ScreenShot
| Created | 2024.09.22 18:16 | Machine | s1_win7_x6403 |
| Filename | fck.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 5 detected (AIDetectMalware, Malicious, Sonbokli) | ||
| md5 | d8a0d9575d0188e8d0420c1d70d04cb2 | ||
| sha256 | fa554a42c09bc8105b96f4175c7769f6cc2c8dbc72a175ed6217e6a664a7c330 | ||
| ssdeep | 3072:jCaAgC2HK8CBOTrijMPelZRpp9cinLbzJhi+Fm1oB8t2L:jAgBKbITILbRzeiLDiPC | ||
| imphash | 2c1340bab731211eab9f443d03ccafb1 | ||
| impfuzzy | 24:TwcpV/bOClpgqtrlEJ3coXD6vZ1XZVJtNFGjMQhFGXv2e:8cpVyUg8rScvZ19tWhFGh | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14001e000 GetSystemDirectoryW
0x14001e008 WideCharToMultiByte
0x14001e010 MultiByteToWideChar
0x14001e018 GetStringTypeW
0x14001e020 EncodePointer
0x14001e028 DecodePointer
0x14001e030 EnterCriticalSection
0x14001e038 LeaveCriticalSection
0x14001e040 InitializeCriticalSectionEx
0x14001e048 DeleteCriticalSection
0x14001e050 Sleep
0x14001e058 GetLocaleInfoEx
0x14001e060 GetCommandLineW
0x14001e068 GetLastError
0x14001e070 HeapFree
0x14001e078 GetCPInfo
0x14001e080 RtlPcToFileHeader
0x14001e088 RaiseException
0x14001e090 RtlLookupFunctionEntry
0x14001e098 RtlUnwindEx
0x14001e0a0 HeapAlloc
0x14001e0a8 InitializeCriticalSectionAndSpinCount
0x14001e0b0 IsProcessorFeaturePresent
0x14001e0b8 SetLastError
0x14001e0c0 GetCurrentThreadId
0x14001e0c8 ExitProcess
0x14001e0d0 GetModuleHandleExW
0x14001e0d8 GetProcAddress
0x14001e0e0 GetStdHandle
0x14001e0e8 WriteFile
0x14001e0f0 GetModuleFileNameW
0x14001e0f8 GetProcessHeap
0x14001e100 GetFileType
0x14001e108 InitOnceExecuteOnce
0x14001e110 GetStartupInfoW
0x14001e118 QueryPerformanceCounter
0x14001e120 GetSystemTimeAsFileTime
0x14001e128 GetTickCount64
0x14001e130 GetEnvironmentStringsW
0x14001e138 FreeEnvironmentStringsW
0x14001e140 RtlCaptureContext
0x14001e148 RtlVirtualUnwind
0x14001e150 UnhandledExceptionFilter
0x14001e158 SetUnhandledExceptionFilter
0x14001e160 FlsAlloc
0x14001e168 FlsGetValue
0x14001e170 FlsSetValue
0x14001e178 FlsFree
0x14001e180 GetCurrentProcess
0x14001e188 TerminateProcess
0x14001e190 GetModuleHandleW
0x14001e198 IsDebuggerPresent
0x14001e1a0 ReadFile
0x14001e1a8 SetFilePointerEx
0x14001e1b0 FlushFileBuffers
0x14001e1b8 GetConsoleCP
0x14001e1c0 GetConsoleMode
0x14001e1c8 HeapSize
0x14001e1d0 CloseHandle
0x14001e1d8 IsValidCodePage
0x14001e1e0 GetACP
0x14001e1e8 GetOEMCP
0x14001e1f0 SetFilePointer
0x14001e1f8 GetUserDefaultLocaleName
0x14001e200 LCMapStringEx
0x14001e208 IsValidLocaleName
0x14001e210 EnumSystemLocalesEx
0x14001e218 HeapReAlloc
0x14001e220 LoadLibraryExW
0x14001e228 OutputDebugStringW
0x14001e230 LoadLibraryW
0x14001e238 ReadConsoleW
0x14001e240 SetStdHandle
0x14001e248 WriteConsoleW
0x14001e250 CreateFileW
0x14001e258 SetEndOfFile
EAT(Export Address Table) is none
KERNEL32.dll
0x14001e000 GetSystemDirectoryW
0x14001e008 WideCharToMultiByte
0x14001e010 MultiByteToWideChar
0x14001e018 GetStringTypeW
0x14001e020 EncodePointer
0x14001e028 DecodePointer
0x14001e030 EnterCriticalSection
0x14001e038 LeaveCriticalSection
0x14001e040 InitializeCriticalSectionEx
0x14001e048 DeleteCriticalSection
0x14001e050 Sleep
0x14001e058 GetLocaleInfoEx
0x14001e060 GetCommandLineW
0x14001e068 GetLastError
0x14001e070 HeapFree
0x14001e078 GetCPInfo
0x14001e080 RtlPcToFileHeader
0x14001e088 RaiseException
0x14001e090 RtlLookupFunctionEntry
0x14001e098 RtlUnwindEx
0x14001e0a0 HeapAlloc
0x14001e0a8 InitializeCriticalSectionAndSpinCount
0x14001e0b0 IsProcessorFeaturePresent
0x14001e0b8 SetLastError
0x14001e0c0 GetCurrentThreadId
0x14001e0c8 ExitProcess
0x14001e0d0 GetModuleHandleExW
0x14001e0d8 GetProcAddress
0x14001e0e0 GetStdHandle
0x14001e0e8 WriteFile
0x14001e0f0 GetModuleFileNameW
0x14001e0f8 GetProcessHeap
0x14001e100 GetFileType
0x14001e108 InitOnceExecuteOnce
0x14001e110 GetStartupInfoW
0x14001e118 QueryPerformanceCounter
0x14001e120 GetSystemTimeAsFileTime
0x14001e128 GetTickCount64
0x14001e130 GetEnvironmentStringsW
0x14001e138 FreeEnvironmentStringsW
0x14001e140 RtlCaptureContext
0x14001e148 RtlVirtualUnwind
0x14001e150 UnhandledExceptionFilter
0x14001e158 SetUnhandledExceptionFilter
0x14001e160 FlsAlloc
0x14001e168 FlsGetValue
0x14001e170 FlsSetValue
0x14001e178 FlsFree
0x14001e180 GetCurrentProcess
0x14001e188 TerminateProcess
0x14001e190 GetModuleHandleW
0x14001e198 IsDebuggerPresent
0x14001e1a0 ReadFile
0x14001e1a8 SetFilePointerEx
0x14001e1b0 FlushFileBuffers
0x14001e1b8 GetConsoleCP
0x14001e1c0 GetConsoleMode
0x14001e1c8 HeapSize
0x14001e1d0 CloseHandle
0x14001e1d8 IsValidCodePage
0x14001e1e0 GetACP
0x14001e1e8 GetOEMCP
0x14001e1f0 SetFilePointer
0x14001e1f8 GetUserDefaultLocaleName
0x14001e200 LCMapStringEx
0x14001e208 IsValidLocaleName
0x14001e210 EnumSystemLocalesEx
0x14001e218 HeapReAlloc
0x14001e220 LoadLibraryExW
0x14001e228 OutputDebugStringW
0x14001e230 LoadLibraryW
0x14001e238 ReadConsoleW
0x14001e240 SetStdHandle
0x14001e248 WriteConsoleW
0x14001e250 CreateFileW
0x14001e258 SetEndOfFile
EAT(Export Address Table) is none