ScreenShot
| Created | 2024.09.19 09:47 | Machine | s1_win7_x6403 |
| Filename | ScreenUpdateSync.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 44 detected (AIDetectMalware, Stealc, Malicious, score, Stop, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, HXWX, CrypterX, Kryptik@AI, RDML, 6403Q2EIQ8yU, CkX18ziqQ, jccce, YXEIRZ, Real Protect, high, Static AI, Malicious PE, Detected, Danabot, Sabsik, LGR7RP, Eldorado, R658943, Artemis, Chgt, susgen, GenKryptik, HBTI) | ||
| md5 | 95c4cd6903e8db5123f6941486a2af23 | ||
| sha256 | 5f4cc4675e728402c318c544ddfdcde87629be935157d731127fed4ce36efa1b | ||
| ssdeep | 3072:3kCLNdMje+6SQTmVVpfcUKjjVtMpMIdgUZjYpkibLK57N65X7FUMwVnfyN03xH61:ZLNd2HQm9PKvVtMeKvYph5X7zwVy03R | ||
| imphash | 5e1853c599f53045ffb0796f2bdab49b | ||
| impfuzzy | 48:uK1JZfvMLd/1Sd4Ei7t7cfR02k2cJa8ADq:pTk/w4f7t7cfi2VcJac | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424000 FillConsoleOutputCharacterA
0x424004 GetNumaNodeProcessorMask
0x424008 SearchPathW
0x42400c GetConsoleAliasesLengthW
0x424010 GetDefaultCommConfigW
0x424014 CallNamedPipeA
0x424018 GetEnvironmentStringsW
0x42401c CreateDirectoryW
0x424020 GetUserDefaultLCID
0x424024 GetComputerNameW
0x424028 SleepEx
0x42402c ConnectNamedPipe
0x424030 FreeEnvironmentStringsA
0x424034 GetModuleHandleW
0x424038 GetConsoleAliasesA
0x42403c GetCommandLineA
0x424040 GetPriorityClass
0x424044 LoadLibraryW
0x424048 GetConsoleAliasExesLengthW
0x42404c WriteConsoleOutputA
0x424050 HeapCreate
0x424054 SetConsoleMode
0x424058 GetFileAttributesW
0x42405c GetModuleFileNameW
0x424060 GetBinaryTypeW
0x424064 SetConsoleTitleA
0x424068 InterlockedExchange
0x42406c GetStartupInfoA
0x424070 GetLastError
0x424074 GetProcAddress
0x424078 SetStdHandle
0x42407c SearchPathA
0x424080 OpenWaitableTimerA
0x424084 InterlockedExchangeAdd
0x424088 LocalAlloc
0x42408c QueryDosDeviceW
0x424090 SetCommMask
0x424094 FoldStringA
0x424098 WaitForMultipleObjects
0x42409c GetModuleHandleA
0x4240a0 BuildCommDCBA
0x4240a4 PurgeComm
0x4240a8 WaitForDebugEvent
0x4240ac GetShortPathNameW
0x4240b0 SetCalendarInfoA
0x4240b4 FindAtomW
0x4240b8 GlobalReAlloc
0x4240bc CopyFileExA
0x4240c0 GetVolumeInformationW
0x4240c4 CreateFileA
0x4240c8 HeapFree
0x4240cc HeapAlloc
0x4240d0 MultiByteToWideChar
0x4240d4 HeapReAlloc
0x4240d8 Sleep
0x4240dc ExitProcess
0x4240e0 GetStartupInfoW
0x4240e4 TerminateProcess
0x4240e8 GetCurrentProcess
0x4240ec UnhandledExceptionFilter
0x4240f0 SetUnhandledExceptionFilter
0x4240f4 IsDebuggerPresent
0x4240f8 VirtualFree
0x4240fc DeleteCriticalSection
0x424100 LeaveCriticalSection
0x424104 EnterCriticalSection
0x424108 VirtualAlloc
0x42410c WriteFile
0x424110 GetStdHandle
0x424114 GetModuleFileNameA
0x424118 SetHandleCount
0x42411c GetFileType
0x424120 TlsGetValue
0x424124 TlsAlloc
0x424128 TlsSetValue
0x42412c TlsFree
0x424130 InterlockedIncrement
0x424134 SetLastError
0x424138 GetCurrentThreadId
0x42413c InterlockedDecrement
0x424140 HeapSize
0x424144 GetCPInfo
0x424148 GetACP
0x42414c GetOEMCP
0x424150 IsValidCodePage
0x424154 LoadLibraryA
0x424158 InitializeCriticalSectionAndSpinCount
0x42415c FreeEnvironmentStringsW
0x424160 GetCommandLineW
0x424164 QueryPerformanceCounter
0x424168 GetTickCount
0x42416c GetCurrentProcessId
0x424170 GetSystemTimeAsFileTime
0x424174 RtlUnwind
0x424178 ReadFile
