ScreenShot
| Created | 2024.10.21 14:12 | Machine | s1_win7_x6403 |
| Filename | program.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 49 detected (AIDetectMalware, Hacktool, Chisel, Malicious, score, Suspiciouspws, Bulz, Unsafe, Vdj1, confidence, 100%, moderate confidence, a variant of WinGo, SharpChisel, AGEN, Tool, Detected, Eldorado, R368091, Artemis, WinGo, Nzfl, Igent, bUTRIA, susgen) | ||
| md5 | 7d2eb1b2a364d686f6d4f17cdf626810 | ||
| sha256 | 034f883e7dad9b363bdaf1db5d5802da7296196a10dc9e29fd1027b769443ee8 | ||
| ssdeep | 196608:CqoFg26BXh0UOjCpu/07qcwru7fr/tapj:KF/+w/CwrQ | ||
| imphash | 93a138801d9601e4c36e6274c8b9d111 | ||
| impfuzzy | 24:UbVjhNwO+VuTnvYzoLtXOr6kwmDruMztir6UP:KwO+VIc+XOmG8nP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| watch | Detects the presence of Wine emulator |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0xbe3020 WriteFile
0xbe3028 WriteConsoleW
0xbe3030 WaitForMultipleObjects
0xbe3038 WaitForSingleObject
0xbe3040 VirtualQuery
0xbe3048 VirtualFree
0xbe3050 VirtualAlloc
0xbe3058 SwitchToThread
0xbe3060 SuspendThread
0xbe3068 SetWaitableTimer
0xbe3070 SetUnhandledExceptionFilter
0xbe3078 SetProcessPriorityBoost
0xbe3080 SetEvent
0xbe3088 SetErrorMode
0xbe3090 SetConsoleCtrlHandler
0xbe3098 ResumeThread
0xbe30a0 QueryFullProcessImageNameA
0xbe30a8 ProcessIdToSessionId
0xbe30b0 PostQueuedCompletionStatus
0xbe30b8 OpenProcess
0xbe30c0 LoadLibraryA
0xbe30c8 LoadLibraryW
0xbe30d0 SetThreadContext
0xbe30d8 GetThreadContext
0xbe30e0 GetSystemInfo
0xbe30e8 GetSystemDirectoryA
0xbe30f0 GetStdHandle
0xbe30f8 GetQueuedCompletionStatusEx
0xbe3100 GetProcessAffinityMask
0xbe3108 GetProcAddress
0xbe3110 GetEnvironmentStringsW
0xbe3118 GetConsoleMode
0xbe3120 FreeEnvironmentStringsW
0xbe3128 ExitProcess
0xbe3130 DuplicateHandle
0xbe3138 CreateThread
0xbe3140 CreateIoCompletionPort
0xbe3148 CreateEventA
0xbe3150 CloseHandle
0xbe3158 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0xbe3020 WriteFile
0xbe3028 WriteConsoleW
0xbe3030 WaitForMultipleObjects
0xbe3038 WaitForSingleObject
0xbe3040 VirtualQuery
0xbe3048 VirtualFree
0xbe3050 VirtualAlloc
0xbe3058 SwitchToThread
0xbe3060 SuspendThread
0xbe3068 SetWaitableTimer
0xbe3070 SetUnhandledExceptionFilter
0xbe3078 SetProcessPriorityBoost
0xbe3080 SetEvent
0xbe3088 SetErrorMode
0xbe3090 SetConsoleCtrlHandler
0xbe3098 ResumeThread
0xbe30a0 QueryFullProcessImageNameA
0xbe30a8 ProcessIdToSessionId
0xbe30b0 PostQueuedCompletionStatus
0xbe30b8 OpenProcess
0xbe30c0 LoadLibraryA
0xbe30c8 LoadLibraryW
0xbe30d0 SetThreadContext
0xbe30d8 GetThreadContext
0xbe30e0 GetSystemInfo
0xbe30e8 GetSystemDirectoryA
0xbe30f0 GetStdHandle
0xbe30f8 GetQueuedCompletionStatusEx
0xbe3100 GetProcessAffinityMask
0xbe3108 GetProcAddress
0xbe3110 GetEnvironmentStringsW
0xbe3118 GetConsoleMode
0xbe3120 FreeEnvironmentStringsW
0xbe3128 ExitProcess
0xbe3130 DuplicateHandle
0xbe3138 CreateThread
0xbe3140 CreateIoCompletionPort
0xbe3148 CreateEventA
0xbe3150 CloseHandle
0xbe3158 AddVectoredExceptionHandler
EAT(Export Address Table) is none