 RtlUnwindEx
0x140161518 GetLastError
0x140161520 SetLastError
0x140161528 EnterCriticalSection
0x140161530 LeaveCriticalSection
0x140161538 DeleteCriticalSection
0x140161540 InitializeCriticalSectionAndSpinCount
0x140161548 TlsAlloc
0x140161550 TlsGetValue
0x140161558 TlsSetValue
0x140161560 TlsFree
0x140161568 FreeLibrary
0x140161570 GetProcAddress
0x140161578 LoadLibraryExW
0x140161580 EncodePointer
0x140161588 RaiseException
0x140161590 RtlPcToFileHeader
0x140161598 WriteFile
0x1401615a0 GetModuleFileNameW
0x1401615a8 GetCurrentProcess
0x1401615b0 TerminateProcess
0x1401615b8 GetModuleHandleExW
0x1401615c0 HeapAlloc
0x1401615c8 HeapFree
0x1401615d0 FindFirstFileExW
0x1401615d8 FindNextFileW
0x1401615e0 GetACP
0x1401615e8 GetOEMCP
0x1401615f0 GetCommandLineW
0x1401615f8 MultiByteToWideChar
0x140161600 WideCharToMultiByte
0x140161608 FreeEnvironmentStringsW
0x140161610 SetStdHandle
WINSPOOL.DRV
0x140161650 AbortPrinter
0x140161658 WritePrinter
0x140161660 ScheduleJob
0x140161668 FindClosePrinterChangeNotification
0x140161670 FindNextPrinterChangeNotification
0x140161678 FindFirstPrinterChangeNotification
0x140161680 ReadPrinter
COMDLG32.dll
0x140161018 PageSetupDlgA
0x140161020 CommDlgExtendedError
0x140161028 PrintDlgExA
0x140161030 PrintDlgA
0x140161038 ChooseFontA
0x140161040 ReplaceTextA
0x140161048 FindTextA
0x140161050 ChooseColorA
0x140161058 GetFileTitleA
0x140161060 GetSaveFileNameA
0x140161068 GetOpenFileNameA
ADVAPI32.dll
0x140161000 DecryptFileA
0x140161008 GetUserNameA
VERSION.dll
0x140161620 VerFindFileA
0x140161628 VerInstallFileA
0x140161630 GetFileVersionInfoSizeA
0x140161638 VerQueryValueA
0x140161640 GetFileVersionInfoA
gdiplus.dll
0x1401616a0 GdiplusStartup
dxgi.dll
0x140161690 CreateDXGIFactory
EAT(Export Address Table) is none
KERNEL32.dll
0x140161078 GetFileType
0x140161080 GetLogicalDrives
0x140161088 LockFile
0x140161090 ReadFile
0x140161098 ReadFileEx
0x1401610a0 RemoveDirectoryA
0x1401610a8 SetEndOfFile
0x1401610b0 SetFilePointer
0x1401610b8 UnlockFile
0x1401610c0 WriteFileEx
0x1401610c8 GetCompressedFileSizeA
0x1401610d0 GetTempPathA
0x1401610d8 GetVolumeInformationA
0x1401610e0 GetTempFileNameA
0x1401610e8 GetQueuedCompletionStatus
0x1401610f0 PostQueuedCompletionStatus
0x1401610f8 ExitProcess
0x140161100 SwitchToThread
0x140161108 GetCurrentThread
0x140161110 SetThreadPriority
0x140161118 SetThreadPriorityBoost
0x140161120 GetThreadPriorityBoost
0x140161128 ExitThread
0x140161130 ResumeThread
0x140161138 SetProcessShutdownParameters
0x140161140 GetPriorityClass
0x140161148 GetProcessHandleCount
0x140161150 GetProcessPriorityBoost
0x140161158 GetThreadIOPendingFlag
0x140161160 SetThreadIdealProcessor
