ScreenShot
| Created | 2024.10.21 13:40 | Machine | s1_win7_x6401 |
| Filename | prem1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 60 detected (AIDetectMalware, Malicious, score, Sabsik, Unsafe, Save, confidence, 100%, GenusT, Attribute, HighConfidence, high confidence, GenKryptik, HCID, PWSX, ccmw, Kryptik, CLASSIC, Stealc, nbrdm, Steam, AMADEY, YXEJDZ, Real Protect, high, Krypt, Static AI, Malicious PE, Detected, Vidar, 1BJ486G, Eldorado, R669469, Artemis, LummaStealer, Genetic, susgen) | ||
| md5 | dc860de2a24ea3e15c496582af59b9cb | ||
| sha256 | 9211154f8bd85ce85c52cfe91538e6ba2a25704b6efb84c64460ba4da20fa1a9 | ||
| ssdeep | 6144:iUwFzqlqyEURK9rod9/or4txXZ1l4PyT6qdgNkwhjfdnw/omUS29zf7PT:zwFzqsynqM/M4tLw6DgNkQjfdwAZDPT | ||
| imphash | f6d69f179a8bc849dc9fddc23fefb0bb | ||
| impfuzzy | 24:XDlkcpVWZttlS14GhlJBl3ELouDZVv1GMAkpOovbOPZu:ecpVettlS14GnpSlZdA3k | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
| danger | Executed a process and injected code into it |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Code injection by writing an executable or DLL to the memory of another process |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (18cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Client_SW_User_Data_Stealer | Client_SW_User_Data_Stealer | memory |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | infoStealer_ftpClients_Zero | ftp clients info stealer | memory |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Generic_PWS_Memory_Zero | PWS Memory | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x41e12c CallWindowProcW
KERNEL32.dll
0x41e000 GetProcAddress
0x41e004 CreateFileW
0x41e008 CloseHandle
0x41e00c GetConsoleWindow
0x41e010 MultiByteToWideChar
0x41e014 GetStringTypeW
0x41e018 WideCharToMultiByte
0x41e01c EnterCriticalSection
0x41e020 LeaveCriticalSection
0x41e024 InitializeCriticalSectionEx
0x41e028 DeleteCriticalSection
0x41e02c EncodePointer
0x41e030 DecodePointer
0x41e034 LCMapStringEx
0x41e038 GetCPInfo
0x41e03c IsProcessorFeaturePresent
0x41e040 UnhandledExceptionFilter
0x41e044 SetUnhandledExceptionFilter
0x41e048 GetCurrentProcess
0x41e04c TerminateProcess
0x41e050 QueryPerformanceCounter
0x41e054 GetCurrentProcessId
0x41e058 GetCurrentThreadId
0x41e05c GetSystemTimeAsFileTime
0x41e060 InitializeSListHead
0x41e064 IsDebuggerPresent
0x41e068 GetStartupInfoW
0x41e06c GetModuleHandleW
0x41e070 HeapSize
0x41e074 RaiseException
0x41e078 RtlUnwind
0x41e07c GetLastError
0x41e080 SetLastError
0x41e084 InitializeCriticalSectionAndSpinCount
0x41e088 TlsAlloc
0x41e08c TlsGetValue
0x41e090 TlsSetValue
0x41e094 TlsFree
0x41e098 FreeLibrary
0x41e09c WriteConsoleW
0x41e0a0 LoadLibraryExW
0x41e0a4 GetStdHandle
0x41e0a8 WriteFile
