ScreenShot
| Created | 2024.09.17 14:31 | Machine | s1_win7_x6401 |
| Filename | Ghost_0x000263826B9A9B91.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 43 detected (Common, Dapato, Artemis, GenericKD, Unsafe, Vy46, Malicious, DropperX, saon, CLOUD, AMADEY, YXEH2Z, GenKD, Detected, Wacatac, ABTrojan, JHXG, Chgt, Gencirc, PossibleThreat, sddp) | ||
| md5 | 11df28c910c9d9127a7e7054e9cadf1f | ||
| sha256 | a695cb493631962a4c2fd61a094cb0b952ce708a99af714772cddd4991f32df0 | ||
| ssdeep | 24576:LpJCo0KkQWUI2kF2y8flgQ8QDiWeTmt5WFcnKaCizpf:y462e2ZUQDiJnSnKad | ||
| imphash | c7d97f73dc54ff7373f359ce127c9149 | ||
| impfuzzy | 192:WNDCXUl62jJDMzbyvSAYCS4RF8irayQ4VS7IXC:WrDMXqSA38irNQ4VS7IXC | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
COMCTL32.dll
0x140145a38 DefSubclassProc
comdlg32.dll
0x140145a48 ChooseColorW
0x140145a50 ChooseFontW
0x140145a58 CommDlgExtendedError
0x140145a60 FindTextW
0x140145a68 GetFileTitleW
0x140145a70 GetOpenFileNameW
0x140145a78 GetSaveFileNameW
0x140145a80 PageSetupDlgW
0x140145a88 PrintDlgExW
0x140145a90 PrintDlgW
0x140145a98 ReplaceTextW
dxgi.dll
0x140145aa8 CreateDXGIFactory
KERNEL32.dll
0x140145ab8 BackupRead
0x140145ac0 CancelIo
0x140145ac8 CheckNameLegalDOS8Dot3W
0x140145ad0 CloseHandle
0x140145ad8 ConvertDefaultLocale
0x140145ae0 ConvertFiberToThread
0x140145ae8 ConvertThreadToFiber
0x140145af0 CopyFileW
0x140145af8 CreateEventA
0x140145b00 CreateSemaphoreA
0x140145b08 DeleteCriticalSection
0x140145b10 DuplicateHandle
0x140145b18 EnterCriticalSection
0x140145b20 EnumSystemGeoID
0x140145b28 EraseTape
0x140145b30 ExitThread
0x140145b38 FindNextChangeNotification
0x140145b40 FindNextVolumeMountPointW
0x140145b48 FindVolumeClose
0x140145b50 FlushConsoleInputBuffer
0x140145b58 GetACP
0x140145b60 GetCPInfo
0x140145b68 GetCPInfoExW
0x140145b70 GetCompressedFileSizeW
0x140145b78 GetConsoleCP
0x140145b80 GetConsoleCursorInfo
0x140145b88 GetConsoleMode
0x140145b90 GetConsoleOutputCP
0x140145b98 GetConsoleSelectionInfo
0x140145ba0 GetConsoleTitleW
0x140145ba8 GetConsoleWindow
0x140145bb0 GetCurrentDirectoryW
0x140145bb8 GetCurrentProcess
0x140145bc0 GetCurrentProcessId
0x140145bc8 GetCurrentThread
0x140145bd0 GetCurrentThreadId
0x140145bd8 GetDateFormatW
0x140145be0 GetDiskFreeSpaceExW
0x140145be8 GetDriveTypeW
0x140145bf0 GetFileAttributesExW
0x140145bf8 GetFileAttributesW
0x140145c00 GetFileInformationByHandle
0x140145c08 GetFileSizeEx
0x140145c10 GetHandleInformation
0x140145c18 GetLargestConsoleWindowSize
0x140145c20 GetLastError
0x140145c28 GetLogicalDriveStringsW
0x140145c30 GetLogicalProcessorInformation
0x140145c38 GetLongPathNameW
0x140145c40 GetModuleHandleA
0x140145c48 GetNumaHighestNodeNumber
0x140145c50 GetNumaNodeProcessorMask
0x140145c58 GetNumaProcessorNode
