ScreenShot
| Created | 2024.09.30 09:51 | Machine | s1_win7_x6403 |
| Filename | 884039ab697c811a11dc4e3cc03bea9c3fb7e8dbfe0b0722318ce9cc456e4a82.exe.exe | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 35 detected (AIDetectMalware, Hacktool, Unsafe, GenericKD, V5sb, malicious, confidence, 100%, HacktoolX, CLOUD, Harmony Loader, Detected, Patcher, ABRisk, OJKG, Artemis, R014H07IS24, susgen, PossibleThreat, hyrv) | ||
| md5 | 17fb69181d1a92988f6a56b46578f808 | ||
| sha256 | 884039ab697c811a11dc4e3cc03bea9c3fb7e8dbfe0b0722318ce9cc456e4a82 | ||
| ssdeep | 6144:+UEoCtY62ldcXh0GUPbC7/r9ky5j/9YqKtfqYohOb0dioBt:GouZ9Xhybcrjj/9KtiYoXf | ||
| imphash | c7c3f76abd9c377a5c8cdbb66e53c501 | ||
| impfuzzy | 24:OXpEJfrZag3cpVWcD02tMS1GBg2l8eDoFcCqaZXvUGMAkpOovbOPZdl:zrIocpV5HtMS1GBg2CxfZ/p3F | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x180034300 inet_ntoa
0x180034308 htons
0x180034310 ntohs
KERNEL32.dll
0x180034040 CreateFileW
0x180034048 CloseHandle
0x180034050 SetLastError
0x180034058 DeviceIoControl
0x180034060 GetOverlappedResult
0x180034068 GetCurrentDirectoryW
0x180034070 TlsAlloc
0x180034078 TlsGetValue
0x180034080 TlsSetValue
0x180034088 TlsFree
0x180034090 GetLastError
0x180034098 ExitProcess
0x1800340a0 GetProcessHeap
0x1800340a8 SetStdHandle
0x1800340b0 HeapSize
0x1800340b8 WriteConsoleW
0x1800340c0 CreateEventW
0x1800340c8 GetModuleHandleW
0x1800340d0 WideCharToMultiByte
0x1800340d8 EnterCriticalSection
0x1800340e0 LeaveCriticalSection
0x1800340e8 InitializeCriticalSectionEx
0x1800340f0 DeleteCriticalSection
0x1800340f8 EncodePointer
0x180034100 DecodePointer
0x180034108 MultiByteToWideChar
0x180034110 LCMapStringEx
0x180034118 GetStringTypeW
0x180034120 GetCPInfo
0x180034128 RtlCaptureContext
0x180034130 RtlLookupFunctionEntry
0x180034138 RtlVirtualUnwind
0x180034140 UnhandledExceptionFilter
0x180034148 SetUnhandledExceptionFilter
0x180034150 GetCurrentProcess
0x180034158 TerminateProcess
0x180034160 IsProcessorFeaturePresent
0x180034168 QueryPerformanceCounter
0x180034170 GetCurrentProcessId
0x180034178 GetCurrentThreadId
0x180034180 GetSystemTimeAsFileTime
0x180034188 InitializeSListHead
0x180034190 IsDebuggerPresent
0x180034198 GetStartupInfoW
0x1800341a0 RtlUnwindEx
0x1800341a8 RtlPcToFileHeader
0x1800341b0 RaiseException
0x1800341b8 InterlockedFlushSList
0x1800341c0 InitializeCriticalSectionAndSpinCount
0x1800341c8 FreeLibrary
0x1800341d0 GetProcAddress
0x1800341d8 LoadLibraryExW
0x1800341e0 RtlUnwind
0x1800341e8 GetModuleHandleExW
0x1800341f0 GetModuleFileNameW
0x1800341f8 HeapFree
0x180034200 HeapAlloc
0x180034208 FlsAlloc
0x180034210 FlsGetValue
0x180034218 FlsSetValue
0x180034220 FlsFree
0x180034228 LCMapStringW
0x180034230 GetLocaleInfoW
0x180034238 IsValidLocale
0x180034240 GetUserDefaultLCID
0x180034248 EnumSystemLocalesW
0x180034250 GetStdHandle
0x180034258 GetFileType
0x180034260 FlushFileBuffers
0x180034268 WriteFile
0x180034270 GetConsoleOutputCP
0x180034278 GetConsoleMode
0x180034280 ReadFile
0x180034288 GetFileSizeEx
0x180034290 SetFilePointerEx
0x180034298 ReadConsoleW
0x1800342a0 HeapReAlloc
0x1800342a8 FindClose
0x1800342b0 FindFirstFileExW
0x1800342b8 FindNextFileW
0x1800342c0 IsValidCodePage
0x1800342c8 GetACP
