ScreenShot
| Created | 2024.09.26 12:10 | Machine | s1_win7_x6403 |
| Filename | 66f4173e61b59_12.exe#1 | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetectMalware, Malicious, score, Lockbit, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, PWSX, moderate, Krypt, Static AI, Suspicious PE, Detected, Wacatac, Kryptik, Eldorado, Buzus, MachineLearning, Anomalous, Obfuscated) | ||
| md5 | b9685047e27fbb94ab3bd20943b85349 | ||
| sha256 | 26e70ce5246844690acc15b42d890012bf2d0df4fcdda2e3b5982d65b1731e65 | ||
| ssdeep | 6144:gopeyI4EPijDnnCDxITWEu2WLCLUd6zFTqFrz3zxkixmSyO:9peX4EPcGDxIiHNCYAFCHjISyO | ||
| imphash | a11cbe8ba3528a436618e8dc32e663a6 | ||
| impfuzzy | 48:LOR1X1xgdljsDY5ak1K9fcjtAOWvcnfkKU/JvrQtyOM:6nX1xYljsDY7QfcjtAOWvcneR | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x411018 InterlockedDecrement
0x41101c GetCurrentProcess
0x411020 SetEnvironmentVariableW
0x411024 CreateJobObjectW
0x411028 SetComputerNameW
0x41102c CreateHardLinkA
0x411030 GetModuleHandleW
0x411034 EnumCalendarInfoExW
0x411038 GetNumberFormatA
0x41103c GetWindowsDirectoryA
0x411040 SetCommState
0x411044 LoadLibraryW
0x411048 GetLocaleInfoW
0x41104c ReadConsoleInputA
0x411050 GetCalendarInfoW
0x411054 CreateEventA
0x411058 SetVolumeMountPointA
0x41105c GetConsoleAliasExesLengthW
0x411060 GetVersionExW
0x411064 GetFileAttributesA
0x411068 EnumSystemCodePagesA
0x41106c GetTimeFormatW
0x411070 GetModuleFileNameW
0x411074 CreateActCtxA
0x411078 GetEnvironmentVariableA
0x41107c SetThreadPriority
0x411080 GetTempPathW
0x411084 VerifyVersionInfoW
0x411088 GlobalUnfix
0x41108c GetStdHandle
0x411090 GetLogicalDriveStringsA
0x411094 GetLastError
0x411098 GetCurrentDirectoryW
0x41109c GetLongPathNameW
0x4110a0 EnumCalendarInfoW
0x4110a4 CreateNamedPipeA
0x4110a8 LoadModule
0x4110ac GlobalFree
0x4110b0 GetProcessVersion
0x4110b4 LoadLibraryA
0x4110b8 InterlockedExchangeAdd
0x4110bc CreateFileMappingA
0x4110c0 LocalAlloc
0x4110c4 SetCalendarInfoW
0x4110c8 FoldStringA
0x4110cc EnumDateFormatsA
0x4110d0 GlobalUnWire
0x4110d4 GetProcessShutdownParameters
0x4110d8 LoadLibraryExA
0x4110dc GetFileTime
0x4110e0 WaitForDebugEvent
0x4110e4 OpenEventW
0x4110e8 GetShortPathNameW
0x4110ec SetFileShortNameA
0x4110f0 GetDiskFreeSpaceExW
0x4110f4 LCMapStringW
0x4110f8 CommConfigDialogW
0x4110fc ReadFile
0x411100 GetProcessHeap
0x411104 SetEndOfFile
0x411108 GetStringTypeW
0x41110c MultiByteToWideChar
0x411110 CreateFileW
0x411114 WriteConsoleW
0x411118 InterlockedIncrement
0x41111c GetConsoleAliasExesA
0x411120 TlsGetValue
0x411124 SetFilePointer
0x411128 GetProcAddress
0x41112c SetDefaultCommConfigA
0x411130 FlushFileBuffers
0x411134 SetStdHandle
0x411138 HeapFree
0x41113c EncodePointer
0x411140 DecodePointer
0x411144 HeapReAlloc
0x411148 GetCommandLineW
0x41114c HeapSetInformation
0x411150 GetStartupInfoW
0x411154 IsProcessorFeaturePresent
0x411158 WideCharToMultiByte
0x41115c SetHandleCount
0x411160 InitializeCriticalSectionAndSpinCount
0x411164 GetFileType
0x411168 DeleteCriticalSection
0x41116c EnterCriticalSection
0x411170 LeaveCriticalSection
0x411174 UnhandledExceptionFilter
0x411178 SetUnhandledExceptionFilter
0x41117c IsDebuggerPresent
0x411180 TerminateProcess
0x411184 HeapCreate
0x411188 Sleep
0x41118c HeapSize
0x411190 ExitProcess
0x411194 RtlUnwind
0x411198 HeapAlloc
0x41119c WriteFile
0x4111a0 FreeEnvironmentStringsW
0x4111a4 GetEnvironmentStringsW
0x4111a8 TlsAlloc
0x4111ac TlsSetValue
0x4111b0 TlsFree
0x4111b4 SetLastError
0x4111b8 GetCurrentThreadId
0x4111bc QueryPerformanceCounter
0x4111c0 GetTickCount
0x4111c4 GetCurrentProcessId
0x4111c8 GetSystemTimeAsFileTime
0x4111cc RaiseException
0x4111d0 GetConsoleCP
0x4111d4 GetConsoleMode
0x4111d8 GetCPInfo
0x4111dc GetACP
0x4111e0 GetOEMCP
0x4111e4 IsValidCodePage
0x4111e8 CloseHandle
0x4111ec CreateFileA
USER32.dll
