ScreenShot
| Created | 2024.10.12 09:41 | Machine | s1_win7_x6403 |
| Filename | amd64.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 34 detected (Sdum, Cerbu, malicious, confidence, Attribute, HighConfidence, high confidence, MalwareX, Static AI, Suspicious PE, GrayWare, Wacapew, Sabsik, Detected, Outbreak, Chgt, R014H09JB24, ShellLoader, susgen) | ||
| md5 | 35b5a66be6e3bcfbf109f19ceac7cbb1 | ||
| sha256 | 3a68cd7db885a8b3c3124386739fb31a6bf459bfa53cd0e63bf1e1bcf706496c | ||
| ssdeep | 49152:PcD3clMfhuSOE48I86Cb6g9Dl/eOvgCHGtYojz5E7ZZ9YrWHRHqfwYtzxgWF5Yjt:DMvb66/eOzN+E75MDgO+x | ||
| imphash | c2d457ad8ac36fc9f18d45bffcd450c2 | ||
| impfuzzy | 24:ibVjh9wOuuTkkboVaXOr6kwmDgUPMztxdEr6tl:AwOuUjXOmokx0ol | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x958040 WriteFile
0x958048 WriteConsoleW
0x958050 WerSetFlags
0x958058 WerGetFlags
0x958060 WaitForMultipleObjects
0x958068 WaitForSingleObject
0x958070 VirtualQuery
0x958078 VirtualFree
0x958080 VirtualAlloc
0x958088 TlsAlloc
0x958090 SwitchToThread
0x958098 SuspendThread
0x9580a0 SetWaitableTimer
0x9580a8 SetProcessPriorityBoost
0x9580b0 SetEvent
0x9580b8 SetErrorMode
0x9580c0 SetConsoleCtrlHandler
0x9580c8 RtlVirtualUnwind
0x9580d0 RtlLookupFunctionEntry
0x9580d8 ResumeThread
0x9580e0 RaiseFailFastException
0x9580e8 PostQueuedCompletionStatus
0x9580f0 LoadLibraryW
0x9580f8 LoadLibraryExW
0x958100 SetThreadContext
0x958108 GetThreadContext
0x958110 GetSystemInfo
0x958118 GetSystemDirectoryA
0x958120 GetStdHandle
0x958128 GetQueuedCompletionStatusEx
0x958130 GetProcessAffinityMask
0x958138 GetProcAddress
0x958140 GetErrorMode
0x958148 GetEnvironmentStringsW
0x958150 GetCurrentThreadId
0x958158 GetConsoleMode
0x958160 FreeEnvironmentStringsW
0x958168 ExitProcess
0x958170 DuplicateHandle
0x958178 CreateWaitableTimerExW
0x958180 CreateThread
0x958188 CreateIoCompletionPort
0x958190 CreateFileA
0x958198 CreateEventA
0x9581a0 CloseHandle
0x9581a8 AddVectoredExceptionHandler
0x9581b0 AddVectoredContinueHandler
EAT(Export Address Table) is none
kernel32.dll
0x958040 WriteFile
0x958048 WriteConsoleW
0x958050 WerSetFlags
0x958058 WerGetFlags
0x958060 WaitForMultipleObjects
0x958068 WaitForSingleObject
0x958070 VirtualQuery
0x958078 VirtualFree
0x958080 VirtualAlloc
0x958088 TlsAlloc
0x958090 SwitchToThread
0x958098 SuspendThread
0x9580a0 SetWaitableTimer
0x9580a8 SetProcessPriorityBoost
0x9580b0 SetEvent
0x9580b8 SetErrorMode
0x9580c0 SetConsoleCtrlHandler
0x9580c8 RtlVirtualUnwind
0x9580d0 RtlLookupFunctionEntry
0x9580d8 ResumeThread
0x9580e0 RaiseFailFastException
0x9580e8 PostQueuedCompletionStatus
0x9580f0 LoadLibraryW
0x9580f8 LoadLibraryExW
0x958100 SetThreadContext
0x958108 GetThreadContext
0x958110 GetSystemInfo
0x958118 GetSystemDirectoryA
0x958120 GetStdHandle
0x958128 GetQueuedCompletionStatusEx
0x958130 GetProcessAffinityMask
0x958138 GetProcAddress
0x958140 GetErrorMode
0x958148 GetEnvironmentStringsW
0x958150 GetCurrentThreadId
0x958158 GetConsoleMode
0x958160 FreeEnvironmentStringsW
0x958168 ExitProcess
0x958170 DuplicateHandle
0x958178 CreateWaitableTimerExW
0x958180 CreateThread
0x958188 CreateIoCompletionPort
0x958190 CreateFileA
0x958198 CreateEventA
0x9581a0 CloseHandle
0x9581a8 AddVectoredExceptionHandler
0x9581b0 AddVectoredContinueHandler
EAT(Export Address Table) is none