ScreenShot
| Created | 2024.09.20 11:02 | Machine | s1_win7_x6403 |
| Filename | 3uTools.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 32 detected (AIDetectMalware, Redcap, Artemis, Vs2a, Attribute, HighConfidence, a variant of WinGo, TrojanPSW, Stealerc, CLASSIC, ysths, STEALC, YXEIRZ, malicious, high, score, Detected, Sabsik, Wacatac, AFB7Y7, WinGo, Chgt, QQPass, QQRob, Vsmw) | ||
| md5 | 3d2cb4c07b03ebffec42584ba3bc788f | ||
| sha256 | e9a490a9484aa93f5491a4cbba1381a4f1ed501f91ddcb42fcf4f09c3a7a4b2b | ||
| ssdeep | 196608:5io16DgfRh3F01c8u+fF0M2mWfMWbHNuz:zEpK+fFU51uz | ||
| imphash | 1aae8bf580c846f39c71c05898e57e88 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6UP:AwO+VUjXOmokx0nP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1669520 WriteFile
0x1669524 WriteConsoleW
0x1669528 WerSetFlags
0x166952c WerGetFlags
0x1669530 WaitForMultipleObjects
0x1669534 WaitForSingleObject
0x1669538 VirtualQuery
0x166953c VirtualFree
0x1669540 VirtualAlloc
0x1669544 TlsAlloc
0x1669548 SwitchToThread
0x166954c SuspendThread
0x1669550 SetWaitableTimer
0x1669554 SetUnhandledExceptionFilter
0x1669558 SetProcessPriorityBoost
0x166955c SetEvent
0x1669560 SetErrorMode
0x1669564 SetConsoleCtrlHandler
0x1669568 ResumeThread
0x166956c RaiseFailFastException
0x1669570 PostQueuedCompletionStatus
0x1669574 LoadLibraryW
0x1669578 LoadLibraryExW
0x166957c SetThreadContext
0x1669580 GetThreadContext
0x1669584 GetSystemInfo
0x1669588 GetSystemDirectoryA
0x166958c GetStdHandle
0x1669590 GetQueuedCompletionStatusEx
0x1669594 GetProcessAffinityMask
0x1669598 GetProcAddress
0x166959c GetErrorMode
0x16695a0 GetEnvironmentStringsW
0x16695a4 GetCurrentThreadId
0x16695a8 GetConsoleMode
0x16695ac FreeEnvironmentStringsW
0x16695b0 ExitProcess
0x16695b4 DuplicateHandle
0x16695b8 CreateWaitableTimerExW
0x16695bc CreateThread
0x16695c0 CreateIoCompletionPort
0x16695c4 CreateEventA
0x16695c8 CloseHandle
0x16695cc AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x1669520 WriteFile
0x1669524 WriteConsoleW
0x1669528 WerSetFlags
0x166952c WerGetFlags
0x1669530 WaitForMultipleObjects
0x1669534 WaitForSingleObject
0x1669538 VirtualQuery
0x166953c VirtualFree
0x1669540 VirtualAlloc
0x1669544 TlsAlloc
0x1669548 SwitchToThread
0x166954c SuspendThread
0x1669550 SetWaitableTimer
0x1669554 SetUnhandledExceptionFilter
0x1669558 SetProcessPriorityBoost
0x166955c SetEvent
0x1669560 SetErrorMode
0x1669564 SetConsoleCtrlHandler
0x1669568 ResumeThread
0x166956c RaiseFailFastException
0x1669570 PostQueuedCompletionStatus
0x1669574 LoadLibraryW
0x1669578 LoadLibraryExW
0x166957c SetThreadContext
0x1669580 GetThreadContext
0x1669584 GetSystemInfo
0x1669588 GetSystemDirectoryA
0x166958c GetStdHandle
0x1669590 GetQueuedCompletionStatusEx
0x1669594 GetProcessAffinityMask
0x1669598 GetProcAddress
0x166959c GetErrorMode
0x16695a0 GetEnvironmentStringsW
0x16695a4 GetCurrentThreadId
0x16695a8 GetConsoleMode
0x16695ac FreeEnvironmentStringsW
0x16695b0 ExitProcess
0x16695b4 DuplicateHandle
0x16695b8 CreateWaitableTimerExW
0x16695bc CreateThread
0x16695c0 CreateIoCompletionPort
0x16695c4 CreateEventA
0x16695c8 CloseHandle
0x16695cc AddVectoredExceptionHandler
EAT(Export Address Table) is none