0x4111f4 GetWindowLongW
0x4111f8 SetCaretPos
0x4111fc CharUpperA
0x411200 InsertMenuItemW
0x411204 DrawStateA
0x411208 LoadMenuA
0x41120c CharLowerBuffA
0x411210 GetSysColor
0x411214 GetMenuStringA
0x411218 SetMenu
GDI32.dll
0x411000 GetBkMode
0x411004 CreateDCW
0x411008 GetCharWidth32W
0x41100c GetTextCharset
0x411010 GetCharWidthI
WINHTTP.dll
0x411220 WinHttpCloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x411018 InterlockedDecrement
0x41101c GetCurrentProcess
0x411020 SetEnvironmentVariableW
0x411024 CreateJobObjectW
0x411028 SetComputerNameW
0x41102c CreateHardLinkA
0x411030 GetModuleHandleW
0x411034 EnumCalendarInfoExW
0x411038 GetNumberFormatA
0x41103c GetWindowsDirectoryA
0x411040 SetCommState
0x411044 LoadLibraryW
0x411048 GetLocaleInfoW
0x41104c ReadConsoleInputA
0x411050 GetCalendarInfoW
0x411054 CreateEventA
0x411058 SetVolumeMountPointA
0x41105c GetConsoleAliasExesLengthW
0x411060 GetVersionExW
0x411064 GetFileAttributesA
0x411068 EnumSystemCodePagesA
0x41106c GetTimeFormatW
0x411070 GetModuleFileNameW
0x411074 CreateActCtxA
0x411078 GetEnvironmentVariableA
0x41107c SetThreadPriority
0x411080 GetTempPathW
0x411084 VerifyVersionInfoW
0x411088 GlobalUnfix
0x41108c GetStdHandle
0x411090 GetLogicalDriveStringsA
0x411094 GetLastError
0x411098 GetCurrentDirectoryW
0x41109c GetLongPathNameW
0x4110a0 EnumCalendarInfoW
0x4110a4 CreateNamedPipeA
0x4110a8 LoadModule
0x4110ac GlobalFree
0x4110b0 GetProcessVersion
0x4110b4 LoadLibraryA
0x4110b8 InterlockedExchangeAdd
0x4110bc CreateFileMappingA
0x4110c0 LocalAlloc
0x4110c4 SetCalendarInfoW
0x4110c8 FoldStringA
0x4110cc EnumDateFormatsA
0x4110d0 GlobalUnWire
0x4110d4 GetProcessShutdownParameters
0x4110d8 LoadLibraryExA
0x4110dc GetFileTime
0x4110e0 WaitForDebugEvent
0x4110e4 OpenEventW
0x4110e8 GetShortPathNameW
0x4110ec SetFileShortNameA
0x4110f0 GetDiskFreeSpaceExW
0x4110f4 LCMapStringW
0x4110f8 CommConfigDialogW
0x4110fc ReadFile
0x411100 GetProcessHeap
0x411104 SetEndOfFile
0x411108 GetStringTypeW
0x41110c MultiByteToWideChar
0x411110 CreateFileW
0x411114 WriteConsoleW
0x411118 InterlockedIncrement
0x41111c GetConsoleAliasExesA
0x411120 TlsGetValue
0x411124 SetFilePointer
0x411128 GetProcAddress
0x41112c SetDefaultCommConfigA
0x411130 FlushFileBuffers
0x411134 SetStdHandle
0x411138 HeapFree
0x41113c EncodePointer
0x411140 DecodePointer
0x411144 HeapReAlloc
0x411148 GetCommandLineW
0x41114c HeapSetInformation
0x411150 GetStartupInfoW
0x411154 IsProcessorFeaturePresent
0x411158 WideCharToMultiByte
0x41115c SetHandleCount
0x411160 InitializeCriticalSectionAndSpinCount
0x411164 GetFileType
0x411168 DeleteCriticalSection
0x41116c EnterCriticalSection
0x411170 LeaveCriticalSection
0x411174 UnhandledExceptionFilter
0x411178 SetUnhandledExceptionFilter
0x41117c IsDebuggerPresent
0x411180 TerminateProcess
0x411184 HeapCreate
0x411188 Sleep
0x41118c HeapSize
0x411190 ExitProcess
0x411194 RtlUnwind
0x411198 HeapAlloc
0x41119c WriteFile
0x4111a0 FreeEnvironmentStringsW
0x4111a4 GetEnvironmentStringsW
0x4111a8 TlsAlloc
0x4111ac TlsSetValue
0x4111b0 TlsFree
0x4111b4 SetLastError
0x4111b8 GetCurrentThreadId
0x4111bc QueryPerformanceCounter
0x4111c0 GetTickCount
0x4111c4 GetCurrentProcessId
0x4111c8 GetSystemTimeAsFileTime
0x4111cc RaiseException
0x4111d0 GetConsoleCP
0x4111d4 GetConsoleMode
0x4111d8 GetCPInfo
0x4111dc GetACP
0x4111e0 GetOEMCP
0x4111e4 IsValidCodePage
0x4111e8 CloseHandle
0x4111ec CreateFileA
USER32.dll
0x4111f4 GetWindowLongW
0x4111f8 SetCaretPos
0x4111fc CharUpperA
0x411200 InsertMenuItemW
0x411204 DrawStateA
0x411208 LoadMenuA
0x41120c CharLowerBuffA
0x411210 GetSysColor
0x411214 GetMenuStringA
0x411218 SetMenu
GDI32.dll
0x411000 GetBkMode
0x411004 CreateDCW
0x411008 GetCharWidth32W
0x41100c GetTextCharset
0x411010 GetCharWidthI
WINHTTP.dll
0x411220 WinHttpCloseHandle
EAT(Export Address Table) is none