ScreenShot
| Created | 2024.09.27 13:50 | Machine | s1_win7_x6401 |
| Filename | TOP_2.4.6.vmp.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (AIDetectMalware, VMProtect, Malicious, score, GenericKD, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, L suspicious, MalwareX, AGEN, Real Protect, high, Static AI, Suspicious PE, Detected, GrayWare, Wacapew, Puwaders, VMProtBad, Eldorado, R663373, Artemis, Outbreak, R002H09HU24, C9nj) | ||
| md5 | b951897c49e0a8acb34ec45f7da6c3d1 | ||
| sha256 | 95d4d2f3e313169343f3392741b89cc5bd606bec02284ca9bbac2b5ee88aad0b | ||
| ssdeep | 98304:GMNZDYo4OvfSaHHlsTgle+Ubi4RJ/pxG3Xmtpru824qfMWbxLDi7GyLTpv:/Zll7OfCh86x5yB | ||
| imphash | 11ae26485c0cac468c08d19a4378636d | ||
| impfuzzy | 24:2WzAbjD5GBu5bJZYMu5FO58QtXJHc9NDI5Q8:jkjEoZYMt5ZXpcM5Q8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
d3d11.dll
0x1409bf000 D3D11CreateDeviceAndSwapChain
D3DCOMPILER_43.dll
0x1409bf010 D3DCompile
IMM32.dll
0x1409bf020 ImmSetCompositionWindow
WINHTTP.dll
0x1409bf030 WinHttpOpenRequest
KERNEL32.dll
0x1409bf040 UnhandledExceptionFilter
USER32.dll
0x1409bf050 GetMessageA
ADVAPI32.dll
0x1409bf060 RegCreateKeyW
MSVCP140.dll
0x1409bf070 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
ntdll.dll
0x1409bf080 RtlVirtualUnwind
WS2_32.dll
0x1409bf090 inet_addr
VCRUNTIME140_1.dll
0x1409bf0a0 __CxxFrameHandler4
VCRUNTIME140.dll
0x1409bf0b0 memcmp
api-ms-win-crt-runtime-l1-1-0.dll
0x1409bf0c0 _invalid_parameter_noinfo_noreturn
api-ms-win-crt-stdio-l1-1-0.dll
0x1409bf0d0 fopen
api-ms-win-crt-string-l1-1-0.dll
0x1409bf0e0 _stricmp
api-ms-win-crt-utility-l1-1-0.dll
0x1409bf0f0 rand
api-ms-win-crt-heap-l1-1-0.dll
0x1409bf100 realloc
api-ms-win-crt-convert-l1-1-0.dll
0x1409bf110 strtod
api-ms-win-crt-filesystem-l1-1-0.dll
0x1409bf120 _lock_file
api-ms-win-crt-time-l1-1-0.dll
0x1409bf130 _time64
api-ms-win-crt-math-l1-1-0.dll
0x1409bf140 fmod
api-ms-win-crt-locale-l1-1-0.dll
0x1409bf150 _configthreadlocale
WTSAPI32.dll
0x1409bf160 WTSSendMessageW
KERNEL32.dll
0x1409bf170 FlsSetValue
USER32.dll
0x1409bf180 GetProcessWindowStation
KERNEL32.dll
0x1409bf190 LocalAlloc
0x1409bf198 LocalFree
0x1409bf1a0 GetModuleFileNameW
0x1409bf1a8 GetProcessAffinityMask
0x1409bf1b0 SetProcessAffinityMask
0x1409bf1b8 SetThreadAffinityMask
0x1409bf1c0 Sleep
0x1409bf1c8 ExitProcess
0x1409bf1d0 FreeLibrary
0x1409bf1d8 LoadLibraryA
0x1409bf1e0 GetModuleHandleA
0x1409bf1e8 GetProcAddress
USER32.dll
0x1409bf1f8 GetProcessWindowStation
0x1409bf200 GetUserObjectInformationW
EAT(Export Address Table) Library
0x140055b40 cJSON_AddArrayToObject
0x140055730 cJSON_AddBoolToObject
0x140055650 cJSON_AddFalseToObject
0x1400553c0 cJSON_AddItemReferenceToArray
0x140055440 cJSON_AddItemReferenceToObject
0x140055220 cJSON_AddItemToArray
0x140055380 cJSON_AddItemToObject
0x1400553a0 cJSON_AddItemToObjectCS
0x140055490 cJSON_AddNullToObject
0x140055820 cJSON_AddNumberToObject
0x140055a60 cJSON_AddObjectToObject
0x1400559a0 cJSON_AddRawToObject
0x1400558e0 cJSON_AddStringToObject
0x140055570 cJSON_AddTrueToObject
0x1400570d0 cJSON_Compare
0x140056780 cJSON_CreateArray
0x140056630 cJSON_CreateArrayReference
