ScreenShot
| Created | 2024.10.21 14:44 | Machine | s1_win7_x6403 |
| Filename | file.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetectMalware, Malicious, score, Kudj, GenericKD, Unsafe, Save, confidence, Attribute, HighConfidence, high confidence, HackTool, MalwareX, Znyonm, CLOUD, Redcap, vpwbl, Tool, Static AI, Malicious PE, Detected, Wacapew, Artemis, R002H0CDC24, Gencirc, susgen) | ||
| md5 | 47a0d90c01b43ed755d1152ffc3a5068 | ||
| sha256 | a26182ad8e56a4b616ae2aa516c22a80d8030f08e36d05b13f7438bc3781309d | ||
| ssdeep | 1536:D8p1YtAjTAdRJcLI9dBYqVnBsdemBt35q:Ip1YePAdRuLIeqVnB9mBh5 | ||
| imphash | 5f0d0057de3860edbc429c07d0073de1 | ||
| impfuzzy | 96:jx3veLr5VIbcWJKHOaxqoyEtMxUc+087TtjQbff4YI5AylH3v2INlEKAEVh49:VYYiFFAylHfN1AEVhm | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140031070 CreateRemoteThread
0x140031078 OpenProcess
0x140031080 VirtualAlloc
0x140031088 VirtualAllocEx
0x140031090 WriteProcessMemory
0x140031098 ExitProcess
0x1400310a0 GetProcAddress
0x1400310a8 LoadLibraryA
0x1400310b0 CreateToolhelp32Snapshot
0x1400310b8 Process32FirstW
0x1400310c0 Process32NextW
0x1400310c8 VirtualQuery
0x1400310d0 GetCurrentProcess
0x1400310d8 CloseHandle
0x1400310e0 GetModuleHandleW
0x1400310e8 IsDebuggerPresent
0x1400310f0 GetProcessHeap
0x1400310f8 HeapFree
0x140031100 HeapAlloc
0x140031108 GetLastError
0x140031110 GetStartupInfoW
0x140031118 InitializeSListHead
0x140031120 GetSystemTimeAsFileTime
0x140031128 GetCurrentProcessId
0x140031130 QueryPerformanceCounter
0x140031138 IsProcessorFeaturePresent
0x140031140 TerminateProcess
0x140031148 SetUnhandledExceptionFilter
0x140031150 UnhandledExceptionFilter
0x140031158 RtlVirtualUnwind
0x140031160 RtlLookupFunctionEntry
0x140031168 RtlCaptureContext
0x140031170 WideCharToMultiByte
0x140031178 MultiByteToWideChar
0x140031180 RaiseException
0x140031188 GetCurrentThreadId
0x140031190 FreeLibrary
ADVAPI32.dll
0x140031000 AdjustTokenPrivileges
0x140031008 OpenProcessToken
0x140031010 LookupPrivilegeValueW
MSVCP140D.dll
0x140031228 ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x140031230 ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
0x140031238 ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x140031240 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x140031248 ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
0x140031250 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x140031258 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
0x140031260 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x140031268 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x140031270 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x140031278 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140031280 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x140031288 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x140031290 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x140031298 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400312a0 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
0x1400312a8 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1400312b0 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1400312b8 ?_Xbad_alloc@std@@YAXXZ
0x1400312c0 ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x1400312c8 ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x1400312d0 ??0_Lockit@std@@QEAA@H@Z
0x1400312d8 ??1_Lockit@std@@QEAA@XZ
0x1400312e0 ?_Xlength_error@std@@YAXPEBD@Z
0x1400312e8 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400312f0 ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400312f8 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x140031300 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x140031308 ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
0x140031310 ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x140031318 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x140031320 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140031328 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x140031330 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x140031338 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x140031340 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x140031348 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x140031350 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x140031358 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x140031360 ??Bid@locale@std@@QEAA_KXZ