0x140161168 SetProcessWorkingSetSize
0x140161170 QueueUserWorkItem
0x140161178 IsProcessInJob
0x140161180 AssignProcessToJobObject
0x140161188 TerminateJobObject
0x140161190 SetInformationJobObject
0x140161198 GetShortPathNameA
0x1401611a0 SetProcessAffinityMask
0x1401611a8 GetProcessIoCounters
0x1401611b0 SwitchToFiber
0x1401611b8 ConvertFiberToThread
0x1401611c0 ConvertThreadToFiber
0x1401611c8 SetFileShortNameA
0x1401611d0 SetTapePosition
0x1401611d8 WriteTapemark
0x1401611e0 lstrcmpiA
0x1401611e8 lstrcpynA
0x1401611f0 BackupSeek
0x1401611f8 GetLogicalDriveStringsA
0x140161200 DefineDosDeviceA
0x140161208 QueryDosDeviceA
0x140161210 CheckNameLegalDOS8Dot3A
0x140161218 MoveFileWithProgressA
0x140161220 ReplaceFileA
0x140161228 ReadDirectoryChangesW
0x140161230 FindNextVolumeA
0x140161238 GetFileSizeEx
0x140161240 FindNextVolumeMountPointA
0x140161248 FindVolumeMountPointClose
0x140161250 SetVolumeMountPointA
0x140161258 GetVolumePathNamesForVolumeNameA
0x140161260 GetNumaProcessorNode
0x140161268 GetNumaNodeProcessorMask
0x140161270 GetTimeFormatA
0x140161278 GetStringTypeW
0x140161280 IsValidCodePage
0x140161288 GetCPInfo
0x140161290 GetCPInfoExA
0x140161298 GetCalendarInfoA
0x1401612a0 SetCalendarInfoA
0x1401612a8 GetNumberFormatA
0x1401612b0 GetCurrencyFormatA
0x1401612b8 IsValidLanguageGroup
0x1401612c0 IsValidLocale
0x1401612c8 GetGeoInfoA
0x1401612d0 EnumSystemGeoID
0x1401612d8 GetUserGeoID
0x1401612e0 SetUserGeoID
0x1401612e8 ConvertDefaultLocale
0x1401612f0 GetSystemDefaultUILanguage
0x1401612f8 GetThreadLocale
0x140161300 GetStringTypeExA
0x140161308 EnumUILanguagesA
0x140161310 GetConsoleOutputCP
0x140161318 SetConsoleMode
0x140161320 ReadConsoleA
0x140161328 FillConsoleOutputAttribute
0x140161330 GenerateConsoleCtrlEvent
0x140161338 SetConsoleActiveScreenBuffer
0x140161340 FlushConsoleInputBuffer
0x140161348 SetConsoleOutputCP
0x140161350 GetConsoleCursorInfo
0x140161358 SetConsoleScreenBufferSize
0x140161360 SetConsoleWindowInfo
0x140161368 WriteConsoleOutputCharacterA
0x140161370 WriteConsoleOutputAttribute
0x140161378 ReadConsoleOutputCharacterA
0x140161380 WriteConsoleInputA
0x140161388 WriteConsoleOutputA
0x140161390 SetConsoleTitleA
0x140161398 GetNumberOfConsoleMouseButtons
0x1401613a0 GetConsoleFontSize
0x1401613a8 GetCurrentConsoleFont
0x1401613b0 GetConsoleSelectionInfo
0x1401613b8 WriteConsoleW
0x1401613c0 CloseHandle
0x1401613c8 CreateFileW
0x1401613d0 SetFilePointerEx
0x1401613d8 GetConsoleMode
0x1401613e0 FlushFileBuffers
0x1401613e8 HeapReAlloc
0x1401613f0 HeapSize
0x1401613f8 GetFileInformationByHandle
0x140161400 GetFileAttributesExA
0x140161408 GetFileAttributesA
0x140161410 GetDriveTypeA
0x140161418 GetDiskFreeSpaceExA
