ScreenShot
| Created | 2024.10.21 14:29 | Machine | s1_win7_x6401 |
| Filename | wildfire-test-pe-file.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (AIDetectMalware, Bebloh, Malicious, score, WacatacRI, S12026051, Unsafe, V8ox, grayware, confidence, high confidence, a variant of Generik, CIIVOGM, FileRepMalware, Misc, AutoG, gdorjf, CLOUD, PrivacyRisk, PanCar, CVE-2020-2006, CVE20200601, Static AI, Malicious PE, Detected, BTSGeneric, Ditertag, Eldorado, Gencirc, q5HLRo863dA, susgen, WildFireTestFile) | ||
| md5 | 8d608036b37676fd1255599098816c05 | ||
| sha256 | 2f8eb904d39eeab0acbdf308cf134d93c68458d2544cafdeeb74214adb3e7e52 | ||
| ssdeep | 768:0/EAAqxG0QqLccK+xL7scaOZ/IcGs8WbwnWh+6AXT2qEDnXbiPGEDUXnpT0rJmnU:tAc0QqgHW7/ZwcF8c6jELX+PupTNj | ||
| imphash | 318cc6baf22de5640b5a89a3bd3b774c | ||
| impfuzzy | 24:FuKmMaOov/t5l4wcpluyDkw8Ryvp5/J3I3T41jM1O+:oKNYtHcpszcp78cq | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x40a000 RegSetValueExW
0x40a004 RegCloseKey
0x40a008 RegCreateKeyExW
KERNEL32.dll
0x40a010 GetCommandLineA
0x40a014 HeapSetInformation
0x40a018 TerminateProcess
0x40a01c GetCurrentProcess
0x40a020 UnhandledExceptionFilter
0x40a024 SetUnhandledExceptionFilter
0x40a028 IsDebuggerPresent
0x40a02c GetLastError
0x40a030 HeapFree
0x40a034 CloseHandle
0x40a038 EncodePointer
0x40a03c DecodePointer
0x40a040 EnterCriticalSection
0x40a044 LeaveCriticalSection
0x40a048 InitializeCriticalSectionAndSpinCount
0x40a04c RtlUnwind
0x40a050 GetProcAddress
0x40a054 GetModuleHandleW
0x40a058 ExitProcess
0x40a05c WriteFile
0x40a060 GetStdHandle
0x40a064 GetModuleFileNameW
0x40a068 GetModuleFileNameA
0x40a06c FreeEnvironmentStringsW
0x40a070 WideCharToMultiByte
0x40a074 GetEnvironmentStringsW
0x40a078 SetHandleCount
0x40a07c GetFileType
0x40a080 GetStartupInfoW
0x40a084 DeleteCriticalSection
0x40a088 TlsAlloc
0x40a08c TlsGetValue
0x40a090 TlsSetValue
0x40a094 TlsFree
0x40a098 InterlockedIncrement
0x40a09c SetLastError
0x40a0a0 GetCurrentThreadId
0x40a0a4 InterlockedDecrement
0x40a0a8 HeapCreate
0x40a0ac QueryPerformanceCounter
0x40a0b0 GetTickCount
0x40a0b4 GetCurrentProcessId
0x40a0b8 GetSystemTimeAsFileTime
0x40a0bc SetStdHandle
0x40a0c0 GetConsoleCP
0x40a0c4 GetConsoleMode
0x40a0c8 FlushFileBuffers
0x40a0cc Sleep
0x40a0d0 CreateFileA
0x40a0d4 GetCPInfo
0x40a0d8 GetACP
0x40a0dc GetOEMCP
0x40a0e0 IsValidCodePage
0x40a0e4 MultiByteToWideChar
0x40a0e8 LoadLibraryW
0x40a0ec WriteConsoleW
0x40a0f0 SetFilePointer
0x40a0f4 IsProcessorFeaturePresent
0x40a0f8 HeapAlloc
0x40a0fc HeapReAlloc
0x40a100 SetEndOfFile
0x40a104 GetProcessHeap
0x40a108 ReadFile
0x40a10c LCMapStringW
0x40a110 GetStringTypeW
0x40a114 HeapSize
0x40a118 CreateFileW
EAT(Export Address Table) is none
ADVAPI32.dll
0x40a000 RegSetValueExW
0x40a004 RegCloseKey
0x40a008 RegCreateKeyExW
KERNEL32.dll
0x40a010 GetCommandLineA
0x40a014 HeapSetInformation
0x40a018 TerminateProcess
0x40a01c GetCurrentProcess
0x40a020 UnhandledExceptionFilter
0x40a024 SetUnhandledExceptionFilter
0x40a028 IsDebuggerPresent
0x40a02c GetLastError
0x40a030 HeapFree
0x40a034 CloseHandle
0x40a038 EncodePointer
0x40a03c DecodePointer
0x40a040 EnterCriticalSection
0x40a044 LeaveCriticalSection
0x40a048 InitializeCriticalSectionAndSpinCount
0x40a04c RtlUnwind
0x40a050 GetProcAddress
0x40a054 GetModuleHandleW
0x40a058 ExitProcess
0x40a05c WriteFile
0x40a060 GetStdHandle
0x40a064 GetModuleFileNameW
0x40a068 GetModuleFileNameA
0x40a06c FreeEnvironmentStringsW
0x40a070 WideCharToMultiByte
0x40a074 GetEnvironmentStringsW
0x40a078 SetHandleCount
0x40a07c GetFileType
0x40a080 GetStartupInfoW
0x40a084 DeleteCriticalSection
0x40a088 TlsAlloc
0x40a08c TlsGetValue
0x40a090 TlsSetValue
0x40a094 TlsFree
0x40a098 InterlockedIncrement
0x40a09c SetLastError
0x40a0a0 GetCurrentThreadId
0x40a0a4 InterlockedDecrement
0x40a0a8 HeapCreate
0x40a0ac QueryPerformanceCounter
0x40a0b0 GetTickCount
0x40a0b4 GetCurrentProcessId
0x40a0b8 GetSystemTimeAsFileTime
0x40a0bc SetStdHandle
0x40a0c0 GetConsoleCP
0x40a0c4 GetConsoleMode
0x40a0c8 FlushFileBuffers
0x40a0cc Sleep
0x40a0d0 CreateFileA
0x40a0d4 GetCPInfo
0x40a0d8 GetACP
0x40a0dc GetOEMCP
0x40a0e0 IsValidCodePage
0x40a0e4 MultiByteToWideChar
0x40a0e8 LoadLibraryW
0x40a0ec WriteConsoleW
0x40a0f0 SetFilePointer
0x40a0f4 IsProcessorFeaturePresent
0x40a0f8 HeapAlloc
0x40a0fc HeapReAlloc
0x40a100 SetEndOfFile
0x40a104 GetProcessHeap
0x40a108 ReadFile
0x40a10c LCMapStringW
0x40a110 GetStringTypeW
0x40a114 HeapSize
0x40a118 CreateFileW
EAT(Export Address Table) is none