ScreenShot
| Created | 2024.09.20 10:28 | Machine | s1_win7_x6401 |
| Filename | 1.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (AIDetectMalware, Androm, Malicious, score, Artemis, GenericKD, Vzak, confidence, Attribute, HighConfidence, moderate confidence, MalwareX, vsnu, CLOUD, Zeus, fyxdz, bfii, Detected, CobaltStrike, ABTrojan, FDYF, Outbreak, Chgt, R002H0CIH24, susgen, Behavior) | ||
| md5 | dc3057afa994be72fc9b1dba3c74feb8 | ||
| sha256 | ea1fbacd9ffda16764f24885e617ef5a7398917aed09bb494e2965ff33999db9 | ||
| ssdeep | 768:0dzuv4AJ+FtWh6cVR4U573ZNGJlwTcVV6ZTDu9dybeyVta7NQNGg1Hb/:uCv4AJEsRbAJlwTcVV6ZTDpfYNQNGyb/ | ||
| imphash | e88f56e3614446e3e1410c82ae9fdc91 | ||
| impfuzzy | 48:8fNcfnHL5Bfirkdk1YwLSYSV0aOPaKFR2tS:8fNcfnrfi0k52w | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Queries for the computername |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (3cnts) ?
Suricata ids
SURICATA Applayer Wrong direction first Data
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140009378 DeleteCriticalSection
0x140009380 EnterCriticalSection
0x140009388 GetLastError
0x140009390 InitializeCriticalSection
0x140009398 LeaveCriticalSection
0x1400093a0 OutputDebugStringA
0x1400093a8 SetUnhandledExceptionFilter
0x1400093b0 Sleep
0x1400093b8 TlsGetValue
0x1400093c0 VirtualAlloc
0x1400093c8 VirtualFree
0x1400093d0 VirtualProtect
0x1400093d8 VirtualQuery
0x1400093e0 __C_specific_handler
api-ms-win-crt-convert-l1-1-0.dll
0x1400093f0 atoi
api-ms-win-crt-environment-l1-1-0.dll
0x140009400 __p__environ
0x140009408 __p__wenviron
api-ms-win-crt-heap-l1-1-0.dll
0x140009418 _set_new_mode
0x140009420 calloc
0x140009428 free
0x140009430 malloc
api-ms-win-crt-math-l1-1-0.dll
0x140009440 __setusermatherr
api-ms-win-crt-private-l1-1-0.dll
0x140009450 memcpy
0x140009458 strstr
api-ms-win-crt-runtime-l1-1-0.dll
0x140009468 __p___argc
0x140009470 __p___argv
0x140009478 __p___wargv
0x140009480 _cexit
0x140009488 _configure_narrow_argv
0x140009490 _configure_wide_argv
0x140009498 _crt_at_quick_exit
0x1400094a0 _crt_atexit
0x1400094a8 _exit
0x1400094b0 _initialize_narrow_environment
0x1400094b8 _initialize_wide_environment
0x1400094c0 _initterm
0x1400094c8 _set_app_type
0x1400094d0 _set_invalid_parameter_handler
0x1400094d8 abort
0x1400094e0 exit
0x1400094e8 perror
0x1400094f0 signal
api-ms-win-crt-stdio-l1-1-0.dll
0x140009500 __acrt_iob_func
0x140009508 __p__commode
0x140009510 __p__fmode
0x140009518 __stdio_common_vfprintf
0x140009520 __stdio_common_vfwprintf
0x140009528 __stdio_common_vsprintf
0x140009530 fclose
0x140009538 fgetc
0x140009540 fopen
0x140009548 fseek
0x140009550 ftell
0x140009558 fwrite
api-ms-win-crt-string-l1-1-0.dll
0x140009568 strlen
0x140009570 strncmp
api-ms-win-crt-time-l1-1-0.dll
0x140009580 __daylight
0x140009588 __timezone
0x140009590 __tzname
0x140009598 _tzset
WS2_32.dll
0x1400095a8 WSACleanup
0x1400095b0 WSAGetLastError
0x1400095b8 WSAStartup
0x1400095c0 closesocket
0x1400095c8 connect
0x1400095d0 htons
0x1400095d8 inet_addr
0x1400095e0 recv
0x1400095e8 send
0x1400095f0 socket
EAT(Export Address Table) is none
KERNEL32.dll
0x140009378 DeleteCriticalSection
0x140009380 EnterCriticalSection
0x140009388 GetLastError
0x140009390 InitializeCriticalSection
0x140009398 LeaveCriticalSection
0x1400093a0 OutputDebugStringA
0x1400093a8 SetUnhandledExceptionFilter
0x1400093b0 Sleep
0x1400093b8 TlsGetValue
0x1400093c0 VirtualAlloc
0x1400093c8 VirtualFree
0x1400093d0 VirtualProtect
0x1400093d8 VirtualQuery
0x1400093e0 __C_specific_handler
api-ms-win-crt-convert-l1-1-0.dll
0x1400093f0 atoi
api-ms-win-crt-environment-l1-1-0.dll
0x140009400 __p__environ
0x140009408 __p__wenviron
api-ms-win-crt-heap-l1-1-0.dll
0x140009418 _set_new_mode
0x140009420 calloc
0x140009428 free
0x140009430 malloc
api-ms-win-crt-math-l1-1-0.dll
0x140009440 __setusermatherr
api-ms-win-crt-private-l1-1-0.dll
0x140009450 memcpy
0x140009458 strstr
api-ms-win-crt-runtime-l1-1-0.dll
0x140009468 __p___argc
0x140009470 __p___argv
0x140009478 __p___wargv
0x140009480 _cexit
0x140009488 _configure_narrow_argv
0x140009490 _configure_wide_argv
0x140009498 _crt_at_quick_exit
0x1400094a0 _crt_atexit
0x1400094a8 _exit
0x1400094b0 _initialize_narrow_environment
0x1400094b8 _initialize_wide_environment
0x1400094c0 _initterm
0x1400094c8 _set_app_type
0x1400094d0 _set_invalid_parameter_handler
0x1400094d8 abort
0x1400094e0 exit
0x1400094e8 perror
0x1400094f0 signal
api-ms-win-crt-stdio-l1-1-0.dll
0x140009500 __acrt_iob_func
0x140009508 __p__commode
0x140009510 __p__fmode
0x140009518 __stdio_common_vfprintf
0x140009520 __stdio_common_vfwprintf
0x140009528 __stdio_common_vsprintf
0x140009530 fclose
0x140009538 fgetc
0x140009540 fopen
0x140009548 fseek
0x140009550 ftell
0x140009558 fwrite
api-ms-win-crt-string-l1-1-0.dll
0x140009568 strlen
0x140009570 strncmp
api-ms-win-crt-time-l1-1-0.dll
0x140009580 __daylight
0x140009588 __timezone
0x140009590 __tzname
0x140009598 _tzset
WS2_32.dll
0x1400095a8 WSACleanup
0x1400095b0 WSAGetLastError
0x1400095b8 WSAStartup
0x1400095c0 closesocket
0x1400095c8 connect
0x1400095d0 htons
0x1400095d8 inet_addr
0x1400095e0 recv
0x1400095e8 send
0x1400095f0 socket
EAT(Export Address Table) is none