ScreenShot
| Created | 2024.10.20 09:19 | Machine | s1_win7_x6401 |
| Filename | donut.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 60 detected (AIDetectMalware, Donut, Malicious, score, Marte, Unsafe, Vcgt, confidence, 100%, Attribute, HighConfidence, Windows, Donutloader, Rozena, Redcap, jvkudz, ShellcodeDonut, CLASSIC, AGEN, R002C0XER23, Static AI, Suspicious PE, Detected, Malware@#cay5l43advb0, psyA, ABTrojan, PRDT, R566854, Chgt, Gencirc, susgen, PossibleThreat, pvkO3DGW) | ||
| md5 | 2a516c444620354c81fd32ef1b498d1b | ||
| sha256 | ee68d7deb7cefdfca66c078d6036d7aa3aa7afcc62b282999034b4a1faed890d | ||
| ssdeep | 6144:ZiF3dWaGNQzmzbgONa3sbMMnl6ysB8X7+AAAAAAAAc8:gFdWaGNGGLUWl6JB+A | ||
| imphash | ef81b9a18c758ad2cb875d81e1e4b658 | ||
| impfuzzy | 24:p95T2ll/kC2Drvp02tMS1XmlJnc+pl39/CuG0o9qvgTjOovbO39RwGMKQ4ZHu9R:rQll/kPBtMS1Xkc+ppQuG0ccgTC3rNe | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140024000 CryptReleaseContext
0x140024008 CryptGenRandom
0x140024010 CryptAcquireContextA
USER32.dll
0x140024310 SetClipboardData
0x140024318 CloseClipboard
0x140024320 OpenClipboard
0x140024328 EmptyClipboard
KERNEL32.dll
0x140024020 HeapSize
0x140024028 GetTimeZoneInformation
0x140024030 FlushFileBuffers
0x140024038 ReadConsoleW
0x140024040 ReadFile
0x140024048 CloseHandle
0x140024050 MapViewOfFile
0x140024058 UnmapViewOfFile
0x140024060 GetModuleHandleA
0x140024068 GetProcAddress
0x140024070 CreateFileMappingA
0x140024078 GlobalAlloc
0x140024080 GlobalLock
0x140024088 GlobalFree
0x140024090 RtlCaptureContext
0x140024098 RtlLookupFunctionEntry
0x1400240a0 RtlVirtualUnwind
0x1400240a8 UnhandledExceptionFilter
0x1400240b0 SetUnhandledExceptionFilter
0x1400240b8 GetCurrentProcess
0x1400240c0 TerminateProcess
0x1400240c8 IsProcessorFeaturePresent
0x1400240d0 QueryPerformanceCounter
0x1400240d8 GetCurrentProcessId
0x1400240e0 GetCurrentThreadId
0x1400240e8 GetSystemTimeAsFileTime
0x1400240f0 InitializeSListHead
0x1400240f8 IsDebuggerPresent
0x140024100 GetStartupInfoW
0x140024108 GetModuleHandleW
0x140024110 SetEndOfFile
0x140024118 RtlUnwindEx
0x140024120 GetLastError
0x140024128 SetLastError
0x140024130 EnterCriticalSection
0x140024138 LeaveCriticalSection
0x140024140 DeleteCriticalSection
0x140024148 InitializeCriticalSectionAndSpinCount
0x140024150 TlsAlloc
0x140024158 TlsGetValue
0x140024160 TlsSetValue
0x140024168 TlsFree
0x140024170 FreeLibrary
0x140024178 LoadLibraryExW
0x140024180 EncodePointer
0x140024188 RaiseException
0x140024190 RtlPcToFileHeader
0x140024198 RtlUnwind
0x1400241a0 ExitProcess
0x1400241a8 GetModuleHandleExW
0x1400241b0 CreateFileW
0x1400241b8 GetDriveTypeW
0x1400241c0 GetFileInformationByHandle
0x1400241c8 GetFileType
0x1400241d0 PeekNamedPipe
0x1400241d8 SystemTimeToTzSpecificLocalTime
0x1400241e0 FileTimeToSystemTime
0x1400241e8 SetStdHandle
0x1400241f0 GetStdHandle
0x1400241f8 WriteFile
0x140024200 GetModuleFileNameW
0x140024208 GetCommandLineA
0x140024210 GetCommandLineW
0x140024218 HeapAlloc
0x140024220 HeapFree
0x140024228 FlsAlloc
0x140024230 FlsGetValue
0x140024238 FlsSetValue
0x140024240 FlsFree
0x140024248 CompareStringW
0x140024250 LCMapStringW
0x140024258 GetConsoleOutputCP
0x140024260 GetConsoleMode
0x140024268 GetFileSizeEx
0x140024270 SetFilePointerEx
0x140024278 GetCurrentDirectoryW
0x140024280 GetFullPathNameW
0x140024288 MultiByteToWideChar