0x1800342d0 GetOEMCP
0x1800342d8 GetCommandLineA
0x1800342e0 GetCommandLineW
0x1800342e8 GetEnvironmentStringsW
0x1800342f0 FreeEnvironmentStringsW
ADVAPI32.dll
0x180034000 OpenServiceW
0x180034008 OpenSCManagerW
0x180034010 DeleteService
0x180034018 CreateServiceW
0x180034020 ControlService
0x180034028 CloseServiceHandle
0x180034030 StartServiceW
EAT(Export Address Table) Library
0x180008b10 ReflectiveLoader
WS2_32.dll
0x180034300 inet_ntoa
0x180034308 htons
0x180034310 ntohs
KERNEL32.dll
0x180034040 CreateFileW
0x180034048 CloseHandle
0x180034050 SetLastError
0x180034058 DeviceIoControl
0x180034060 GetOverlappedResult
0x180034068 GetCurrentDirectoryW
0x180034070 TlsAlloc
0x180034078 TlsGetValue
0x180034080 TlsSetValue
0x180034088 TlsFree
0x180034090 GetLastError
0x180034098 ExitProcess
0x1800340a0 GetProcessHeap
0x1800340a8 SetStdHandle
0x1800340b0 HeapSize
0x1800340b8 WriteConsoleW
0x1800340c0 CreateEventW
0x1800340c8 GetModuleHandleW
0x1800340d0 WideCharToMultiByte
0x1800340d8 EnterCriticalSection
0x1800340e0 LeaveCriticalSection
0x1800340e8 InitializeCriticalSectionEx
0x1800340f0 DeleteCriticalSection
0x1800340f8 EncodePointer
0x180034100 DecodePointer
0x180034108 MultiByteToWideChar
0x180034110 LCMapStringEx
0x180034118 GetStringTypeW
0x180034120 GetCPInfo
0x180034128 RtlCaptureContext
0x180034130 RtlLookupFunctionEntry
0x180034138 RtlVirtualUnwind
0x180034140 UnhandledExceptionFilter
0x180034148 SetUnhandledExceptionFilter
0x180034150 GetCurrentProcess
0x180034158 TerminateProcess
0x180034160 IsProcessorFeaturePresent
0x180034168 QueryPerformanceCounter
0x180034170 GetCurrentProcessId
0x180034178 GetCurrentThreadId
0x180034180 GetSystemTimeAsFileTime
0x180034188 InitializeSListHead
0x180034190 IsDebuggerPresent
0x180034198 GetStartupInfoW
0x1800341a0 RtlUnwindEx
0x1800341a8 RtlPcToFileHeader
0x1800341b0 RaiseException
0x1800341b8 InterlockedFlushSList
0x1800341c0 InitializeCriticalSectionAndSpinCount
0x1800341c8 FreeLibrary
0x1800341d0 GetProcAddress
0x1800341d8 LoadLibraryExW
0x1800341e0 RtlUnwind
0x1800341e8 GetModuleHandleExW
0x1800341f0 GetModuleFileNameW
0x1800341f8 HeapFree
0x180034200 HeapAlloc
0x180034208 FlsAlloc
0x180034210 FlsGetValue
0x180034218 FlsSetValue
0x180034220 FlsFree
0x180034228 LCMapStringW
0x180034230 GetLocaleInfoW
0x180034238 IsValidLocale
0x180034240 GetUserDefaultLCID
0x180034248 EnumSystemLocalesW
0x180034250 GetStdHandle
0x180034258 GetFileType
0x180034260 FlushFileBuffers
0x180034268 WriteFile
0x180034270 GetConsoleOutputCP
0x180034278 GetConsoleMode
0x180034280 ReadFile
0x180034288 GetFileSizeEx
0x180034290 SetFilePointerEx
0x180034298 ReadConsoleW
0x1800342a0 HeapReAlloc
0x1800342a8 FindClose
0x1800342b0 FindFirstFileExW
0x1800342b8 FindNextFileW
0x1800342c0 IsValidCodePage
0x1800342c8 GetACP
0x1800342d0 GetOEMCP
0x1800342d8 GetCommandLineA
0x1800342e0 GetCommandLineW
0x1800342e8 GetEnvironmentStringsW
0x1800342f0 FreeEnvironmentStringsW
ADVAPI32.dll
0x180034000 OpenServiceW
0x180034008 OpenSCManagerW
0x180034010 DeleteService
0x180034018 CreateServiceW
0x180034020 ControlService
0x180034028 CloseServiceHandle
0x180034030 StartServiceW
EAT(Export Address Table) Library
0x180008b10 ReflectiveLoader