ScreenShot
| Created | 2024.10.21 13:46 | Machine | s1_win7_x6403 |
| Filename | dos.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 40 detected (Sonbokli, GenericKD, Unsafe, Vmpl, malicious, confidence, Attribute, HighConfidence, high confidence, MalwareX, CLOUD, Detected, Wacatac, R667674, Artemis, Chgt, R011H09IL24, Msmw, susgen, PossibleThreat, PALLAS, Software, B9nj) | ||
| md5 | a2163bf270762a1deec37145f2ef5267 | ||
| sha256 | e0d09374471bb956744258603669a06473cc5920b6096928ac345c640d089403 | ||
| ssdeep | 6144:nUMYwNIRcCdh4vVgCAoyLInAkAdQX+wWNDBUhigzp00NR6MohqUia8Qv1ke8We:nUlDsyqyEA16rdZjnT0j58We | ||
| imphash | 56cb00a5fa58cf34ccf8b9263abc87f8 | ||
| impfuzzy | 24:FM214c3yrfx441JVDc1sc0R8a0UXyA4enj9MG95XGDZ6JlkoDq1L60ZCbR1tAjFT:nL+ff19cQhXF4exRJGV6JlkoqB6ehOhk | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x40a37c RegCloseKey
0x40a384 RegOpenKeyExA
0x40a38c RegQueryValueExA
CRYPT32.dll
0x40a39c CryptBinaryToStringA
KERNEL32.dll
0x40a3ac CloseHandle
0x40a3b4 CopyFileA
0x40a3bc CreateProcessA
0x40a3c4 CreateThread
0x40a3cc CreateToolhelp32Snapshot
0x40a3d4 DeleteCriticalSection
0x40a3dc EnterCriticalSection
0x40a3e4 GetComputerNameA
0x40a3ec GetCurrentProcess
0x40a3f4 GetCurrentProcessId
0x40a3fc GetCurrentThreadId
0x40a404 GetLastError
0x40a40c GetModuleFileNameA
0x40a414 GetModuleHandleW
0x40a41c GetProcAddress
0x40a424 GetStartupInfoA
0x40a42c GetSystemInfo
0x40a434 GetSystemTimeAsFileTime
0x40a43c GetTempPathA
0x40a444 GetTickCount
0x40a44c GlobalMemoryStatusEx
0x40a454 InitializeCriticalSection
0x40a45c LeaveCriticalSection
0x40a464 Process32First
0x40a46c Process32Next
0x40a474 QueryPerformanceCounter
0x40a47c RtlAddFunctionTable
0x40a484 RtlCaptureContext
0x40a48c RtlLookupFunctionEntry
0x40a494 RtlVirtualUnwind
0x40a49c SetThreadExecutionState
0x40a4a4 SetUnhandledExceptionFilter
0x40a4ac Sleep
0x40a4b4 TerminateProcess
0x40a4bc TlsGetValue
0x40a4c4 UnhandledExceptionFilter
0x40a4cc VirtualProtect
0x40a4d4 VirtualQuery
0x40a4dc WaitForSingleObject
msvcrt.dll
0x40a4ec __C_specific_handler
0x40a4f4 __getmainargs
0x40a4fc __initenv
0x40a504 __iob_func
0x40a50c __lconv_init
0x40a514 __set_app_type
0x40a51c __setusermatherr
0x40a524 _acmdln
0x40a52c _amsg_exit
0x40a534 _cexit
0x40a53c _fmode
0x40a544 _initterm
0x40a54c _onexit
0x40a554 _stricmp
0x40a55c _vsnprintf
0x40a564 abort
0x40a56c atoi
0x40a574 calloc
0x40a57c exit
0x40a584 fprintf
0x40a58c free
0x40a594 fwrite
0x40a59c malloc
0x40a5a4 memcpy
0x40a5ac memset
0x40a5b4 printf
0x40a5bc puts
0x40a5c4 signal
0x40a5cc sprintf
