ScreenShot
| Created | 2024.09.26 12:14 | Machine | s1_win7_x6401 |
| Filename | 66f3de8e8f1c5_lyla334.exe#lyla | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 44 detected (AIDetectMalware, Malicious, score, Lockbit, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, HXYG, BotX, Obscure, CLASSIC, PRIVATELOADER, YXEIYZ, moderate, Krypt, Static AI, Suspicious PE, Detected, ASMalwIH, SmokeLoader, Leonem, BT1QFV, Eldorado, Artemis, Buzus, Chgt, Obfuscated, susgen, PossibleThreat) | ||
| md5 | 51636e7775782f91df225f511b297f96 | ||
| sha256 | 07439f8a2adbe031b3b1f4bca85a8f8e99dfac6499ec6f9261d3c01d7a744bb6 | ||
| ssdeep | 6144:D4SOx32ux+Zzo97tIDEjTI3+bOFNnPDqbc3Io/LTJWXvbMvquO52T3:BOxLx+Zk9paHNPDqbdo/LdWfbMCuYA | ||
| imphash | dbcafdf90cf6fa1f29b89e8542f94f6a | ||
| impfuzzy | 48:NOR1X1pCdlmDY5kH1K9fcjtaTPvcnAJKU/6vkrQt/YM:cnX1pelmDYiQfcjtaTPvcn4W | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41101c GetLogicalDriveStringsW
0x411020 SetEnvironmentVariableW
0x411024 CreateJobObjectW
0x411028 SetComputerNameW
0x41102c CreateHardLinkA
0x411030 GetModuleHandleW
0x411034 EnumCalendarInfoExW
0x411038 FindNextVolumeMountPointA
0x41103c GetNumberFormatA
0x411040 GetWindowsDirectoryA
0x411044 GetConsoleAliasExesW
0x411048 SetCommState
0x41104c LoadLibraryW
0x411050 GetLocaleInfoW
0x411054 ReadConsoleInputA
0x411058 GetCalendarInfoW
0x41105c CreateEventA
0x411060 SetVolumeMountPointA
0x411064 GetConsoleAliasExesLengthW
0x411068 GetVersionExW
0x41106c GetFileAttributesA
0x411070 EnumSystemCodePagesA
0x411074 GetTimeFormatW
0x411078 GetModuleFileNameW
0x41107c CreateActCtxA
0x411080 GetEnvironmentVariableA
0x411084 SetThreadPriority
0x411088 GetTempPathW
0x41108c VerifyVersionInfoW
0x411090 GlobalUnfix
0x411094 GetStdHandle
0x411098 GetLastError
0x41109c GetCurrentDirectoryW
0x4110a0 GetLongPathNameW
0x4110a4 GetCurrentProcess
0x4110a8 CreateNamedPipeA
0x4110ac LoadModule
0x4110b0 GlobalFree
0x4110b4 GetProcessVersion
0x4110b8 LoadLibraryA
0x4110bc InterlockedExchangeAdd
0x4110c0 CreateFileMappingA
0x4110c4 LocalAlloc
0x4110c8 SetCalendarInfoW
0x4110cc FoldStringW
0x4110d0 EnumDateFormatsA
0x4110d4 GlobalUnWire
0x4110d8 GetProcessShutdownParameters
0x4110dc LoadLibraryExA
0x4110e0 GetFileTime
0x4110e4 WaitForDebugEvent
0x4110e8 OpenEventW
0x4110ec GetShortPathNameW
0x4110f0 SetFileShortNameA
0x4110f4 GetDiskFreeSpaceExW
0x4110f8 LCMapStringW
0x4110fc CommConfigDialogW
0x411100 ReadFile
0x411104 GetProcessHeap
0x411108 GetStringTypeW
0x41110c MultiByteToWideChar
0x411110 WriteConsoleW
0x411114 CreateFileW
0x411118 FlushFileBuffers
0x41111c InterlockedDecrement
0x411120 EnumCalendarInfoW
