ScreenShot
| Created | 2024.10.14 11:06 | Machine | s1_win7_x6401 |
| Filename | nOjRmu66yYy4.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 29 detected (AIDetectMalware, GameHack, Unsafe, malicious, confidence, Attribute, HighConfidence, moderate confidence, IZ potentially unsafe, FileRepMalware, Misc, Kryptik@AI, RDML, x6XkuGPyNEtSwqrFE8UsLQ, GenKD, Znyonm, Chgt, R002H09EG24, susgen) | ||
| md5 | 8b923746242130bc39f9566cf8ab60dc | ||
| sha256 | 021f53c2328113f02db282d7bde017efcf807b1021173e497c06711a15d7f98f | ||
| ssdeep | 24576:iJgvkMzSYAM9YSlbczEpQizfmQDc06WogeOfQr0W:itMzLAVStcdiT7FoR2A0W | ||
| imphash | a98fcc30097a9893402b8be27c43a74b | ||
| impfuzzy | 48:jYv95RZntzoufD/laZlT4lK3wt0i/1lXxgGSe+1QnB0vCj2Z0h3BZ0mZ1htJazT3:gkwOh60ShtJazTjw8Kbc+e6gtXtBgdi | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
d3d11.dll
0x1400b1568 D3D11CreateDeviceAndSwapChain
d3dx9_43.dll
0x1400b1578 D3DXMatrixTranspose
dwmapi.dll
0x1400b1588 DwmExtendFrameIntoClientArea
USER32.dll
0x1400b1438 FindWindowA
0x1400b1440 GetKeyState
0x1400b1448 ScreenToClient
0x1400b1450 GetCapture
0x1400b1458 ClientToScreen
0x1400b1460 TrackMouseEvent
0x1400b1468 SetCapture
0x1400b1470 SetCursor
0x1400b1478 GetClientRect
0x1400b1480 ReleaseCapture
0x1400b1488 SetCursorPos
0x1400b1490 GetCursorPos
0x1400b1498 OpenClipboard
0x1400b14a0 CloseClipboard
0x1400b14a8 EmptyClipboard
0x1400b14b0 GetClipboardData
0x1400b14b8 SetClipboardData
0x1400b14c0 DispatchMessageA
0x1400b14c8 LoadCursorA
0x1400b14d0 SetWindowPos
0x1400b14d8 ShowWindow
0x1400b14e0 GetAsyncKeyState
0x1400b14e8 SetWindowLongA
0x1400b14f0 GetForegroundWindow
0x1400b14f8 MoveWindow
0x1400b1500 DefWindowProcA
0x1400b1508 CreateWindowExA
0x1400b1510 SetLayeredWindowAttributes
0x1400b1518 TranslateMessage
0x1400b1520 LoadIconA
0x1400b1528 PeekMessageA
0x1400b1530 UnregisterClassA
0x1400b1538 PostQuitMessage
0x1400b1540 RegisterClassExA
0x1400b1548 UpdateWindow
0x1400b1550 GetWindowThreadProcessId
0x1400b1558 GetWindowRect
KERNEL32.dll
0x1400b1040 HeapReAlloc
0x1400b1048 CreateProcessW
0x1400b1050 GetExitCodeProcess
0x1400b1058 WaitForSingleObject
0x1400b1060 ReadConsoleW
0x1400b1068 EnumSystemLocalesW
0x1400b1070 GetUserDefaultLCID
0x1400b1078 IsValidLocale
0x1400b1080 GetLocaleInfoW
0x1400b1088 LCMapStringW
0x1400b1090 CompareStringW
0x1400b1098 HeapAlloc
0x1400b10a0 HeapFree
0x1400b10a8 GetConsoleMode
0x1400b10b0 GetConsoleOutputCP
0x1400b10b8 FlushFileBuffers
0x1400b10c0 GetFileType
0x1400b10c8 SetFilePointerEx
0x1400b10d0 GetFileSizeEx
0x1400b10d8 GetCommandLineW
0x1400b10e0 GetCommandLineA
0x1400b10e8 WriteFile
0x1400b10f0 GetStdHandle
0x1400b10f8 GetModuleFileNameW
0x1400b1100 ExitProcess
