ScreenShot
| Created | 2024.10.14 10:47 | Machine | s1_win7_x6401 |
| Filename | bybit.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | 14 detected (AIDetectMalware, Attribute, HighConfidence, malicious, high confidence, a variant of WinGo, CLASSIC, moderate, score, Detected, LummaStealer, CryptBot, Wingo) | ||
| md5 | 17b81f863b1cb9fa2ba7b1d78b6039f5 | ||
| sha256 | 8e74dad0ba6445fd3417cd79fc43dd8c367e2bdf3d8125130d08770e1b184959 | ||
| ssdeep | 98304:7H6PkG0LOdKv7q+oM1zRi+xJimPTF1DO/h6TcX84:KklHdoMzUF6TTO9 | ||
| imphash | c1a56dd2884ebae2645c18b421ad3aee | ||
| impfuzzy | 24:ibVjh9wO+jX13uT7boVaXOr6kwmDgUPMztxdD1tr6UP:AwO+jX13UjXOmokxp1ZnP | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1092560 WriteFile
0x1092564 WriteConsoleW
0x1092568 WerSetFlags
0x109256c WerGetFlags
0x1092570 WaitForMultipleObjects
0x1092574 WaitForSingleObject
0x1092578 VirtualQuery
0x109257c VirtualFree
0x1092580 VirtualAlloc
0x1092584 TlsAlloc
0x1092588 SwitchToThread
0x109258c SuspendThread
0x1092590 SetWaitableTimer
0x1092594 SetUnhandledExceptionFilter
0x1092598 SetThreadPriority
0x109259c SetProcessPriorityBoost
0x10925a0 SetEvent
0x10925a4 SetErrorMode
0x10925a8 SetConsoleCtrlHandler
0x10925ac ResumeThread
0x10925b0 RaiseFailFastException
0x10925b4 PostQueuedCompletionStatus
0x10925b8 LoadLibraryW
0x10925bc LoadLibraryExW
0x10925c0 SetThreadContext
0x10925c4 GetThreadContext
0x10925c8 GetSystemInfo
0x10925cc GetSystemDirectoryA
0x10925d0 GetStdHandle
0x10925d4 GetQueuedCompletionStatusEx
0x10925d8 GetProcessAffinityMask
0x10925dc GetProcAddress
0x10925e0 GetErrorMode
0x10925e4 GetEnvironmentStringsW
0x10925e8 GetCurrentThreadId
0x10925ec GetConsoleMode
0x10925f0 FreeEnvironmentStringsW
0x10925f4 ExitProcess
0x10925f8 DuplicateHandle
0x10925fc CreateWaitableTimerExW
0x1092600 CreateWaitableTimerA
0x1092604 CreateThread
0x1092608 CreateIoCompletionPort
0x109260c CreateEventA
0x1092610 CloseHandle
0x1092614 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x1092560 WriteFile
0x1092564 WriteConsoleW
0x1092568 WerSetFlags
0x109256c WerGetFlags
0x1092570 WaitForMultipleObjects
0x1092574 WaitForSingleObject
0x1092578 VirtualQuery
0x109257c VirtualFree
0x1092580 VirtualAlloc
0x1092584 TlsAlloc
0x1092588 SwitchToThread
0x109258c SuspendThread
0x1092590 SetWaitableTimer
0x1092594 SetUnhandledExceptionFilter
0x1092598 SetThreadPriority
0x109259c SetProcessPriorityBoost
0x10925a0 SetEvent
0x10925a4 SetErrorMode
0x10925a8 SetConsoleCtrlHandler
0x10925ac ResumeThread
0x10925b0 RaiseFailFastException
0x10925b4 PostQueuedCompletionStatus
0x10925b8 LoadLibraryW
0x10925bc LoadLibraryExW
0x10925c0 SetThreadContext
0x10925c4 GetThreadContext
0x10925c8 GetSystemInfo
0x10925cc GetSystemDirectoryA
0x10925d0 GetStdHandle
0x10925d4 GetQueuedCompletionStatusEx
0x10925d8 GetProcessAffinityMask
0x10925dc GetProcAddress
0x10925e0 GetErrorMode
0x10925e4 GetEnvironmentStringsW
0x10925e8 GetCurrentThreadId
0x10925ec GetConsoleMode
0x10925f0 FreeEnvironmentStringsW
0x10925f4 ExitProcess
0x10925f8 DuplicateHandle
0x10925fc CreateWaitableTimerExW
0x1092600 CreateWaitableTimerA
0x1092604 CreateThread
0x1092608 CreateIoCompletionPort
0x109260c CreateEventA
0x1092610 CloseHandle
0x1092614 AddVectoredExceptionHandler
EAT(Export Address Table) is none