ScreenShot
| Created | 2024.10.02 14:43 | Machine | s1_win7_x6403 |
| Filename | 66fc5c187ba75_lyla343.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetectMalware, Malicious, score, Lockbit, Unsafe, confidence, 100%, Attribute, HighConfidence, high confidence, Obscure, CLASSIC, moderate, Krypt, Static AI, Suspicious PE, Detected, Smokeloader, Kryptik, Eldorado, DropperX, R535540, Obfuscated, susgen) | ||
| md5 | 007fa2c8c8ab1fbc6867e44db35c063e | ||
| sha256 | fde9a151f01aaa4bd10355337c8146e28c0716f10a4bdd70718f007f321827fe | ||
| ssdeep | 6144:yB5v9Z13FO0jL/cyv3+Is7RIw0k2aBh4MCU0m9ccVr:CVRjL/cs3fsiEh4MCjm9/ | ||
| imphash | 5d6eca90d87f0b951e502c326dc551af | ||
| impfuzzy | 24:jkgmfKHsJNjQuWSd5UcD54oEdQBf0qC8uV1vPcc4SJt4RsgH+fcdNO5lXvHRnly/:nMv0SdadfD13cll+fc65lXtKJvc3DxqB | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x414014 GetConsoleAliasExesA
0x414018 InterlockedIncrement
0x41401c CreateJobObjectW
0x414020 InterlockedCompareExchange
0x414024 SetVolumeMountPointW
0x414028 GetTimeFormatA
0x41402c _lcreat
0x414030 LocalFlags
0x414034 SetFileTime
0x414038 ClearCommBreak
0x41403c SetFileShortNameW
0x414040 LoadLibraryW
0x414044 CopyFileW
0x414048 _hread
0x41404c GetCalendarInfoA
0x414050 GetFileAttributesW
0x414054 VerifyVersionInfoA
0x414058 GetModuleFileNameW
0x41405c CreateActCtxA
0x414060 GetEnvironmentVariableA
0x414064 GetTempPathW
0x414068 RaiseException
0x41406c InterlockedExchange
0x414070 GetStdHandle
0x414074 GetLogicalDriveStringsA
0x414078 GetLastError
0x41407c GetProcAddress
0x414080 CreateNamedPipeA
0x414084 GetLocaleInfoA
0x414088 EnumSystemCodePagesW
0x41408c SetComputerNameA
0x414090 GlobalFree
0x414094 LoadLibraryA
0x414098 InterlockedExchangeAdd
0x41409c LocalAlloc
0x4140a0 CreateHardLinkW
0x4140a4 GetNumberFormatW
0x4140a8 CreateEventW
0x4140ac OpenEventA
0x4140b0 QueryDosDeviceW
0x4140b4 FoldStringA
0x4140b8 SetEnvironmentVariableA
0x4140bc GlobalWire
0x4140c0 GetCurrentDirectoryA
0x4140c4 EnumDateFormatsW
0x4140c8 GetShortPathNameW
0x4140cc SetCalendarInfoA
0x4140d0 SetProcessShutdownParameters
0x4140d4 GetDiskFreeSpaceExA
0x4140d8 GetVersionExA
0x4140dc ReadConsoleInputW
0x4140e0 DebugBreak
0x4140e4 SetFileAttributesW
0x4140e8 LCMapStringW
0x4140ec CommConfigDialogW
0x4140f0 TlsGetValue
0x4140f4 SetFilePointer
0x4140f8 EnumCalendarInfoA
0x4140fc GetComputerNameA
0x414100 GetStringTypeW
0x414104 IsValidLocale
0x414108 EnumSystemLocalesA
0x41410c InterlockedDecrement
0x414110 EncodePointer
0x414114 DecodePointer
0x414118 Sleep
0x41411c InitializeCriticalSection
0x414120 DeleteCriticalSection
0x414124 EnterCriticalSection
0x414128 LeaveCriticalSection
0x41412c HeapFree
0x414130 HeapReAlloc
0x414134 GetCommandLineW
0x414138 HeapSetInformation
0x41413c GetStartupInfoW
0x414140 RtlUnwind
0x414144 HeapAlloc
0x414148 WideCharToMultiByte
0x41414c MultiByteToWideChar
0x414150 GetCPInfo
0x414154 IsProcessorFeaturePresent
0x414158 HeapCreate
0x41415c HeapSize
0x414160 GetModuleHandleW
0x414164 ExitProcess
0x414168 SetUnhandledExceptionFilter
0x41416c WriteFile
0x414170 FreeEnvironmentStringsW
0x414174 GetEnvironmentStringsW
0x414178 SetHandleCount
0x41417c InitializeCriticalSectionAndSpinCount
0x414180 GetFileType
0x414184 TlsAlloc
0x414188 TlsSetValue
0x41418c TlsFree
0x414190 SetLastError
0x414194 GetCurrentThreadId
0x414198 QueryPerformanceCounter
0x41419c GetTickCount
0x4141a0 GetCurrentProcessId
0x4141a4 GetSystemTimeAsFileTime
