ScreenShot
| Created | 2024.10.14 10:49 | Machine | s1_win7_x6403 |
| Filename | MyGuests.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | 39 detected (AIDetectMalware, WinGo, Artemis, Lazy, Unsafe, Vudg, Attribute, HighConfidence, malicious, high confidence, a variant of WinGo, FileRepMalware, Misc, CLASSIC, rozff, LUMMASTEALER, YXEJNZ, high, score, Detected, ABTrojan, CVXI, Outbreak, RX8PHU) | ||
| md5 | 2e1e5df2401546676205befe6668ed88 | ||
| sha256 | 15de8f29eaf5dbf78c94318c11f87e519380c66d094966113bb56622faf5152f | ||
| ssdeep | 98304:peJXXYAnEqCChDxA2BPrhZ7TRCXCVVae:MPnZW2B1Z3p | ||
| imphash | 1aae8bf580c846f39c71c05898e57e88 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6UP:AwO+VUjXOmokx0nP | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0xdfd340 WriteFile
0xdfd344 WriteConsoleW
0xdfd348 WerSetFlags
0xdfd34c WerGetFlags
0xdfd350 WaitForMultipleObjects
0xdfd354 WaitForSingleObject
0xdfd358 VirtualQuery
0xdfd35c VirtualFree
0xdfd360 VirtualAlloc
0xdfd364 TlsAlloc
0xdfd368 SwitchToThread
0xdfd36c SuspendThread
0xdfd370 SetWaitableTimer
0xdfd374 SetUnhandledExceptionFilter
0xdfd378 SetProcessPriorityBoost
0xdfd37c SetEvent
0xdfd380 SetErrorMode
0xdfd384 SetConsoleCtrlHandler
0xdfd388 ResumeThread
0xdfd38c RaiseFailFastException
0xdfd390 PostQueuedCompletionStatus
0xdfd394 LoadLibraryW
0xdfd398 LoadLibraryExW
0xdfd39c SetThreadContext
0xdfd3a0 GetThreadContext
0xdfd3a4 GetSystemInfo
0xdfd3a8 GetSystemDirectoryA
0xdfd3ac GetStdHandle
0xdfd3b0 GetQueuedCompletionStatusEx
0xdfd3b4 GetProcessAffinityMask
0xdfd3b8 GetProcAddress
0xdfd3bc GetErrorMode
0xdfd3c0 GetEnvironmentStringsW
0xdfd3c4 GetCurrentThreadId
0xdfd3c8 GetConsoleMode
0xdfd3cc FreeEnvironmentStringsW
0xdfd3d0 ExitProcess
0xdfd3d4 DuplicateHandle
0xdfd3d8 CreateWaitableTimerExW
0xdfd3dc CreateThread
0xdfd3e0 CreateIoCompletionPort
0xdfd3e4 CreateEventA
0xdfd3e8 CloseHandle
0xdfd3ec AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0xdfd340 WriteFile
0xdfd344 WriteConsoleW
0xdfd348 WerSetFlags
0xdfd34c WerGetFlags
0xdfd350 WaitForMultipleObjects
0xdfd354 WaitForSingleObject
0xdfd358 VirtualQuery
0xdfd35c VirtualFree
0xdfd360 VirtualAlloc
0xdfd364 TlsAlloc
0xdfd368 SwitchToThread
0xdfd36c SuspendThread
0xdfd370 SetWaitableTimer
0xdfd374 SetUnhandledExceptionFilter
0xdfd378 SetProcessPriorityBoost
0xdfd37c SetEvent
0xdfd380 SetErrorMode
0xdfd384 SetConsoleCtrlHandler
0xdfd388 ResumeThread
0xdfd38c RaiseFailFastException
0xdfd390 PostQueuedCompletionStatus
0xdfd394 LoadLibraryW
0xdfd398 LoadLibraryExW
0xdfd39c SetThreadContext
0xdfd3a0 GetThreadContext
0xdfd3a4 GetSystemInfo
0xdfd3a8 GetSystemDirectoryA
0xdfd3ac GetStdHandle
0xdfd3b0 GetQueuedCompletionStatusEx
0xdfd3b4 GetProcessAffinityMask
0xdfd3b8 GetProcAddress
0xdfd3bc GetErrorMode
0xdfd3c0 GetEnvironmentStringsW
0xdfd3c4 GetCurrentThreadId
0xdfd3c8 GetConsoleMode
0xdfd3cc FreeEnvironmentStringsW
0xdfd3d0 ExitProcess
0xdfd3d4 DuplicateHandle
0xdfd3d8 CreateWaitableTimerExW
0xdfd3dc CreateThread
0xdfd3e0 CreateIoCompletionPort
0xdfd3e4 CreateEventA
0xdfd3e8 CloseHandle
0xdfd3ec AddVectoredExceptionHandler
EAT(Export Address Table) is none