ScreenShot
| Created | 2024.09.23 14:37 | Machine | s1_win7_x6403 |
| Filename | easyfirewall.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 31 detected (AIDetectMalware, Malicious, score, Artemis, Voh5, Attribute, HighConfidence, high confidence, a variant of WinGo, CLASSIC, ssozt, LUMMASTEALER, YXEIUZ, Static AI, Suspicious PE, Detected, Caynamer, F2BDOY, Eldorado, WinGo, Lflw) | ||
| md5 | cb3952f1852179348f8d2db91760d03b | ||
| sha256 | a9ea40670a686e175cc8c32e3fc6ba92505379303d6524f149022490a2dda181 | ||
| ssdeep | 98304:Y/pLh1GGefzPX7NMW/uegYYFa5g1XkEN2shGZ5gzo/3KR:Yf1GPXpb/ue1Aa5g1NNDmv/3 | ||
| imphash | c595f1660e1a3c84f4d9b0761d23cd7a | ||
| impfuzzy | 96:wJexMCyamCRHu42xQ2H3XiX1PgblTJGQ661mcqTjz:wgrymLe3SFomQ6+STjz | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1415a3494 AddAtomA
0x1415a349c AddVectoredContinueHandler
0x1415a34a4 AddVectoredExceptionHandler
0x1415a34ac CloseHandle
0x1415a34b4 CreateEventA
0x1415a34bc CreateFileA
0x1415a34c4 CreateIoCompletionPort
0x1415a34cc CreateMutexA
0x1415a34d4 CreateSemaphoreA
0x1415a34dc CreateThread
0x1415a34e4 CreateWaitableTimerExW
0x1415a34ec DeleteAtom
0x1415a34f4 DeleteCriticalSection
0x1415a34fc DuplicateHandle
0x1415a3504 EnterCriticalSection
0x1415a350c ExitProcess
0x1415a3514 FindAtomA
0x1415a351c FormatMessageA
0x1415a3524 FreeEnvironmentStringsW
0x1415a352c GetAtomNameA
0x1415a3534 GetConsoleMode
0x1415a353c GetCurrentProcess
0x1415a3544 GetCurrentProcessId
0x1415a354c GetCurrentThread
0x1415a3554 GetCurrentThreadId
0x1415a355c GetEnvironmentStringsW
0x1415a3564 GetErrorMode
0x1415a356c GetHandleInformation
0x1415a3574 GetLastError
0x1415a357c GetProcAddress
0x1415a3584 GetProcessAffinityMask
0x1415a358c GetQueuedCompletionStatusEx
0x1415a3594 GetStartupInfoA
0x1415a359c GetStdHandle
0x1415a35a4 GetSystemDirectoryA
0x1415a35ac GetSystemInfo
0x1415a35b4 GetSystemTimeAsFileTime
0x1415a35bc GetThreadContext
0x1415a35c4 GetThreadPriority
0x1415a35cc GetTickCount
0x1415a35d4 InitializeCriticalSection
0x1415a35dc IsDBCSLeadByteEx
0x1415a35e4 IsDebuggerPresent
0x1415a35ec LeaveCriticalSection
0x1415a35f4 LoadLibraryExW
0x1415a35fc LoadLibraryW
0x1415a3604 LocalFree
0x1415a360c MultiByteToWideChar
0x1415a3614 OpenProcess
0x1415a361c OutputDebugStringA
0x1415a3624 PostQueuedCompletionStatus
0x1415a362c QueryPerformanceCounter
0x1415a3634 QueryPerformanceFrequency
0x1415a363c RaiseException
0x1415a3644 RaiseFailFastException
0x1415a364c ReleaseMutex
0x1415a3654 ReleaseSemaphore
0x1415a365c RemoveVectoredExceptionHandler
0x1415a3664 ResetEvent
0x1415a366c ResumeThread
0x1415a3674 RtlLookupFunctionEntry
0x1415a367c RtlVirtualUnwind
0x1415a3684 SetConsoleCtrlHandler
0x1415a368c SetErrorMode
0x1415a3694 SetEvent
0x1415a369c SetLastError
