ScreenShot
| Created | 2024.09.25 11:18 | Machine | s1_win7_x6401 |
| Filename | 66f2966e903c0_AntiLogger.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 13 detected (AIDetectMalware, Malicious, score, Attribute, HighConfidence, high confidence, a variant of WinGo, CLASSIC, AGEN, Detected, Sabsik, Eldorado, WinGo) | ||
| md5 | 93848befe2685e3de677ef88df8081d7 | ||
| sha256 | 3b563d19a0a77bf36e498433380333d1d686494e51e3d9acf150e0260c212053 | ||
| ssdeep | 49152:EeIkDMh/s7Ywp1lMkobIJPaKDNCjFEi2xpoj+5ETbiUjwq0Mm9roTmAc62lYb:3us00Ck9DNCeETmnq0MmqTmd6L | ||
| imphash | c595f1660e1a3c84f4d9b0761d23cd7a | ||
| impfuzzy | 96:wJexMCyamCRHu42xQ2H3XiX1PgblTJGQ661mcqTjz:wgrymLe3SFomQ6+STjz | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14058e494 AddAtomA
0x14058e49c AddVectoredContinueHandler
0x14058e4a4 AddVectoredExceptionHandler
0x14058e4ac CloseHandle
0x14058e4b4 CreateEventA
0x14058e4bc CreateFileA
0x14058e4c4 CreateIoCompletionPort
0x14058e4cc CreateMutexA
0x14058e4d4 CreateSemaphoreA
0x14058e4dc CreateThread
0x14058e4e4 CreateWaitableTimerExW
0x14058e4ec DeleteAtom
0x14058e4f4 DeleteCriticalSection
0x14058e4fc DuplicateHandle
0x14058e504 EnterCriticalSection
0x14058e50c ExitProcess
0x14058e514 FindAtomA
0x14058e51c FormatMessageA
0x14058e524 FreeEnvironmentStringsW
0x14058e52c GetAtomNameA
0x14058e534 GetConsoleMode
0x14058e53c GetCurrentProcess
0x14058e544 GetCurrentProcessId
0x14058e54c GetCurrentThread
0x14058e554 GetCurrentThreadId
0x14058e55c GetEnvironmentStringsW
0x14058e564 GetErrorMode
0x14058e56c GetHandleInformation
0x14058e574 GetLastError
0x14058e57c GetProcAddress
0x14058e584 GetProcessAffinityMask
0x14058e58c GetQueuedCompletionStatusEx
0x14058e594 GetStartupInfoA
0x14058e59c GetStdHandle
0x14058e5a4 GetSystemDirectoryA
0x14058e5ac GetSystemInfo
0x14058e5b4 GetSystemTimeAsFileTime
0x14058e5bc GetThreadContext
0x14058e5c4 GetThreadPriority
0x14058e5cc GetTickCount
0x14058e5d4 InitializeCriticalSection
0x14058e5dc IsDBCSLeadByteEx
0x14058e5e4 IsDebuggerPresent
0x14058e5ec LeaveCriticalSection
0x14058e5f4 LoadLibraryExW
0x14058e5fc LoadLibraryW
0x14058e604 LocalFree
0x14058e60c MultiByteToWideChar
0x14058e614 OpenProcess
0x14058e61c OutputDebugStringA
0x14058e624 PostQueuedCompletionStatus
0x14058e62c QueryPerformanceCounter
0x14058e634 QueryPerformanceFrequency
0x14058e63c RaiseException
0x14058e644 RaiseFailFastException
0x14058e64c ReleaseMutex
0x14058e654 ReleaseSemaphore
0x14058e65c RemoveVectoredExceptionHandler
0x14058e664 ResetEvent
0x14058e66c ResumeThread
0x14058e674 RtlLookupFunctionEntry
0x14058e67c RtlVirtualUnwind
0x14058e684 SetConsoleCtrlHandler
0x14058e68c SetErrorMode
0x14058e694 SetEvent
0x14058e69c SetLastError
0x14058e6a4 SetProcessAffinityMask
