ScreenShot
| Created | 2024.10.01 16:48 | Machine | s1_win7_x6401 |
| Filename | 66fa7e7373674_4.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 44 detected (AIDetectMalware, GenericKD, kryptik, Stop, Unsafe, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, HXYZ, score, Kryptik@AI, RDML, RgougVWFkoRQJQ1JHKblA, AceCrypter, yepnd, Real Protect, high, Static AI, Malicious PE, Detected, GrayWare, Wacapew, Spambot, Wacatac, Eldorado, R658943, PRIVATELOADER, YXEI4Z, susgen, C9nj) | ||
| md5 | 245f52e7267ef7042583d20b32023967 | ||
| sha256 | 5db8ed24d791ca0f05f6df8517b679a456059a09ffd10b0cca1e83d27818fd8f | ||
| ssdeep | 6144:2Lm2GnCkzwT3jRTtwxJuB1oI1rfAjNowcp+XnT6VSy2DH:2C21yqC3IoItfAjNoj+3T6Ey2z | ||
| imphash | eb865bbda5c0f6f3a0041e74d558d3f8 | ||
| impfuzzy | 24:Wm+rjVBNbj60FkrkRDgrMUkGlcDxu99KbG2vEFOi53GOIRte2cf4/J3ISeyvuT4Y:tSa90glL3Stvcfejnuc2sqb6Q | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43a008 SearchPathW
0x43a00c DebugActiveProcessStop
0x43a010 OpenJobObjectA
0x43a014 ReadConsoleA
0x43a018 QueryDosDeviceA
0x43a01c GetEnvironmentStringsW
0x43a020 WaitForSingleObject
0x43a024 InterlockedCompareExchange
0x43a028 GetComputerNameW
0x43a02c GetNumaAvailableMemoryNode
0x43a030 SetCommBreak
0x43a034 BackupSeek
0x43a038 FreeEnvironmentStringsA
0x43a03c GetModuleHandleW
0x43a040 GetConsoleAliasesLengthA
0x43a044 GetPriorityClass
0x43a048 GetVolumeInformationA
0x43a04c GetConsoleMode
0x43a050 GetConsoleAliasExesLengthW
0x43a054 GetSystemTimeAdjustment
0x43a058 WriteConsoleOutputA
0x43a05c HeapDestroy
0x43a060 GetFileAttributesA
0x43a064 GetBinaryTypeA
0x43a068 GetModuleFileNameW
0x43a06c GetNumaNodeProcessorMask
0x43a070 GetStdHandle
0x43a074 GetLastError
0x43a078 GetProcAddress
0x43a07c SearchPathA
0x43a080 LoadLibraryA
0x43a084 LocalAlloc
0x43a088 MoveFileA
0x43a08c SetCommMask
0x43a090 CreatePipe
0x43a094 GetDefaultCommConfigA
0x43a098 FreeEnvironmentStringsW
0x43a09c BuildCommDCBA
0x43a0a0 FatalAppExitA
0x43a0a4 WriteConsoleOutputAttribute
0x43a0a8 SetCalendarInfoA
0x43a0ac FindAtomW
0x43a0b0 DebugBreak
0x43a0b4 GlobalReAlloc
0x43a0b8 CopyFileExA
0x43a0bc CloseHandle
0x43a0c0 WriteConsoleW
0x43a0c4 GetConsoleOutputCP
0x43a0c8 GetCommandLineW
0x43a0cc HeapFree
0x43a0d0 GetStartupInfoW
0x43a0d4 TerminateProcess
0x43a0d8 GetCurrentProcess
0x43a0dc UnhandledExceptionFilter
0x43a0e0 SetUnhandledExceptionFilter
0x43a0e4 IsDebuggerPresent
0x43a0e8 HeapCreate
0x43a0ec VirtualFree
0x43a0f0 DeleteCriticalSection
0x43a0f4 LeaveCriticalSection
0x43a0f8 EnterCriticalSection
0x43a0fc HeapAlloc
0x43a100 VirtualAlloc
0x43a104 HeapReAlloc
0x43a108 TlsGetValue
0x43a10c TlsAlloc
0x43a110 TlsSetValue
0x43a114 TlsFree
0x43a118 InterlockedIncrement
0x43a11c SetLastError
0x43a120 GetCurrentThreadId
0x43a124 InterlockedDecrement
0x43a128 Sleep
0x43a12c HeapSize
0x43a130 ExitProcess
0x43a134 GetCPInfo
0x43a138 GetACP
0x43a13c GetOEMCP
0x43a140 IsValidCodePage
0x43a144 WriteFile
0x43a148 GetModuleFileNameA
0x43a14c SetHandleCount
0x43a150 GetFileType
0x43a154 GetStartupInfoA
0x43a158 QueryPerformanceCounter
0x43a15c GetTickCount
0x43a160 GetCurrentProcessId
0x43a164 GetSystemTimeAsFileTime
0x43a168 InitializeCriticalSectionAndSpinCount
0x43a16c RtlUnwind
0x43a170 LCMapStringA