0x140145c60 GetNumberOfConsoleMouseButtons
0x140145c68 GetOEMCP
0x140145c70 GetPriorityClass
0x140145c78 GetProcAddress
0x140145c80 GetProcessAffinityMask
0x140145c88 GetProcessIoCounters
0x140145c90 GetProcessPriorityBoost
0x140145c98 GetProcessTimes
0x140145ca0 GetProcessVersion
0x140145ca8 GetProcessWorkingSetSize
0x140145cb0 GetStartupInfoW
0x140145cb8 GetStdHandle
0x140145cc0 GetStringTypeA
0x140145cc8 GetSystemDefaultLCID
0x140145cd0 GetSystemDefaultLangID
0x140145cd8 GetSystemTimeAsFileTime
0x140145ce0 GetTapeParameters
0x140145ce8 GetTapePosition
0x140145cf0 GetTapeStatus
0x140145cf8 GetTempFileNameW
0x140145d00 GetTempPathW
0x140145d08 GetThreadContext
0x140145d10 GetThreadPriority
0x140145d18 GetThreadTimes
0x140145d20 GetTickCount
0x140145d28 GetUserDefaultLCID
0x140145d30 GetUserDefaultLangID
0x140145d38 GetUserGeoID
0x140145d40 GetVolumeInformationW
0x140145d48 InitializeCriticalSection
0x140145d50 IsDebuggerPresent
0x140145d58 IsProcessorFeaturePresent
0x140145d60 IsValidLanguageGroup
0x140145d68 IsValidLocale
0x140145d70 LCMapStringW
0x140145d78 LeaveCriticalSection
0x140145d80 LocalFree
0x140145d88 LockFile
0x140145d90 LockFileEx
0x140145d98 MoveFileExW
0x140145da0 MoveFileWithProgressW
0x140145da8 OpenProcess
0x140145db0 OutputDebugStringA
0x140145db8 PostQueuedCompletionStatus
0x140145dc0 QueryDosDeviceW
0x140145dc8 QueryPerformanceCounter
0x140145dd0 QueryPerformanceFrequency
0x140145dd8 RaiseException
0x140145de0 ReadConsoleInputW
0x140145de8 ReadConsoleW
0x140145df0 ReleaseSemaphore
0x140145df8 RemoveDirectoryW
0x140145e00 ReplaceFileW
0x140145e08 ResetEvent
0x140145e10 ResumeThread
0x140145e18 RtlCaptureContext
0x140145e20 RtlLookupFunctionEntry
0x140145e28 RtlUnwindEx
0x140145e30 RtlVirtualUnwind
0x140145e38 SetConsoleActiveScreenBuffer
0x140145e40 SetConsoleCP
0x140145e48 SetConsoleCursorInfo
0x140145e50 SetConsoleCursorPosition
0x140145e58 SetConsoleMode
0x140145e60 SetConsoleOutputCP
0x140145e68 SetConsoleScreenBufferSize
0x140145e70 SetConsoleTextAttribute
0x140145e78 SetConsoleWindowInfo
0x140145e80 SetCurrentDirectoryW
0x140145e88 SetEndOfFile
0x140145e90 SetEnvironmentVariableW
0x140145e98 SetEvent
0x140145ea0 SetFilePointerEx
0x140145ea8 SetFileShortNameW
0x140145eb0 SetLastError
0x140145eb8 SetProcessAffinityMask
0x140145ec0 SetProcessPriorityBoost
0x140145ec8 SetProcessShutdownParameters
0x140145ed0 SetProcessWorkingSetSize
0x140145ed8 SetTapePosition
0x140145ee0 SetThreadContext
0x140145ee8 SetThreadIdealProcessor
0x140145ef0 SetThreadLocale
0x140145ef8 SetThreadPriority
0x140145f00 SetUnhandledExceptionFilter
0x140145f08 SetVolumeLabelW
0x140145f10 Sleep
0x140145f18 SleepEx
0x140145f20 SuspendThread
0x140145f28 SwitchToFiber
0x140145f30 SwitchToThread
0x140145f38 TerminateProcess