0x41e0ac GetModuleFileNameW
0x41e0b0 ExitProcess
0x41e0b4 GetModuleHandleExW
0x41e0b8 HeapFree
0x41e0bc LCMapStringW
0x41e0c0 GetLocaleInfoW
0x41e0c4 IsValidLocale
0x41e0c8 GetUserDefaultLCID
0x41e0cc EnumSystemLocalesW
0x41e0d0 HeapAlloc
0x41e0d4 GetFileType
0x41e0d8 FlushFileBuffers
0x41e0dc GetConsoleOutputCP
0x41e0e0 GetConsoleMode
0x41e0e4 ReadFile
0x41e0e8 GetFileSizeEx
0x41e0ec SetFilePointerEx
0x41e0f0 ReadConsoleW
0x41e0f4 HeapReAlloc
0x41e0f8 FindClose
0x41e0fc FindFirstFileExW
0x41e100 FindNextFileW
0x41e104 IsValidCodePage
0x41e108 GetACP
0x41e10c GetOEMCP
0x41e110 GetCommandLineA
0x41e114 GetCommandLineW
0x41e118 GetEnvironmentStringsW
0x41e11c FreeEnvironmentStringsW
0x41e120 SetStdHandle
0x41e124 GetProcessHeap
EAT(Export Address Table) is none
USER32.dll
0x41e12c CallWindowProcW
KERNEL32.dll
0x41e000 GetProcAddress
0x41e004 CreateFileW
0x41e008 CloseHandle
0x41e00c GetConsoleWindow
0x41e010 MultiByteToWideChar
0x41e014 GetStringTypeW
0x41e018 WideCharToMultiByte
0x41e01c EnterCriticalSection
0x41e020 LeaveCriticalSection
0x41e024 InitializeCriticalSectionEx
0x41e028 DeleteCriticalSection
0x41e02c EncodePointer
0x41e030 DecodePointer
0x41e034 LCMapStringEx
0x41e038 GetCPInfo
0x41e03c IsProcessorFeaturePresent
0x41e040 UnhandledExceptionFilter
0x41e044 SetUnhandledExceptionFilter
0x41e048 GetCurrentProcess
0x41e04c TerminateProcess
0x41e050 QueryPerformanceCounter
0x41e054 GetCurrentProcessId
0x41e058 GetCurrentThreadId
0x41e05c GetSystemTimeAsFileTime
0x41e060 InitializeSListHead
0x41e064 IsDebuggerPresent
0x41e068 GetStartupInfoW
0x41e06c GetModuleHandleW
0x41e070 HeapSize
0x41e074 RaiseException
0x41e078 RtlUnwind
0x41e07c GetLastError
0x41e080 SetLastError
0x41e084 InitializeCriticalSectionAndSpinCount
0x41e088 TlsAlloc
0x41e08c TlsGetValue
0x41e090 TlsSetValue
0x41e094 TlsFree
0x41e098 FreeLibrary
0x41e09c WriteConsoleW
0x41e0a0 LoadLibraryExW
0x41e0a4 GetStdHandle
0x41e0a8 WriteFile
0x41e0ac GetModuleFileNameW
0x41e0b0 ExitProcess
0x41e0b4 GetModuleHandleExW
0x41e0b8 HeapFree
0x41e0bc LCMapStringW
0x41e0c0 GetLocaleInfoW
0x41e0c4 IsValidLocale
0x41e0c8 GetUserDefaultLCID
0x41e0cc EnumSystemLocalesW
0x41e0d0 HeapAlloc
0x41e0d4 GetFileType
0x41e0d8 FlushFileBuffers
0x41e0dc GetConsoleOutputCP
0x41e0e0 GetConsoleMode
0x41e0e4 ReadFile
0x41e0e8 GetFileSizeEx
0x41e0ec SetFilePointerEx
0x41e0f0 ReadConsoleW
0x41e0f4 HeapReAlloc
0x41e0f8 FindClose
0x41e0fc FindFirstFileExW
0x41e100 FindNextFileW
0x41e104 IsValidCodePage
0x41e108 GetACP
0x41e10c GetOEMCP
0x41e110 GetCommandLineA
0x41e114 GetCommandLineW
0x41e118 GetEnvironmentStringsW
0x41e11c FreeEnvironmentStringsW
0x41e120 SetStdHandle
0x41e124 GetProcessHeap
EAT(Export Address Table) is none