ScreenShot
| Created | 2024.09.23 10:00 | Machine | s1_win7_x6403 |
| Filename | 66f064675abb3_lyla3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (AIDetectMalware, Malicious, score, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, HBXE, Kryptik@AI, RDML, G+OnU, rYIrAG07HOoKXH0g, Real Protect, high, Krypt, Static AI, Malicious PE, Detected, Wacapew, R658943) | ||
| md5 | d56bea8714d3b0d71a4905b3e9103e03 | ||
| sha256 | c27e2d17cf286c37d3691b278c530c70911950db0c7bbc4e57523ecf325f1547 | ||
| ssdeep | 3072:/QGHLMg57JJiTFgV5qzHXROliutbzQ9EH12gu5TlssAxaxBAUf7J:oGHLMwlEyViOAIg9EYBAel | ||
| imphash | 961bc56325ea858767969d4be856f113 | ||
| impfuzzy | 24:j4fgkrkdbG2ShKUOovzcjQbkhMW1xcDxuxQy4dQBSodg/COb+yDYxta2cf3yv4/X:oh1OM8Qy4dRUNxt7cfkelY2cJIDA63 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418000 GetComputerNameA
0x418004 FillConsoleOutputCharacterA
0x418008 GetConsoleAliasesLengthW
0x41800c GetNumaProcessorNode
0x418010 GetDefaultCommConfigW
0x418014 CallNamedPipeA
0x418018 QueryDosDeviceA
0x41801c SleepEx
0x418020 ConnectNamedPipe
0x418024 FreeEnvironmentStringsA
0x418028 GetModuleHandleW
0x41802c ReadConsoleOutputA
0x418030 GetCommandLineA
0x418034 GetPriorityClass
0x418038 GetEnvironmentStrings
0x41803c LoadLibraryW
0x418040 SetSystemTimeAdjustment
0x418044 GetConsoleAliasExesLengthW
0x418048 HeapCreate
0x41804c SetConsoleMode
0x418050 GetFileAttributesW
0x418054 GetModuleFileNameW
0x418058 GetBinaryTypeW
0x41805c GetStartupInfoW
0x418060 SetConsoleTitleA
0x418064 GetShortPathNameA
0x418068 GetStdHandle
0x41806c GetLastError
0x418070 GetProcAddress
0x418074 SearchPathA
0x418078 BuildCommDCBW
0x41807c GetNumaHighestNodeNumber
0x418080 InterlockedExchangeAdd
0x418084 OpenWaitableTimerW
0x418088 LocalAlloc
0x41808c SetCalendarInfoW
0x418090 SetCommMask
0x418094 FindAtomA
0x418098 FoldStringA
0x41809c WaitForMultipleObjects
0x4180a0 GetModuleHandleA
0x4180a4 FreeEnvironmentStringsW
0x4180a8 PurgeComm
0x4180ac WaitForDebugEvent
0x4180b0 GlobalReAlloc
0x4180b4 CopyFileExA
0x4180b8 GetVolumeInformationW
0x4180bc CreateFileA
0x4180c0 HeapFree
0x4180c4 HeapAlloc
0x4180c8 Sleep
0x4180cc ExitProcess
0x4180d0 TerminateProcess
0x4180d4 GetCurrentProcess
0x4180d8 UnhandledExceptionFilter
0x4180dc SetUnhandledExceptionFilter
0x4180e0 IsDebuggerPresent
0x4180e4 VirtualFree
0x4180e8 DeleteCriticalSection
0x4180ec LeaveCriticalSection
0x4180f0 EnterCriticalSection
0x4180f4 VirtualAlloc
0x4180f8 HeapReAlloc
0x4180fc WriteFile
0x418100 GetModuleFileNameA
0x418104 SetHandleCount
0x418108 GetFileType
0x41810c GetStartupInfoA
0x418110 TlsGetValue
0x418114 TlsAlloc
0x418118 TlsSetValue
0x41811c TlsFree
0x418120 InterlockedIncrement
0x418124 SetLastError
0x418128 GetCurrentThreadId
0x41812c InterlockedDecrement
0x418130 HeapSize
0x418134 LoadLibraryA
0x418138 InitializeCriticalSectionAndSpinCount
0x41813c GetEnvironmentStringsW
0x418140 GetCommandLineW
0x418144 QueryPerformanceCounter
0x418148 GetTickCount
0x41814c GetCurrentProcessId
0x418150 GetSystemTimeAsFileTime
0x418154 RtlUnwind
0x418158 GetCPInfo
0x41815c GetACP
0x418160 GetOEMCP
0x418164 IsValidCodePage
0x418168 MultiByteToWideChar
0x41816c ReadFile
0x418170 GetLocaleInfoA
0x418174 WideCharToMultiByte
