ScreenShot
| Created | 2024.09.25 11:02 | Machine | s1_win7_x6403 |
| Filename | 66f31d151f82e_lyla34.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 25 detected (AIDetectMalware, Unsafe, Save, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, CrypterX, score, Kryptik@AI, RDML, QOiRU6vnzGS4Jd42jeCjHQ, Real Protect, high, Krypt, Static AI, Malicious PE, Detected, Sabsik, Kryptik, Eldorado, R658943) | ||
| md5 | 6ea7e8d78f2c13dd21e646f0c84a6f55 | ||
| sha256 | 7f806d99614eef56bddc324cd0c71cff674d7c1694bfbe03d9ea72f2f3d9d08d | ||
| ssdeep | 3072:2HLMNa0RHlCGgsTNwust52n5oXVYz3M5pcxZ2Hzaej:2HLMUIHlCVsTgtFFYc56i | ||
| imphash | f191e24764ac2972e2c40e13c71b6d0d | ||
| impfuzzy | 24:1gkPfRFkrkRqc4rMi1xcDxurOX1VEdQBldg/CObnbG2SEjLyDNp7ta2cfxyv4/Jx:yhcX1udCnOXyDb7t7cf2eo9cJIDA6Q | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418008 FillConsoleOutputCharacterA
0x41800c GetConsoleAliasExesLengthA
0x418010 OpenJobObjectA
0x418014 QueryDosDeviceA
0x418018 GetComputerNameW
0x41801c SleepEx
0x418020 FreeEnvironmentStringsA
0x418024 GetModuleHandleW
0x418028 GetConsoleAliasesLengthA
0x41802c ReadConsoleOutputA
0x418030 GetPriorityClass
0x418034 GetEnvironmentStrings
0x418038 FatalAppExitW
0x41803c SetSystemTimeAdjustment
0x418040 HeapCreate
0x418044 SetConsoleMode
0x418048 GetFileAttributesW
0x41804c GetModuleFileNameW
0x418050 GetBinaryTypeW
0x418054 SetConsoleTitleA
0x418058 GetShortPathNameA
0x41805c GetStdHandle
0x418060 GetLastError
0x418064 GetProcAddress
0x418068 SearchPathA
0x41806c GetCommandLineW
0x418070 OpenWaitableTimerA
0x418074 LoadLibraryA
0x418078 InterlockedExchangeAdd
0x41807c LocalAlloc
0x418080 MoveFileA
0x418084 SetCommMask
0x418088 FindAtomA
0x41808c FoldStringA
0x418090 WaitForMultipleObjects
0x418094 CreatePipe
0x418098 GetDefaultCommConfigA
0x41809c GetModuleHandleA
0x4180a0 FreeEnvironmentStringsW
0x4180a4 BuildCommDCBA
0x4180a8 PurgeComm
0x4180ac WaitForDebugEvent
0x4180b0 SetCalendarInfoA
0x4180b4 GlobalReAlloc
0x4180b8 CopyFileExA
0x4180bc GetVolumeInformationW
0x4180c0 CreateFileA
0x4180c4 GetNumaHighestNodeNumber
0x4180c8 DebugActiveProcess
0x4180cc HeapFree
0x4180d0 Sleep
0x4180d4 ExitProcess
0x4180d8 GetStartupInfoW
0x4180dc TerminateProcess
0x4180e0 GetCurrentProcess
0x4180e4 UnhandledExceptionFilter
0x4180e8 SetUnhandledExceptionFilter
0x4180ec IsDebuggerPresent
0x4180f0 VirtualFree
0x4180f4 DeleteCriticalSection
0x4180f8 LeaveCriticalSection
0x4180fc EnterCriticalSection
0x418100 HeapAlloc
0x418104 VirtualAlloc
0x418108 HeapReAlloc
0x41810c SetHandleCount
0x418110 GetFileType
0x418114 GetStartupInfoA
0x418118 TlsGetValue
0x41811c TlsAlloc
0x418120 TlsSetValue
0x418124 TlsFree
0x418128 InterlockedIncrement
0x41812c SetLastError
0x418130 GetCurrentThreadId
0x418134 InterlockedDecrement
0x418138 HeapSize
0x41813c WriteFile
0x418140 GetModuleFileNameA
0x418144 InitializeCriticalSectionAndSpinCount
0x418148 GetEnvironmentStringsW
0x41814c QueryPerformanceCounter
0x418150 GetTickCount
0x418154 GetCurrentProcessId
0x418158 GetSystemTimeAsFileTime
0x41815c RtlUnwind
0x418160 GetCPInfo
0x418164 GetACP
0x418168 GetOEMCP
0x41816c IsValidCodePage
0x418170 MultiByteToWideChar
0x418174 ReadFile
0x418178 GetLocaleInfoA
0x41817c WideCharToMultiByte
0x418180 LCMapStringA
0x418184 LCMapStringW