0x140145f40 TlsAlloc
0x140145f48 TlsGetValue
0x140145f50 TlsSetValue
0x140145f58 TryEnterCriticalSection
0x140145f60 UnlockFile
0x140145f68 UnlockFileEx
0x140145f70 VerLanguageNameW
0x140145f78 VirtualProtect
0x140145f80 VirtualQuery
0x140145f88 WaitForMultipleObjects
0x140145f90 WaitForSingleObject
0x140145f98 WriteConsoleOutputAttribute
0x140145fa0 WriteConsoleOutputCharacterW
0x140145fa8 WriteFile
0x140145fb0 WriteFileEx
0x140145fb8 WriteTapemark
0x140145fc0 __C_specific_handler
0x140145fc8 lstrcatW
0x140145fd0 lstrcmpW
0x140145fd8 lstrcpynW
api-ms-win-crt-convert-l1-1-0.dll
0x140145fe8 strtoul
api-ms-win-crt-environment-l1-1-0.dll
0x140145ff8 __p__environ
0x140146000 __p__wenviron
0x140146008 getenv
api-ms-win-crt-heap-l1-1-0.dll
0x140146018 _set_new_mode
0x140146020 calloc
0x140146028 free
0x140146030 malloc
0x140146038 realloc
api-ms-win-crt-math-l1-1-0.dll
0x140146048 __setusermatherr
api-ms-win-crt-private-l1-1-0.dll
0x140146058 __intrinsic_setjmpex
0x140146060 longjmp
0x140146068 memcmp
0x140146070 memcpy
0x140146078 memmove
0x140146080 strchr
api-ms-win-crt-runtime-l1-1-0.dll
0x140146090 __p___argc
0x140146098 __p___argv
0x1401460a0 __p___wargv
0x1401460a8 __p__wcmdln
0x1401460b0 _beginthreadex
0x1401460b8 _cexit
0x1401460c0 _configure_narrow_argv
0x1401460c8 _configure_wide_argv
0x1401460d0 _crt_at_quick_exit
0x1401460d8 _crt_atexit
0x1401460e0 _endthreadex
0x1401460e8 _errno
0x1401460f0 _exit
0x1401460f8 _initialize_narrow_environment
0x140146100 _initialize_wide_environment
0x140146108 _initterm
0x140146110 _set_app_type
0x140146118 _set_invalid_parameter_handler
0x140146120 abort
0x140146128 exit
0x140146130 signal
api-ms-win-crt-stdio-l1-1-0.dll
0x140146140 __acrt_iob_func
0x140146148 __p__commode
0x140146150 __p__fmode
0x140146158 __stdio_common_vfprintf
0x140146160 __stdio_common_vfwprintf
0x140146168 __stdio_common_vsprintf
0x140146170 _write
0x140146178 fputc
0x140146180 fputs
0x140146188 fwrite
api-ms-win-crt-string-l1-1-0.dll
0x140146198 _strdup
0x1401461a0 memset
0x1401461a8 strcmp
0x1401461b0 strlen
0x1401461b8 strncmp
0x1401461c0 wcslen
api-ms-win-crt-time-l1-1-0.dll
0x1401461d0 __daylight
0x1401461d8 __timezone
0x1401461e0 __tzname
0x1401461e8 _tzset
api-ms-win-crt-utility-l1-1-0.dll
0x1401461f8 rand_s
OLEAUT32.dll
0x140146208 SysAllocString
0x140146210 VariantClear
0x140146218 VariantInit
USER32.dll
0x140146228 wsprintfW
WINSPOOL.DRV
0x140146238 AbortPrinter
0x140146240 ConfigurePortW
0x140146248 ConnectToPrinterDlg
0x140146250 EnumFormsW
0x140146258 EnumJobsW
0x140146260 EnumPrinterDataExW
0x140146268 EnumPrinterDataW
0x140146270 EnumPrinterKeyW
0x140146278 EnumPrintersW
0x140146280 FindClosePrinterChangeNotification
0x140146288 FindFirstPrinterChangeNotification