0x140161420 GetDiskFreeSpaceA
0x140161428 FindCloseChangeNotification
0x140161430 FindClose
0x140161438 SearchPathA
0x140161440 GetCurrentDirectoryA
0x140161448 GetCommandLineA
0x140161450 GetEnvironmentStringsW
0x140161458 GetStdHandle
0x140161460 FindFirstVolumeMountPointA
0x140161468 GetModuleHandleA
0x140161470 GetProcessHeap
0x140161478 LCMapStringW
0x140161480 FlsFree
0x140161488 FlsSetValue
0x140161490 FlsGetValue
0x140161498 FlsAlloc
0x1401614a0 QueryPerformanceCounter
0x1401614a8 GetCurrentProcessId
0x1401614b0 GetCurrentThreadId
0x1401614b8 GetSystemTimeAsFileTime
0x1401614c0 InitializeSListHead
0x1401614c8 RtlCaptureContext
0x1401614d0 RtlLookupFunctionEntry
0x1401614d8 RtlVirtualUnwind
0x1401614e0 IsDebuggerPresent
0x1401614e8 UnhandledExceptionFilter
0x1401614f0 SetUnhandledExceptionFilter
0x1401614f8 GetStartupInfoW
0x140161500 IsProcessorFeaturePresent
0x140161508 GetModuleHandleW
0x140161510 RtlUnwindEx
0x140161518 GetLastError
0x140161520 SetLastError
0x140161528 EnterCriticalSection
0x140161530 LeaveCriticalSection
0x140161538 DeleteCriticalSection
0x140161540 InitializeCriticalSectionAndSpinCount
0x140161548 TlsAlloc
0x140161550 TlsGetValue
0x140161558 TlsSetValue
0x140161560 TlsFree
0x140161568 FreeLibrary
0x140161570 GetProcAddress
0x140161578 LoadLibraryExW
0x140161580 EncodePointer
0x140161588 RaiseException
0x140161590 RtlPcToFileHeader
0x140161598 WriteFile
0x1401615a0 GetModuleFileNameW
0x1401615a8 GetCurrentProcess
0x1401615b0 TerminateProcess
0x1401615b8 GetModuleHandleExW
0x1401615c0 HeapAlloc
0x1401615c8 HeapFree
0x1401615d0 FindFirstFileExW
0x1401615d8 FindNextFileW
0x1401615e0 GetACP
0x1401615e8 GetOEMCP
0x1401615f0 GetCommandLineW
0x1401615f8 MultiByteToWideChar
0x140161600 WideCharToMultiByte
0x140161608 FreeEnvironmentStringsW
0x140161610 SetStdHandle
WINSPOOL.DRV
0x140161650 AbortPrinter
0x140161658 WritePrinter
0x140161660 ScheduleJob
0x140161668 FindClosePrinterChangeNotification
0x140161670 FindNextPrinterChangeNotification
0x140161678 FindFirstPrinterChangeNotification
0x140161680 ReadPrinter
COMDLG32.dll
0x140161018 PageSetupDlgA
0x140161020 CommDlgExtendedError
0x140161028 PrintDlgExA
0x140161030 PrintDlgA
0x140161038 ChooseFontA
0x140161040 ReplaceTextA
0x140161048 FindTextA
0x140161050 ChooseColorA
0x140161058 GetFileTitleA
0x140161060 GetSaveFileNameA
0x140161068 GetOpenFileNameA
ADVAPI32.dll
0x140161000 DecryptFileA
0x140161008 GetUserNameA
VERSION.dll
0x140161620 VerFindFileA
0x140161628 VerInstallFileA
0x140161630 GetFileVersionInfoSizeA
0x140161638 VerQueryValueA
0x140161640 GetFileVersionInfoA
gdiplus.dll
0x1401616a0 GdiplusStartup
dxgi.dll
0x140161690 CreateDXGIFactory
EAT(Export Address Table) is none