ScreenShot
| Created | 2024.10.02 13:58 | Machine | s1_win7_x6402 |
| Filename | swizzz.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 65 detected (AIDetectMalware, Reline, malicious, high confidence, score, Zusy, Unsafe, Save, Genus, Attribute, HighConfidence, Kryptik, HXAL, Artemis, CrypterX, TrojanPSW, Steam, knaawa, ShellCodeRunner, CLASSIC, Stealc, fszhb, HPGen, high, Detected, ai score=82, Malware@#2wn13ibxpvfkh, Stealerc, Eldorado, R648432, ZexaF, uqW@aSBJ75h, Genetic, Gencirc, BqL+HyIhUbM, susgen, confidence, 100%) | ||
| md5 | ad63629d1cc7a27553c9a52795b93d6d | ||
| sha256 | ad95d333d8a39a19dc61aa9925c98c99c913214f6a8615deb745ed4b2e53a085 | ||
| ssdeep | 6144:PE+y5nV0uTRCZ34ntxGql3sQocUk/1TIAnIhjgyD9UEksK/D4xkl:PQ5n2mRIS8Qocj/15i8sK/D4Wl | ||
| imphash | 81b834f6f9db0b945bd836f537996a1f | ||
| impfuzzy | 24:HnQJKjv+DO8jTcpVWZlK+9teEGhlJBl393PLOovbO3kFZMv1GMAkEZHu9F:HnJ0cpVe79teEGnpN630FZGP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 65 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x420008 GetClipBox
USER32.dll
0x42016c PostQuitMessage
ADVAPI32.dll
0x420000 CryptDecrypt
KERNEL32.dll
0x420010 HeapSize
0x420014 CreateFileW
0x420018 VirtualAlloc
0x42001c WaitForSingleObject
0x420020 GetModuleHandleA
0x420024 FreeConsole
0x420028 CreateThread
0x42002c GetProcAddress
0x420030 MultiByteToWideChar
0x420034 GetStringTypeW
0x420038 WideCharToMultiByte
0x42003c GetCurrentThreadId
0x420040 CloseHandle
0x420044 WaitForSingleObjectEx
0x420048 GetExitCodeThread
0x42004c EnterCriticalSection
0x420050 LeaveCriticalSection
0x420054 InitializeCriticalSectionEx
0x420058 DeleteCriticalSection
0x42005c EncodePointer
0x420060 DecodePointer
0x420064 LCMapStringEx
0x420068 ReleaseSRWLockExclusive
0x42006c WakeAllConditionVariable
0x420070 QueryPerformanceCounter
0x420074 GetSystemTimeAsFileTime
0x420078 GetModuleHandleW
0x42007c GetCPInfo
0x420080 IsProcessorFeaturePresent
0x420084 UnhandledExceptionFilter
0x420088 SetUnhandledExceptionFilter
0x42008c GetCurrentProcess
0x420090 TerminateProcess
0x420094 GetCurrentProcessId
0x420098 InitializeSListHead
0x42009c IsDebuggerPresent
0x4200a0 GetStartupInfoW
0x4200a4 GetProcessHeap
0x4200a8 RaiseException
0x4200ac RtlUnwind
0x4200b0 GetLastError
0x4200b4 SetLastError
0x4200b8 InitializeCriticalSectionAndSpinCount
0x4200bc TlsAlloc
0x4200c0 TlsGetValue
0x4200c4 TlsSetValue
0x4200c8 TlsFree
0x4200cc FreeLibrary
0x4200d0 LoadLibraryExW
0x4200d4 ExitThread
0x4200d8 FreeLibraryAndExitThread
0x4200dc GetModuleHandleExW
0x4200e0 GetStdHandle
0x4200e4 WriteFile
0x4200e8 GetModuleFileNameW
0x4200ec ExitProcess
0x4200f0 GetCommandLineA
0x4200f4 GetCommandLineW
0x4200f8 HeapAlloc
0x4200fc HeapFree
0x420100 CompareStringW
0x420104 LCMapStringW
0x420108 GetLocaleInfoW
0x42010c IsValidLocale
0x420110 GetUserDefaultLCID
0x420114 EnumSystemLocalesW
