ScreenShot
| Created | 2024.09.13 09:38 | Machine | s1_win7_x6401 |
| Filename | %E6%B5%99%E6%B1%9F%E8%BF%AA%E8%89%BE%E6%99%BA%E6%8E%A7%E7%A7%91%E6%8A%80%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8-%E8%96%AA%E8%B5%84%E8%A1%A8.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 44 detected (AIDetectMalware, Malicious, score, GenericKD, Unsafe, uyyg, Attribute, HighConfidence, Swrort, dsesg, COBEACON, YXEHMZ, Static AI, Suspicious PE, Python, Meterpreter, ABTrojan, LPVN, Artemis, MachineLearning, Anomalous, 100%, Chgt, Fflw, susgen, PossibleThreat, confidence, ShellcodeLoader) | ||
| md5 | cf14880e3a7fba74c80f21685cd15718 | ||
| sha256 | a33f295649eea0542da21ed408566d07f7c3729c058ff07580326d0a9956aa75 | ||
| ssdeep | 49152:VstPILbiw+k7U5kl/qLigcrOJEYkB7OJv6073bIVmRTqRLDIPHo:VwgLGwjI5klUigKYkBEvHPIoRQDI | ||
| imphash | 662b6c83e785a39e56177737f36bd6d2 | ||
| impfuzzy | 48:t/gub6okoQ54rzSv6xviM3reL9apteS1Llc+pICJcgTyOta0Kq14r:pH97eLgteS1Llc+pIstyiDHS | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| notice | Creates executable files on the filesystem |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x4261a8 CreateWindowExW
0x4261ac MessageBoxW
0x4261b0 MessageBoxA
0x4261b4 SystemParametersInfoW
0x4261b8 DestroyIcon
0x4261bc SetWindowLongW
0x4261c0 GetWindowLongW
0x4261c4 GetClientRect
0x4261c8 InvalidateRect
0x4261cc ReleaseDC
0x4261d0 GetDC
0x4261d4 DrawTextW
0x4261d8 GetDialogBaseUnits
0x4261dc EndDialog
0x4261e0 DialogBoxIndirectParamW
0x4261e4 MoveWindow
0x4261e8 SendMessageW
COMCTL32.dll
0x426014 None
KERNEL32.dll
0x42602c IsValidCodePage
0x426030 GetStringTypeW
0x426034 GetFileAttributesExW
0x426038 HeapReAlloc
0x42603c FlushFileBuffers
0x426040 GetCurrentDirectoryW
0x426044 GetACP
0x426048 GetOEMCP
0x42604c GetModuleHandleW
0x426050 MulDiv
0x426054 GetLastError
0x426058 SetDllDirectoryW
0x42605c GetModuleFileNameW
0x426060 GetProcAddress
0x426064 GetCommandLineW
0x426068 GetCPInfo
0x42606c SetEnvironmentVariableW
0x426070 ExpandEnvironmentStringsW
0x426074 CreateDirectoryW
0x426078 GetTempPathW
0x42607c WaitForSingleObject
0x426080 Sleep
0x426084 GetExitCodeProcess
0x426088 CreateProcessW
0x42608c GetStartupInfoW
0x426090 FreeLibrary
0x426094 LoadLibraryExW
0x426098 FindClose
0x42609c FindFirstFileExW
0x4260a0 CloseHandle
0x4260a4 GetCurrentProcess
0x4260a8 LocalFree
0x4260ac FormatMessageW
0x4260b0 MultiByteToWideChar
0x4260b4 WideCharToMultiByte
0x4260b8 GetEnvironmentStringsW
0x4260bc FreeEnvironmentStringsW
0x4260c0 GetProcessHeap
0x4260c4 GetTimeZoneInformation
0x4260c8 HeapSize
0x4260cc WriteConsoleW
0x4260d0 SetEndOfFile
0x4260d4 GetEnvironmentVariableW
0x4260d8 UnhandledExceptionFilter
0x4260dc SetUnhandledExceptionFilter
0x4260e0 TerminateProcess
0x4260e4 IsProcessorFeaturePresent
0x4260e8 QueryPerformanceCounter
0x4260ec GetCurrentProcessId
0x4260f0 GetCurrentThreadId
0x4260f4 GetSystemTimeAsFileTime
0x4260f8 InitializeSListHead
0x4260fc IsDebuggerPresent
0x426100 DecodePointer
0x426104 RtlUnwind
0x426108 SetLastError
0x42610c EnterCriticalSection
0x426110 LeaveCriticalSection
0x426114 DeleteCriticalSection
0x426118 InitializeCriticalSectionAndSpinCount
0x42611c TlsAlloc
0x426120 TlsGetValue
0x426124 TlsSetValue
0x426128 TlsFree
0x42612c EncodePointer
0x426130 RaiseException
0x426134 GetCommandLineA
0x426138 CreateFileW
0x42613c GetDriveTypeW
0x426140 GetFileInformationByHandle
0x426144 GetFileType
0x426148 PeekNamedPipe
0x42614c SystemTimeToTzSpecificLocalTime
0x426150 FileTimeToSystemTime
0x426154 GetFullPathNameW
0x426158 RemoveDirectoryW
0x42615c FindNextFileW
0x426160 SetStdHandle
0x426164 SetConsoleCtrlHandler
0x426168 DeleteFileW
0x42616c ReadFile