0x4141a8 GetLocaleInfoW
0x4141ac TerminateProcess
0x4141b0 GetCurrentProcess
0x4141b4 UnhandledExceptionFilter
0x4141b8 IsDebuggerPresent
0x4141bc GetACP
0x4141c0 GetOEMCP
0x4141c4 IsValidCodePage
0x4141c8 GetUserDefaultLCID
GDI32.dll
0x414000 GetBkMode
0x414004 CreateDCW
0x414008 GetCharWidth32A
0x41400c GetCharWidthI
ole32.dll
0x4141d8 CoUnmarshalHresult
MSIMG32.dll
0x4141d0 AlphaBlend
EAT(Export Address Table) is none
KERNEL32.dll
0x414014 GetConsoleAliasExesA
0x414018 InterlockedIncrement
0x41401c CreateJobObjectW
0x414020 InterlockedCompareExchange
0x414024 SetVolumeMountPointW
0x414028 GetTimeFormatA
0x41402c _lcreat
0x414030 LocalFlags
0x414034 SetFileTime
0x414038 ClearCommBreak
0x41403c SetFileShortNameW
0x414040 LoadLibraryW
0x414044 CopyFileW
0x414048 _hread
0x41404c GetCalendarInfoA
0x414050 GetFileAttributesW
0x414054 VerifyVersionInfoA
0x414058 GetModuleFileNameW
0x41405c CreateActCtxA
0x414060 GetEnvironmentVariableA
0x414064 GetTempPathW
0x414068 RaiseException
0x41406c InterlockedExchange
0x414070 GetStdHandle
0x414074 GetLogicalDriveStringsA
0x414078 GetLastError
0x41407c GetProcAddress
0x414080 CreateNamedPipeA
0x414084 GetLocaleInfoA
0x414088 EnumSystemCodePagesW
0x41408c SetComputerNameA
0x414090 GlobalFree
0x414094 LoadLibraryA
0x414098 InterlockedExchangeAdd
0x41409c LocalAlloc
0x4140a0 CreateHardLinkW
0x4140a4 GetNumberFormatW
0x4140a8 CreateEventW
0x4140ac OpenEventA
0x4140b0 QueryDosDeviceW
0x4140b4 FoldStringA
0x4140b8 SetEnvironmentVariableA
0x4140bc GlobalWire
0x4140c0 GetCurrentDirectoryA
0x4140c4 EnumDateFormatsW
0x4140c8 GetShortPathNameW
0x4140cc SetCalendarInfoA
0x4140d0 SetProcessShutdownParameters
0x4140d4 GetDiskFreeSpaceExA
0x4140d8 GetVersionExA
0x4140dc ReadConsoleInputW
0x4140e0 DebugBreak
0x4140e4 SetFileAttributesW
0x4140e8 LCMapStringW
0x4140ec CommConfigDialogW
0x4140f0 TlsGetValue
0x4140f4 SetFilePointer
0x4140f8 EnumCalendarInfoA
0x4140fc GetComputerNameA
0x414100 GetStringTypeW
0x414104 IsValidLocale
0x414108 EnumSystemLocalesA
0x41410c InterlockedDecrement
0x414110 EncodePointer
0x414114 DecodePointer
0x414118 Sleep
0x41411c InitializeCriticalSection
0x414120 DeleteCriticalSection
0x414124 EnterCriticalSection
0x414128 LeaveCriticalSection
0x41412c HeapFree
0x414130 HeapReAlloc
0x414134 GetCommandLineW
0x414138 HeapSetInformation
0x41413c GetStartupInfoW
0x414140 RtlUnwind
0x414144 HeapAlloc
0x414148 WideCharToMultiByte
0x41414c MultiByteToWideChar
0x414150 GetCPInfo
0x414154 IsProcessorFeaturePresent
0x414158 HeapCreate
0x41415c HeapSize
0x414160 GetModuleHandleW
0x414164 ExitProcess
0x414168 SetUnhandledExceptionFilter
0x41416c WriteFile
0x414170 FreeEnvironmentStringsW
0x414174 GetEnvironmentStringsW
0x414178 SetHandleCount
0x41417c InitializeCriticalSectionAndSpinCount
0x414180 GetFileType
0x414184 TlsAlloc
0x414188 TlsSetValue
0x41418c TlsFree
0x414190 SetLastError
0x414194 GetCurrentThreadId
0x414198 QueryPerformanceCounter
0x41419c GetTickCount
0x4141a0 GetCurrentProcessId
0x4141a4 GetSystemTimeAsFileTime
0x4141a8 GetLocaleInfoW
0x4141ac TerminateProcess
0x4141b0 GetCurrentProcess
0x4141b4 UnhandledExceptionFilter
0x4141b8 IsDebuggerPresent
0x4141bc GetACP
0x4141c0 GetOEMCP
0x4141c4 IsValidCodePage
0x4141c8 GetUserDefaultLCID
GDI32.dll
0x414000 GetBkMode
0x414004 CreateDCW
0x414008 GetCharWidth32A
0x41400c GetCharWidthI
ole32.dll
0x4141d8 CoUnmarshalHresult
MSIMG32.dll
0x4141d0 AlphaBlend
EAT(Export Address Table) is none