0x43a174 WideCharToMultiByte
0x43a178 MultiByteToWideChar
0x43a17c LCMapStringW
0x43a180 GetStringTypeA
0x43a184 GetStringTypeW
0x43a188 GetLocaleInfoA
0x43a18c GetModuleHandleA
0x43a190 SetFilePointer
0x43a194 GetConsoleCP
0x43a198 FlushFileBuffers
0x43a19c SetStdHandle
0x43a1a0 WriteConsoleA
0x43a1a4 CreateFileA
USER32.dll
0x43a1ac GetUserObjectInformationW
0x43a1b0 SetFocus
ADVAPI32.dll
0x43a000 ObjectPrivilegeAuditAlarmA
EAT(Export Address Table) is none
KERNEL32.dll
0x43a008 SearchPathW
0x43a00c DebugActiveProcessStop
0x43a010 OpenJobObjectA
0x43a014 ReadConsoleA
0x43a018 QueryDosDeviceA
0x43a01c GetEnvironmentStringsW
0x43a020 WaitForSingleObject
0x43a024 InterlockedCompareExchange
0x43a028 GetComputerNameW
0x43a02c GetNumaAvailableMemoryNode
0x43a030 SetCommBreak
0x43a034 BackupSeek
0x43a038 FreeEnvironmentStringsA
0x43a03c GetModuleHandleW
0x43a040 GetConsoleAliasesLengthA
0x43a044 GetPriorityClass
0x43a048 GetVolumeInformationA
0x43a04c GetConsoleMode
0x43a050 GetConsoleAliasExesLengthW
0x43a054 GetSystemTimeAdjustment
0x43a058 WriteConsoleOutputA
0x43a05c HeapDestroy
0x43a060 GetFileAttributesA
0x43a064 GetBinaryTypeA
0x43a068 GetModuleFileNameW
0x43a06c GetNumaNodeProcessorMask
0x43a070 GetStdHandle
0x43a074 GetLastError
0x43a078 GetProcAddress
0x43a07c SearchPathA
0x43a080 LoadLibraryA
0x43a084 LocalAlloc
0x43a088 MoveFileA
0x43a08c SetCommMask
0x43a090 CreatePipe
0x43a094 GetDefaultCommConfigA
0x43a098 FreeEnvironmentStringsW
0x43a09c BuildCommDCBA
0x43a0a0 FatalAppExitA
0x43a0a4 WriteConsoleOutputAttribute
0x43a0a8 SetCalendarInfoA
0x43a0ac FindAtomW
0x43a0b0 DebugBreak
0x43a0b4 GlobalReAlloc
0x43a0b8 CopyFileExA
0x43a0bc CloseHandle
0x43a0c0 WriteConsoleW
0x43a0c4 GetConsoleOutputCP
0x43a0c8 GetCommandLineW
0x43a0cc HeapFree
0x43a0d0 GetStartupInfoW
0x43a0d4 TerminateProcess
0x43a0d8 GetCurrentProcess
0x43a0dc UnhandledExceptionFilter
0x43a0e0 SetUnhandledExceptionFilter
0x43a0e4 IsDebuggerPresent
0x43a0e8 HeapCreate
0x43a0ec VirtualFree
0x43a0f0 DeleteCriticalSection
0x43a0f4 LeaveCriticalSection
0x43a0f8 EnterCriticalSection
0x43a0fc HeapAlloc
0x43a100 VirtualAlloc
0x43a104 HeapReAlloc
0x43a108 TlsGetValue
0x43a10c TlsAlloc
0x43a110 TlsSetValue
0x43a114 TlsFree
0x43a118 InterlockedIncrement
0x43a11c SetLastError
0x43a120 GetCurrentThreadId
0x43a124 InterlockedDecrement
0x43a128 Sleep
0x43a12c HeapSize
0x43a130 ExitProcess
0x43a134 GetCPInfo
0x43a138 GetACP
0x43a13c GetOEMCP
0x43a140 IsValidCodePage
0x43a144 WriteFile
0x43a148 GetModuleFileNameA
0x43a14c SetHandleCount
0x43a150 GetFileType
0x43a154 GetStartupInfoA
0x43a158 QueryPerformanceCounter
0x43a15c GetTickCount
0x43a160 GetCurrentProcessId
0x43a164 GetSystemTimeAsFileTime
0x43a168 InitializeCriticalSectionAndSpinCount
0x43a16c RtlUnwind
0x43a170 LCMapStringA
0x43a174 WideCharToMultiByte
0x43a178 MultiByteToWideChar
0x43a17c LCMapStringW
0x43a180 GetStringTypeA
0x43a184 GetStringTypeW
0x43a188 GetLocaleInfoA
0x43a18c GetModuleHandleA
0x43a190 SetFilePointer
0x43a194 GetConsoleCP
0x43a198 FlushFileBuffers
0x43a19c SetStdHandle
0x43a1a0 WriteConsoleA
0x43a1a4 CreateFileA
USER32.dll
0x43a1ac GetUserObjectInformationW
0x43a1b0 SetFocus
ADVAPI32.dll
0x43a000 ObjectPrivilegeAuditAlarmA
EAT(Export Address Table) is none