ScreenShot
| Created | 2024.09.30 09:39 | Machine | s1_win7_x6401 |
| Filename | df93b51dfce7f3f780fe6544a2db728672b9df4e76f2e61be21c87d6d782cce0.exe.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 62 detected (AIDetectMalware, Zerber, tn5z, malicious, high confidence, score, Mauvaise, GenericR, EmotetU, hqW@beX9Vkk, unsafe, Save, ABRansom, GOAU, a variant of Generik, FSTFDUU, Ransomware, Imps, None, fdpixl, Cerber, CLASSIC, HPCERBER, high, Blocker, ai score=80, SGeneric, Androm, GHE@5sc2x6, Detected, R186114, Genetic, Gencirc, GenAsa, R5BSmhzb6WQ, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 88e6a85ea94ea57fd35704b9b6e67358 | ||
| sha256 | df93b51dfce7f3f780fe6544a2db728672b9df4e76f2e61be21c87d6d782cce0 | ||
| ssdeep | 3072:x+PkbTWYtBzNgnbRh6JuB/fFDkjjdqxEIe8mXbdMP73:Is2cBCbRdB/fFDkjXIHj3 | ||
| imphash | ae80b4ecb14ba8e602aaba0e2180c87d | ||
| impfuzzy | 96:HBTzw5PT6SZR6gtYX174Usdynt2a3k/koKBaUBww3b6MA3G/:qR6g6F09ycOsUBww3bNoS | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 62 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
CRYPT32.dll
0x931070 CryptBinaryToStringA
0x931074 CryptImportPublicKeyInfo
0x931078 CryptStringToBinaryA
0x93107c CryptDecodeObjectEx
WININET.dll
0x9313c8 InternetCloseHandle
0x9313cc InternetConnectA
0x9313d0 HttpOpenRequestA
0x9313d4 InternetReadFile
0x9313d8 InternetCrackUrlA
0x9313dc InternetOpenA
0x9313e0 HttpSendRequestA
SHLWAPI.dll
0x931304 PathRemoveExtensionW
0x931308 StrCmpNIA
0x93130c StrToIntA
0x931310 StrChrA
0x931314 StrToInt64ExA
0x931318 StrSpnA
0x93131c PathFindFileNameW
0x931320 StrStrIA
0x931324 StrCmpNW
0x931328 StrChrIA
0x93132c StrCpyNW
0x931330 PathMatchSpecW
0x931334 StrCmpNIW
0x931338 StrPBrkA
0x93133c PathCombineW
0x931340 PathSkipRootW
0x931344 StrStrIW
0x931348 PathUnquoteSpacesW
0x93134c StrChrW
VERSION.dll
0x9313ac VerQueryValueW
0x9313b0 GetFileVersionInfoW
0x9313b4 GetFileVersionInfoSizeA
0x9313b8 VerQueryValueA
0x9313bc GetFileVersionInfoSizeW
0x9313c0 GetFileVersionInfoA
MPR.dll
0x9312c4 WNetOpenEnumW
0x9312c8 WNetCloseEnum
0x9312cc WNetEnumResourceW
imagehlp.dll
0x931414 CheckSumMappedFile
WS2_32.dll
0x9313e8 htons
0x9313ec sendto
0x9313f0 socket
0x9313f4 WSAStartup
0x9313f8 inet_ntoa
0x9313fc inet_addr
0x931400 htonl
0x931404 shutdown
0x931408 closesocket
0x93140c gethostbyname
KERNEL32.dll
0x9310c0 WaitForSingleObject
0x9310c4 SetEvent
0x9310c8 OutputDebugStringW
0x9310cc SetFileTime
0x9310d0 WriteFile
0x9310d4 InitializeCriticalSection
0x9310d8 Sleep
0x9310dc LeaveCriticalSection
0x9310e0 GetTimeFormatW
0x9310e4 GetFileAttributesW
0x9310e8 FileTimeToSystemTime
0x9310ec ReadFile
0x9310f0 GetFileSizeEx
0x9310f4 MoveFileW
0x9310f8 EnterCriticalSection
0x9310fc CreateEventW
0x931100 SizeofResource
0x931104 GetFileTime
0x931108 DeleteCriticalSection
0x93110c CloseHandle
0x931110 FileTimeToLocalFileTime
0x931114 lstrcpyW
0x931118 CreateThread
0x93111c LoadResource
0x931120 FindResourceW
