ScreenShot
| Created | 2024.09.24 11:04 | Machine | s1_win7_x6403 |
| Filename | 66f1b3d23ffe5_lyla1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetectMalware, Malicious, score, Lockbit, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, CrypterX, Obscure, CLASSIC, moderate, Static AI, Suspicious PE, Detected, Wacatac, Kryptik, Eldorado, PWSX, R647082, Buzus, MachineLearning, Anomalous, Obfuscated, susgen) | ||
| md5 | 34e07317817ca03f5eb4566851fe0cf3 | ||
| sha256 | 03d00112c73404cd29f4eb191574376b580a1c1cf38560d07e988ccea2006e3e | ||
| ssdeep | 6144:nZyOrEyRLH0Gdi7xFUaxU/zhCISmlIVkBAUFNFfZnln5eOOl8:n4OrLRLH87xFUacMISmIknBnlQd8 | ||
| imphash | 986c435e506f58d0c12bcc8ade90d975 | ||
| impfuzzy | 48:2tX1X3zdlyyDoKnWWOSpcHejtaTLvcnAJvU/K6CQktrPuN:iX1XBlVDoccwcHejtaTLvcgZmN | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40f01c GetCurrentProcess
0x40f020 GetLogicalDriveStringsW
0x40f024 SetComputerNameW
0x40f028 CreateHardLinkA
0x40f02c GetModuleHandleW
0x40f030 CreateNamedPipeW
0x40f034 EnumCalendarInfoExW
0x40f038 FindNextVolumeMountPointA
0x40f03c GetNumberFormatA
0x40f040 GetConsoleAliasExesW
0x40f044 TlsSetValue
0x40f048 LoadLibraryW
0x40f04c GetLocaleInfoW
0x40f050 GetCalendarInfoW
0x40f054 CreateEventA
0x40f058 SetVolumeMountPointA
0x40f05c GetFileAttributesA
0x40f060 EnumSystemCodePagesA
0x40f064 GetTimeFormatW
0x40f068 GetModuleFileNameW
0x40f06c CreateActCtxA
0x40f070 SetThreadPriority
0x40f074 GetTempPathW
0x40f078 CreateJobObjectA
0x40f07c VerifyVersionInfoW
0x40f080 GlobalUnfix
0x40f084 GetLastError
0x40f088 GetCurrentDirectoryW
0x40f08c GetProcAddress
0x40f090 GetLongPathNameA
0x40f094 PeekConsoleInputW
0x40f098 GetConsoleDisplayMode
0x40f09c LoadModule
0x40f0a0 GlobalFree
0x40f0a4 InterlockedDecrement
0x40f0a8 LoadLibraryA
0x40f0ac InterlockedExchangeAdd
0x40f0b0 CreateFileMappingA
0x40f0b4 LocalAlloc
0x40f0b8 GetFileType
0x40f0bc FoldStringW
0x40f0c0 SetEnvironmentVariableA
0x40f0c4 EnumDateFormatsA
0x40f0c8 GlobalUnWire
0x40f0cc GetProcessShutdownParameters
0x40f0d0 LoadLibraryExA
0x40f0d4 GetFileTime
0x40f0d8 WaitForDebugEvent
0x40f0dc OpenEventW
0x40f0e0 GetShortPathNameW
0x40f0e4 SetFileShortNameA
0x40f0e8 GetVersionExA
0x40f0ec GetDiskFreeSpaceExW
0x40f0f0 GetWindowsDirectoryW
0x40f0f4 LCMapStringW
0x40f0f8 CommConfigDialogW
0x40f0fc GetStringTypeW
0x40f100 ReadFile
0x40f104 GetProcessHeap
0x40f108 MultiByteToWideChar
0x40f10c WriteConsoleW
0x40f110 RaiseException
0x40f114 FlushFileBuffers
0x40f118 SetDefaultCommConfigA
0x40f11c GetCommState
0x40f120 EnumCalendarInfoW
0x40f124 InterlockedIncrement
0x40f128 GetConsoleAliasExesLengthA