0x14058e6ac SetProcessPriorityBoost
0x14058e6b4 SetThreadContext
0x14058e6bc SetThreadPriority
0x14058e6c4 SetUnhandledExceptionFilter
0x14058e6cc SetWaitableTimer
0x14058e6d4 Sleep
0x14058e6dc SuspendThread
0x14058e6e4 SwitchToThread
0x14058e6ec TlsAlloc
0x14058e6f4 TlsGetValue
0x14058e6fc TlsSetValue
0x14058e704 TryEnterCriticalSection
0x14058e70c VirtualAlloc
0x14058e714 VirtualFree
0x14058e71c VirtualProtect
0x14058e724 VirtualQuery
0x14058e72c WaitForMultipleObjects
0x14058e734 WaitForSingleObject
0x14058e73c WerGetFlags
0x14058e744 WerSetFlags
0x14058e74c WideCharToMultiByte
0x14058e754 WriteConsoleW
0x14058e75c WriteFile
0x14058e764 __C_specific_handler
msvcrt.dll
0x14058e774 ___lc_codepage_func
0x14058e77c ___mb_cur_max_func
0x14058e784 __getmainargs
0x14058e78c __initenv
0x14058e794 __iob_func
0x14058e79c __lconv_init
0x14058e7a4 __set_app_type
0x14058e7ac __setusermatherr
0x14058e7b4 _acmdln
0x14058e7bc _amsg_exit
0x14058e7c4 _beginthread
0x14058e7cc _beginthreadex
0x14058e7d4 _cexit
0x14058e7dc _commode
0x14058e7e4 _endthreadex
0x14058e7ec _errno
0x14058e7f4 _fmode
0x14058e7fc _initterm
0x14058e804 _lock
0x14058e80c _memccpy
0x14058e814 _onexit
0x14058e81c _setjmp
0x14058e824 _strdup
0x14058e82c _ultoa
0x14058e834 _unlock
0x14058e83c abort
0x14058e844 calloc
0x14058e84c exit
0x14058e854 fprintf
0x14058e85c fputc
0x14058e864 free
0x14058e86c fwrite
0x14058e874 localeconv
0x14058e87c longjmp
0x14058e884 malloc
0x14058e88c memcpy
0x14058e894 memmove
0x14058e89c memset
0x14058e8a4 printf
0x14058e8ac realloc
0x14058e8b4 signal
0x14058e8bc strerror
0x14058e8c4 strlen
0x14058e8cc strncmp
0x14058e8d4 vfprintf
0x14058e8dc wcslen
EAT(Export Address Table) Library
0x14058bcb0 _cgo_dummy_export
KERNEL32.dll
0x14058e494 AddAtomA
0x14058e49c AddVectoredContinueHandler
0x14058e4a4 AddVectoredExceptionHandler
0x14058e4ac CloseHandle
0x14058e4b4 CreateEventA
0x14058e4bc CreateFileA
0x14058e4c4 CreateIoCompletionPort
0x14058e4cc CreateMutexA
0x14058e4d4 CreateSemaphoreA
0x14058e4dc CreateThread
0x14058e4e4 CreateWaitableTimerExW
0x14058e4ec DeleteAtom
0x14058e4f4 DeleteCriticalSection
0x14058e4fc DuplicateHandle
0x14058e504 EnterCriticalSection
0x14058e50c ExitProcess
0x14058e514 FindAtomA
0x14058e51c FormatMessageA
0x14058e524 FreeEnvironmentStringsW
0x14058e52c GetAtomNameA
0x14058e534 GetConsoleMode
0x14058e53c GetCurrentProcess
0x14058e544 GetCurrentProcessId
0x14058e54c GetCurrentThread
0x14058e554 GetCurrentThreadId
0x14058e55c GetEnvironmentStringsW
0x14058e564 GetErrorMode
0x14058e56c GetHandleInformation
0x14058e574 GetLastError
0x14058e57c GetProcAddress
0x14058e584 GetProcessAffinityMask
0x14058e58c GetQueuedCompletionStatusEx
0x14058e594 GetStartupInfoA
0x14058e59c GetStdHandle