0x140024290 HeapReAlloc
0x140024298 FindClose
0x1400242a0 FindFirstFileExW
0x1400242a8 FindNextFileW
0x1400242b0 IsValidCodePage
0x1400242b8 GetACP
0x1400242c0 GetOEMCP
0x1400242c8 GetCPInfo
0x1400242d0 WideCharToMultiByte
0x1400242d8 GetEnvironmentStringsW
0x1400242e0 FreeEnvironmentStringsW
0x1400242e8 SetEnvironmentVariableW
0x1400242f0 GetStringTypeW
0x1400242f8 GetProcessHeap
0x140024300 WriteConsoleW
EAT(Export Address Table) is none
ADVAPI32.dll
0x140024000 CryptReleaseContext
0x140024008 CryptGenRandom
0x140024010 CryptAcquireContextA
USER32.dll
0x140024310 SetClipboardData
0x140024318 CloseClipboard
0x140024320 OpenClipboard
0x140024328 EmptyClipboard
KERNEL32.dll
0x140024020 HeapSize
0x140024028 GetTimeZoneInformation
0x140024030 FlushFileBuffers
0x140024038 ReadConsoleW
0x140024040 ReadFile
0x140024048 CloseHandle
0x140024050 MapViewOfFile
0x140024058 UnmapViewOfFile
0x140024060 GetModuleHandleA
0x140024068 GetProcAddress
0x140024070 CreateFileMappingA
0x140024078 GlobalAlloc
0x140024080 GlobalLock
0x140024088 GlobalFree
0x140024090 RtlCaptureContext
0x140024098 RtlLookupFunctionEntry
0x1400240a0 RtlVirtualUnwind
0x1400240a8 UnhandledExceptionFilter
0x1400240b0 SetUnhandledExceptionFilter
0x1400240b8 GetCurrentProcess
0x1400240c0 TerminateProcess
0x1400240c8 IsProcessorFeaturePresent
0x1400240d0 QueryPerformanceCounter
0x1400240d8 GetCurrentProcessId
0x1400240e0 GetCurrentThreadId
0x1400240e8 GetSystemTimeAsFileTime
0x1400240f0 InitializeSListHead
0x1400240f8 IsDebuggerPresent
0x140024100 GetStartupInfoW
0x140024108 GetModuleHandleW
0x140024110 SetEndOfFile
0x140024118 RtlUnwindEx
0x140024120 GetLastError
0x140024128 SetLastError
0x140024130 EnterCriticalSection
0x140024138 LeaveCriticalSection
0x140024140 DeleteCriticalSection
0x140024148 InitializeCriticalSectionAndSpinCount
0x140024150 TlsAlloc
0x140024158 TlsGetValue
0x140024160 TlsSetValue
0x140024168 TlsFree
0x140024170 FreeLibrary
0x140024178 LoadLibraryExW
0x140024180 EncodePointer
0x140024188 RaiseException
0x140024190 RtlPcToFileHeader
0x140024198 RtlUnwind
0x1400241a0 ExitProcess
0x1400241a8 GetModuleHandleExW
0x1400241b0 CreateFileW
0x1400241b8 GetDriveTypeW
0x1400241c0 GetFileInformationByHandle
0x1400241c8 GetFileType
0x1400241d0 PeekNamedPipe
0x1400241d8 SystemTimeToTzSpecificLocalTime
0x1400241e0 FileTimeToSystemTime
0x1400241e8 SetStdHandle
0x1400241f0 GetStdHandle
0x1400241f8 WriteFile
0x140024200 GetModuleFileNameW
0x140024208 GetCommandLineA
0x140024210 GetCommandLineW
0x140024218 HeapAlloc
0x140024220 HeapFree
0x140024228 FlsAlloc
0x140024230 FlsGetValue
0x140024238 FlsSetValue
0x140024240 FlsFree
0x140024248 CompareStringW
0x140024250 LCMapStringW
0x140024258 GetConsoleOutputCP
0x140024260 GetConsoleMode
0x140024268 GetFileSizeEx
0x140024270 SetFilePointerEx
0x140024278 GetCurrentDirectoryW
0x140024280 GetFullPathNameW
0x140024288 MultiByteToWideChar
0x140024290 HeapReAlloc
0x140024298 FindClose
0x1400242a0 FindFirstFileExW
0x1400242a8 FindNextFileW
0x1400242b0 IsValidCodePage
0x1400242b8 GetACP
0x1400242c0 GetOEMCP
0x1400242c8 GetCPInfo
0x1400242d0 WideCharToMultiByte
0x1400242d8 GetEnvironmentStringsW
0x1400242e0 FreeEnvironmentStringsW
0x1400242e8 SetEnvironmentVariableW
0x1400242f0 GetStringTypeW
0x1400242f8 GetProcessHeap
0x140024300 WriteConsoleW
EAT(Export Address Table) is none