0x140031368 ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
WININET.dll
0x140031538 InternetCloseHandle
0x140031540 InternetReadFile
0x140031548 InternetOpenW
0x140031550 InternetOpenUrlA
VCRUNTIME140D.dll
0x140031408 __vcrt_LoadLibraryExW
0x140031410 __vcrt_GetModuleHandleW
0x140031418 __vcrt_GetModuleFileNameW
0x140031420 __current_exception_context
0x140031428 __current_exception
0x140031430 __std_type_info_destroy_list
0x140031438 __C_specific_handler_noexcept
0x140031440 __std_exception_destroy
0x140031448 __C_specific_handler
0x140031450 _CxxThrowException
0x140031458 __std_exception_copy
0x140031460 memmove
0x140031468 memcpy
VCRUNTIME140_1D.dll
0x1400314d8 __CxxFrameHandler4
ucrtbased.dll
0x1400315b0 _CrtDbgReport
0x1400315b8 _free_dbg
0x1400315c0 _malloc_dbg
0x1400315c8 _callnewh
0x1400315d0 _CrtDbgReportW
0x1400315d8 _seh_filter_exe
0x1400315e0 _set_app_type
0x1400315e8 __setusermatherr
0x1400315f0 _configure_narrow_argv
0x1400315f8 _initialize_narrow_environment
0x140031600 _get_initial_narrow_environment
0x140031608 _initterm
0x140031610 _initterm_e
0x140031618 exit
0x140031620 _exit
0x140031628 _set_fmode
0x140031630 __p___argc
0x140031638 __p___argv
0x140031640 _cexit
0x140031648 _c_exit
0x140031650 _register_thread_local_exe_atexit_callback
0x140031658 _configthreadlocale
0x140031660 _set_new_mode
0x140031668 __p__commode
0x140031670 _seh_filter_dll
0x140031678 malloc
0x140031680 _register_onexit_function
0x140031688 _execute_onexit_table
0x140031690 _crt_atexit
0x140031698 _crt_at_quick_exit
0x1400316a0 strcpy_s
0x1400316a8 strcat_s
0x1400316b0 terminate
0x1400316b8 _wmakepath_s
0x1400316c0 _wsplitpath_s
0x1400316c8 wcscpy_s
0x1400316d0 ungetc
0x1400316d8 setvbuf
0x1400316e0 rewind
0x1400316e8 fwrite
0x1400316f0 ftell
0x1400316f8 _fseeki64
0x140031700 fseek
0x140031708 fsetpos
0x140031710 fread
0x140031718 fputc
0x140031720 fopen
0x140031728 fgetpos
0x140031730 fgetc
0x140031738 fflush
0x140031740 fclose
0x140031748 _get_stream_buffer_pointers
0x140031750 _invalid_parameter
0x140031758 _stricmp
0x140031760 _unlock_file
0x140031768 _initialize_onexit_table
0x140031770 _lock_file
0x140031778 __stdio_common_vsprintf_s
EAT(Export Address Table) is none
KERNEL32.dll
0x140031070 CreateRemoteThread
0x140031078 OpenProcess
0x140031080 VirtualAlloc
0x140031088 VirtualAllocEx
0x140031090 WriteProcessMemory
0x140031098 ExitProcess
0x1400310a0 GetProcAddress
0x1400310a8 LoadLibraryA
0x1400310b0 CreateToolhelp32Snapshot
0x1400310b8 Process32FirstW
0x1400310c0 Process32NextW
0x1400310c8 VirtualQuery
0x1400310d0 GetCurrentProcess
0x1400310d8 CloseHandle
0x1400310e0 GetModuleHandleW
0x1400310e8 IsDebuggerPresent
0x1400310f0 GetProcessHeap
0x1400310f8 HeapFree
0x140031100 HeapAlloc
0x140031108 GetLastError
0x140031110 GetStartupInfoW
0x140031118 InitializeSListHead
0x140031120 GetSystemTimeAsFileTime
0x140031128 GetCurrentProcessId
0x140031130 QueryPerformanceCounter
0x140031138 IsProcessorFeaturePresent
0x140031140 TerminateProcess
0x140031148 SetUnhandledExceptionFilter
0x140031150 UnhandledExceptionFilter
0x140031158 RtlVirtualUnwind
0x140031160 RtlLookupFunctionEntry
0x140031168 RtlCaptureContext
0x140031170 WideCharToMultiByte
0x140031178 MultiByteToWideChar
0x140031180 RaiseException
0x140031188 GetCurrentThreadId
0x140031190 FreeLibrary
ADVAPI32.dll
0x140031000 AdjustTokenPrivileges
0x140031008 OpenProcessToken
0x140031010 LookupPrivilegeValueW
MSVCP140D.dll
0x140031228 ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x140031230 ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
0x140031238 ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x140031240 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x140031248 ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
0x140031250 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x140031258 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
