ScreenShot
| Created | 2024.09.30 09:27 | Machine | s1_win7_x6403 |
| Filename | anquangou.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 43 detected (Malicious, score, johnnie, Unsafe, Save, confidence, MalwareX, Attribute, HighConfidence, high confidence, ShellCodeRunner, CLASSIC, wjghd, Static AI, Suspicious PE, Detected, Wacapew, R663399, Artemis, Outbreak, R002H09HV24, susgen, RustShellloader) | ||
| md5 | cff6ea5599ff3ea5f354be57be8b7a9e | ||
| sha256 | c07c5149e870e626647a458db02b62a1c6ce3def73dc079bd71bd2ddc01b3339 | ||
| ssdeep | 6144:Xck5ByBAYD75tiLAMYsrjRIKZhqsUMILZ6rcWH6h+Q8GPs+UTq/Fb2ZWPGDKS1qL:XxoNf0FIMQsUMI/WHQ82kOGx | ||
| imphash | 497268dff9c0a84988d2db0cf90bb541 | ||
| impfuzzy | 48:VzMVfXdZOfv9FvXPMSsX9y8CNTwvP+9jGBMLSQMLm:VzMVfNwfv7vXPvsX9y8CNTYm9jsa | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
api-ms-win-core-synch-l1-2-0.dll
0x14002f050 WaitOnAddress
0x14002f058 WakeByAddressSingle
0x14002f060 WakeByAddressAll
cryptprimitives.dll
0x14002f158 ProcessPrng
kernel32.dll
0x14002f168 InitializeSListHead
0x14002f170 GetCurrentThreadId
0x14002f178 GetEnvironmentVariableW
0x14002f180 GetEnvironmentStringsW
0x14002f188 GetCurrentDirectoryW
0x14002f190 SetLastError
0x14002f198 GetStdHandle
0x14002f1a0 GetCurrentProcessId
0x14002f1a8 RtlVirtualUnwind
0x14002f1b0 RtlLookupFunctionEntry
0x14002f1b8 WriteFileEx
0x14002f1c0 SleepEx
0x14002f1c8 GetExitCodeProcess
0x14002f1d0 QueryPerformanceFrequency
0x14002f1d8 HeapFree
0x14002f1e0 RtlCaptureContext
0x14002f1e8 HeapReAlloc
0x14002f1f0 ReleaseMutex
0x14002f1f8 HeapAlloc
0x14002f200 FindNextFileW
0x14002f208 FindClose
0x14002f210 CreateFileW
0x14002f218 GetSystemTimeAsFileTime
0x14002f220 QueryPerformanceCounter
0x14002f228 FindFirstFileW
0x14002f230 CreateEventW
0x14002f238 GetOverlappedResult
0x14002f240 CancelIo
0x14002f248 Sleep
0x14002f250 WaitForSingleObject
0x14002f258 GetConsoleMode
0x14002f260 SetWaitableTimer
0x14002f268 CreateWaitableTimerExW
0x14002f270 GetModuleHandleW
0x14002f278 FormatMessageW
0x14002f280 GetModuleFileNameW
0x14002f288 ExitProcess
0x14002f290 CreateNamedPipeW
0x14002f298 ReadFileEx
0x14002f2a0 WaitForMultipleObjects
0x14002f2a8 GetSystemDirectoryW
0x14002f2b0 GetWindowsDirectoryW
0x14002f2b8 CreateProcessW
0x14002f2c0 GetFileAttributesW
0x14002f2c8 InitializeProcThreadAttributeList
0x14002f2d0 UpdateProcThreadAttribute
0x14002f2d8 MultiByteToWideChar
0x14002f2e0 WriteConsoleW
0x14002f2e8 WideCharToMultiByte
0x14002f2f0 CreateThread
0x14002f2f8 GetFullPathNameW
0x14002f300 GetModuleHandleA
0x14002f308 SetThreadStackGuarantee
0x14002f310 AddVectoredExceptionHandler
0x14002f318 CompareStringOrdinal
0x14002f320 WaitForSingleObjectEx
0x14002f328 CreateMutexA
0x14002f330 DeleteProcThreadAttributeList
0x14002f338 FreeEnvironmentStringsW
