ScreenShot
| Created | 2024.09.27 13:49 | Machine | s1_win7_x6401 |
| Filename | 66f517a571881_lyla3344.exe#lyla3344 | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 40 detected (AIDetectMalware, SmokeLoader, Malicious, score, Unsafe, Save, confidence, 100%, GenericKD, Hacktool, Attribute, HighConfidence, Kryptik, HXYL, PWSX, dqmdg, DownLoader47, PRIVATELOADER, YXEIZZ, Real Protect, high, Krypt, Detected, Mokes, Leonem, V8YNW9, Eldorado, Artemis, Genetic, susgen, Behavior) | ||
| md5 | fe9a74e5d7a8eb7c09ebffc6f6a6128b | ||
| sha256 | 0989916204259770d65679bdb4f7dd28f4cc04d74128812a1fec111e13448fe6 | ||
| ssdeep | 3072:+Lia71Cqt9fye3eFA0ZgnvQzoSm5ZgWyhM/5hYi327U5O5:+LiM1f9V3mtZ+vQzwgThM/5yU5 | ||
| imphash | 834b2dc16a833799a78aa2ee11547b62 | ||
| impfuzzy | 24:QxkPMjVBNbSFkrkRDc4nMRfbDxus1VEdQB2dg/CCbG2vER2OIY7ta2cf3yv4/J3p:Qhn0a1udXFL/t7t7cfke29cJfiA6Q | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41c008 GetNumaNodeProcessorMask
0x41c00c DebugActiveProcessStop
0x41c010 GetConsoleAliasExesLengthA
0x41c014 OpenJobObjectA
0x41c018 ReadConsoleA
0x41c01c QueryDosDeviceA
0x41c020 WaitForSingleObject
0x41c024 InterlockedCompareExchange
0x41c028 GetComputerNameW
0x41c02c GetNumaAvailableMemoryNode
0x41c030 FreeEnvironmentStringsA
0x41c034 GetModuleHandleW
0x41c038 GetConsoleAliasesLengthA
0x41c03c GetPriorityClass
0x41c040 GetEnvironmentStrings
0x41c044 FatalAppExitW
0x41c048 SetSystemTimeAdjustment
0x41c04c WriteConsoleOutputA
0x41c050 GetFileAttributesA
0x41c054 HeapCreate
0x41c058 SetConsoleMode
0x41c05c GetBinaryTypeA
0x41c060 GetModuleFileNameW
0x41c064 GetStdHandle
0x41c068 GetLastError
0x41c06c FillConsoleOutputCharacterA
0x41c070 GetProcAddress
0x41c074 SearchPathA
0x41c078 OpenWaitableTimerA
0x41c07c LoadLibraryA
0x41c080 InterlockedExchangeAdd
0x41c084 LocalAlloc
0x41c088 SetCalendarInfoW
0x41c08c MoveFileA
0x41c090 SetCommMask
0x41c094 FindAtomA
0x41c098 FoldStringA
0x41c09c CreatePipe
0x41c0a0 GetDefaultCommConfigA
0x41c0a4 FreeEnvironmentStringsW
0x41c0a8 BuildCommDCBA
0x41c0ac PurgeComm
0x41c0b0 DebugBreak
0x41c0b4 GlobalReAlloc
0x41c0b8 CopyFileExA
0x41c0bc GetVolumeInformationW
0x41c0c0 CreateFileA
0x41c0c4 BackupRead
0x41c0c8 GetCommandLineW
0x41c0cc HeapFree
0x41c0d0 HeapAlloc
0x41c0d4 Sleep
0x41c0d8 ExitProcess
0x41c0dc GetStartupInfoW
0x41c0e0 TerminateProcess
0x41c0e4 GetCurrentProcess
0x41c0e8 UnhandledExceptionFilter
0x41c0ec SetUnhandledExceptionFilter
0x41c0f0 IsDebuggerPresent
0x41c0f4 VirtualFree
0x41c0f8 DeleteCriticalSection
0x41c0fc LeaveCriticalSection
0x41c100 EnterCriticalSection
0x41c104 VirtualAlloc
0x41c108 HeapReAlloc
0x41c10c WriteFile
0x41c110 GetModuleFileNameA
0x41c114 SetHandleCount
0x41c118 GetFileType
0x41c11c GetStartupInfoA
0x41c120 TlsGetValue
0x41c124 TlsAlloc
0x41c128 TlsSetValue
0x41c12c TlsFree
0x41c130 InterlockedIncrement
0x41c134 SetLastError
0x41c138 GetCurrentThreadId
0x41c13c InterlockedDecrement
0x41c140 HeapSize
0x41c144 GetCPInfo
0x41c148 GetACP
0x41c14c GetOEMCP
0x41c150 IsValidCodePage
0x41c154 InitializeCriticalSectionAndSpinCount
0x41c158 GetEnvironmentStringsW
0x41c15c QueryPerformanceCounter
0x41c160 GetTickCount
0x41c164 GetCurrentProcessId
0x41c168 GetSystemTimeAsFileTime
0x41c16c RtlUnwind
0x41c170 MultiByteToWideChar
0x41c174 ReadFile
0x41c178 LCMapStringA
0x41c17c WideCharToMultiByte
0x41c180 LCMapStringW