0x140031260 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x140031268 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x140031270 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x140031278 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140031280 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x140031288 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x140031290 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x140031298 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400312a0 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
0x1400312a8 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1400312b0 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1400312b8 ?_Xbad_alloc@std@@YAXXZ
0x1400312c0 ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x1400312c8 ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x1400312d0 ??0_Lockit@std@@QEAA@H@Z
0x1400312d8 ??1_Lockit@std@@QEAA@XZ
0x1400312e0 ?_Xlength_error@std@@YAXPEBD@Z
0x1400312e8 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400312f0 ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400312f8 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x140031300 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x140031308 ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
0x140031310 ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x140031318 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x140031320 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140031328 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x140031330 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x140031338 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x140031340 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x140031348 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x140031350 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x140031358 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x140031360 ??Bid@locale@std@@QEAA_KXZ
0x140031368 ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
WININET.dll
0x140031538 InternetCloseHandle
0x140031540 InternetReadFile
0x140031548 InternetOpenW
0x140031550 InternetOpenUrlA
VCRUNTIME140D.dll
0x140031408 __vcrt_LoadLibraryExW
0x140031410 __vcrt_GetModuleHandleW
0x140031418 __vcrt_GetModuleFileNameW
0x140031420 __current_exception_context
0x140031428 __current_exception
0x140031430 __std_type_info_destroy_list
0x140031438 __C_specific_handler_noexcept
0x140031440 __std_exception_destroy
0x140031448 __C_specific_handler
0x140031450 _CxxThrowException
0x140031458 __std_exception_copy
0x140031460 memmove
0x140031468 memcpy
VCRUNTIME140_1D.dll
0x1400314d8 __CxxFrameHandler4
ucrtbased.dll
0x1400315b0 _CrtDbgReport
0x1400315b8 _free_dbg
0x1400315c0 _malloc_dbg
0x1400315c8 _callnewh
0x1400315d0 _CrtDbgReportW
0x1400315d8 _seh_filter_exe
0x1400315e0 _set_app_type
0x1400315e8 __setusermatherr
0x1400315f0 _configure_narrow_argv
0x1400315f8 _initialize_narrow_environment
0x140031600 _get_initial_narrow_environment
0x140031608 _initterm
0x140031610 _initterm_e
0x140031618 exit
0x140031620 _exit
0x140031628 _set_fmode
0x140031630 __p___argc
0x140031638 __p___argv
0x140031640 _cexit
0x140031648 _c_exit
0x140031650 _register_thread_local_exe_atexit_callback
0x140031658 _configthreadlocale
0x140031660 _set_new_mode
0x140031668 __p__commode
0x140031670 _seh_filter_dll
0x140031678 malloc
0x140031680 _register_onexit_function
0x140031688 _execute_onexit_table
0x140031690 _crt_atexit
0x140031698 _crt_at_quick_exit
0x1400316a0 strcpy_s
0x1400316a8 strcat_s
0x1400316b0 terminate
0x1400316b8 _wmakepath_s
0x1400316c0 _wsplitpath_s
0x1400316c8 wcscpy_s
0x1400316d0 ungetc
0x1400316d8 setvbuf
0x1400316e0 rewind
0x1400316e8 fwrite
0x1400316f0 ftell
0x1400316f8 _fseeki64
0x140031700 fseek
0x140031708 fsetpos
0x140031710 fread
0x140031718 fputc
0x140031720 fopen
0x140031728 fgetpos
0x140031730 fgetc
0x140031738 fflush
0x140031740 fclose
0x140031748 _get_stream_buffer_pointers
0x140031750 _invalid_parameter
0x140031758 _stricmp
0x140031760 _unlock_file
0x140031768 _initialize_onexit_table
0x140031770 _lock_file
0x140031778 __stdio_common_vsprintf_s
EAT(Export Address Table) is none