0x40f12c SetEndOfFile
0x40f130 GetProcessVersion
0x40f134 SetStdHandle
0x40f138 IsValidCodePage
0x40f13c GetOEMCP
0x40f140 GetACP
0x40f144 HeapAlloc
0x40f148 EncodePointer
0x40f14c DecodePointer
0x40f150 HeapReAlloc
0x40f154 GetCommandLineW
0x40f158 HeapSetInformation
0x40f15c GetStartupInfoW
0x40f160 IsProcessorFeaturePresent
0x40f164 EnterCriticalSection
0x40f168 LeaveCriticalSection
0x40f16c SetHandleCount
0x40f170 GetStdHandle
0x40f174 InitializeCriticalSectionAndSpinCount
0x40f178 DeleteCriticalSection
0x40f17c UnhandledExceptionFilter
0x40f180 SetUnhandledExceptionFilter
0x40f184 IsDebuggerPresent
0x40f188 TerminateProcess
0x40f18c ExitProcess
0x40f190 WriteFile
0x40f194 HeapCreate
0x40f198 Sleep
0x40f19c HeapSize
0x40f1a0 RtlUnwind
0x40f1a4 HeapFree
0x40f1a8 SetFilePointer
0x40f1ac FreeEnvironmentStringsW
0x40f1b0 GetEnvironmentStringsW
0x40f1b4 TlsAlloc
0x40f1b8 TlsGetValue
0x40f1bc TlsFree
0x40f1c0 SetLastError
0x40f1c4 GetCurrentThreadId
0x40f1c8 QueryPerformanceCounter
0x40f1cc GetTickCount
0x40f1d0 GetCurrentProcessId
0x40f1d4 GetSystemTimeAsFileTime
0x40f1d8 WideCharToMultiByte
0x40f1dc GetConsoleCP
0x40f1e0 GetConsoleMode
0x40f1e4 CloseHandle
0x40f1e8 CreateFileA
0x40f1ec GetCPInfo
0x40f1f0 CreateFileW
USER32.dll
0x40f200 DrawStateA
0x40f204 LoadMenuA
0x40f208 CharUpperA
0x40f20c InsertMenuItemW
0x40f210 SetCaretPos
0x40f214 GetMenu
0x40f218 LoadMenuW
0x40f21c GetWindowLongW
0x40f220 GetSysColor
0x40f224 GetMenuStringA
GDI32.dll
0x40f000 GetTextCharset
0x40f004 GetCharWidthI
0x40f008 GetBkMode
0x40f00c GetCharWidthFloatA
0x40f010 CreateDCA
0x40f014 GetCharWidth32W
WINHTTP.dll
0x40f22c WinHttpCloseHandle
MSIMG32.dll
0x40f1f8 GradientFill
EAT(Export Address Table) is none
KERNEL32.dll
0x40f01c GetCurrentProcess
0x40f020 GetLogicalDriveStringsW
0x40f024 SetComputerNameW
0x40f028 CreateHardLinkA
0x40f02c GetModuleHandleW
0x40f030 CreateNamedPipeW
0x40f034 EnumCalendarInfoExW
0x40f038 FindNextVolumeMountPointA
0x40f03c GetNumberFormatA
0x40f040 GetConsoleAliasExesW
0x40f044 TlsSetValue
0x40f048 LoadLibraryW
0x40f04c GetLocaleInfoW
0x40f050 GetCalendarInfoW
0x40f054 CreateEventA
0x40f058 SetVolumeMountPointA
0x40f05c GetFileAttributesA
0x40f060 EnumSystemCodePagesA
0x40f064 GetTimeFormatW
0x40f068 GetModuleFileNameW
0x40f06c CreateActCtxA
0x40f070 SetThreadPriority
0x40f074 GetTempPathW
0x40f078 CreateJobObjectA
0x40f07c VerifyVersionInfoW
0x40f080 GlobalUnfix
0x40f084 GetLastError
0x40f088 GetCurrentDirectoryW
0x40f08c GetProcAddress
0x40f090 GetLongPathNameA
0x40f094 PeekConsoleInputW
0x40f098 GetConsoleDisplayMode
0x40f09c LoadModule
