ScreenShot
| Created | 2024.09.23 09:53 | Machine | s1_win7_x6403 |
| Filename | 2.jpg | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (AIDetectMalware, Malicious, score, Stop, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, BotX, Kryptik@AI, RDML, bNMwiRWOhPnwauGm6u2oHQ, Real Protect, high, Krypt, Static AI, Malicious PE, Detected, Wacapew, R658943, susgen) | ||
| md5 | ed7a5b5d2ca8ece5e921bdbfc042139b | ||
| sha256 | 8da0b3cb9fe1632f65ded0c9d4a06efae091e3b6faeb3db7cea7e51c3f7d0c13 | ||
| ssdeep | 12288:t6LhHl7OeoDt8A6vXT+c7I+BqTuY61A+ap1o:UFEe8v6bg+sufAbp | ||
| imphash | f60b3c7ef71ef3b6fc2d3f7e0643fd43 | ||
| impfuzzy | 24:1rukrkdbG2SGLKUOovzc4bkhMi1xcDRyG1VEdQBldg/COb+Ejap7ta2cfxyv4/Jy:3h1zMLyG1udCmg7t7cf2eoY2cJIDA63 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x46b000 FillConsoleOutputCharacterA
0x46b004 SearchPathW
0x46b008 GetConsoleAliasesLengthW
0x46b00c GetNumaProcessorNode
0x46b010 GetDefaultCommConfigW
0x46b014 QueryDosDeviceA
0x46b018 GetComputerNameW
0x46b01c SleepEx
0x46b020 ConnectNamedPipe
0x46b024 FreeEnvironmentStringsA
0x46b028 GetModuleHandleW
0x46b02c ReadConsoleOutputA
0x46b030 GetCommandLineA
0x46b034 GetPriorityClass
0x46b038 GetEnvironmentStrings
0x46b03c FatalAppExitW
0x46b040 SetSystemTimeAdjustment
0x46b044 GetConsoleAliasExesLengthW
0x46b048 HeapCreate
0x46b04c SetConsoleMode
0x46b050 GetFileAttributesW
0x46b054 GetModuleFileNameW
0x46b058 GetBinaryTypeW
0x46b05c SetConsoleTitleA
0x46b060 GetShortPathNameA
0x46b064 GetStdHandle
0x46b068 GetLastError
0x46b06c GetProcAddress
0x46b070 GetNumaHighestNodeNumber
0x46b074 OpenWaitableTimerA
0x46b078 LoadLibraryA
0x46b07c InterlockedExchangeAdd
0x46b080 LocalAlloc
0x46b084 MoveFileA
0x46b088 SetCommMask
0x46b08c FindAtomA
0x46b090 FoldStringA
0x46b094 WaitForMultipleObjects
0x46b098 GetModuleHandleA
0x46b09c FreeEnvironmentStringsW
0x46b0a0 BuildCommDCBA
0x46b0a4 PurgeComm
0x46b0a8 WaitForDebugEvent
0x46b0ac SetCalendarInfoA
0x46b0b0 GlobalReAlloc
0x46b0b4 CopyFileExA
0x46b0b8 GetVolumeInformationW
0x46b0bc CreateFileA
0x46b0c0 HeapFree
0x46b0c4 Sleep
0x46b0c8 ExitProcess
0x46b0cc GetStartupInfoW
0x46b0d0 TerminateProcess
0x46b0d4 GetCurrentProcess
0x46b0d8 UnhandledExceptionFilter
0x46b0dc SetUnhandledExceptionFilter
0x46b0e0 IsDebuggerPresent
0x46b0e4 VirtualFree
0x46b0e8 DeleteCriticalSection
0x46b0ec LeaveCriticalSection
0x46b0f0 EnterCriticalSection
0x46b0f4 HeapAlloc
0x46b0f8 VirtualAlloc
0x46b0fc HeapReAlloc
0x46b100 SetHandleCount
0x46b104 GetFileType
0x46b108 GetStartupInfoA
0x46b10c TlsGetValue
0x46b110 TlsAlloc
0x46b114 TlsSetValue
0x46b118 TlsFree
0x46b11c InterlockedIncrement
0x46b120 SetLastError
0x46b124 GetCurrentThreadId
0x46b128 InterlockedDecrement
0x46b12c HeapSize
0x46b130 WriteFile
0x46b134 GetModuleFileNameA
0x46b138 InitializeCriticalSectionAndSpinCount
0x46b13c GetEnvironmentStringsW
0x46b140 GetCommandLineW
0x46b144 QueryPerformanceCounter
0x46b148 GetTickCount
0x46b14c GetCurrentProcessId
0x46b150 GetSystemTimeAsFileTime
0x46b154 RtlUnwind
0x46b158 GetCPInfo
0x46b15c GetACP
0x46b160 GetOEMCP
0x46b164 IsValidCodePage
0x46b168 MultiByteToWideChar
0x46b16c ReadFile
0x46b170 GetLocaleInfoA
0x46b174 WideCharToMultiByte
0x46b178 LCMapStringA