0x931124 FreeResource
0x931128 LocalFree
0x93112c ExitProcess
0x931130 lstrcpynA
0x931134 MultiByteToWideChar
0x931138 GetTempFileNameW
0x93113c GetFileSize
0x931140 MapViewOfFile
0x931144 UnmapViewOfFile
0x931148 FreeLibrary
0x93114c CreateProcessW
0x931150 LoadLibraryExW
0x931154 LoadLibraryW
0x931158 CopyFileW
0x93115c ReadProcessMemory
0x931160 GetSystemWow64DirectoryW
0x931164 lstrcpynW
0x931168 TerminateProcess
0x93116c FlushInstructionCache
0x931170 SetFilePointerEx
0x931174 GetTempPathW
0x931178 VirtualAllocEx
0x93117c CreateFileMappingW
0x931180 OpenEventW
0x931184 WinExec
0x931188 GetWindowsDirectoryW
0x93118c DeleteFileW
0x931190 WriteProcessMemory
0x931194 ResumeThread
0x931198 FindFirstFileW
0x93119c GetModuleFileNameW
0x9311a0 FindClose
0x9311a4 SetFileAttributesW
0x9311a8 WideCharToMultiByte
0x9311ac CreateMutexW
0x9311b0 GetCurrentProcess
0x9311b4 GetCurrentThreadId
0x9311b8 SetFilePointer
0x9311bc SetThreadPriority
0x9311c0 WaitForMultipleObjects
0x9311c4 SetCurrentDirectoryW
0x9311c8 OutputDebugStringA
0x9311cc SetProcessShutdownParameters
0x9311d0 GetFileAttributesA
0x9311d4 lstrlenA
0x9311d8 SearchPathW
0x9311dc lstrcpyA
0x9311e0 GetEnvironmentVariableW
0x9311e4 IsBadWritePtr
0x9311e8 TlsAlloc
0x9311ec GetVersionExW
0x9311f0 lstrcmpiA
0x9311f4 GetTickCount
0x9311f8 GetModuleFileNameA
0x9311fc GetDateFormatW
0x931200 GetProcAddress
0x931204 lstrlenW
0x931208 lstrcatW
0x93120c MulDiv
0x931210 GetSystemDirectoryW
0x931214 CreateToolhelp32Snapshot
0x931218 LockResource
0x93121c SetErrorMode
0x931220 GetSystemWindowsDirectoryW
0x931224 GetModuleHandleW
0x931228 GetVolumeInformationW
0x93122c GetLastError
0x931230 OpenMutexW
0x931234 VirtualProtect
0x931238 GetNativeSystemInfo
0x93123c GetDriveTypeW
0x931240 GetLogicalDrives
0x931244 VirtualFree
0x931248 VirtualAlloc
0x93124c GetModuleHandleA
0x931250 QueryDosDeviceW
0x931254 FindNextFileW
0x931258 HeapReAlloc
0x93125c HeapAlloc
0x931260 HeapFree
0x931264 HeapCreate
0x931268 HeapValidate
0x93126c SetLastError
0x931270 GetProcessHeaps
0x931274 HeapSetInformation
0x931278 GetCurrentProcessId
0x93127c GetComputerNameA
0x931280 lstrcmpiW
0x931284 ExpandEnvironmentStringsW
0x931288 CreateDirectoryW
0x93128c Process32NextW
0x931290 GetSystemInfo
0x931294 OpenProcess
0x931298 GetCurrentThread
0x93129c IsBadStringPtrA
0x9312a0 GetHandleInformation
0x9312a4 IsBadCodePtr
0x9312a8 IsBadStringPtrW
0x9312ac RtlUnwind
0x9312b0 CreateFileW
0x9312b4 FlushFileBuffers
0x9312b8 Process32FirstW
0x9312bc IsBadReadPtr
ADVAPI32.dll
0x931000 RegOpenKeyExW
0x931004 RegCloseKey
0x931008 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x93100c SetKernelObjectSecurity
0x931010 LookupPrivilegeValueW
0x931014 CreateWellKnownSid
0x931018 CheckTokenMembership
0x93101c FreeSid
0x931020 AllocateAndInitializeSid
0x931024 DuplicateToken
0x931028 GetTokenInformation
0x93102c OpenProcessToken
0x931030 ConvertSidToStringSidW