0x411124 InterlockedIncrement
0x411128 SetEndOfFile
0x41112c TlsGetValue
0x411130 GetProcAddress
0x411134 SetDefaultCommConfigA
0x411138 SetStdHandle
0x41113c CreateFileA
0x411140 HeapAlloc
0x411144 EncodePointer
0x411148 DecodePointer
0x41114c HeapReAlloc
0x411150 GetCommandLineW
0x411154 HeapSetInformation
0x411158 GetStartupInfoW
0x41115c IsProcessorFeaturePresent
0x411160 WideCharToMultiByte
0x411164 SetHandleCount
0x411168 InitializeCriticalSectionAndSpinCount
0x41116c GetFileType
0x411170 DeleteCriticalSection
0x411174 EnterCriticalSection
0x411178 LeaveCriticalSection
0x41117c UnhandledExceptionFilter
0x411180 SetUnhandledExceptionFilter
0x411184 IsDebuggerPresent
0x411188 TerminateProcess
0x41118c ExitProcess
0x411190 WriteFile
0x411194 HeapCreate
0x411198 Sleep
0x41119c HeapSize
0x4111a0 RtlUnwind
0x4111a4 HeapFree
0x4111a8 SetFilePointer
0x4111ac FreeEnvironmentStringsW
0x4111b0 GetEnvironmentStringsW
0x4111b4 TlsAlloc
0x4111b8 TlsSetValue
0x4111bc TlsFree
0x4111c0 SetLastError
0x4111c4 GetCurrentThreadId
0x4111c8 QueryPerformanceCounter
0x4111cc GetTickCount
0x4111d0 GetCurrentProcessId
0x4111d4 GetSystemTimeAsFileTime
0x4111d8 RaiseException
0x4111dc GetConsoleCP
0x4111e0 GetConsoleMode
0x4111e4 GetCPInfo
0x4111e8 GetACP
0x4111ec GetOEMCP
0x4111f0 IsValidCodePage
0x4111f4 CloseHandle
USER32.dll
0x4111fc DrawStateA
0x411200 SetCaretPos
0x411204 CharUpperA
0x411208 InsertMenuItemW
0x41120c GetMenu
0x411210 LoadMenuA
0x411214 GetWindowLongW
0x411218 CharLowerBuffA
0x41121c GetSysColor
0x411220 GetMenuStringA
GDI32.dll
0x411000 GetBkMode
0x411004 GetCharWidthFloatA
0x411008 CreateDCA
0x41100c GetCharWidth32W
0x411010 GetTextCharset
0x411014 GetCharWidthI
WINHTTP.dll
0x411228 WinHttpCloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x41101c GetLogicalDriveStringsW
0x411020 SetEnvironmentVariableW
0x411024 CreateJobObjectW
0x411028 SetComputerNameW
0x41102c CreateHardLinkA
0x411030 GetModuleHandleW
0x411034 EnumCalendarInfoExW
0x411038 FindNextVolumeMountPointA
0x41103c GetNumberFormatA
0x411040 GetWindowsDirectoryA
0x411044 GetConsoleAliasExesW
0x411048 SetCommState
0x41104c LoadLibraryW
0x411050 GetLocaleInfoW
0x411054 ReadConsoleInputA
0x411058 GetCalendarInfoW
0x41105c CreateEventA
0x411060 SetVolumeMountPointA
0x411064 GetConsoleAliasExesLengthW
0x411068 GetVersionExW
0x41106c GetFileAttributesA
0x411070 EnumSystemCodePagesA
0x411074 GetTimeFormatW
0x411078 GetModuleFileNameW
0x41107c CreateActCtxA
0x411080 GetEnvironmentVariableA
0x411084 SetThreadPriority
0x411088 GetTempPathW
0x41108c VerifyVersionInfoW
0x411090 GlobalUnfix
0x411094 GetStdHandle
0x411098 GetLastError