0x1415a36a4 SetProcessAffinityMask
0x1415a36ac SetProcessPriorityBoost
0x1415a36b4 SetThreadContext
0x1415a36bc SetThreadPriority
0x1415a36c4 SetUnhandledExceptionFilter
0x1415a36cc SetWaitableTimer
0x1415a36d4 Sleep
0x1415a36dc SuspendThread
0x1415a36e4 SwitchToThread
0x1415a36ec TlsAlloc
0x1415a36f4 TlsGetValue
0x1415a36fc TlsSetValue
0x1415a3704 TryEnterCriticalSection
0x1415a370c VirtualAlloc
0x1415a3714 VirtualFree
0x1415a371c VirtualProtect
0x1415a3724 VirtualQuery
0x1415a372c WaitForMultipleObjects
0x1415a3734 WaitForSingleObject
0x1415a373c WerGetFlags
0x1415a3744 WerSetFlags
0x1415a374c WideCharToMultiByte
0x1415a3754 WriteConsoleW
0x1415a375c WriteFile
0x1415a3764 __C_specific_handler
msvcrt.dll
0x1415a3774 ___lc_codepage_func
0x1415a377c ___mb_cur_max_func
0x1415a3784 __getmainargs
0x1415a378c __initenv
0x1415a3794 __iob_func
0x1415a379c __lconv_init
0x1415a37a4 __set_app_type
0x1415a37ac __setusermatherr
0x1415a37b4 _acmdln
0x1415a37bc _amsg_exit
0x1415a37c4 _beginthread
0x1415a37cc _beginthreadex
0x1415a37d4 _cexit
0x1415a37dc _commode
0x1415a37e4 _endthreadex
0x1415a37ec _errno
0x1415a37f4 _fmode
0x1415a37fc _initterm
0x1415a3804 _lock
0x1415a380c _memccpy
0x1415a3814 _onexit
0x1415a381c _setjmp
0x1415a3824 _strdup
0x1415a382c _ultoa
0x1415a3834 _unlock
0x1415a383c abort
0x1415a3844 calloc
0x1415a384c exit
0x1415a3854 fprintf
0x1415a385c fputc
0x1415a3864 free
0x1415a386c fwrite
0x1415a3874 localeconv
0x1415a387c longjmp
0x1415a3884 malloc
0x1415a388c memcpy
0x1415a3894 memmove
0x1415a389c memset
0x1415a38a4 printf
0x1415a38ac realloc
0x1415a38b4 signal
0x1415a38bc strerror
0x1415a38c4 strlen
0x1415a38cc strncmp
0x1415a38d4 vfprintf
0x1415a38dc wcslen
EAT(Export Address Table) Library
0x1415a0dd0 _cgo_dummy_export
KERNEL32.dll
0x1415a3494 AddAtomA
0x1415a349c AddVectoredContinueHandler
0x1415a34a4 AddVectoredExceptionHandler
0x1415a34ac CloseHandle
0x1415a34b4 CreateEventA
0x1415a34bc CreateFileA
0x1415a34c4 CreateIoCompletionPort
0x1415a34cc CreateMutexA
0x1415a34d4 CreateSemaphoreA
0x1415a34dc CreateThread
0x1415a34e4 CreateWaitableTimerExW
0x1415a34ec DeleteAtom
0x1415a34f4 DeleteCriticalSection
0x1415a34fc DuplicateHandle
0x1415a3504 EnterCriticalSection
0x1415a350c ExitProcess
0x1415a3514 FindAtomA
0x1415a351c FormatMessageA
0x1415a3524 FreeEnvironmentStringsW
0x1415a352c GetAtomNameA
0x1415a3534 GetConsoleMode
0x1415a353c GetCurrentProcess
0x1415a3544 GetCurrentProcessId
0x1415a354c GetCurrentThread
0x1415a3554 GetCurrentThreadId
0x1415a355c GetEnvironmentStringsW
0x1415a3564 GetErrorMode
0x1415a356c GetHandleInformation
0x1415a3574 GetLastError
0x1415a357c GetProcAddress
0x1415a3584 GetProcessAffinityMask
0x1415a358c GetQueuedCompletionStatusEx
0x1415a3594 GetStartupInfoA