0x931034 GetLengthSid
0x931038 RegSetValueExW
0x93103c RegFlushKey
0x931040 RegOpenKeyW
0x931044 AdjustTokenPrivileges
0x931048 RegCreateKeyExW
0x93104c RegEnumValueW
0x931050 RegEnumKeyW
0x931054 CryptDestroyKey
0x931058 CryptAcquireContextW
0x93105c CryptGetKeyParam
0x931060 RegDeleteValueW
0x931064 CryptEncrypt
0x931068 RegQueryValueExW
USER32.dll
0x931354 wsprintfW
0x931358 DispatchMessageW
0x93135c DefWindowProcW
0x931360 RegisterClassW
0x931364 CreateWindowExW
0x931368 PeekMessageW
0x93136c TranslateMessage
0x931370 wsprintfA
0x931374 CharLowerBuffA
0x931378 GetSystemMetrics
0x93137c GetKeyboardLayoutList
0x931380 ReleaseDC
0x931384 SystemParametersInfoW
0x931388 GetDC
0x93138c DrawTextA
0x931390 FillRect
0x931394 GetLastInputInfo
0x931398 RegisterClassExW
0x93139c UnregisterClassW
0x9313a0 GetForegroundWindow
ole32.dll
0x931468 CoCreateInstance
0x93146c CoInitializeSecurity
0x931470 CoInitialize
0x931474 CoInitializeEx
0x931478 CoUninitialize
SHELL32.dll
0x9312f0 ShellExecuteW
0x9312f4 ShellExecuteExW
0x9312f8 SHGetFolderPathW
0x9312fc SHChangeNotify
ntdll.dll
0x93141c ZwOpenSection
0x931420 RtlFreeUnicodeString
0x931424 NtDeleteFile
0x931428 isspace
0x93142c RtlDosPathNameToNtPathName_U
0x931430 memmove
0x931434 ZwOpenProcess
0x931438 ZwClose
0x93143c ZwOpenDirectoryObject
0x931440 ZwQuerySystemInformation
0x931444 _chkstk
0x931448 ZwQueryInformationProcess
0x93144c _allmul
0x931450 memcpy
0x931454 _alldiv
0x931458 memset
0x93145c _aulldvrm
0x931460 NtQueryVirtualMemory
OLEAUT32.dll
0x9312e4 SysAllocString
0x9312e8 SysFreeString
GDI32.dll
0x931084 SetTextColor
0x931088 DeleteDC
0x93108c GetDeviceCaps
0x931090 GetDIBits
0x931094 SetBkColor
0x931098 SetPixel
0x93109c DeleteObject
0x9310a0 SelectObject
0x9310a4 CreateCompatibleDC
0x9310a8 CreateCompatibleBitmap
0x9310ac CreateFontW
0x9310b0 GetObjectW
0x9310b4 GetStockObject
NETAPI32.dll
0x9312d4 NetUserEnum
0x9312d8 NetUserGetInfo
0x9312dc NetApiBufferFree
EAT(Export Address Table) is none
CRYPT32.dll
0x931070 CryptBinaryToStringA
0x931074 CryptImportPublicKeyInfo
0x931078 CryptStringToBinaryA
0x93107c CryptDecodeObjectEx
WININET.dll
0x9313c8 InternetCloseHandle
0x9313cc InternetConnectA
0x9313d0 HttpOpenRequestA
0x9313d4 InternetReadFile
0x9313d8 InternetCrackUrlA
0x9313dc InternetOpenA
0x9313e0 HttpSendRequestA
SHLWAPI.dll
0x931304 PathRemoveExtensionW
0x931308 StrCmpNIA
0x93130c StrToIntA
0x931310 StrChrA
0x931314 StrToInt64ExA
0x931318 StrSpnA
0x93131c PathFindFileNameW
0x931320 StrStrIA
0x931324 StrCmpNW
0x931328 StrChrIA
0x93132c StrCpyNW
0x931330 PathMatchSpecW
0x931334 StrCmpNIW
0x931338 StrPBrkA
0x93133c PathCombineW
0x931340 PathSkipRootW
0x931344 StrStrIW
0x931348 PathUnquoteSpacesW
0x93134c StrChrW
VERSION.dll
0x9313ac VerQueryValueW
0x9313b0 GetFileVersionInfoW
0x9313b4 GetFileVersionInfoSizeA
0x9313b8 VerQueryValueA
0x9313bc GetFileVersionInfoSizeW
0x9313c0 GetFileVersionInfoA