0x1400b1108 ReadFile
0x1400b1110 GetModuleHandleExW
0x1400b1118 FreeLibraryAndExitThread
0x1400b1120 ExitThread
0x1400b1128 CreateThread
0x1400b1130 RtlUnwind
0x1400b1138 LoadLibraryExW
0x1400b1140 TlsFree
0x1400b1148 TlsSetValue
0x1400b1150 WriteProcessMemory
0x1400b1158 ReadProcessMemory
0x1400b1160 GetModuleFileNameA
0x1400b1168 SetConsoleTitleA
0x1400b1170 GetCurrentProcess
0x1400b1178 GetTickCount64
0x1400b1180 K32GetModuleBaseNameA
0x1400b1188 Process32First
0x1400b1190 Module32Next
0x1400b1198 Module32First
0x1400b11a0 OpenProcess
0x1400b11a8 CreateToolhelp32Snapshot
0x1400b11b0 Process32Next
0x1400b11b8 CloseHandle
0x1400b11c0 VirtualProtectEx
0x1400b11c8 GetModuleHandleA
0x1400b11d0 MultiByteToWideChar
0x1400b11d8 GlobalAlloc
0x1400b11e0 GlobalFree
0x1400b11e8 GlobalLock
0x1400b11f0 WideCharToMultiByte
0x1400b11f8 GlobalUnlock
0x1400b1200 LoadLibraryA
0x1400b1208 QueryPerformanceFrequency
0x1400b1210 GetProcAddress
0x1400b1218 FreeLibrary
0x1400b1220 QueryPerformanceCounter
0x1400b1228 GetCurrentDirectoryW
0x1400b1230 CreateDirectoryW
0x1400b1238 CreateFileW
0x1400b1240 FindClose
0x1400b1248 FindFirstFileW
0x1400b1250 FindFirstFileExW
0x1400b1258 FindNextFileW
0x1400b1260 GetFileAttributesExW
0x1400b1268 IsValidCodePage
0x1400b1270 AreFileApisANSI
0x1400b1278 GetLastError
0x1400b1280 GetModuleHandleW
0x1400b1288 MoveFileExW
0x1400b1290 GetFileInformationByHandleEx
0x1400b1298 LocalFree
0x1400b12a0 FormatMessageA
0x1400b12a8 GetLocaleInfoEx
0x1400b12b0 WaitForSingleObjectEx
0x1400b12b8 Sleep
0x1400b12c0 GetCurrentThreadId
0x1400b12c8 FlsAlloc
0x1400b12d0 FlsGetValue
0x1400b12d8 FlsSetValue
0x1400b12e0 FlsFree
0x1400b12e8 SetEndOfFile
0x1400b12f0 InitializeCriticalSectionEx
0x1400b12f8 GetSystemTimeAsFileTime
0x1400b1300 EnterCriticalSection
0x1400b1308 LeaveCriticalSection
0x1400b1310 DeleteCriticalSection
0x1400b1318 EncodePointer
0x1400b1320 DecodePointer
0x1400b1328 LCMapStringEx
0x1400b1330 GetStringTypeW
0x1400b1338 GetCPInfo
0x1400b1340 InitializeCriticalSectionAndSpinCount
0x1400b1348 SetEvent
0x1400b1350 ResetEvent
0x1400b1358 CreateEventW
0x1400b1360 RtlCaptureContext
0x1400b1368 RtlLookupFunctionEntry
0x1400b1370 RtlVirtualUnwind
0x1400b1378 UnhandledExceptionFilter
0x1400b1380 SetUnhandledExceptionFilter
0x1400b1388 TerminateProcess
0x1400b1390 IsProcessorFeaturePresent
0x1400b1398 IsDebuggerPresent
0x1400b13a0 GetStartupInfoW
0x1400b13a8 GetCurrentProcessId
0x1400b13b0 InitializeSListHead
0x1400b13b8 TlsGetValue
0x1400b13c0 GetACP
0x1400b13c8 GetOEMCP
0x1400b13d0 GetEnvironmentStringsW
0x1400b13d8 FreeEnvironmentStringsW
0x1400b13e0 GetProcessHeap
0x1400b13e8 SetEnvironmentVariableW
0x1400b13f0 SetStdHandle