0x418188 GetStringTypeA
0x41818c GetStringTypeW
0x418190 GetConsoleCP
0x418194 GetConsoleMode
0x418198 FlushFileBuffers
0x41819c SetFilePointer
0x4181a0 SetStdHandle
0x4181a4 CloseHandle
0x4181a8 WriteConsoleA
0x4181ac GetConsoleOutputCP
0x4181b0 WriteConsoleW
USER32.dll
0x4181b8 GetUserObjectInformationW
0x4181bc SetFocus
ADVAPI32.dll
0x418000 ObjectPrivilegeAuditAlarmA
EAT(Export Address Table) is none
KERNEL32.dll
0x418008 FillConsoleOutputCharacterA
0x41800c GetConsoleAliasExesLengthA
0x418010 OpenJobObjectA
0x418014 QueryDosDeviceA
0x418018 GetComputerNameW
0x41801c SleepEx
0x418020 FreeEnvironmentStringsA
0x418024 GetModuleHandleW
0x418028 GetConsoleAliasesLengthA
0x41802c ReadConsoleOutputA
0x418030 GetPriorityClass
0x418034 GetEnvironmentStrings
0x418038 FatalAppExitW
0x41803c SetSystemTimeAdjustment
0x418040 HeapCreate
0x418044 SetConsoleMode
0x418048 GetFileAttributesW
0x41804c GetModuleFileNameW
0x418050 GetBinaryTypeW
0x418054 SetConsoleTitleA
0x418058 GetShortPathNameA
0x41805c GetStdHandle
0x418060 GetLastError
0x418064 GetProcAddress
0x418068 SearchPathA
0x41806c GetCommandLineW
0x418070 OpenWaitableTimerA
0x418074 LoadLibraryA
0x418078 InterlockedExchangeAdd
0x41807c LocalAlloc
0x418080 MoveFileA
0x418084 SetCommMask
0x418088 FindAtomA
0x41808c FoldStringA
0x418090 WaitForMultipleObjects
0x418094 CreatePipe
0x418098 GetDefaultCommConfigA
0x41809c GetModuleHandleA
0x4180a0 FreeEnvironmentStringsW
0x4180a4 BuildCommDCBA
0x4180a8 PurgeComm
0x4180ac WaitForDebugEvent
0x4180b0 SetCalendarInfoA
0x4180b4 GlobalReAlloc
0x4180b8 CopyFileExA
0x4180bc GetVolumeInformationW
0x4180c0 CreateFileA
0x4180c4 GetNumaHighestNodeNumber
0x4180c8 DebugActiveProcess
0x4180cc HeapFree
0x4180d0 Sleep
0x4180d4 ExitProcess
0x4180d8 GetStartupInfoW
0x4180dc TerminateProcess
0x4180e0 GetCurrentProcess
0x4180e4 UnhandledExceptionFilter
0x4180e8 SetUnhandledExceptionFilter
0x4180ec IsDebuggerPresent
0x4180f0 VirtualFree
0x4180f4 DeleteCriticalSection
0x4180f8 LeaveCriticalSection
0x4180fc EnterCriticalSection
0x418100 HeapAlloc
0x418104 VirtualAlloc
0x418108 HeapReAlloc
0x41810c SetHandleCount
0x418110 GetFileType
0x418114 GetStartupInfoA
0x418118 TlsGetValue
0x41811c TlsAlloc
0x418120 TlsSetValue
0x418124 TlsFree
0x418128 InterlockedIncrement
0x41812c SetLastError
0x418130 GetCurrentThreadId
0x418134 InterlockedDecrement
0x418138 HeapSize
0x41813c WriteFile
0x418140 GetModuleFileNameA
0x418144 InitializeCriticalSectionAndSpinCount
0x418148 GetEnvironmentStringsW
0x41814c QueryPerformanceCounter
0x418150 GetTickCount
0x418154 GetCurrentProcessId
0x418158 GetSystemTimeAsFileTime
0x41815c RtlUnwind
0x418160 GetCPInfo
0x418164 GetACP
0x418168 GetOEMCP
0x41816c IsValidCodePage
0x418170 MultiByteToWideChar
0x418174 ReadFile
0x418178 GetLocaleInfoA
0x41817c WideCharToMultiByte
0x418180 LCMapStringA
0x418184 LCMapStringW
0x418188 GetStringTypeA
0x41818c GetStringTypeW
0x418190 GetConsoleCP
0x418194 GetConsoleMode
0x418198 FlushFileBuffers
0x41819c SetFilePointer
0x4181a0 SetStdHandle
0x4181a4 CloseHandle
0x4181a8 WriteConsoleA
0x4181ac GetConsoleOutputCP
0x4181b0 WriteConsoleW
USER32.dll
0x4181b8 GetUserObjectInformationW
0x4181bc SetFocus
ADVAPI32.dll
0x418000 ObjectPrivilegeAuditAlarmA
EAT(Export Address Table) is none