MPR.dll
0x9312c4 WNetOpenEnumW
0x9312c8 WNetCloseEnum
0x9312cc WNetEnumResourceW
imagehlp.dll
0x931414 CheckSumMappedFile
WS2_32.dll
0x9313e8 htons
0x9313ec sendto
0x9313f0 socket
0x9313f4 WSAStartup
0x9313f8 inet_ntoa
0x9313fc inet_addr
0x931400 htonl
0x931404 shutdown
0x931408 closesocket
0x93140c gethostbyname
KERNEL32.dll
0x9310c0 WaitForSingleObject
0x9310c4 SetEvent
0x9310c8 OutputDebugStringW
0x9310cc SetFileTime
0x9310d0 WriteFile
0x9310d4 InitializeCriticalSection
0x9310d8 Sleep
0x9310dc LeaveCriticalSection
0x9310e0 GetTimeFormatW
0x9310e4 GetFileAttributesW
0x9310e8 FileTimeToSystemTime
0x9310ec ReadFile
0x9310f0 GetFileSizeEx
0x9310f4 MoveFileW
0x9310f8 EnterCriticalSection
0x9310fc CreateEventW
0x931100 SizeofResource
0x931104 GetFileTime
0x931108 DeleteCriticalSection
0x93110c CloseHandle
0x931110 FileTimeToLocalFileTime
0x931114 lstrcpyW
0x931118 CreateThread
0x93111c LoadResource
0x931120 FindResourceW
0x931124 FreeResource
0x931128 LocalFree
0x93112c ExitProcess
0x931130 lstrcpynA
0x931134 MultiByteToWideChar
0x931138 GetTempFileNameW
0x93113c GetFileSize
0x931140 MapViewOfFile
0x931144 UnmapViewOfFile
0x931148 FreeLibrary
0x93114c CreateProcessW
0x931150 LoadLibraryExW
0x931154 LoadLibraryW
0x931158 CopyFileW
0x93115c ReadProcessMemory
0x931160 GetSystemWow64DirectoryW
0x931164 lstrcpynW
0x931168 TerminateProcess
0x93116c FlushInstructionCache
0x931170 SetFilePointerEx
0x931174 GetTempPathW
0x931178 VirtualAllocEx
0x93117c CreateFileMappingW
0x931180 OpenEventW
0x931184 WinExec
0x931188 GetWindowsDirectoryW
0x93118c DeleteFileW
0x931190 WriteProcessMemory
0x931194 ResumeThread
0x931198 FindFirstFileW
0x93119c GetModuleFileNameW
0x9311a0 FindClose
0x9311a4 SetFileAttributesW
0x9311a8 WideCharToMultiByte
0x9311ac CreateMutexW
0x9311b0 GetCurrentProcess
0x9311b4 GetCurrentThreadId
0x9311b8 SetFilePointer
0x9311bc SetThreadPriority
0x9311c0 WaitForMultipleObjects
0x9311c4 SetCurrentDirectoryW
0x9311c8 OutputDebugStringA
0x9311cc SetProcessShutdownParameters
0x9311d0 GetFileAttributesA
0x9311d4 lstrlenA
0x9311d8 SearchPathW
0x9311dc lstrcpyA
0x9311e0 GetEnvironmentVariableW
0x9311e4 IsBadWritePtr
0x9311e8 TlsAlloc
0x9311ec GetVersionExW
0x9311f0 lstrcmpiA
0x9311f4 GetTickCount
0x9311f8 GetModuleFileNameA
0x9311fc GetDateFormatW
0x931200 GetProcAddress
0x931204 lstrlenW
0x931208 lstrcatW
0x93120c MulDiv
0x931210 GetSystemDirectoryW
0x931214 CreateToolhelp32Snapshot
0x931218 LockResource
0x93121c SetErrorMode
0x931220 GetSystemWindowsDirectoryW
0x931224 GetModuleHandleW
0x931228 GetVolumeInformationW
0x93122c GetLastError
0x931230 OpenMutexW
0x931234 VirtualProtect
0x931238 GetNativeSystemInfo
0x93123c GetDriveTypeW
0x931240 GetLogicalDrives
0x931244 VirtualFree
0x931248 VirtualAlloc
0x93124c GetModuleHandleA
0x931250 QueryDosDeviceW
0x931254 FindNextFileW
0x931258 HeapReAlloc
0x93125c HeapAlloc
0x931260 HeapFree
0x931264 HeapCreate
0x931268 HeapValidate
