ScreenShot
| Created | 2024.09.19 10:02 | Machine | s1_win7_x6401 |
| Filename | zabardast-movie2024.mp3.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (AIDetectMalware, Malicious, score, Unsafe, GenericKD, Save, confidence, Genus, Attribute, HighConfidence, high confidence, Kryptik, MalwareX, CLOUD, xguzq, SILVER, YXEIQZ, Detected, Malware@#2s1h0u79g8zcc, CobaltStrike, ABTrojan, DZAI, Artemis, Chgt, Bujl) | ||
| md5 | cbef9bb615e2bd37d730ed30fde6ae03 | ||
| sha256 | 7e60419c0819d6577cbfb9be9e7617704d66159bc63ca3c3d1a3c8e4aef91a01 | ||
| ssdeep | 3072:Fb0xcYID2ZYaeKSra3Xf3HHic+sregMFC7Zd9mNo3c:Fb0IDE+1r6PSczK47ZdYOM | ||
| imphash | 142e7fec3bbae1af3a6f0d1369c091e9 | ||
| impfuzzy | 24:krfc1JnDfdN+kLhX8nyBlMblRf5XGfqKZ86d1TomvlxXUqKYZy:wfc19H+klX8nSslJJGfqA86d1T1vcqa | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400482c0 CloseHandle
0x1400482c8 CreateToolhelp32Snapshot
0x1400482d0 DeleteCriticalSection
0x1400482d8 EnterCriticalSection
0x1400482e0 FlushInstructionCache
0x1400482e8 GetCurrentProcess
0x1400482f0 GetCurrentProcessId
0x1400482f8 GetCurrentThreadId
0x140048300 GetLastError
0x140048308 GetModuleHandleW
0x140048310 GetProcAddress
0x140048318 GetSystemInfo
0x140048320 GetThreadContext
0x140048328 HeapAlloc
0x140048330 HeapCreate
0x140048338 HeapDestroy
0x140048340 HeapFree
0x140048348 HeapReAlloc
0x140048350 InitializeCriticalSection
0x140048358 IsDBCSLeadByteEx
0x140048360 LeaveCriticalSection
0x140048368 LoadLibraryA
0x140048370 MultiByteToWideChar
0x140048378 OpenThread
0x140048380 ResumeThread
0x140048388 SetThreadContext
0x140048390 SetUnhandledExceptionFilter
0x140048398 Sleep
0x1400483a0 SuspendThread
0x1400483a8 Thread32First
0x1400483b0 Thread32Next
0x1400483b8 TlsGetValue
0x1400483c0 VirtualAlloc
0x1400483c8 VirtualFree
0x1400483d0 VirtualProtect
0x1400483d8 VirtualQuery
0x1400483e0 WideCharToMultiByte
msvcrt.dll
0x1400483f0 __C_specific_handler
0x1400483f8 ___lc_codepage_func
0x140048400 ___mb_cur_max_func
0x140048408 __getmainargs
0x140048410 __initenv
0x140048418 __iob_func
0x140048420 __set_app_type
0x140048428 __setusermatherr
0x140048430 _amsg_exit
0x140048438 _cexit
0x140048440 _commode
0x140048448 _errno
0x140048450 _fileno
0x140048458 _fmode
0x140048460 _initterm
0x140048468 _lock
0x140048470 _onexit
0x140048478 _setjmp
0x140048480 _setmode
0x140048488 _unlock
0x140048490 abort
0x140048498 calloc
0x1400484a0 exit
0x1400484a8 fflush
0x1400484b0 fprintf
0x1400484b8 fputc
0x1400484c0 free
0x1400484c8 fwrite
0x1400484d0 localeconv
0x1400484d8 longjmp
0x1400484e0 malloc
0x1400484e8 memchr
0x1400484f0 memcmp
0x1400484f8 memcpy
0x140048500 memset
0x140048508 signal
0x140048510 strerror
0x140048518 strlen
0x140048520 strncmp
0x140048528 vfprintf
0x140048530 wcslen
EAT(Export Address Table) is none
KERNEL32.dll
0x1400482c0 CloseHandle
0x1400482c8 CreateToolhelp32Snapshot
0x1400482d0 DeleteCriticalSection
0x1400482d8 EnterCriticalSection
0x1400482e0 FlushInstructionCache
0x1400482e8 GetCurrentProcess
0x1400482f0 GetCurrentProcessId
0x1400482f8 GetCurrentThreadId
0x140048300 GetLastError
0x140048308 GetModuleHandleW
0x140048310 GetProcAddress
0x140048318 GetSystemInfo
0x140048320 GetThreadContext
0x140048328 HeapAlloc
0x140048330 HeapCreate
0x140048338 HeapDestroy
0x140048340 HeapFree
0x140048348 HeapReAlloc
0x140048350 InitializeCriticalSection
0x140048358 IsDBCSLeadByteEx
0x140048360 LeaveCriticalSection
0x140048368 LoadLibraryA
0x140048370 MultiByteToWideChar
0x140048378 OpenThread
0x140048380 ResumeThread
0x140048388 SetThreadContext
0x140048390 SetUnhandledExceptionFilter
0x140048398 Sleep
0x1400483a0 SuspendThread
0x1400483a8 Thread32First
0x1400483b0 Thread32Next
0x1400483b8 TlsGetValue
0x1400483c0 VirtualAlloc
0x1400483c8 VirtualFree
0x1400483d0 VirtualProtect
0x1400483d8 VirtualQuery
0x1400483e0 WideCharToMultiByte
msvcrt.dll
0x1400483f0 __C_specific_handler
0x1400483f8 ___lc_codepage_func
0x140048400 ___mb_cur_max_func
0x140048408 __getmainargs
0x140048410 __initenv
0x140048418 __iob_func
0x140048420 __set_app_type
0x140048428 __setusermatherr
0x140048430 _amsg_exit
0x140048438 _cexit
0x140048440 _commode
0x140048448 _errno
0x140048450 _fileno
0x140048458 _fmode
0x140048460 _initterm
0x140048468 _lock
0x140048470 _onexit
0x140048478 _setjmp
0x140048480 _setmode
0x140048488 _unlock
0x140048490 abort
0x140048498 calloc
0x1400484a0 exit
0x1400484a8 fflush
0x1400484b0 fprintf
0x1400484b8 fputc
0x1400484c0 free
0x1400484c8 fwrite
0x1400484d0 localeconv
0x1400484d8 longjmp
0x1400484e0 malloc
0x1400484e8 memchr
0x1400484f0 memcmp
0x1400484f8 memcpy
0x140048500 memset
0x140048508 signal
0x140048510 strerror
0x140048518 strlen
0x140048520 strncmp
0x140048528 vfprintf
0x140048530 wcslen
EAT(Export Address Table) is none