ScreenShot
| Created | 2024.10.20 09:10 | Machine | s1_win7_x6403 |
| Filename | CVE-2024-35250.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 32 detected (AIDetectMalware, Malicious, score, GenericKD, Unsafe, confidence, Attribute, HighConfidence, Windows, CVE-2022-2188, Static AI, Suspicious PE, Detected, GrayWare, Wacapew, ABApplication, MSTJ, Artemis, Chgt, susgen, PossibleThreat) | ||
| md5 | f8576551ec4ffc9392d4c9af9f79423f | ||
| sha256 | 308af6a404d8a91387ddab482a38fdf266e5f903d0e7ff4cac59ebc137ec288c | ||
| ssdeep | 3072:bb0uqERCaHZvuig/z5FI2UVnt3s/0OctXldEa:rqERCaHZWrQNnt3GWea | ||
| imphash | bf7918872fb2635d90e4d340ebeca011 | ||
| impfuzzy | 24:fgTzWHD7eD02teFUJnc+pl3QCuyoEOovbO+RPvNjvRZHu9dGMEYCW:IXAqteFEc+ppbuyc3anfYZ | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140018000 HeapFree
0x140018008 GetCurrentProcess
0x140018010 DeviceIoControl
0x140018018 VirtualAlloc
0x140018020 GetCurrentThreadId
0x140018028 OpenProcess
0x140018030 GetLastError
0x140018038 HeapReAlloc
0x140018040 CloseHandle
0x140018048 HeapAlloc
0x140018050 GetProcAddress
0x140018058 GetCurrentProcessId
0x140018060 GetProcessHeap
0x140018068 OpenThread
0x140018070 LoadLibraryExW
0x140018078 CreateFileW
0x140018080 HeapSize
0x140018088 SetFilePointerEx
0x140018090 GetFileSizeEx
0x140018098 RtlCaptureContext
0x1400180a0 RtlLookupFunctionEntry
0x1400180a8 RtlVirtualUnwind
0x1400180b0 UnhandledExceptionFilter
0x1400180b8 SetUnhandledExceptionFilter
0x1400180c0 TerminateProcess
0x1400180c8 IsProcessorFeaturePresent
0x1400180d0 QueryPerformanceCounter
0x1400180d8 GetSystemTimeAsFileTime
0x1400180e0 InitializeSListHead
0x1400180e8 IsDebuggerPresent
0x1400180f0 GetStartupInfoW
0x1400180f8 GetModuleHandleW
0x140018100 RtlUnwindEx
0x140018108 SetLastError
0x140018110 EnterCriticalSection
0x140018118 LeaveCriticalSection
0x140018120 DeleteCriticalSection
0x140018128 InitializeCriticalSectionAndSpinCount
0x140018130 TlsAlloc
0x140018138 TlsGetValue
0x140018140 TlsSetValue
0x140018148 TlsFree
0x140018150 FreeLibrary
0x140018158 EncodePointer
0x140018160 RaiseException
0x140018168 RtlPcToFileHeader
0x140018170 GetStdHandle
0x140018178 WriteFile
0x140018180 GetModuleFileNameW
0x140018188 ExitProcess
0x140018190 GetModuleHandleExW
0x140018198 GetCommandLineA
0x1400181a0 GetCommandLineW
0x1400181a8 FlsAlloc
0x1400181b0 FlsGetValue
0x1400181b8 FlsSetValue
0x1400181c0 FlsFree
0x1400181c8 CompareStringW
0x1400181d0 LCMapStringW
0x1400181d8 GetFileType
0x1400181e0 WaitForSingleObject
0x1400181e8 GetExitCodeProcess
0x1400181f0 CreateProcessW
0x1400181f8 GetFileAttributesExW
0x140018200 FindClose
0x140018208 FindFirstFileExW
0x140018210 FindNextFileW
0x140018218 IsValidCodePage
0x140018220 GetACP
0x140018228 GetOEMCP
0x140018230 GetCPInfo
0x140018238 MultiByteToWideChar
0x140018240 WideCharToMultiByte
0x140018248 GetEnvironmentStringsW