0x41c184 GetStringTypeA
0x41c188 GetStringTypeW
0x41c18c GetLocaleInfoA
0x41c190 GetModuleHandleA
0x41c194 GetConsoleCP
0x41c198 GetConsoleMode
0x41c19c FlushFileBuffers
0x41c1a0 SetFilePointer
0x41c1a4 SetStdHandle
0x41c1a8 CloseHandle
0x41c1ac WriteConsoleA
0x41c1b0 GetConsoleOutputCP
0x41c1b4 WriteConsoleW
USER32.dll
0x41c1bc GetUserObjectInformationW
0x41c1c0 SetFocus
ADVAPI32.dll
0x41c000 ObjectPrivilegeAuditAlarmA
EAT(Export Address Table) is none
KERNEL32.dll
0x41c008 GetNumaNodeProcessorMask
0x41c00c DebugActiveProcessStop
0x41c010 GetConsoleAliasExesLengthA
0x41c014 OpenJobObjectA
0x41c018 ReadConsoleA
0x41c01c QueryDosDeviceA
0x41c020 WaitForSingleObject
0x41c024 InterlockedCompareExchange
0x41c028 GetComputerNameW
0x41c02c GetNumaAvailableMemoryNode
0x41c030 FreeEnvironmentStringsA
0x41c034 GetModuleHandleW
0x41c038 GetConsoleAliasesLengthA
0x41c03c GetPriorityClass
0x41c040 GetEnvironmentStrings
0x41c044 FatalAppExitW
0x41c048 SetSystemTimeAdjustment
0x41c04c WriteConsoleOutputA
0x41c050 GetFileAttributesA
0x41c054 HeapCreate
0x41c058 SetConsoleMode
0x41c05c GetBinaryTypeA
0x41c060 GetModuleFileNameW
0x41c064 GetStdHandle
0x41c068 GetLastError
0x41c06c FillConsoleOutputCharacterA
0x41c070 GetProcAddress
0x41c074 SearchPathA
0x41c078 OpenWaitableTimerA
0x41c07c LoadLibraryA
0x41c080 InterlockedExchangeAdd
0x41c084 LocalAlloc
0x41c088 SetCalendarInfoW
0x41c08c MoveFileA
0x41c090 SetCommMask
0x41c094 FindAtomA
0x41c098 FoldStringA
0x41c09c CreatePipe
0x41c0a0 GetDefaultCommConfigA
0x41c0a4 FreeEnvironmentStringsW
0x41c0a8 BuildCommDCBA
0x41c0ac PurgeComm
0x41c0b0 DebugBreak
0x41c0b4 GlobalReAlloc
0x41c0b8 CopyFileExA
0x41c0bc GetVolumeInformationW
0x41c0c0 CreateFileA
0x41c0c4 BackupRead
0x41c0c8 GetCommandLineW
0x41c0cc HeapFree
0x41c0d0 HeapAlloc
0x41c0d4 Sleep
0x41c0d8 ExitProcess
0x41c0dc GetStartupInfoW
0x41c0e0 TerminateProcess
0x41c0e4 GetCurrentProcess
0x41c0e8 UnhandledExceptionFilter
0x41c0ec SetUnhandledExceptionFilter
0x41c0f0 IsDebuggerPresent
0x41c0f4 VirtualFree
0x41c0f8 DeleteCriticalSection
0x41c0fc LeaveCriticalSection
0x41c100 EnterCriticalSection
0x41c104 VirtualAlloc
0x41c108 HeapReAlloc
0x41c10c WriteFile
0x41c110 GetModuleFileNameA
0x41c114 SetHandleCount
0x41c118 GetFileType
0x41c11c GetStartupInfoA
0x41c120 TlsGetValue
0x41c124 TlsAlloc
0x41c128 TlsSetValue
0x41c12c TlsFree
0x41c130 InterlockedIncrement
0x41c134 SetLastError
0x41c138 GetCurrentThreadId
0x41c13c InterlockedDecrement
0x41c140 HeapSize
0x41c144 GetCPInfo
0x41c148 GetACP
0x41c14c GetOEMCP
0x41c150 IsValidCodePage
0x41c154 InitializeCriticalSectionAndSpinCount
0x41c158 GetEnvironmentStringsW
0x41c15c QueryPerformanceCounter
0x41c160 GetTickCount
0x41c164 GetCurrentProcessId
0x41c168 GetSystemTimeAsFileTime
0x41c16c RtlUnwind
0x41c170 MultiByteToWideChar
0x41c174 ReadFile
0x41c178 LCMapStringA
0x41c17c WideCharToMultiByte
0x41c180 LCMapStringW
0x41c184 GetStringTypeA
0x41c188 GetStringTypeW
0x41c18c GetLocaleInfoA
0x41c190 GetModuleHandleA
0x41c194 GetConsoleCP
0x41c198 GetConsoleMode
0x41c19c FlushFileBuffers
0x41c1a0 SetFilePointer
0x41c1a4 SetStdHandle
0x41c1a8 CloseHandle
0x41c1ac WriteConsoleA
0x41c1b0 GetConsoleOutputCP
0x41c1b4 WriteConsoleW
USER32.dll
0x41c1bc GetUserObjectInformationW
0x41c1c0 SetFocus
ADVAPI32.dll
0x41c000 ObjectPrivilegeAuditAlarmA
EAT(Export Address Table) is none