0x140146290 FindNextPrinterChangeNotification
0x140146298 FlushPrinter
0x1401462a0 GetFormW
0x1401462a8 GetJobW
0x1401462b0 GetPrinterDataExW
0x1401462b8 GetPrinterDataW
0x1401462c0 ResetPrinterW
0x1401462c8 ScheduleJob
0x1401462d0 SetFormW
0x1401462d8 SetJobW
0x1401462e0 SetPortW
0x1401462e8 SetPrinterDataW
0x1401462f0 SetPrinterW
0x1401462f8 WritePrinter
EAT(Export Address Table) is none
COMCTL32.dll
0x140145a38 DefSubclassProc
comdlg32.dll
0x140145a48 ChooseColorW
0x140145a50 ChooseFontW
0x140145a58 CommDlgExtendedError
0x140145a60 FindTextW
0x140145a68 GetFileTitleW
0x140145a70 GetOpenFileNameW
0x140145a78 GetSaveFileNameW
0x140145a80 PageSetupDlgW
0x140145a88 PrintDlgExW
0x140145a90 PrintDlgW
0x140145a98 ReplaceTextW
dxgi.dll
0x140145aa8 CreateDXGIFactory
KERNEL32.dll
0x140145ab8 BackupRead
0x140145ac0 CancelIo
0x140145ac8 CheckNameLegalDOS8Dot3W
0x140145ad0 CloseHandle
0x140145ad8 ConvertDefaultLocale
0x140145ae0 ConvertFiberToThread
0x140145ae8 ConvertThreadToFiber
0x140145af0 CopyFileW
0x140145af8 CreateEventA
0x140145b00 CreateSemaphoreA
0x140145b08 DeleteCriticalSection
0x140145b10 DuplicateHandle
0x140145b18 EnterCriticalSection
0x140145b20 EnumSystemGeoID
0x140145b28 EraseTape
0x140145b30 ExitThread
0x140145b38 FindNextChangeNotification
0x140145b40 FindNextVolumeMountPointW
0x140145b48 FindVolumeClose
0x140145b50 FlushConsoleInputBuffer
0x140145b58 GetACP
0x140145b60 GetCPInfo
0x140145b68 GetCPInfoExW
0x140145b70 GetCompressedFileSizeW
0x140145b78 GetConsoleCP
0x140145b80 GetConsoleCursorInfo
0x140145b88 GetConsoleMode
0x140145b90 GetConsoleOutputCP
0x140145b98 GetConsoleSelectionInfo
0x140145ba0 GetConsoleTitleW
0x140145ba8 GetConsoleWindow
0x140145bb0 GetCurrentDirectoryW
0x140145bb8 GetCurrentProcess
0x140145bc0 GetCurrentProcessId
0x140145bc8 GetCurrentThread
0x140145bd0 GetCurrentThreadId
0x140145bd8 GetDateFormatW
0x140145be0 GetDiskFreeSpaceExW
0x140145be8 GetDriveTypeW
0x140145bf0 GetFileAttributesExW
0x140145bf8 GetFileAttributesW
0x140145c00 GetFileInformationByHandle
0x140145c08 GetFileSizeEx
0x140145c10 GetHandleInformation
0x140145c18 GetLargestConsoleWindowSize
0x140145c20 GetLastError
0x140145c28 GetLogicalDriveStringsW
0x140145c30 GetLogicalProcessorInformation
0x140145c38 GetLongPathNameW
0x140145c40 GetModuleHandleA
0x140145c48 GetNumaHighestNodeNumber
0x140145c50 GetNumaNodeProcessorMask
0x140145c58 GetNumaProcessorNode
0x140145c60 GetNumberOfConsoleMouseButtons
0x140145c68 GetOEMCP
0x140145c70 GetPriorityClass
0x140145c78 GetProcAddress
0x140145c80 GetProcessAffinityMask
0x140145c88 GetProcessIoCounters
0x140145c90 GetProcessPriorityBoost
0x140145c98 GetProcessTimes
0x140145ca0 GetProcessVersion
0x140145ca8 GetProcessWorkingSetSize
0x140145cb0 GetStartupInfoW
0x140145cb8 GetStdHandle