0x1415a359c GetStdHandle
0x1415a35a4 GetSystemDirectoryA
0x1415a35ac GetSystemInfo
0x1415a35b4 GetSystemTimeAsFileTime
0x1415a35bc GetThreadContext
0x1415a35c4 GetThreadPriority
0x1415a35cc GetTickCount
0x1415a35d4 InitializeCriticalSection
0x1415a35dc IsDBCSLeadByteEx
0x1415a35e4 IsDebuggerPresent
0x1415a35ec LeaveCriticalSection
0x1415a35f4 LoadLibraryExW
0x1415a35fc LoadLibraryW
0x1415a3604 LocalFree
0x1415a360c MultiByteToWideChar
0x1415a3614 OpenProcess
0x1415a361c OutputDebugStringA
0x1415a3624 PostQueuedCompletionStatus
0x1415a362c QueryPerformanceCounter
0x1415a3634 QueryPerformanceFrequency
0x1415a363c RaiseException
0x1415a3644 RaiseFailFastException
0x1415a364c ReleaseMutex
0x1415a3654 ReleaseSemaphore
0x1415a365c RemoveVectoredExceptionHandler
0x1415a3664 ResetEvent
0x1415a366c ResumeThread
0x1415a3674 RtlLookupFunctionEntry
0x1415a367c RtlVirtualUnwind
0x1415a3684 SetConsoleCtrlHandler
0x1415a368c SetErrorMode
0x1415a3694 SetEvent
0x1415a369c SetLastError
0x1415a36a4 SetProcessAffinityMask
0x1415a36ac SetProcessPriorityBoost
0x1415a36b4 SetThreadContext
0x1415a36bc SetThreadPriority
0x1415a36c4 SetUnhandledExceptionFilter
0x1415a36cc SetWaitableTimer
0x1415a36d4 Sleep
0x1415a36dc SuspendThread
0x1415a36e4 SwitchToThread
0x1415a36ec TlsAlloc
0x1415a36f4 TlsGetValue
0x1415a36fc TlsSetValue
0x1415a3704 TryEnterCriticalSection
0x1415a370c VirtualAlloc
0x1415a3714 VirtualFree
0x1415a371c VirtualProtect
0x1415a3724 VirtualQuery
0x1415a372c WaitForMultipleObjects
0x1415a3734 WaitForSingleObject
0x1415a373c WerGetFlags
0x1415a3744 WerSetFlags
0x1415a374c WideCharToMultiByte
0x1415a3754 WriteConsoleW
0x1415a375c WriteFile
0x1415a3764 __C_specific_handler
msvcrt.dll
0x1415a3774 ___lc_codepage_func
0x1415a377c ___mb_cur_max_func
0x1415a3784 __getmainargs
0x1415a378c __initenv
0x1415a3794 __iob_func
0x1415a379c __lconv_init
0x1415a37a4 __set_app_type
0x1415a37ac __setusermatherr
0x1415a37b4 _acmdln
0x1415a37bc _amsg_exit
0x1415a37c4 _beginthread
0x1415a37cc _beginthreadex
0x1415a37d4 _cexit
0x1415a37dc _commode
0x1415a37e4 _endthreadex
0x1415a37ec _errno
0x1415a37f4 _fmode
0x1415a37fc _initterm
0x1415a3804 _lock
0x1415a380c _memccpy
0x1415a3814 _onexit
0x1415a381c _setjmp
0x1415a3824 _strdup
0x1415a382c _ultoa
0x1415a3834 _unlock
0x1415a383c abort
0x1415a3844 calloc
0x1415a384c exit
0x1415a3854 fprintf
0x1415a385c fputc
0x1415a3864 free
0x1415a386c fwrite
0x1415a3874 localeconv
0x1415a387c longjmp
0x1415a3884 malloc
0x1415a388c memcpy
0x1415a3894 memmove
0x1415a389c memset
0x1415a38a4 printf
0x1415a38ac realloc
0x1415a38b4 signal
0x1415a38bc strerror
0x1415a38c4 strlen
0x1415a38cc strncmp
0x1415a38d4 vfprintf
0x1415a38dc wcslen
EAT(Export Address Table) Library
0x1415a0dd0 _cgo_dummy_export