ScreenShot
| Created | 2024.09.27 13:46 | Machine | s1_win7_x6401 |
| Filename | orderconfirmation.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 19 detected (AIDetectMalware, Mint, Phil, Save, malicious, confidence, 100%, high confidence, SideWinder, high, score, Static AI, Malicious PE, Wacatac) | ||
| md5 | 8e57b6466934631a1960ad8950b3b6e4 | ||
| sha256 | ee124586c4e83ba44c2a787bd37740b6420f9caca0c70c31ca93e39926b719e9 | ||
| ssdeep | 3072:t22XExz86sFr15s2LcPYZylbBsdSLMIctx+:FAz8nFrzsYcvGjjt4 | ||
| imphash | 26e71f07eaa293d880bea95f4166d2c6 | ||
| impfuzzy | 48:v7oME9Sm5eFR+2b4jxQHQXiX1PnvklTJGAYJ8R1k1vcqT5L:vcMEgmaRHb4jxQHQXiX1PvwTJGt6R1mB | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140019414 GetUserNameA
KERNEL32.dll
0x140019424 AddAtomA
0x14001942c AddVectoredExceptionHandler
0x140019434 CloseHandle
0x14001943c CreateEventA
0x140019444 CreateMutexA
0x14001944c CreateProcessA
0x140019454 CreateSemaphoreA
0x14001945c DeleteAtom
0x140019464 DeleteCriticalSection
0x14001946c DuplicateHandle
0x140019474 EnterCriticalSection
0x14001947c FindAtomA
0x140019484 FormatMessageA
0x14001948c GetAtomNameA
0x140019494 GetCurrentProcess
0x14001949c GetCurrentProcessId
0x1400194a4 GetCurrentThread
0x1400194ac GetCurrentThreadId
0x1400194b4 GetFileAttributesA
0x1400194bc GetHandleInformation
0x1400194c4 GetLastError
0x1400194cc GetProcAddress
0x1400194d4 GetProcessAffinityMask
0x1400194dc GetStartupInfoA
0x1400194e4 GetSystemTimeAsFileTime
0x1400194ec GetThreadContext
0x1400194f4 GetThreadPriority
0x1400194fc GetTickCount
0x140019504 InitializeCriticalSection
0x14001950c IsDBCSLeadByteEx
0x140019514 IsDebuggerPresent
0x14001951c LeaveCriticalSection
0x140019524 LoadLibraryA
0x14001952c LocalFree
0x140019534 MultiByteToWideChar
0x14001953c OpenProcess
0x140019544 OutputDebugStringA
0x14001954c QueryPerformanceCounter
0x140019554 QueryPerformanceFrequency
0x14001955c RaiseException
0x140019564 ReleaseMutex
0x14001956c ReleaseSemaphore
0x140019574 RemoveVectoredExceptionHandler
0x14001957c ResetEvent
0x140019584 ResumeThread
0x14001958c SetEvent
0x140019594 SetLastError
0x14001959c SetProcessAffinityMask
0x1400195a4 SetThreadContext
0x1400195ac SetThreadPriority
0x1400195b4 SetUnhandledExceptionFilter
0x1400195bc Sleep
0x1400195c4 SuspendThread
0x1400195cc TlsAlloc
0x1400195d4 TlsGetValue
0x1400195dc TlsSetValue
0x1400195e4 TryEnterCriticalSection
0x1400195ec VirtualAlloc
0x1400195f4 VirtualProtect
0x1400195fc VirtualQuery
0x140019604 WaitForMultipleObjects
0x14001960c WaitForSingleObject
0x140019614 WideCharToMultiByte
0x14001961c __C_specific_handler
msvcrt.dll
0x14001962c ___lc_codepage_func
0x140019634 ___mb_cur_max_func
0x14001963c __getmainargs
0x140019644 __initenv
0x14001964c __iob_func
0x140019654 __lconv_init
0x14001965c __set_app_type
0x140019664 __setusermatherr
0x14001966c _acmdln
0x140019674 _amsg_exit
0x14001967c _beginthreadex
0x140019684 _cexit
0x14001968c _commode
0x140019694 _endthreadex
0x14001969c _errno
0x1400196a4 _fmode
0x1400196ac _initterm
0x1400196b4 _lock
0x1400196bc _memccpy
0x1400196c4 _onexit
0x1400196cc _setjmp
0x1400196d4 _strdup
0x1400196dc _time64
0x1400196e4 _ultoa
0x1400196ec _unlock
0x1400196f4 abort
0x1400196fc calloc
0x140019704 exit
0x14001970c fprintf
0x140019714 fputc
0x14001971c free
0x140019724 fwrite
0x14001972c localeconv
0x140019734 longjmp