0x418178 LCMapStringA
0x41817c LCMapStringW
0x418180 GetStringTypeA
0x418184 GetStringTypeW
0x418188 GetConsoleCP
0x41818c GetConsoleMode
0x418190 FlushFileBuffers
0x418194 SetFilePointer
0x418198 SetStdHandle
0x41819c CloseHandle
0x4181a0 WriteConsoleA
0x4181a4 GetConsoleOutputCP
0x4181a8 WriteConsoleW
USER32.dll
0x4181b0 GetUserObjectInformationW
0x4181b4 GetActiveWindow
EAT(Export Address Table) is none
KERNEL32.dll
0x418000 GetComputerNameA
0x418004 FillConsoleOutputCharacterA
0x418008 GetConsoleAliasesLengthW
0x41800c GetNumaProcessorNode
0x418010 GetDefaultCommConfigW
0x418014 CallNamedPipeA
0x418018 QueryDosDeviceA
0x41801c SleepEx
0x418020 ConnectNamedPipe
0x418024 FreeEnvironmentStringsA
0x418028 GetModuleHandleW
0x41802c ReadConsoleOutputA
0x418030 GetCommandLineA
0x418034 GetPriorityClass
0x418038 GetEnvironmentStrings
0x41803c LoadLibraryW
0x418040 SetSystemTimeAdjustment
0x418044 GetConsoleAliasExesLengthW
0x418048 HeapCreate
0x41804c SetConsoleMode
0x418050 GetFileAttributesW
0x418054 GetModuleFileNameW
0x418058 GetBinaryTypeW
0x41805c GetStartupInfoW
0x418060 SetConsoleTitleA
0x418064 GetShortPathNameA
0x418068 GetStdHandle
0x41806c GetLastError
0x418070 GetProcAddress
0x418074 SearchPathA
0x418078 BuildCommDCBW
0x41807c GetNumaHighestNodeNumber
0x418080 InterlockedExchangeAdd
0x418084 OpenWaitableTimerW
0x418088 LocalAlloc
0x41808c SetCalendarInfoW
0x418090 SetCommMask
0x418094 FindAtomA
0x418098 FoldStringA
0x41809c WaitForMultipleObjects
0x4180a0 GetModuleHandleA
0x4180a4 FreeEnvironmentStringsW
0x4180a8 PurgeComm
0x4180ac WaitForDebugEvent
0x4180b0 GlobalReAlloc
0x4180b4 CopyFileExA
0x4180b8 GetVolumeInformationW
0x4180bc CreateFileA
0x4180c0 HeapFree
0x4180c4 HeapAlloc
0x4180c8 Sleep
0x4180cc ExitProcess
0x4180d0 TerminateProcess
0x4180d4 GetCurrentProcess
0x4180d8 UnhandledExceptionFilter
0x4180dc SetUnhandledExceptionFilter
0x4180e0 IsDebuggerPresent
0x4180e4 VirtualFree
0x4180e8 DeleteCriticalSection
0x4180ec LeaveCriticalSection
0x4180f0 EnterCriticalSection
0x4180f4 VirtualAlloc
0x4180f8 HeapReAlloc
0x4180fc WriteFile
0x418100 GetModuleFileNameA
0x418104 SetHandleCount
0x418108 GetFileType
0x41810c GetStartupInfoA
0x418110 TlsGetValue
0x418114 TlsAlloc
0x418118 TlsSetValue
0x41811c TlsFree
0x418120 InterlockedIncrement
0x418124 SetLastError
0x418128 GetCurrentThreadId
0x41812c InterlockedDecrement
0x418130 HeapSize
0x418134 LoadLibraryA
0x418138 InitializeCriticalSectionAndSpinCount
0x41813c GetEnvironmentStringsW
0x418140 GetCommandLineW
0x418144 QueryPerformanceCounter
0x418148 GetTickCount
0x41814c GetCurrentProcessId
0x418150 GetSystemTimeAsFileTime
0x418154 RtlUnwind
0x418158 GetCPInfo
0x41815c GetACP
0x418160 GetOEMCP
0x418164 IsValidCodePage
0x418168 MultiByteToWideChar
0x41816c ReadFile
0x418170 GetLocaleInfoA
0x418174 WideCharToMultiByte
0x418178 LCMapStringA
0x41817c LCMapStringW
0x418180 GetStringTypeA
0x418184 GetStringTypeW
0x418188 GetConsoleCP
0x41818c GetConsoleMode
0x418190 FlushFileBuffers
0x418194 SetFilePointer
0x418198 SetStdHandle
0x41819c CloseHandle
0x4181a0 WriteConsoleA
0x4181a4 GetConsoleOutputCP
0x4181a8 WriteConsoleW
USER32.dll
0x4181b0 GetUserObjectInformationW
0x4181b4 GetActiveWindow
EAT(Export Address Table) is none