ScreenShot
| Created | 2024.09.17 14:18 | Machine | s1_win7_x6401 |
| Filename | 8.11.9-Windows.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 39 detected (Common, Artemis, Unsafe, V3q2, malicious, confidence, TrojanPSW, Genus, Attribute, HighConfidence, moderate confidence, a variant of WinGo, score, ytrwh, AMADEY, YXEH1Z, moderate, WinGo, Detected, Phonzy, OAH2Q1, ABTrojan, KIRA, Ddhl, Chgt, Akgpp) | ||
| md5 | 1c6b522d985b2e60890a098e3d5e78b8 | ||
| sha256 | 35005932465ca51b1bffcd168dd6c9386dbdecb78efacfbe4877b9b1e65da8b4 | ||
| ssdeep | 98304:D5MCdYwJ/6LV6oJBgsJDVUN81bIe3Ev9kaxS0i8J2LAAvbW54jSEUb5HwXQiUacn:uqm6ABmN81bH0VSpO2sGb905QX5ccC | ||
| imphash | 4f2f006e2ecf7172ad368f8289dc96c1 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6tP:AwO+VUjXOmokx0oP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1017300 WriteFile
0x1017304 WriteConsoleW
0x1017308 WerSetFlags
0x101730c WerGetFlags
0x1017310 WaitForMultipleObjects
0x1017314 WaitForSingleObject
0x1017318 VirtualQuery
0x101731c VirtualFree
0x1017320 VirtualAlloc
0x1017324 TlsAlloc
0x1017328 SwitchToThread
0x101732c SuspendThread
0x1017330 SetWaitableTimer
0x1017334 SetUnhandledExceptionFilter
0x1017338 SetProcessPriorityBoost
0x101733c SetEvent
0x1017340 SetErrorMode
0x1017344 SetConsoleCtrlHandler
0x1017348 ResumeThread
0x101734c RaiseFailFastException
0x1017350 PostQueuedCompletionStatus
0x1017354 LoadLibraryW
0x1017358 LoadLibraryExW
0x101735c SetThreadContext
0x1017360 GetThreadContext
0x1017364 GetSystemInfo
0x1017368 GetSystemDirectoryA
0x101736c GetStdHandle
0x1017370 GetQueuedCompletionStatusEx
0x1017374 GetProcessAffinityMask
0x1017378 GetProcAddress
0x101737c GetErrorMode
0x1017380 GetEnvironmentStringsW
0x1017384 GetCurrentThreadId
0x1017388 GetConsoleMode
0x101738c FreeEnvironmentStringsW
0x1017390 ExitProcess
0x1017394 DuplicateHandle
0x1017398 CreateWaitableTimerExW
0x101739c CreateThread
0x10173a0 CreateIoCompletionPort
0x10173a4 CreateFileA
0x10173a8 CreateEventA
0x10173ac CloseHandle
0x10173b0 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x1017300 WriteFile
0x1017304 WriteConsoleW
0x1017308 WerSetFlags
0x101730c WerGetFlags
0x1017310 WaitForMultipleObjects
0x1017314 WaitForSingleObject
0x1017318 VirtualQuery
0x101731c VirtualFree
0x1017320 VirtualAlloc
0x1017324 TlsAlloc
0x1017328 SwitchToThread
0x101732c SuspendThread
0x1017330 SetWaitableTimer
0x1017334 SetUnhandledExceptionFilter
0x1017338 SetProcessPriorityBoost
0x101733c SetEvent
0x1017340 SetErrorMode
0x1017344 SetConsoleCtrlHandler
0x1017348 ResumeThread
0x101734c RaiseFailFastException
0x1017350 PostQueuedCompletionStatus
0x1017354 LoadLibraryW
0x1017358 LoadLibraryExW
0x101735c SetThreadContext
0x1017360 GetThreadContext
0x1017364 GetSystemInfo
0x1017368 GetSystemDirectoryA
0x101736c GetStdHandle
0x1017370 GetQueuedCompletionStatusEx
0x1017374 GetProcessAffinityMask
0x1017378 GetProcAddress
0x101737c GetErrorMode
0x1017380 GetEnvironmentStringsW
0x1017384 GetCurrentThreadId
0x1017388 GetConsoleMode
0x101738c FreeEnvironmentStringsW
0x1017390 ExitProcess
0x1017394 DuplicateHandle
0x1017398 CreateWaitableTimerExW
0x101739c CreateThread
0x10173a0 CreateIoCompletionPort
0x10173a4 CreateFileA
0x10173a8 CreateEventA
0x10173ac CloseHandle
0x10173b0 AddVectoredExceptionHandler
EAT(Export Address Table) is none