0x93126c SetLastError
0x931270 GetProcessHeaps
0x931274 HeapSetInformation
0x931278 GetCurrentProcessId
0x93127c GetComputerNameA
0x931280 lstrcmpiW
0x931284 ExpandEnvironmentStringsW
0x931288 CreateDirectoryW
0x93128c Process32NextW
0x931290 GetSystemInfo
0x931294 OpenProcess
0x931298 GetCurrentThread
0x93129c IsBadStringPtrA
0x9312a0 GetHandleInformation
0x9312a4 IsBadCodePtr
0x9312a8 IsBadStringPtrW
0x9312ac RtlUnwind
0x9312b0 CreateFileW
0x9312b4 FlushFileBuffers
0x9312b8 Process32FirstW
0x9312bc IsBadReadPtr
ADVAPI32.dll
0x931000 RegOpenKeyExW
0x931004 RegCloseKey
0x931008 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x93100c SetKernelObjectSecurity
0x931010 LookupPrivilegeValueW
0x931014 CreateWellKnownSid
0x931018 CheckTokenMembership
0x93101c FreeSid
0x931020 AllocateAndInitializeSid
0x931024 DuplicateToken
0x931028 GetTokenInformation
0x93102c OpenProcessToken
0x931030 ConvertSidToStringSidW
0x931034 GetLengthSid
0x931038 RegSetValueExW
0x93103c RegFlushKey
0x931040 RegOpenKeyW
0x931044 AdjustTokenPrivileges
0x931048 RegCreateKeyExW
0x93104c RegEnumValueW
0x931050 RegEnumKeyW
0x931054 CryptDestroyKey
0x931058 CryptAcquireContextW
0x93105c CryptGetKeyParam
0x931060 RegDeleteValueW
0x931064 CryptEncrypt
0x931068 RegQueryValueExW
USER32.dll
0x931354 wsprintfW
0x931358 DispatchMessageW
0x93135c DefWindowProcW
0x931360 RegisterClassW
0x931364 CreateWindowExW
0x931368 PeekMessageW
0x93136c TranslateMessage
0x931370 wsprintfA
0x931374 CharLowerBuffA
0x931378 GetSystemMetrics
0x93137c GetKeyboardLayoutList
0x931380 ReleaseDC
0x931384 SystemParametersInfoW
0x931388 GetDC
0x93138c DrawTextA
0x931390 FillRect
0x931394 GetLastInputInfo
0x931398 RegisterClassExW
0x93139c UnregisterClassW
0x9313a0 GetForegroundWindow
ole32.dll
0x931468 CoCreateInstance
0x93146c CoInitializeSecurity
0x931470 CoInitialize
0x931474 CoInitializeEx
0x931478 CoUninitialize
SHELL32.dll
0x9312f0 ShellExecuteW
0x9312f4 ShellExecuteExW
0x9312f8 SHGetFolderPathW
0x9312fc SHChangeNotify
ntdll.dll
0x93141c ZwOpenSection
0x931420 RtlFreeUnicodeString
0x931424 NtDeleteFile
0x931428 isspace
0x93142c RtlDosPathNameToNtPathName_U
0x931430 memmove
0x931434 ZwOpenProcess
0x931438 ZwClose
0x93143c ZwOpenDirectoryObject
0x931440 ZwQuerySystemInformation
0x931444 _chkstk
0x931448 ZwQueryInformationProcess
0x93144c _allmul
0x931450 memcpy
0x931454 _alldiv
0x931458 memset
0x93145c _aulldvrm
0x931460 NtQueryVirtualMemory
OLEAUT32.dll
0x9312e4 SysAllocString
0x9312e8 SysFreeString
GDI32.dll
0x931084 SetTextColor
0x931088 DeleteDC
0x93108c GetDeviceCaps
0x931090 GetDIBits
0x931094 SetBkColor
0x931098 SetPixel
0x93109c DeleteObject
0x9310a0 SelectObject
0x9310a4 CreateCompatibleDC
0x9310a8 CreateCompatibleBitmap
0x9310ac CreateFontW
0x9310b0 GetObjectW
0x9310b4 GetStockObject
NETAPI32.dll
0x9312d4 NetUserEnum
0x9312d8 NetUserGetInfo
0x9312dc NetApiBufferFree
EAT(Export Address Table) is none