0x40f0a0 GlobalFree
0x40f0a4 InterlockedDecrement
0x40f0a8 LoadLibraryA
0x40f0ac InterlockedExchangeAdd
0x40f0b0 CreateFileMappingA
0x40f0b4 LocalAlloc
0x40f0b8 GetFileType
0x40f0bc FoldStringW
0x40f0c0 SetEnvironmentVariableA
0x40f0c4 EnumDateFormatsA
0x40f0c8 GlobalUnWire
0x40f0cc GetProcessShutdownParameters
0x40f0d0 LoadLibraryExA
0x40f0d4 GetFileTime
0x40f0d8 WaitForDebugEvent
0x40f0dc OpenEventW
0x40f0e0 GetShortPathNameW
0x40f0e4 SetFileShortNameA
0x40f0e8 GetVersionExA
0x40f0ec GetDiskFreeSpaceExW
0x40f0f0 GetWindowsDirectoryW
0x40f0f4 LCMapStringW
0x40f0f8 CommConfigDialogW
0x40f0fc GetStringTypeW
0x40f100 ReadFile
0x40f104 GetProcessHeap
0x40f108 MultiByteToWideChar
0x40f10c WriteConsoleW
0x40f110 RaiseException
0x40f114 FlushFileBuffers
0x40f118 SetDefaultCommConfigA
0x40f11c GetCommState
0x40f120 EnumCalendarInfoW
0x40f124 InterlockedIncrement
0x40f128 GetConsoleAliasExesLengthA
0x40f12c SetEndOfFile
0x40f130 GetProcessVersion
0x40f134 SetStdHandle
0x40f138 IsValidCodePage
0x40f13c GetOEMCP
0x40f140 GetACP
0x40f144 HeapAlloc
0x40f148 EncodePointer
0x40f14c DecodePointer
0x40f150 HeapReAlloc
0x40f154 GetCommandLineW
0x40f158 HeapSetInformation
0x40f15c GetStartupInfoW
0x40f160 IsProcessorFeaturePresent
0x40f164 EnterCriticalSection
0x40f168 LeaveCriticalSection
0x40f16c SetHandleCount
0x40f170 GetStdHandle
0x40f174 InitializeCriticalSectionAndSpinCount
0x40f178 DeleteCriticalSection
0x40f17c UnhandledExceptionFilter
0x40f180 SetUnhandledExceptionFilter
0x40f184 IsDebuggerPresent
0x40f188 TerminateProcess
0x40f18c ExitProcess
0x40f190 WriteFile
0x40f194 HeapCreate
0x40f198 Sleep
0x40f19c HeapSize
0x40f1a0 RtlUnwind
0x40f1a4 HeapFree
0x40f1a8 SetFilePointer
0x40f1ac FreeEnvironmentStringsW
0x40f1b0 GetEnvironmentStringsW
0x40f1b4 TlsAlloc
0x40f1b8 TlsGetValue
0x40f1bc TlsFree
0x40f1c0 SetLastError
0x40f1c4 GetCurrentThreadId
0x40f1c8 QueryPerformanceCounter
0x40f1cc GetTickCount
0x40f1d0 GetCurrentProcessId
0x40f1d4 GetSystemTimeAsFileTime
0x40f1d8 WideCharToMultiByte
0x40f1dc GetConsoleCP
0x40f1e0 GetConsoleMode
0x40f1e4 CloseHandle
0x40f1e8 CreateFileA
0x40f1ec GetCPInfo
0x40f1f0 CreateFileW
USER32.dll
0x40f200 DrawStateA
0x40f204 LoadMenuA
0x40f208 CharUpperA
0x40f20c InsertMenuItemW
0x40f210 SetCaretPos
0x40f214 GetMenu
0x40f218 LoadMenuW
0x40f21c GetWindowLongW
0x40f220 GetSysColor
0x40f224 GetMenuStringA
GDI32.dll
0x40f000 GetTextCharset
0x40f004 GetCharWidthI
0x40f008 GetBkMode
0x40f00c GetCharWidthFloatA
0x40f010 CreateDCA
0x40f014 GetCharWidth32W
WINHTTP.dll
0x40f22c WinHttpCloseHandle
MSIMG32.dll
0x40f1f8 GradientFill
EAT(Export Address Table) is none