0x1400b13f8 HeapSize
0x1400b1400 WriteConsoleW
0x1400b1408 RtlUnwindEx
0x1400b1410 RtlPcToFileHeader
0x1400b1418 RaiseException
0x1400b1420 SetLastError
0x1400b1428 TlsAlloc
IMM32.dll
0x1400b1010 ImmReleaseContext
0x1400b1018 ImmSetCompositionWindow
0x1400b1020 ImmSetCandidateWindow
0x1400b1028 ImmAssociateContextEx
0x1400b1030 ImmGetContext
D3DCOMPILER_43.dll
0x1400b1000 D3DCompile
EAT(Export Address Table) is none
d3d11.dll
0x1400b1568 D3D11CreateDeviceAndSwapChain
d3dx9_43.dll
0x1400b1578 D3DXMatrixTranspose
dwmapi.dll
0x1400b1588 DwmExtendFrameIntoClientArea
USER32.dll
0x1400b1438 FindWindowA
0x1400b1440 GetKeyState
0x1400b1448 ScreenToClient
0x1400b1450 GetCapture
0x1400b1458 ClientToScreen
0x1400b1460 TrackMouseEvent
0x1400b1468 SetCapture
0x1400b1470 SetCursor
0x1400b1478 GetClientRect
0x1400b1480 ReleaseCapture
0x1400b1488 SetCursorPos
0x1400b1490 GetCursorPos
0x1400b1498 OpenClipboard
0x1400b14a0 CloseClipboard
0x1400b14a8 EmptyClipboard
0x1400b14b0 GetClipboardData
0x1400b14b8 SetClipboardData
0x1400b14c0 DispatchMessageA
0x1400b14c8 LoadCursorA
0x1400b14d0 SetWindowPos
0x1400b14d8 ShowWindow
0x1400b14e0 GetAsyncKeyState
0x1400b14e8 SetWindowLongA
0x1400b14f0 GetForegroundWindow
0x1400b14f8 MoveWindow
0x1400b1500 DefWindowProcA
0x1400b1508 CreateWindowExA
0x1400b1510 SetLayeredWindowAttributes
0x1400b1518 TranslateMessage
0x1400b1520 LoadIconA
0x1400b1528 PeekMessageA
0x1400b1530 UnregisterClassA
0x1400b1538 PostQuitMessage
0x1400b1540 RegisterClassExA
0x1400b1548 UpdateWindow
0x1400b1550 GetWindowThreadProcessId
0x1400b1558 GetWindowRect
KERNEL32.dll
0x1400b1040 HeapReAlloc
0x1400b1048 CreateProcessW
0x1400b1050 GetExitCodeProcess
0x1400b1058 WaitForSingleObject
0x1400b1060 ReadConsoleW
0x1400b1068 EnumSystemLocalesW
0x1400b1070 GetUserDefaultLCID
0x1400b1078 IsValidLocale
0x1400b1080 GetLocaleInfoW
0x1400b1088 LCMapStringW
0x1400b1090 CompareStringW
0x1400b1098 HeapAlloc
0x1400b10a0 HeapFree
0x1400b10a8 GetConsoleMode
0x1400b10b0 GetConsoleOutputCP
0x1400b10b8 FlushFileBuffers
0x1400b10c0 GetFileType
0x1400b10c8 SetFilePointerEx
0x1400b10d0 GetFileSizeEx
0x1400b10d8 GetCommandLineW
0x1400b10e0 GetCommandLineA
0x1400b10e8 WriteFile
0x1400b10f0 GetStdHandle
0x1400b10f8 GetModuleFileNameW
0x1400b1100 ExitProcess
0x1400b1108 ReadFile
0x1400b1110 GetModuleHandleExW
0x1400b1118 FreeLibraryAndExitThread
0x1400b1120 ExitThread
0x1400b1128 CreateThread
0x1400b1130 RtlUnwind
0x1400b1138 LoadLibraryExW
0x1400b1140 TlsFree
0x1400b1148 TlsSetValue
0x1400b1150 WriteProcessMemory
0x1400b1158 ReadProcessMemory
0x1400b1160 GetModuleFileNameA
0x1400b1168 SetConsoleTitleA
0x1400b1170 GetCurrentProcess
0x1400b1178 GetTickCount64
