ScreenShot
| Created | 2024.09.17 13:31 | Machine | s1_win7_x6401 |
| Filename | s.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (AIDetectMalware, Marte, Malicious, score, Unsafe, Rozena, V7zi, confidence, 100%, Meterpreter, Windows, Metasploit, MsfShell, MSShellcode, CLOUD, giyjb, R002C0DH624, Detected, Malware@#3gvogn30a9cw0, Eldorado, TrojanX, R525815, Shell, GdSda, Gencirc) | ||
| md5 | 3eee1ec7c33c0101a5dcfe2656d26b3c | ||
| sha256 | 52816435236c6f6731a21b1bc29dbc1cde978a72630d08a6b2bfb06c088c8a73 | ||
| ssdeep | 6144:g70WS45KS6ma1EYqg3PKne8C+lmOtWjoO/Vt9Lq:GuKtCOPayekPIn/vY | ||
| imphash | 3baf5198a5c82b57436352743d8c8225 | ||
| impfuzzy | 12:YRJRibJ2cDn5ARZqRLAYPXJHqVzT4GQGX5XGXKYIk6lTpJqJiZn:8fiFlDqcLVKLTX5XGKkoDqoZn | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4070e4 DeleteCriticalSection
0x4070e8 EnterCriticalSection
0x4070ec FreeLibrary
0x4070f0 GetLastError
0x4070f4 GetModuleHandleA
0x4070f8 GetProcAddress
0x4070fc GetStartupInfoA
0x407100 InitializeCriticalSection
0x407104 LeaveCriticalSection
0x407108 LoadLibraryA
0x40710c SetUnhandledExceptionFilter
0x407110 Sleep
0x407114 TlsGetValue
0x407118 VirtualProtect
0x40711c VirtualQuery
msvcrt.dll
0x407124 __getmainargs
0x407128 __initenv
0x40712c __lconv_init
0x407130 __p__acmdln
0x407134 __p__commode
0x407138 __p__fmode
0x40713c __set_app_type
0x407140 __setusermatherr
0x407144 _amsg_exit
0x407148 _cexit
0x40714c _initterm
0x407150 _iob
0x407154 _onexit
0x407158 abort
0x40715c calloc
0x407160 exit
0x407164 fprintf
0x407168 free
0x40716c fwrite
0x407170 malloc
0x407174 memcpy
0x407178 signal
0x40717c strlen
0x407180 strncmp
0x407184 vfprintf
EAT(Export Address Table) is none
KERNEL32.dll
0x4070e4 DeleteCriticalSection
0x4070e8 EnterCriticalSection
0x4070ec FreeLibrary
0x4070f0 GetLastError
0x4070f4 GetModuleHandleA
0x4070f8 GetProcAddress
0x4070fc GetStartupInfoA
0x407100 InitializeCriticalSection
0x407104 LeaveCriticalSection
0x407108 LoadLibraryA
0x40710c SetUnhandledExceptionFilter
0x407110 Sleep
0x407114 TlsGetValue
0x407118 VirtualProtect
0x40711c VirtualQuery
msvcrt.dll
0x407124 __getmainargs
0x407128 __initenv
0x40712c __lconv_init
0x407130 __p__acmdln
0x407134 __p__commode
0x407138 __p__fmode
0x40713c __set_app_type
0x407140 __setusermatherr
0x407144 _amsg_exit
0x407148 _cexit
0x40714c _initterm
0x407150 _iob
0x407154 _onexit
0x407158 abort
0x40715c calloc
0x407160 exit
0x407164 fprintf
0x407168 free
0x40716c fwrite
0x407170 malloc
0x407174 memcpy
0x407178 signal
0x40717c strlen
0x407180 strncmp
0x407184 vfprintf
EAT(Export Address Table) is none