0x14058e5a4 GetSystemDirectoryA
0x14058e5ac GetSystemInfo
0x14058e5b4 GetSystemTimeAsFileTime
0x14058e5bc GetThreadContext
0x14058e5c4 GetThreadPriority
0x14058e5cc GetTickCount
0x14058e5d4 InitializeCriticalSection
0x14058e5dc IsDBCSLeadByteEx
0x14058e5e4 IsDebuggerPresent
0x14058e5ec LeaveCriticalSection
0x14058e5f4 LoadLibraryExW
0x14058e5fc LoadLibraryW
0x14058e604 LocalFree
0x14058e60c MultiByteToWideChar
0x14058e614 OpenProcess
0x14058e61c OutputDebugStringA
0x14058e624 PostQueuedCompletionStatus
0x14058e62c QueryPerformanceCounter
0x14058e634 QueryPerformanceFrequency
0x14058e63c RaiseException
0x14058e644 RaiseFailFastException
0x14058e64c ReleaseMutex
0x14058e654 ReleaseSemaphore
0x14058e65c RemoveVectoredExceptionHandler
0x14058e664 ResetEvent
0x14058e66c ResumeThread
0x14058e674 RtlLookupFunctionEntry
0x14058e67c RtlVirtualUnwind
0x14058e684 SetConsoleCtrlHandler
0x14058e68c SetErrorMode
0x14058e694 SetEvent
0x14058e69c SetLastError
0x14058e6a4 SetProcessAffinityMask
0x14058e6ac SetProcessPriorityBoost
0x14058e6b4 SetThreadContext
0x14058e6bc SetThreadPriority
0x14058e6c4 SetUnhandledExceptionFilter
0x14058e6cc SetWaitableTimer
0x14058e6d4 Sleep
0x14058e6dc SuspendThread
0x14058e6e4 SwitchToThread
0x14058e6ec TlsAlloc
0x14058e6f4 TlsGetValue
0x14058e6fc TlsSetValue
0x14058e704 TryEnterCriticalSection
0x14058e70c VirtualAlloc
0x14058e714 VirtualFree
0x14058e71c VirtualProtect
0x14058e724 VirtualQuery
0x14058e72c WaitForMultipleObjects
0x14058e734 WaitForSingleObject
0x14058e73c WerGetFlags
0x14058e744 WerSetFlags
0x14058e74c WideCharToMultiByte
0x14058e754 WriteConsoleW
0x14058e75c WriteFile
0x14058e764 __C_specific_handler
msvcrt.dll
0x14058e774 ___lc_codepage_func
0x14058e77c ___mb_cur_max_func
0x14058e784 __getmainargs
0x14058e78c __initenv
0x14058e794 __iob_func
0x14058e79c __lconv_init
0x14058e7a4 __set_app_type
0x14058e7ac __setusermatherr
0x14058e7b4 _acmdln
0x14058e7bc _amsg_exit
0x14058e7c4 _beginthread
0x14058e7cc _beginthreadex
0x14058e7d4 _cexit
0x14058e7dc _commode
0x14058e7e4 _endthreadex
0x14058e7ec _errno
0x14058e7f4 _fmode
0x14058e7fc _initterm
0x14058e804 _lock
0x14058e80c _memccpy
0x14058e814 _onexit
0x14058e81c _setjmp
0x14058e824 _strdup
0x14058e82c _ultoa
0x14058e834 _unlock
0x14058e83c abort
0x14058e844 calloc
0x14058e84c exit
0x14058e854 fprintf
0x14058e85c fputc
0x14058e864 free
0x14058e86c fwrite
0x14058e874 localeconv
0x14058e87c longjmp
0x14058e884 malloc
0x14058e88c memcpy
0x14058e894 memmove
0x14058e89c memset
0x14058e8a4 printf
0x14058e8ac realloc
0x14058e8b4 signal
0x14058e8bc strerror
0x14058e8c4 strlen
0x14058e8cc strncmp
0x14058e8d4 vfprintf
0x14058e8dc wcslen
EAT(Export Address Table) Library
0x14058bcb0 _cgo_dummy_export