0x14001973c malloc
0x140019744 memcpy
0x14001974c memmove
0x140019754 memset
0x14001975c printf
0x140019764 rand
0x14001976c realloc
0x140019774 signal
0x14001977c srand
0x140019784 strerror
0x14001978c strlen
0x140019794 strncmp
0x14001979c vfprintf
0x1400197a4 wcslen
SHELL32.dll
0x1400197b4 ShellExecuteA
EAT(Export Address Table) is none
ADVAPI32.dll
0x140019414 GetUserNameA
KERNEL32.dll
0x140019424 AddAtomA
0x14001942c AddVectoredExceptionHandler
0x140019434 CloseHandle
0x14001943c CreateEventA
0x140019444 CreateMutexA
0x14001944c CreateProcessA
0x140019454 CreateSemaphoreA
0x14001945c DeleteAtom
0x140019464 DeleteCriticalSection
0x14001946c DuplicateHandle
0x140019474 EnterCriticalSection
0x14001947c FindAtomA
0x140019484 FormatMessageA
0x14001948c GetAtomNameA
0x140019494 GetCurrentProcess
0x14001949c GetCurrentProcessId
0x1400194a4 GetCurrentThread
0x1400194ac GetCurrentThreadId
0x1400194b4 GetFileAttributesA
0x1400194bc GetHandleInformation
0x1400194c4 GetLastError
0x1400194cc GetProcAddress
0x1400194d4 GetProcessAffinityMask
0x1400194dc GetStartupInfoA
0x1400194e4 GetSystemTimeAsFileTime
0x1400194ec GetThreadContext
0x1400194f4 GetThreadPriority
0x1400194fc GetTickCount
0x140019504 InitializeCriticalSection
0x14001950c IsDBCSLeadByteEx
0x140019514 IsDebuggerPresent
0x14001951c LeaveCriticalSection
0x140019524 LoadLibraryA
0x14001952c LocalFree
0x140019534 MultiByteToWideChar
0x14001953c OpenProcess
0x140019544 OutputDebugStringA
0x14001954c QueryPerformanceCounter
0x140019554 QueryPerformanceFrequency
0x14001955c RaiseException
0x140019564 ReleaseMutex
0x14001956c ReleaseSemaphore
0x140019574 RemoveVectoredExceptionHandler
0x14001957c ResetEvent
0x140019584 ResumeThread
0x14001958c SetEvent
0x140019594 SetLastError
0x14001959c SetProcessAffinityMask
0x1400195a4 SetThreadContext
0x1400195ac SetThreadPriority
0x1400195b4 SetUnhandledExceptionFilter
0x1400195bc Sleep
0x1400195c4 SuspendThread
0x1400195cc TlsAlloc
0x1400195d4 TlsGetValue
0x1400195dc TlsSetValue
0x1400195e4 TryEnterCriticalSection
0x1400195ec VirtualAlloc
0x1400195f4 VirtualProtect
0x1400195fc VirtualQuery
0x140019604 WaitForMultipleObjects
0x14001960c WaitForSingleObject
0x140019614 WideCharToMultiByte
0x14001961c __C_specific_handler
msvcrt.dll
0x14001962c ___lc_codepage_func
0x140019634 ___mb_cur_max_func
0x14001963c __getmainargs
0x140019644 __initenv
0x14001964c __iob_func
0x140019654 __lconv_init
0x14001965c __set_app_type
0x140019664 __setusermatherr
0x14001966c _acmdln
0x140019674 _amsg_exit
0x14001967c _beginthreadex
0x140019684 _cexit
0x14001968c _commode
0x140019694 _endthreadex
0x14001969c _errno
0x1400196a4 _fmode
0x1400196ac _initterm
0x1400196b4 _lock
0x1400196bc _memccpy
0x1400196c4 _onexit
0x1400196cc _setjmp
0x1400196d4 _strdup
0x1400196dc _time64
0x1400196e4 _ultoa
0x1400196ec _unlock
0x1400196f4 abort
0x1400196fc calloc
0x140019704 exit
0x14001970c fprintf
0x140019714 fputc
0x14001971c free
0x140019724 fwrite
0x14001972c localeconv
0x140019734 longjmp
0x14001973c malloc
0x140019744 memcpy
0x14001974c memmove
0x140019754 memset
0x14001975c printf
0x140019764 rand
0x14001976c realloc
0x140019774 signal
0x14001977c srand
0x140019784 strerror
0x14001978c strlen
0x140019794 strncmp
0x14001979c vfprintf
0x1400197a4 wcslen
SHELL32.dll
0x1400197b4 ShellExecuteA
EAT(Export Address Table) is none