0x140145cc0 GetStringTypeA
0x140145cc8 GetSystemDefaultLCID
0x140145cd0 GetSystemDefaultLangID
0x140145cd8 GetSystemTimeAsFileTime
0x140145ce0 GetTapeParameters
0x140145ce8 GetTapePosition
0x140145cf0 GetTapeStatus
0x140145cf8 GetTempFileNameW
0x140145d00 GetTempPathW
0x140145d08 GetThreadContext
0x140145d10 GetThreadPriority
0x140145d18 GetThreadTimes
0x140145d20 GetTickCount
0x140145d28 GetUserDefaultLCID
0x140145d30 GetUserDefaultLangID
0x140145d38 GetUserGeoID
0x140145d40 GetVolumeInformationW
0x140145d48 InitializeCriticalSection
0x140145d50 IsDebuggerPresent
0x140145d58 IsProcessorFeaturePresent
0x140145d60 IsValidLanguageGroup
0x140145d68 IsValidLocale
0x140145d70 LCMapStringW
0x140145d78 LeaveCriticalSection
0x140145d80 LocalFree
0x140145d88 LockFile
0x140145d90 LockFileEx
0x140145d98 MoveFileExW
0x140145da0 MoveFileWithProgressW
0x140145da8 OpenProcess
0x140145db0 OutputDebugStringA
0x140145db8 PostQueuedCompletionStatus
0x140145dc0 QueryDosDeviceW
0x140145dc8 QueryPerformanceCounter
0x140145dd0 QueryPerformanceFrequency
0x140145dd8 RaiseException
0x140145de0 ReadConsoleInputW
0x140145de8 ReadConsoleW
0x140145df0 ReleaseSemaphore
0x140145df8 RemoveDirectoryW
0x140145e00 ReplaceFileW
0x140145e08 ResetEvent
0x140145e10 ResumeThread
0x140145e18 RtlCaptureContext
0x140145e20 RtlLookupFunctionEntry
0x140145e28 RtlUnwindEx
0x140145e30 RtlVirtualUnwind
0x140145e38 SetConsoleActiveScreenBuffer
0x140145e40 SetConsoleCP
0x140145e48 SetConsoleCursorInfo
0x140145e50 SetConsoleCursorPosition
0x140145e58 SetConsoleMode
0x140145e60 SetConsoleOutputCP
0x140145e68 SetConsoleScreenBufferSize
0x140145e70 SetConsoleTextAttribute
0x140145e78 SetConsoleWindowInfo
0x140145e80 SetCurrentDirectoryW
0x140145e88 SetEndOfFile
0x140145e90 SetEnvironmentVariableW
0x140145e98 SetEvent
0x140145ea0 SetFilePointerEx
0x140145ea8 SetFileShortNameW
0x140145eb0 SetLastError
0x140145eb8 SetProcessAffinityMask
0x140145ec0 SetProcessPriorityBoost
0x140145ec8 SetProcessShutdownParameters
0x140145ed0 SetProcessWorkingSetSize
0x140145ed8 SetTapePosition
0x140145ee0 SetThreadContext
0x140145ee8 SetThreadIdealProcessor
0x140145ef0 SetThreadLocale
0x140145ef8 SetThreadPriority
0x140145f00 SetUnhandledExceptionFilter
0x140145f08 SetVolumeLabelW
0x140145f10 Sleep
0x140145f18 SleepEx
0x140145f20 SuspendThread
0x140145f28 SwitchToFiber
0x140145f30 SwitchToThread
0x140145f38 TerminateProcess
0x140145f40 TlsAlloc
0x140145f48 TlsGetValue
0x140145f50 TlsSetValue
0x140145f58 TryEnterCriticalSection
0x140145f60 UnlockFile
0x140145f68 UnlockFileEx
0x140145f70 VerLanguageNameW
0x140145f78 VirtualProtect
0x140145f80 VirtualQuery
0x140145f88 WaitForMultipleObjects
0x140145f90 WaitForSingleObject
0x140145f98 WriteConsoleOutputAttribute
0x140145fa0 WriteConsoleOutputCharacterW