0x14002f340 IsDebuggerPresent
0x14002f348 UnhandledExceptionFilter
0x14002f350 lstrlenW
0x14002f358 SetUnhandledExceptionFilter
0x14002f360 GetLastError
0x14002f368 GetCurrentThread
0x14002f370 VirtualProtect
0x14002f378 VirtualAlloc
0x14002f380 GetProcAddress
0x14002f388 LoadLibraryA
0x14002f390 CloseHandle
0x14002f398 DuplicateHandle
0x14002f3a0 GetCurrentProcess
0x14002f3a8 ReadFile
0x14002f3b0 SetFileInformationByHandle
0x14002f3b8 GetProcessHeap
0x14002f3c0 IsProcessorFeaturePresent
shell32.dll
0x14002f400 SHGetKnownFolderPath
ole32.dll
0x14002f3f0 CoTaskMemFree
ntdll.dll
0x14002f3d0 RtlNtStatusToDosError
0x14002f3d8 NtReadFile
0x14002f3e0 NtWriteFile
VCRUNTIME140.dll
0x14002f000 memmove
0x14002f008 __CxxFrameHandler3
0x14002f010 memcpy
0x14002f018 memset
0x14002f020 __current_exception_context
0x14002f028 __current_exception
0x14002f030 memcmp
0x14002f038 _CxxThrowException
0x14002f040 __C_specific_handler
api-ms-win-crt-runtime-l1-1-0.dll
0x14002f0a8 exit
0x14002f0b0 _exit
0x14002f0b8 __p___argc
0x14002f0c0 __p___argv
0x14002f0c8 _cexit
0x14002f0d0 _c_exit
0x14002f0d8 _register_thread_local_exe_atexit_callback
0x14002f0e0 _configure_narrow_argv
0x14002f0e8 _get_initial_narrow_environment
0x14002f0f0 _set_app_type
0x14002f0f8 _initialize_onexit_table
0x14002f100 _register_onexit_function
0x14002f108 _crt_atexit
0x14002f110 terminate
0x14002f118 _seh_filter_exe
0x14002f120 _initterm_e
0x14002f128 _initialize_narrow_environment
0x14002f130 _initterm
api-ms-win-crt-math-l1-1-0.dll
0x14002f098 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x14002f140 __p__commode
0x14002f148 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x14002f088 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x14002f070 _set_new_mode
0x14002f078 free
EAT(Export Address Table) is none
api-ms-win-core-synch-l1-2-0.dll
0x14002f050 WaitOnAddress
0x14002f058 WakeByAddressSingle
0x14002f060 WakeByAddressAll
cryptprimitives.dll
0x14002f158 ProcessPrng
kernel32.dll
0x14002f168 InitializeSListHead
0x14002f170 GetCurrentThreadId
0x14002f178 GetEnvironmentVariableW
0x14002f180 GetEnvironmentStringsW
0x14002f188 GetCurrentDirectoryW
0x14002f190 SetLastError
0x14002f198 GetStdHandle
0x14002f1a0 GetCurrentProcessId
0x14002f1a8 RtlVirtualUnwind
0x14002f1b0 RtlLookupFunctionEntry
0x14002f1b8 WriteFileEx
0x14002f1c0 SleepEx
0x14002f1c8 GetExitCodeProcess
0x14002f1d0 QueryPerformanceFrequency
0x14002f1d8 HeapFree
0x14002f1e0 RtlCaptureContext
0x14002f1e8 HeapReAlloc
0x14002f1f0 ReleaseMutex
0x14002f1f8 HeapAlloc
0x14002f200 FindNextFileW
0x14002f208 FindClose
0x14002f210 CreateFileW
0x14002f218 GetSystemTimeAsFileTime
0x14002f220 QueryPerformanceCounter
0x14002f228 FindFirstFileW
0x14002f230 CreateEventW
0x14002f238 GetOverlappedResult
0x14002f240 CancelIo