0x46b17c LCMapStringW
0x46b180 GetStringTypeA
0x46b184 GetStringTypeW
0x46b188 GetConsoleCP
0x46b18c GetConsoleMode
0x46b190 FlushFileBuffers
0x46b194 SetFilePointer
0x46b198 SetStdHandle
0x46b19c CloseHandle
0x46b1a0 WriteConsoleA
0x46b1a4 GetConsoleOutputCP
0x46b1a8 WriteConsoleW
USER32.dll
0x46b1b0 GetUserObjectInformationW
0x46b1b4 GetActiveWindow
EAT(Export Address Table) is none
KERNEL32.dll
0x46b000 FillConsoleOutputCharacterA
0x46b004 SearchPathW
0x46b008 GetConsoleAliasesLengthW
0x46b00c GetNumaProcessorNode
0x46b010 GetDefaultCommConfigW
0x46b014 QueryDosDeviceA
0x46b018 GetComputerNameW
0x46b01c SleepEx
0x46b020 ConnectNamedPipe
0x46b024 FreeEnvironmentStringsA
0x46b028 GetModuleHandleW
0x46b02c ReadConsoleOutputA
0x46b030 GetCommandLineA
0x46b034 GetPriorityClass
0x46b038 GetEnvironmentStrings
0x46b03c FatalAppExitW
0x46b040 SetSystemTimeAdjustment
0x46b044 GetConsoleAliasExesLengthW
0x46b048 HeapCreate
0x46b04c SetConsoleMode
0x46b050 GetFileAttributesW
0x46b054 GetModuleFileNameW
0x46b058 GetBinaryTypeW
0x46b05c SetConsoleTitleA
0x46b060 GetShortPathNameA
0x46b064 GetStdHandle
0x46b068 GetLastError
0x46b06c GetProcAddress
0x46b070 GetNumaHighestNodeNumber
0x46b074 OpenWaitableTimerA
0x46b078 LoadLibraryA
0x46b07c InterlockedExchangeAdd
0x46b080 LocalAlloc
0x46b084 MoveFileA
0x46b088 SetCommMask
0x46b08c FindAtomA
0x46b090 FoldStringA
0x46b094 WaitForMultipleObjects
0x46b098 GetModuleHandleA
0x46b09c FreeEnvironmentStringsW
0x46b0a0 BuildCommDCBA
0x46b0a4 PurgeComm
0x46b0a8 WaitForDebugEvent
0x46b0ac SetCalendarInfoA
0x46b0b0 GlobalReAlloc
0x46b0b4 CopyFileExA
0x46b0b8 GetVolumeInformationW
0x46b0bc CreateFileA
0x46b0c0 HeapFree
0x46b0c4 Sleep
0x46b0c8 ExitProcess
0x46b0cc GetStartupInfoW
0x46b0d0 TerminateProcess
0x46b0d4 GetCurrentProcess
0x46b0d8 UnhandledExceptionFilter
0x46b0dc SetUnhandledExceptionFilter
0x46b0e0 IsDebuggerPresent
0x46b0e4 VirtualFree
0x46b0e8 DeleteCriticalSection
0x46b0ec LeaveCriticalSection
0x46b0f0 EnterCriticalSection
0x46b0f4 HeapAlloc
0x46b0f8 VirtualAlloc
0x46b0fc HeapReAlloc
0x46b100 SetHandleCount
0x46b104 GetFileType
0x46b108 GetStartupInfoA
0x46b10c TlsGetValue
0x46b110 TlsAlloc
0x46b114 TlsSetValue
0x46b118 TlsFree
0x46b11c InterlockedIncrement
0x46b120 SetLastError
0x46b124 GetCurrentThreadId
0x46b128 InterlockedDecrement
0x46b12c HeapSize
0x46b130 WriteFile
0x46b134 GetModuleFileNameA
0x46b138 InitializeCriticalSectionAndSpinCount
0x46b13c GetEnvironmentStringsW
0x46b140 GetCommandLineW
0x46b144 QueryPerformanceCounter
0x46b148 GetTickCount
0x46b14c GetCurrentProcessId
0x46b150 GetSystemTimeAsFileTime
0x46b154 RtlUnwind
0x46b158 GetCPInfo
0x46b15c GetACP
0x46b160 GetOEMCP
0x46b164 IsValidCodePage
0x46b168 MultiByteToWideChar
0x46b16c ReadFile
0x46b170 GetLocaleInfoA
0x46b174 WideCharToMultiByte
0x46b178 LCMapStringA
0x46b17c LCMapStringW
0x46b180 GetStringTypeA
0x46b184 GetStringTypeW
0x46b188 GetConsoleCP
0x46b18c GetConsoleMode
0x46b190 FlushFileBuffers
0x46b194 SetFilePointer
0x46b198 SetStdHandle
0x46b19c CloseHandle
0x46b1a0 WriteConsoleA
0x46b1a4 GetConsoleOutputCP
0x46b1a8 WriteConsoleW
USER32.dll
0x46b1b0 GetUserObjectInformationW
0x46b1b4 GetActiveWindow
EAT(Export Address Table) is none