0x42417c LCMapStringA
0x424180 WideCharToMultiByte
0x424184 LCMapStringW
0x424188 GetStringTypeA
0x42418c GetStringTypeW
0x424190 GetLocaleInfoA
0x424194 GetConsoleCP
0x424198 GetConsoleMode
0x42419c FlushFileBuffers
0x4241a0 SetFilePointer
0x4241a4 CloseHandle
0x4241a8 WriteConsoleA
0x4241ac GetConsoleOutputCP
0x4241b0 WriteConsoleW
USER32.dll
0x4241b8 GetActiveWindow
0x4241bc GetUserObjectInformationA
EAT(Export Address Table) is none
KERNEL32.dll
0x424000 FillConsoleOutputCharacterA
0x424004 GetNumaNodeProcessorMask
0x424008 SearchPathW
0x42400c GetConsoleAliasesLengthW
0x424010 GetDefaultCommConfigW
0x424014 CallNamedPipeA
0x424018 GetEnvironmentStringsW
0x42401c CreateDirectoryW
0x424020 GetUserDefaultLCID
0x424024 GetComputerNameW
0x424028 SleepEx
0x42402c ConnectNamedPipe
0x424030 FreeEnvironmentStringsA
0x424034 GetModuleHandleW
0x424038 GetConsoleAliasesA
0x42403c GetCommandLineA
0x424040 GetPriorityClass
0x424044 LoadLibraryW
0x424048 GetConsoleAliasExesLengthW
0x42404c WriteConsoleOutputA
0x424050 HeapCreate
0x424054 SetConsoleMode
0x424058 GetFileAttributesW
0x42405c GetModuleFileNameW
0x424060 GetBinaryTypeW
0x424064 SetConsoleTitleA
0x424068 InterlockedExchange
0x42406c GetStartupInfoA
0x424070 GetLastError
0x424074 GetProcAddress
0x424078 SetStdHandle
0x42407c SearchPathA
0x424080 OpenWaitableTimerA
0x424084 InterlockedExchangeAdd
0x424088 LocalAlloc
0x42408c QueryDosDeviceW
0x424090 SetCommMask
0x424094 FoldStringA
0x424098 WaitForMultipleObjects
0x42409c GetModuleHandleA
0x4240a0 BuildCommDCBA
0x4240a4 PurgeComm
0x4240a8 WaitForDebugEvent
0x4240ac GetShortPathNameW
0x4240b0 SetCalendarInfoA
0x4240b4 FindAtomW
0x4240b8 GlobalReAlloc
0x4240bc CopyFileExA
0x4240c0 GetVolumeInformationW
0x4240c4 CreateFileA
0x4240c8 HeapFree
0x4240cc HeapAlloc
0x4240d0 MultiByteToWideChar
0x4240d4 HeapReAlloc
0x4240d8 Sleep
0x4240dc ExitProcess
0x4240e0 GetStartupInfoW
0x4240e4 TerminateProcess
0x4240e8 GetCurrentProcess
0x4240ec UnhandledExceptionFilter
0x4240f0 SetUnhandledExceptionFilter
0x4240f4 IsDebuggerPresent
0x4240f8 VirtualFree
0x4240fc DeleteCriticalSection
0x424100 LeaveCriticalSection
0x424104 EnterCriticalSection
0x424108 VirtualAlloc
0x42410c WriteFile
0x424110 GetStdHandle
0x424114 GetModuleFileNameA
0x424118 SetHandleCount
0x42411c GetFileType
0x424120 TlsGetValue
0x424124 TlsAlloc
0x424128 TlsSetValue
0x42412c TlsFree
0x424130 InterlockedIncrement
0x424134 SetLastError
0x424138 GetCurrentThreadId
0x42413c InterlockedDecrement
0x424140 HeapSize
0x424144 GetCPInfo
0x424148 GetACP
0x42414c GetOEMCP
0x424150 IsValidCodePage
0x424154 LoadLibraryA
0x424158 InitializeCriticalSectionAndSpinCount
0x42415c FreeEnvironmentStringsW
0x424160 GetCommandLineW
0x424164 QueryPerformanceCounter
0x424168 GetTickCount
0x42416c GetCurrentProcessId
0x424170 GetSystemTimeAsFileTime
0x424174 RtlUnwind
0x424178 ReadFile
0x42417c LCMapStringA
0x424180 WideCharToMultiByte
0x424184 LCMapStringW
0x424188 GetStringTypeA
0x42418c GetStringTypeW
0x424190 GetLocaleInfoA
0x424194 GetConsoleCP
0x424198 GetConsoleMode
0x42419c FlushFileBuffers
0x4241a0 SetFilePointer
0x4241a4 CloseHandle
0x4241a8 WriteConsoleA
0x4241ac GetConsoleOutputCP
0x4241b0 WriteConsoleW
USER32.dll
0x4241b8 GetActiveWindow
0x4241bc GetUserObjectInformationA
EAT(Export Address Table) is none