0x41109c GetCurrentDirectoryW
0x4110a0 GetLongPathNameW
0x4110a4 GetCurrentProcess
0x4110a8 CreateNamedPipeA
0x4110ac LoadModule
0x4110b0 GlobalFree
0x4110b4 GetProcessVersion
0x4110b8 LoadLibraryA
0x4110bc InterlockedExchangeAdd
0x4110c0 CreateFileMappingA
0x4110c4 LocalAlloc
0x4110c8 SetCalendarInfoW
0x4110cc FoldStringW
0x4110d0 EnumDateFormatsA
0x4110d4 GlobalUnWire
0x4110d8 GetProcessShutdownParameters
0x4110dc LoadLibraryExA
0x4110e0 GetFileTime
0x4110e4 WaitForDebugEvent
0x4110e8 OpenEventW
0x4110ec GetShortPathNameW
0x4110f0 SetFileShortNameA
0x4110f4 GetDiskFreeSpaceExW
0x4110f8 LCMapStringW
0x4110fc CommConfigDialogW
0x411100 ReadFile
0x411104 GetProcessHeap
0x411108 GetStringTypeW
0x41110c MultiByteToWideChar
0x411110 WriteConsoleW
0x411114 CreateFileW
0x411118 FlushFileBuffers
0x41111c InterlockedDecrement
0x411120 EnumCalendarInfoW
0x411124 InterlockedIncrement
0x411128 SetEndOfFile
0x41112c TlsGetValue
0x411130 GetProcAddress
0x411134 SetDefaultCommConfigA
0x411138 SetStdHandle
0x41113c CreateFileA
0x411140 HeapAlloc
0x411144 EncodePointer
0x411148 DecodePointer
0x41114c HeapReAlloc
0x411150 GetCommandLineW
0x411154 HeapSetInformation
0x411158 GetStartupInfoW
0x41115c IsProcessorFeaturePresent
0x411160 WideCharToMultiByte
0x411164 SetHandleCount
0x411168 InitializeCriticalSectionAndSpinCount
0x41116c GetFileType
0x411170 DeleteCriticalSection
0x411174 EnterCriticalSection
0x411178 LeaveCriticalSection
0x41117c UnhandledExceptionFilter
0x411180 SetUnhandledExceptionFilter
0x411184 IsDebuggerPresent
0x411188 TerminateProcess
0x41118c ExitProcess
0x411190 WriteFile
0x411194 HeapCreate
0x411198 Sleep
0x41119c HeapSize
0x4111a0 RtlUnwind
0x4111a4 HeapFree
0x4111a8 SetFilePointer
0x4111ac FreeEnvironmentStringsW
0x4111b0 GetEnvironmentStringsW
0x4111b4 TlsAlloc
0x4111b8 TlsSetValue
0x4111bc TlsFree
0x4111c0 SetLastError
0x4111c4 GetCurrentThreadId
0x4111c8 QueryPerformanceCounter
0x4111cc GetTickCount
0x4111d0 GetCurrentProcessId
0x4111d4 GetSystemTimeAsFileTime
0x4111d8 RaiseException
0x4111dc GetConsoleCP
0x4111e0 GetConsoleMode
0x4111e4 GetCPInfo
0x4111e8 GetACP
0x4111ec GetOEMCP
0x4111f0 IsValidCodePage
0x4111f4 CloseHandle
USER32.dll
0x4111fc DrawStateA
0x411200 SetCaretPos
0x411204 CharUpperA
0x411208 InsertMenuItemW
0x41120c GetMenu
0x411210 LoadMenuA
0x411214 GetWindowLongW
0x411218 CharLowerBuffA
0x41121c GetSysColor
0x411220 GetMenuStringA
GDI32.dll
0x411000 GetBkMode
0x411004 GetCharWidthFloatA
0x411008 CreateDCA
0x41100c GetCharWidth32W
0x411010 GetTextCharset
0x411014 GetCharWidthI
WINHTTP.dll
0x411228 WinHttpCloseHandle
EAT(Export Address Table) is none