0x14002f248 Sleep
0x14002f250 WaitForSingleObject
0x14002f258 GetConsoleMode
0x14002f260 SetWaitableTimer
0x14002f268 CreateWaitableTimerExW
0x14002f270 GetModuleHandleW
0x14002f278 FormatMessageW
0x14002f280 GetModuleFileNameW
0x14002f288 ExitProcess
0x14002f290 CreateNamedPipeW
0x14002f298 ReadFileEx
0x14002f2a0 WaitForMultipleObjects
0x14002f2a8 GetSystemDirectoryW
0x14002f2b0 GetWindowsDirectoryW
0x14002f2b8 CreateProcessW
0x14002f2c0 GetFileAttributesW
0x14002f2c8 InitializeProcThreadAttributeList
0x14002f2d0 UpdateProcThreadAttribute
0x14002f2d8 MultiByteToWideChar
0x14002f2e0 WriteConsoleW
0x14002f2e8 WideCharToMultiByte
0x14002f2f0 CreateThread
0x14002f2f8 GetFullPathNameW
0x14002f300 GetModuleHandleA
0x14002f308 SetThreadStackGuarantee
0x14002f310 AddVectoredExceptionHandler
0x14002f318 CompareStringOrdinal
0x14002f320 WaitForSingleObjectEx
0x14002f328 CreateMutexA
0x14002f330 DeleteProcThreadAttributeList
0x14002f338 FreeEnvironmentStringsW
0x14002f340 IsDebuggerPresent
0x14002f348 UnhandledExceptionFilter
0x14002f350 lstrlenW
0x14002f358 SetUnhandledExceptionFilter
0x14002f360 GetLastError
0x14002f368 GetCurrentThread
0x14002f370 VirtualProtect
0x14002f378 VirtualAlloc
0x14002f380 GetProcAddress
0x14002f388 LoadLibraryA
0x14002f390 CloseHandle
0x14002f398 DuplicateHandle
0x14002f3a0 GetCurrentProcess
0x14002f3a8 ReadFile
0x14002f3b0 SetFileInformationByHandle
0x14002f3b8 GetProcessHeap
0x14002f3c0 IsProcessorFeaturePresent
shell32.dll
0x14002f400 SHGetKnownFolderPath
ole32.dll
0x14002f3f0 CoTaskMemFree
ntdll.dll
0x14002f3d0 RtlNtStatusToDosError
0x14002f3d8 NtReadFile
0x14002f3e0 NtWriteFile
VCRUNTIME140.dll
0x14002f000 memmove
0x14002f008 __CxxFrameHandler3
0x14002f010 memcpy
0x14002f018 memset
0x14002f020 __current_exception_context
0x14002f028 __current_exception
0x14002f030 memcmp
0x14002f038 _CxxThrowException
0x14002f040 __C_specific_handler
api-ms-win-crt-runtime-l1-1-0.dll
0x14002f0a8 exit
0x14002f0b0 _exit
0x14002f0b8 __p___argc
0x14002f0c0 __p___argv
0x14002f0c8 _cexit
0x14002f0d0 _c_exit
0x14002f0d8 _register_thread_local_exe_atexit_callback
0x14002f0e0 _configure_narrow_argv
0x14002f0e8 _get_initial_narrow_environment
0x14002f0f0 _set_app_type
0x14002f0f8 _initialize_onexit_table
0x14002f100 _register_onexit_function
0x14002f108 _crt_atexit
0x14002f110 terminate
0x14002f118 _seh_filter_exe
0x14002f120 _initterm_e
0x14002f128 _initialize_narrow_environment
0x14002f130 _initterm
api-ms-win-crt-math-l1-1-0.dll
0x14002f098 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x14002f140 __p__commode
0x14002f148 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x14002f088 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x14002f070 _set_new_mode
0x14002f078 free
EAT(Export Address Table) is none