0x40a5d4 strlen
0x40a5dc strncmp
0x40a5e4 strncpy
0x40a5ec strstr
0x40a5f4 swprintf_s
0x40a5fc vfprintf
0x40a604 wprintf
SHLWAPI.dll
0x40a614 PathAppendA
WINHTTP.dll
0x40a624 WinHttpCloseHandle
0x40a62c WinHttpConnect
0x40a634 WinHttpOpen
0x40a63c WinHttpOpenRequest
0x40a644 WinHttpQueryDataAvailable
0x40a64c WinHttpReadData
0x40a654 WinHttpReceiveResponse
0x40a65c WinHttpSendRequest
EAT(Export Address Table) is none
ADVAPI32.dll
0x40a37c RegCloseKey
0x40a384 RegOpenKeyExA
0x40a38c RegQueryValueExA
CRYPT32.dll
0x40a39c CryptBinaryToStringA
KERNEL32.dll
0x40a3ac CloseHandle
0x40a3b4 CopyFileA
0x40a3bc CreateProcessA
0x40a3c4 CreateThread
0x40a3cc CreateToolhelp32Snapshot
0x40a3d4 DeleteCriticalSection
0x40a3dc EnterCriticalSection
0x40a3e4 GetComputerNameA
0x40a3ec GetCurrentProcess
0x40a3f4 GetCurrentProcessId
0x40a3fc GetCurrentThreadId
0x40a404 GetLastError
0x40a40c GetModuleFileNameA
0x40a414 GetModuleHandleW
0x40a41c GetProcAddress
0x40a424 GetStartupInfoA
0x40a42c GetSystemInfo
0x40a434 GetSystemTimeAsFileTime
0x40a43c GetTempPathA
0x40a444 GetTickCount
0x40a44c GlobalMemoryStatusEx
0x40a454 InitializeCriticalSection
0x40a45c LeaveCriticalSection
0x40a464 Process32First
0x40a46c Process32Next
0x40a474 QueryPerformanceCounter
0x40a47c RtlAddFunctionTable
0x40a484 RtlCaptureContext
0x40a48c RtlLookupFunctionEntry
0x40a494 RtlVirtualUnwind
0x40a49c SetThreadExecutionState
0x40a4a4 SetUnhandledExceptionFilter
0x40a4ac Sleep
0x40a4b4 TerminateProcess
0x40a4bc TlsGetValue
0x40a4c4 UnhandledExceptionFilter
0x40a4cc VirtualProtect
0x40a4d4 VirtualQuery
0x40a4dc WaitForSingleObject
msvcrt.dll
0x40a4ec __C_specific_handler
0x40a4f4 __getmainargs
0x40a4fc __initenv
0x40a504 __iob_func
0x40a50c __lconv_init
0x40a514 __set_app_type
0x40a51c __setusermatherr
0x40a524 _acmdln
0x40a52c _amsg_exit
0x40a534 _cexit
0x40a53c _fmode
0x40a544 _initterm
0x40a54c _onexit
0x40a554 _stricmp
0x40a55c _vsnprintf
0x40a564 abort
0x40a56c atoi
0x40a574 calloc
0x40a57c exit
0x40a584 fprintf
0x40a58c free
0x40a594 fwrite
0x40a59c malloc
0x40a5a4 memcpy
0x40a5ac memset
0x40a5b4 printf
0x40a5bc puts
0x40a5c4 signal
0x40a5cc sprintf
0x40a5d4 strlen
0x40a5dc strncmp
0x40a5e4 strncpy
0x40a5ec strstr
0x40a5f4 swprintf_s
0x40a5fc vfprintf
0x40a604 wprintf
SHLWAPI.dll
0x40a614 PathAppendA
WINHTTP.dll
0x40a624 WinHttpCloseHandle
0x40a62c WinHttpConnect
0x40a634 WinHttpOpen
0x40a63c WinHttpOpenRequest
0x40a644 WinHttpQueryDataAvailable
0x40a64c WinHttpReadData
0x40a654 WinHttpReceiveResponse
0x40a65c WinHttpSendRequest
EAT(Export Address Table) is none