Report - vuex.exe

Generic Malware Malicious Library Malicious Packer UPX PE File PE64 DllRegisterServer dll OS Processor Check
ScreenShot
Created 2024.09.26 12:09 Machine s1_win7_x6401
Filename vuex.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score
1
Behavior Score
0.8
ZERO API file : malware
VT API (file) 28 detected (AIDetectMalware, Malicious, score, Attribute, HighConfidence, high confidence, a variant of WinGo, LummaStealer, CLASSIC, AGEN, Generic Reputation PUA, Static AI, Suspicious PE, Detected, Caynamer, 2R58LB, Eldorado, Artemis, Fflw, Wacapew, C9nj)
md5 63af41d74c38b6c1b1a5f08ff328ed1f
sha256 a320d925690b7190c2f2a1ae27edc0d480a4dcab424057e184dfdc167e16f176
ssdeep 49152:I5Rf3U84BJR11+xfDMiUy7Okr4MkJM9DvnPyXRmv0rNQXs5VKcWjO5EWIjAl97jB:IQv1Q21wnPyXR2x2fE2f58DSo8
imphash 4a438adb9d59c004dab9ec35016a1405
impfuzzy 96:woexMCyamCRHu42xQ2H3XiX1PgblTJGQ661mcqTjz:wNrymLe3SFomQ6+STjz
  Network IP location

Signature (1cnts)

Level Description
warning File has been identified by 28 AntiVirus engines on VirusTotal as malicious

Rules (8cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info DllRegisterServer_Zero execute regsvr32.exe binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x1406e148c AddAtomA
 0x1406e1494 AddVectoredContinueHandler
 0x1406e149c AddVectoredExceptionHandler
 0x1406e14a4 CloseHandle
 0x1406e14ac CreateEventA
 0x1406e14b4 CreateIoCompletionPort
 0x1406e14bc CreateMutexA
 0x1406e14c4 CreateSemaphoreA
 0x1406e14cc CreateThread
 0x1406e14d4 CreateWaitableTimerExW
 0x1406e14dc DeleteAtom
 0x1406e14e4 DeleteCriticalSection
 0x1406e14ec DuplicateHandle
 0x1406e14f4 EnterCriticalSection
 0x1406e14fc ExitProcess
 0x1406e1504 FindAtomA
 0x1406e150c FormatMessageA
 0x1406e1514 FreeEnvironmentStringsW
 0x1406e151c GetAtomNameA
 0x1406e1524 GetConsoleMode
 0x1406e152c GetCurrentProcess
 0x1406e1534 GetCurrentProcessId
 0x1406e153c GetCurrentThread
 0x1406e1544 GetCurrentThreadId
 0x1406e154c GetEnvironmentStringsW
 0x1406e1554 GetErrorMode
 0x1406e155c GetHandleInformation
 0x1406e1564 GetLastError
 0x1406e156c GetProcAddress
 0x1406e1574 GetProcessAffinityMask
 0x1406e157c GetQueuedCompletionStatusEx
 0x1406e1584 GetStartupInfoA
 0x1406e158c GetStdHandle
 0x1406e1594 GetSystemDirectoryA
 0x1406e159c GetSystemInfo
 0x1406e15a4 GetSystemTimeAsFileTime
 0x1406e15ac GetThreadContext
 0x1406e15b4 GetThreadPriority
 0x1406e15bc GetTickCount
 0x1406e15c4 InitializeCriticalSection
 0x1406e15cc IsDBCSLeadByteEx
 0x1406e15d4 IsDebuggerPresent
 0x1406e15dc LeaveCriticalSection
 0x1406e15e4 LoadLibraryExW
 0x1406e15ec LoadLibraryW
 0x1406e15f4 LocalFree
 0x1406e15fc MultiByteToWideChar
 0x1406e1604 OpenProcess
 0x1406e160c OutputDebugStringA
 0x1406e1614 PostQueuedCompletionStatus
 0x1406e161c QueryPerformanceCounter
 0x1406e1624 QueryPerformanceFrequency
 0x1406e162c RaiseException
 0x1406e1634 RaiseFailFastException
 0x1406e163c ReleaseMutex
 0x1406e1644 ReleaseSemaphore
 0x1406e164c RemoveVectoredExceptionHandler
 0x1406e1654 ResetEvent
 0x1406e165c ResumeThread
 0x1406e1664 RtlLookupFunctionEntry
 0x1406e166c RtlVirtualUnwind
 0x1406e1674 SetConsoleCtrlHandler
 0x1406e167c SetErrorMode
 0x1406e1684 SetEvent
 0x1406e168c SetLastError
 0x1406e1694 SetProcessAffinityMask
 0x1406e169c SetProcessPriorityBoost
 0x1406e16a4 SetThreadContext
 0x1406e16ac SetThreadPriority
 0x1406e16b4 SetUnhandledExceptionFilter
 0x1406e16bc SetWaitableTimer
 0x1406e16c4 Sleep
 0x1406e16cc SuspendThread
 0x1406e16d4 SwitchToThread
 0x1406e16dc TlsAlloc
 0x1406e16e4 TlsGetValue
 0x1406e16ec TlsSetValue
 0x1406e16f4 TryEnterCriticalSection
 0x1406e16fc VirtualAlloc
 0x1406e1704 VirtualFree
 0x1406e170c VirtualProtect
 0x1406e1714 VirtualQuery
 0x1406e171c WaitForMultipleObjects
 0x1406e1724 WaitForSingleObject
 0x1406e172c WerGetFlags
 0x1406e1734 WerSetFlags
 0x1406e173c WideCharToMultiByte
 0x1406e1744 WriteConsoleW
 0x1406e174c WriteFile
 0x1406e1754 __C_specific_handler
msvcrt.dll
 0x1406e1764 ___lc_codepage_func
 0x1406e176c ___mb_cur_max_func
 0x1406e1774 __getmainargs
 0x1406e177c __initenv
 0x1406e1784 __iob_func
 0x1406e178c __lconv_init
 0x1406e1794 __set_app_type
 0x1406e179c __setusermatherr
 0x1406e17a4 _acmdln
 0x1406e17ac _amsg_exit
 0x1406e17b4 _beginthread
 0x1406e17bc _beginthreadex
 0x1406e17c4 _cexit
 0x1406e17cc _commode
 0x1406e17d4 _endthreadex
 0x1406e17dc _errno
 0x1406e17e4 _fmode
 0x1406e17ec _initterm
 0x1406e17f4 _lock
 0x1406e17fc _memccpy
 0x1406e1804 _onexit
 0x1406e180c _setjmp
 0x1406e1814 _strdup
 0x1406e181c _ultoa
 0x1406e1824 _unlock
 0x1406e182c abort
 0x1406e1834 calloc
 0x1406e183c exit
 0x1406e1844 fprintf
 0x1406e184c fputc
 0x1406e1854 free
 0x1406e185c fwrite
 0x1406e1864 localeconv
 0x1406e186c longjmp
 0x1406e1874 malloc
 0x1406e187c memcpy
 0x1406e1884 memmove
 0x1406e188c memset
 0x1406e1894 printf
 0x1406e189c realloc
 0x1406e18a4 signal
 0x1406e18ac strerror
 0x1406e18b4 strlen
 0x1406e18bc strncmp
 0x1406e18c4 vfprintf
 0x1406e18cc wcslen

EAT(Export Address Table) Library

0x1406deab0 _cgo_dummy_export


Similarity measure (PE file only) - Checking for service failure