0x420118 GetFileType
0x42011c FlushFileBuffers
0x420120 GetConsoleOutputCP
0x420124 GetConsoleMode
0x420128 ReadFile
0x42012c GetFileSizeEx
0x420130 SetFilePointerEx
0x420134 ReadConsoleW
0x420138 HeapReAlloc
0x42013c FindClose
0x420140 FindFirstFileExW
0x420144 FindNextFileW
0x420148 IsValidCodePage
0x42014c GetACP
0x420150 GetOEMCP
0x420154 GetEnvironmentStringsW
0x420158 FreeEnvironmentStringsW
0x42015c SetEnvironmentVariableW
0x420160 SetStdHandle
0x420164 WriteConsoleW
EAT(Export Address Table) is none
GDI32.dll
0x420008 GetClipBox
USER32.dll
0x42016c PostQuitMessage
ADVAPI32.dll
0x420000 CryptDecrypt
KERNEL32.dll
0x420010 HeapSize
0x420014 CreateFileW
0x420018 VirtualAlloc
0x42001c WaitForSingleObject
0x420020 GetModuleHandleA
0x420024 FreeConsole
0x420028 CreateThread
0x42002c GetProcAddress
0x420030 MultiByteToWideChar
0x420034 GetStringTypeW
0x420038 WideCharToMultiByte
0x42003c GetCurrentThreadId
0x420040 CloseHandle
0x420044 WaitForSingleObjectEx
0x420048 GetExitCodeThread
0x42004c EnterCriticalSection
0x420050 LeaveCriticalSection
0x420054 InitializeCriticalSectionEx
0x420058 DeleteCriticalSection
0x42005c EncodePointer
0x420060 DecodePointer
0x420064 LCMapStringEx
0x420068 ReleaseSRWLockExclusive
0x42006c WakeAllConditionVariable
0x420070 QueryPerformanceCounter
0x420074 GetSystemTimeAsFileTime
0x420078 GetModuleHandleW
0x42007c GetCPInfo
0x420080 IsProcessorFeaturePresent
0x420084 UnhandledExceptionFilter
0x420088 SetUnhandledExceptionFilter
0x42008c GetCurrentProcess
0x420090 TerminateProcess
0x420094 GetCurrentProcessId
0x420098 InitializeSListHead
0x42009c IsDebuggerPresent
0x4200a0 GetStartupInfoW
0x4200a4 GetProcessHeap
0x4200a8 RaiseException
0x4200ac RtlUnwind
0x4200b0 GetLastError
0x4200b4 SetLastError
0x4200b8 InitializeCriticalSectionAndSpinCount
0x4200bc TlsAlloc
0x4200c0 TlsGetValue
0x4200c4 TlsSetValue
0x4200c8 TlsFree
0x4200cc FreeLibrary
0x4200d0 LoadLibraryExW
0x4200d4 ExitThread
0x4200d8 FreeLibraryAndExitThread
0x4200dc GetModuleHandleExW
0x4200e0 GetStdHandle
0x4200e4 WriteFile
0x4200e8 GetModuleFileNameW
0x4200ec ExitProcess
0x4200f0 GetCommandLineA
0x4200f4 GetCommandLineW
0x4200f8 HeapAlloc
0x4200fc HeapFree
0x420100 CompareStringW
0x420104 LCMapStringW
0x420108 GetLocaleInfoW
0x42010c IsValidLocale
0x420110 GetUserDefaultLCID
0x420114 EnumSystemLocalesW
0x420118 GetFileType
0x42011c FlushFileBuffers
0x420120 GetConsoleOutputCP
0x420124 GetConsoleMode
0x420128 ReadFile
0x42012c GetFileSizeEx
0x420130 SetFilePointerEx
0x420134 ReadConsoleW
0x420138 HeapReAlloc
0x42013c FindClose
0x420140 FindFirstFileExW
0x420144 FindNextFileW
0x420148 IsValidCodePage
0x42014c GetACP
0x420150 GetOEMCP
0x420154 GetEnvironmentStringsW
0x420158 FreeEnvironmentStringsW
0x42015c SetEnvironmentVariableW
0x420160 SetStdHandle
0x420164 WriteConsoleW
EAT(Export Address Table) is none