0x1400563b0 cJSON_CreateBool
0x140056a80 cJSON_CreateDoubleArray
0x140056370 cJSON_CreateFalse
0x140056940 cJSON_CreateFloatArray
0x140056800 cJSON_CreateIntArray
0x1400562f0 cJSON_CreateNull
0x1400563f0 cJSON_CreateNumber
0x1400567c0 cJSON_CreateObject
0x1400565e0 cJSON_CreateObjectReference
0x140056680 cJSON_CreateRaw
0x140056490 cJSON_CreateString
0x140056bb0 cJSON_CreateStringArray
0x140056590 cJSON_CreateStringReference
0x140056330 cJSON_CreateTrue
0x140053130 cJSON_Delete
0x140055d30 cJSON_DeleteItemFromArray
0x140055ed0 cJSON_DeleteItemFromObject
0x140055f60 cJSON_DeleteItemFromObjectCaseSensitive
0x140055c90 cJSON_DetachItemFromArray
0x140055dc0 cJSON_DetachItemFromObject
0x140055e40 cJSON_DetachItemFromObjectCaseSensitive
0x140055c20 cJSON_DetachItemViaPointer
0x140056ce0 cJSON_Duplicate
0x140055020 cJSON_GetArrayItem
0x140055000 cJSON_GetArraySize
0x140052ff0 cJSON_GetErrorPtr
0x140053020 cJSON_GetNumberValue
0x140055170 cJSON_GetObjectItem
0x140055180 cJSON_GetObjectItemCaseSensitive
0x140053000 cJSON_GetStringValue
0x140055190 cJSON_HasObjectItem
0x140053090 cJSON_InitHooks
0x140055ff0 cJSON_InsertItemInArray
0x1400570a0 cJSON_IsArray
0x140057050 cJSON_IsBool
0x140057030 cJSON_IsFalse
0x140057020 cJSON_IsInvalid
0x140057070 cJSON_IsNull
0x140057080 cJSON_IsNumber
0x1400570b0 cJSON_IsObject
0x1400570c0 cJSON_IsRaw
0x140057090 cJSON_IsString
0x140057040 cJSON_IsTrue
0x140056ee0 cJSON_Minify
0x140053fd0 cJSON_Parse
0x140054000 cJSON_ParseWithLength
0x140053d70 cJSON_ParseWithLengthOpts
0x140053d40 cJSON_ParseWithOpts
0x140054150 cJSON_Print
0x140054170 cJSON_PrintBuffered
0x140054230 cJSON_PrintPreallocated
0x140054160 cJSON_PrintUnformatted
0x1400561b0 cJSON_ReplaceItemInArray
0x1400562d0 cJSON_ReplaceItemInObject
0x1400562e0 cJSON_ReplaceItemInObjectCaseSensitive
0x1400560a0 cJSON_ReplaceItemViaPointer
0x1400531b0 cJSON_SetNumberHelper
0x1400531f0 cJSON_SetValuestring
0x140053040 cJSON_Version
0x1400573f0 cJSON_free
0x1400573e0 cJSON_malloc
d3d11.dll
0x1409bf000 D3D11CreateDeviceAndSwapChain
D3DCOMPILER_43.dll
0x1409bf010 D3DCompile
IMM32.dll
0x1409bf020 ImmSetCompositionWindow
WINHTTP.dll
0x1409bf030 WinHttpOpenRequest
KERNEL32.dll
0x1409bf040 UnhandledExceptionFilter
USER32.dll
0x1409bf050 GetMessageA
ADVAPI32.dll
0x1409bf060 RegCreateKeyW
MSVCP140.dll
0x1409bf070 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
ntdll.dll
0x1409bf080 RtlVirtualUnwind
WS2_32.dll
0x1409bf090 inet_addr
VCRUNTIME140_1.dll
0x1409bf0a0 __CxxFrameHandler4
VCRUNTIME140.dll
0x1409bf0b0 memcmp
api-ms-win-crt-runtime-l1-1-0.dll
0x1409bf0c0 _invalid_parameter_noinfo_noreturn
api-ms-win-crt-stdio-l1-1-0.dll
0x1409bf0d0 fopen
api-ms-win-crt-string-l1-1-0.dll
0x1409bf0e0 _stricmp
api-ms-win-crt-utility-l1-1-0.dll
0x1409bf0f0 rand
api-ms-win-crt-heap-l1-1-0.dll
0x1409bf100 realloc
api-ms-win-crt-convert-l1-1-0.dll
0x1409bf110 strtod
api-ms-win-crt-filesystem-l1-1-0.dll
0x1409bf120 _lock_file
api-ms-win-crt-time-l1-1-0.dll
0x1409bf130 _time64
api-ms-win-crt-math-l1-1-0.dll
0x1409bf140 fmod
api-ms-win-crt-locale-l1-1-0.dll
0x1409bf150 _configthreadlocale
WTSAPI32.dll
0x1409bf160 WTSSendMessageW