0x140145fa8 WriteFile
0x140145fb0 WriteFileEx
0x140145fb8 WriteTapemark
0x140145fc0 __C_specific_handler
0x140145fc8 lstrcatW
0x140145fd0 lstrcmpW
0x140145fd8 lstrcpynW
api-ms-win-crt-convert-l1-1-0.dll
0x140145fe8 strtoul
api-ms-win-crt-environment-l1-1-0.dll
0x140145ff8 __p__environ
0x140146000 __p__wenviron
0x140146008 getenv
api-ms-win-crt-heap-l1-1-0.dll
0x140146018 _set_new_mode
0x140146020 calloc
0x140146028 free
0x140146030 malloc
0x140146038 realloc
api-ms-win-crt-math-l1-1-0.dll
0x140146048 __setusermatherr
api-ms-win-crt-private-l1-1-0.dll
0x140146058 __intrinsic_setjmpex
0x140146060 longjmp
0x140146068 memcmp
0x140146070 memcpy
0x140146078 memmove
0x140146080 strchr
api-ms-win-crt-runtime-l1-1-0.dll
0x140146090 __p___argc
0x140146098 __p___argv
0x1401460a0 __p___wargv
0x1401460a8 __p__wcmdln
0x1401460b0 _beginthreadex
0x1401460b8 _cexit
0x1401460c0 _configure_narrow_argv
0x1401460c8 _configure_wide_argv
0x1401460d0 _crt_at_quick_exit
0x1401460d8 _crt_atexit
0x1401460e0 _endthreadex
0x1401460e8 _errno
0x1401460f0 _exit
0x1401460f8 _initialize_narrow_environment
0x140146100 _initialize_wide_environment
0x140146108 _initterm
0x140146110 _set_app_type
0x140146118 _set_invalid_parameter_handler
0x140146120 abort
0x140146128 exit
0x140146130 signal
api-ms-win-crt-stdio-l1-1-0.dll
0x140146140 __acrt_iob_func
0x140146148 __p__commode
0x140146150 __p__fmode
0x140146158 __stdio_common_vfprintf
0x140146160 __stdio_common_vfwprintf
0x140146168 __stdio_common_vsprintf
0x140146170 _write
0x140146178 fputc
0x140146180 fputs
0x140146188 fwrite
api-ms-win-crt-string-l1-1-0.dll
0x140146198 _strdup
0x1401461a0 memset
0x1401461a8 strcmp
0x1401461b0 strlen
0x1401461b8 strncmp
0x1401461c0 wcslen
api-ms-win-crt-time-l1-1-0.dll
0x1401461d0 __daylight
0x1401461d8 __timezone
0x1401461e0 __tzname
0x1401461e8 _tzset
api-ms-win-crt-utility-l1-1-0.dll
0x1401461f8 rand_s
OLEAUT32.dll
0x140146208 SysAllocString
0x140146210 VariantClear
0x140146218 VariantInit
USER32.dll
0x140146228 wsprintfW
WINSPOOL.DRV
0x140146238 AbortPrinter
0x140146240 ConfigurePortW
0x140146248 ConnectToPrinterDlg
0x140146250 EnumFormsW
0x140146258 EnumJobsW
0x140146260 EnumPrinterDataExW
0x140146268 EnumPrinterDataW
0x140146270 EnumPrinterKeyW
0x140146278 EnumPrintersW
0x140146280 FindClosePrinterChangeNotification
0x140146288 FindFirstPrinterChangeNotification
0x140146290 FindNextPrinterChangeNotification
0x140146298 FlushPrinter
0x1401462a0 GetFormW
0x1401462a8 GetJobW
0x1401462b0 GetPrinterDataExW
0x1401462b8 GetPrinterDataW
0x1401462c0 ResetPrinterW
0x1401462c8 ScheduleJob
0x1401462d0 SetFormW
0x1401462d8 SetJobW
0x1401462e0 SetPortW
0x1401462e8 SetPrinterDataW
0x1401462f0 SetPrinterW
0x1401462f8 WritePrinter
EAT(Export Address Table) is none