0x1400b1180 K32GetModuleBaseNameA
0x1400b1188 Process32First
0x1400b1190 Module32Next
0x1400b1198 Module32First
0x1400b11a0 OpenProcess
0x1400b11a8 CreateToolhelp32Snapshot
0x1400b11b0 Process32Next
0x1400b11b8 CloseHandle
0x1400b11c0 VirtualProtectEx
0x1400b11c8 GetModuleHandleA
0x1400b11d0 MultiByteToWideChar
0x1400b11d8 GlobalAlloc
0x1400b11e0 GlobalFree
0x1400b11e8 GlobalLock
0x1400b11f0 WideCharToMultiByte
0x1400b11f8 GlobalUnlock
0x1400b1200 LoadLibraryA
0x1400b1208 QueryPerformanceFrequency
0x1400b1210 GetProcAddress
0x1400b1218 FreeLibrary
0x1400b1220 QueryPerformanceCounter
0x1400b1228 GetCurrentDirectoryW
0x1400b1230 CreateDirectoryW
0x1400b1238 CreateFileW
0x1400b1240 FindClose
0x1400b1248 FindFirstFileW
0x1400b1250 FindFirstFileExW
0x1400b1258 FindNextFileW
0x1400b1260 GetFileAttributesExW
0x1400b1268 IsValidCodePage
0x1400b1270 AreFileApisANSI
0x1400b1278 GetLastError
0x1400b1280 GetModuleHandleW
0x1400b1288 MoveFileExW
0x1400b1290 GetFileInformationByHandleEx
0x1400b1298 LocalFree
0x1400b12a0 FormatMessageA
0x1400b12a8 GetLocaleInfoEx
0x1400b12b0 WaitForSingleObjectEx
0x1400b12b8 Sleep
0x1400b12c0 GetCurrentThreadId
0x1400b12c8 FlsAlloc
0x1400b12d0 FlsGetValue
0x1400b12d8 FlsSetValue
0x1400b12e0 FlsFree
0x1400b12e8 SetEndOfFile
0x1400b12f0 InitializeCriticalSectionEx
0x1400b12f8 GetSystemTimeAsFileTime
0x1400b1300 EnterCriticalSection
0x1400b1308 LeaveCriticalSection
0x1400b1310 DeleteCriticalSection
0x1400b1318 EncodePointer
0x1400b1320 DecodePointer
0x1400b1328 LCMapStringEx
0x1400b1330 GetStringTypeW
0x1400b1338 GetCPInfo
0x1400b1340 InitializeCriticalSectionAndSpinCount
0x1400b1348 SetEvent
0x1400b1350 ResetEvent
0x1400b1358 CreateEventW
0x1400b1360 RtlCaptureContext
0x1400b1368 RtlLookupFunctionEntry
0x1400b1370 RtlVirtualUnwind
0x1400b1378 UnhandledExceptionFilter
0x1400b1380 SetUnhandledExceptionFilter
0x1400b1388 TerminateProcess
0x1400b1390 IsProcessorFeaturePresent
0x1400b1398 IsDebuggerPresent
0x1400b13a0 GetStartupInfoW
0x1400b13a8 GetCurrentProcessId
0x1400b13b0 InitializeSListHead
0x1400b13b8 TlsGetValue
0x1400b13c0 GetACP
0x1400b13c8 GetOEMCP
0x1400b13d0 GetEnvironmentStringsW
0x1400b13d8 FreeEnvironmentStringsW
0x1400b13e0 GetProcessHeap
0x1400b13e8 SetEnvironmentVariableW
0x1400b13f0 SetStdHandle
0x1400b13f8 HeapSize
0x1400b1400 WriteConsoleW
0x1400b1408 RtlUnwindEx
0x1400b1410 RtlPcToFileHeader
0x1400b1418 RaiseException
0x1400b1420 SetLastError
0x1400b1428 TlsAlloc
IMM32.dll
0x1400b1010 ImmReleaseContext
0x1400b1018 ImmSetCompositionWindow
0x1400b1020 ImmSetCandidateWindow
0x1400b1028 ImmAssociateContextEx
0x1400b1030 ImmGetContext
D3DCOMPILER_43.dll
0x1400b1000 D3DCompile
EAT(Export Address Table) is none