0x426170 GetStdHandle
0x426174 WriteFile
0x426178 ExitProcess
0x42617c GetModuleHandleExW
0x426180 HeapFree
0x426184 GetConsoleMode
0x426188 ReadConsoleW
0x42618c SetFilePointerEx
0x426190 GetConsoleOutputCP
0x426194 GetFileSizeEx
0x426198 HeapAlloc
0x42619c CompareStringW
0x4261a0 LCMapStringW
ADVAPI32.dll
0x426000 OpenProcessToken
0x426004 GetTokenInformation
0x426008 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x42600c ConvertSidToStringSidW
GDI32.dll
0x42601c SelectObject
0x426020 DeleteObject
0x426024 CreateFontIndirectW
EAT(Export Address Table) is none
USER32.dll
0x4261a8 CreateWindowExW
0x4261ac MessageBoxW
0x4261b0 MessageBoxA
0x4261b4 SystemParametersInfoW
0x4261b8 DestroyIcon
0x4261bc SetWindowLongW
0x4261c0 GetWindowLongW
0x4261c4 GetClientRect
0x4261c8 InvalidateRect
0x4261cc ReleaseDC
0x4261d0 GetDC
0x4261d4 DrawTextW
0x4261d8 GetDialogBaseUnits
0x4261dc EndDialog
0x4261e0 DialogBoxIndirectParamW
0x4261e4 MoveWindow
0x4261e8 SendMessageW
COMCTL32.dll
0x426014 None
KERNEL32.dll
0x42602c IsValidCodePage
0x426030 GetStringTypeW
0x426034 GetFileAttributesExW
0x426038 HeapReAlloc
0x42603c FlushFileBuffers
0x426040 GetCurrentDirectoryW
0x426044 GetACP
0x426048 GetOEMCP
0x42604c GetModuleHandleW
0x426050 MulDiv
0x426054 GetLastError
0x426058 SetDllDirectoryW
0x42605c GetModuleFileNameW
0x426060 GetProcAddress
0x426064 GetCommandLineW
0x426068 GetCPInfo
0x42606c SetEnvironmentVariableW
0x426070 ExpandEnvironmentStringsW
0x426074 CreateDirectoryW
0x426078 GetTempPathW
0x42607c WaitForSingleObject
0x426080 Sleep
0x426084 GetExitCodeProcess
0x426088 CreateProcessW
0x42608c GetStartupInfoW
0x426090 FreeLibrary
0x426094 LoadLibraryExW
0x426098 FindClose
0x42609c FindFirstFileExW
0x4260a0 CloseHandle
0x4260a4 GetCurrentProcess
0x4260a8 LocalFree
0x4260ac FormatMessageW
0x4260b0 MultiByteToWideChar
0x4260b4 WideCharToMultiByte
0x4260b8 GetEnvironmentStringsW
0x4260bc FreeEnvironmentStringsW
0x4260c0 GetProcessHeap
0x4260c4 GetTimeZoneInformation
0x4260c8 HeapSize
0x4260cc WriteConsoleW
0x4260d0 SetEndOfFile
0x4260d4 GetEnvironmentVariableW
0x4260d8 UnhandledExceptionFilter
0x4260dc SetUnhandledExceptionFilter
0x4260e0 TerminateProcess
0x4260e4 IsProcessorFeaturePresent
0x4260e8 QueryPerformanceCounter
0x4260ec GetCurrentProcessId
0x4260f0 GetCurrentThreadId
0x4260f4 GetSystemTimeAsFileTime
0x4260f8 InitializeSListHead
0x4260fc IsDebuggerPresent
0x426100 DecodePointer
0x426104 RtlUnwind
0x426108 SetLastError
0x42610c EnterCriticalSection
0x426110 LeaveCriticalSection
0x426114 DeleteCriticalSection
0x426118 InitializeCriticalSectionAndSpinCount
0x42611c TlsAlloc
0x426120 TlsGetValue
0x426124 TlsSetValue
0x426128 TlsFree
0x42612c EncodePointer
0x426130 RaiseException
0x426134 GetCommandLineA
0x426138 CreateFileW
0x42613c GetDriveTypeW
0x426140 GetFileInformationByHandle
0x426144 GetFileType
0x426148 PeekNamedPipe
0x42614c SystemTimeToTzSpecificLocalTime
0x426150 FileTimeToSystemTime
0x426154 GetFullPathNameW
0x426158 RemoveDirectoryW
0x42615c FindNextFileW
0x426160 SetStdHandle
0x426164 SetConsoleCtrlHandler
0x426168 DeleteFileW
0x42616c ReadFile
0x426170 GetStdHandle
0x426174 WriteFile
0x426178 ExitProcess
0x42617c GetModuleHandleExW
0x426180 HeapFree
0x426184 GetConsoleMode
0x426188 ReadConsoleW
0x42618c SetFilePointerEx
0x426190 GetConsoleOutputCP
0x426194 GetFileSizeEx
0x426198 HeapAlloc
0x42619c CompareStringW
0x4261a0 LCMapStringW
ADVAPI32.dll
0x426000 OpenProcessToken
0x426004 GetTokenInformation
0x426008 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x42600c ConvertSidToStringSidW
GDI32.dll
0x42601c SelectObject
0x426020 DeleteObject
0x426024 CreateFontIndirectW
EAT(Export Address Table) is none