0x140018250 FreeEnvironmentStringsW
0x140018258 SetEnvironmentVariableW
0x140018260 SetStdHandle
0x140018268 GetStringTypeW
0x140018270 FlushFileBuffers
0x140018278 GetConsoleOutputCP
0x140018280 GetConsoleMode
0x140018288 WriteConsoleW
ksproxy.ax
0x140018298 KsOpenDefaultDevice
ntdll.dll
0x1400182a8 NtQuerySystemInformation
0x1400182b0 NtWriteVirtualMemory
EAT(Export Address Table) is none
KERNEL32.dll
0x140018000 HeapFree
0x140018008 GetCurrentProcess
0x140018010 DeviceIoControl
0x140018018 VirtualAlloc
0x140018020 GetCurrentThreadId
0x140018028 OpenProcess
0x140018030 GetLastError
0x140018038 HeapReAlloc
0x140018040 CloseHandle
0x140018048 HeapAlloc
0x140018050 GetProcAddress
0x140018058 GetCurrentProcessId
0x140018060 GetProcessHeap
0x140018068 OpenThread
0x140018070 LoadLibraryExW
0x140018078 CreateFileW
0x140018080 HeapSize
0x140018088 SetFilePointerEx
0x140018090 GetFileSizeEx
0x140018098 RtlCaptureContext
0x1400180a0 RtlLookupFunctionEntry
0x1400180a8 RtlVirtualUnwind
0x1400180b0 UnhandledExceptionFilter
0x1400180b8 SetUnhandledExceptionFilter
0x1400180c0 TerminateProcess
0x1400180c8 IsProcessorFeaturePresent
0x1400180d0 QueryPerformanceCounter
0x1400180d8 GetSystemTimeAsFileTime
0x1400180e0 InitializeSListHead
0x1400180e8 IsDebuggerPresent
0x1400180f0 GetStartupInfoW
0x1400180f8 GetModuleHandleW
0x140018100 RtlUnwindEx
0x140018108 SetLastError
0x140018110 EnterCriticalSection
0x140018118 LeaveCriticalSection
0x140018120 DeleteCriticalSection
0x140018128 InitializeCriticalSectionAndSpinCount
0x140018130 TlsAlloc
0x140018138 TlsGetValue
0x140018140 TlsSetValue
0x140018148 TlsFree
0x140018150 FreeLibrary
0x140018158 EncodePointer
0x140018160 RaiseException
0x140018168 RtlPcToFileHeader
0x140018170 GetStdHandle
0x140018178 WriteFile
0x140018180 GetModuleFileNameW
0x140018188 ExitProcess
0x140018190 GetModuleHandleExW
0x140018198 GetCommandLineA
0x1400181a0 GetCommandLineW
0x1400181a8 FlsAlloc
0x1400181b0 FlsGetValue
0x1400181b8 FlsSetValue
0x1400181c0 FlsFree
0x1400181c8 CompareStringW
0x1400181d0 LCMapStringW
0x1400181d8 GetFileType
0x1400181e0 WaitForSingleObject
0x1400181e8 GetExitCodeProcess
0x1400181f0 CreateProcessW
0x1400181f8 GetFileAttributesExW
0x140018200 FindClose
0x140018208 FindFirstFileExW
0x140018210 FindNextFileW
0x140018218 IsValidCodePage
0x140018220 GetACP
0x140018228 GetOEMCP
0x140018230 GetCPInfo
0x140018238 MultiByteToWideChar
0x140018240 WideCharToMultiByte
0x140018248 GetEnvironmentStringsW
0x140018250 FreeEnvironmentStringsW
0x140018258 SetEnvironmentVariableW
0x140018260 SetStdHandle
0x140018268 GetStringTypeW
0x140018270 FlushFileBuffers
0x140018278 GetConsoleOutputCP
0x140018280 GetConsoleMode
0x140018288 WriteConsoleW
ksproxy.ax
0x140018298 KsOpenDefaultDevice
ntdll.dll
0x1400182a8 NtQuerySystemInformation
0x1400182b0 NtWriteVirtualMemory
EAT(Export Address Table) is none