KERNEL32.dll
0x1409bf170 FlsSetValue
USER32.dll
0x1409bf180 GetProcessWindowStation
KERNEL32.dll
0x1409bf190 LocalAlloc
0x1409bf198 LocalFree
0x1409bf1a0 GetModuleFileNameW
0x1409bf1a8 GetProcessAffinityMask
0x1409bf1b0 SetProcessAffinityMask
0x1409bf1b8 SetThreadAffinityMask
0x1409bf1c0 Sleep
0x1409bf1c8 ExitProcess
0x1409bf1d0 FreeLibrary
0x1409bf1d8 LoadLibraryA
0x1409bf1e0 GetModuleHandleA
0x1409bf1e8 GetProcAddress
USER32.dll
0x1409bf1f8 GetProcessWindowStation
0x1409bf200 GetUserObjectInformationW
EAT(Export Address Table) Library
0x140055b40 cJSON_AddArrayToObject
0x140055730 cJSON_AddBoolToObject
0x140055650 cJSON_AddFalseToObject
0x1400553c0 cJSON_AddItemReferenceToArray
0x140055440 cJSON_AddItemReferenceToObject
0x140055220 cJSON_AddItemToArray
0x140055380 cJSON_AddItemToObject
0x1400553a0 cJSON_AddItemToObjectCS
0x140055490 cJSON_AddNullToObject
0x140055820 cJSON_AddNumberToObject
0x140055a60 cJSON_AddObjectToObject
0x1400559a0 cJSON_AddRawToObject
0x1400558e0 cJSON_AddStringToObject
0x140055570 cJSON_AddTrueToObject
0x1400570d0 cJSON_Compare
0x140056780 cJSON_CreateArray
0x140056630 cJSON_CreateArrayReference
0x1400563b0 cJSON_CreateBool
0x140056a80 cJSON_CreateDoubleArray
0x140056370 cJSON_CreateFalse
0x140056940 cJSON_CreateFloatArray
0x140056800 cJSON_CreateIntArray
0x1400562f0 cJSON_CreateNull
0x1400563f0 cJSON_CreateNumber
0x1400567c0 cJSON_CreateObject
0x1400565e0 cJSON_CreateObjectReference
0x140056680 cJSON_CreateRaw
0x140056490 cJSON_CreateString
0x140056bb0 cJSON_CreateStringArray
0x140056590 cJSON_CreateStringReference
0x140056330 cJSON_CreateTrue
0x140053130 cJSON_Delete
0x140055d30 cJSON_DeleteItemFromArray
0x140055ed0 cJSON_DeleteItemFromObject
0x140055f60 cJSON_DeleteItemFromObjectCaseSensitive
0x140055c90 cJSON_DetachItemFromArray
0x140055dc0 cJSON_DetachItemFromObject
0x140055e40 cJSON_DetachItemFromObjectCaseSensitive
0x140055c20 cJSON_DetachItemViaPointer
0x140056ce0 cJSON_Duplicate
0x140055020 cJSON_GetArrayItem
0x140055000 cJSON_GetArraySize
0x140052ff0 cJSON_GetErrorPtr
0x140053020 cJSON_GetNumberValue
0x140055170 cJSON_GetObjectItem
0x140055180 cJSON_GetObjectItemCaseSensitive
0x140053000 cJSON_GetStringValue
0x140055190 cJSON_HasObjectItem
0x140053090 cJSON_InitHooks
0x140055ff0 cJSON_InsertItemInArray
0x1400570a0 cJSON_IsArray
0x140057050 cJSON_IsBool
0x140057030 cJSON_IsFalse
0x140057020 cJSON_IsInvalid
0x140057070 cJSON_IsNull
0x140057080 cJSON_IsNumber
0x1400570b0 cJSON_IsObject
0x1400570c0 cJSON_IsRaw
0x140057090 cJSON_IsString
0x140057040 cJSON_IsTrue
0x140056ee0 cJSON_Minify
0x140053fd0 cJSON_Parse
0x140054000 cJSON_ParseWithLength
0x140053d70 cJSON_ParseWithLengthOpts
0x140053d40 cJSON_ParseWithOpts
0x140054150 cJSON_Print
0x140054170 cJSON_PrintBuffered
0x140054230 cJSON_PrintPreallocated
0x140054160 cJSON_PrintUnformatted
0x1400561b0 cJSON_ReplaceItemInArray
0x1400562d0 cJSON_ReplaceItemInObject
0x1400562e0 cJSON_ReplaceItemInObjectCaseSensitive
0x1400560a0 cJSON_ReplaceItemViaPointer
0x1400531b0 cJSON_SetNumberHelper
0x1400531f0 cJSON_SetValuestring
0x140053040 cJSON_Version
0x1400573f0 cJSON_free
0x1400573e0 cJSON_malloc