ScreenShot
| Created | 2024.10.21 14:42 | Machine | s1_win7_x6403 |
| Filename | FirewallLichh.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 38 detected (AIDetectMalware, Malicious, score, GenericKD, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, MalwareX, Siggen29, Static AI, Malicious PE, Detected, Wacatac, AHD2ZL, CoinMiner, R673013, Artemis, Outbreak, Chgt, Software, B9nj) | ||
| md5 | 40f68d8b1be0f31f4aaf28dccf2f94cb | ||
| sha256 | 98373f6033f41eff577963ce2a8cde8f09394e63de31c866ef5d265b714a9ed9 | ||
| ssdeep | 6144:Fi8fZ/nLeOlMAiyTI+BS6oIC2Dbe/MZWdLpID+RMcA2dHDad2m2+yFMCPaf1:FTfFOf8IyS4LDb6dlIDuzAIOboMCif1 | ||
| imphash | 3dd1b7e6418973ac2798d88d33677d96 | ||
| impfuzzy | 96:9f70f3u818ANWSW8tiNCAE5lVHzEHbpNjwM3QCNId9+qjNN+bajQ9:RuES1tmbppW+qjNLjQ9 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400610e0 WideCharToMultiByte
0x1400610e8 RtlCaptureContext
0x1400610f0 RtlLookupFunctionEntry
0x1400610f8 RtlVirtualUnwind
0x140061100 UnhandledExceptionFilter
0x140061108 GetTickCount
0x140061110 QueryPerformanceCounter
0x140061118 VerifyVersionInfoA
0x140061120 LoadLibraryA
0x140061128 GetProcAddress
0x140061130 GetModuleHandleA
0x140061138 FreeLibrary
0x140061140 GetSystemDirectoryA
0x140061148 CreateFileA
0x140061150 VerSetConditionMask
0x140061158 SleepEx
0x140061160 LeaveCriticalSection
0x140061168 EnterCriticalSection
0x140061170 FormatMessageA
0x140061178 SetLastError
0x140061180 CloseHandle
0x140061188 GetCurrentProcess
0x140061190 SetUnhandledExceptionFilter
0x140061198 TerminateProcess
0x1400611a0 IsProcessorFeaturePresent
0x1400611a8 IsDebuggerPresent
0x1400611b0 GetModuleHandleW
0x1400611b8 GetCurrentProcessId
0x1400611c0 GetCurrentThreadId
0x1400611c8 GetFileSizeEx
0x1400611d0 WaitForMultipleObjects
0x1400611d8 PeekNamedPipe
0x1400611e0 ReadFile
0x1400611e8 GetFileType
0x1400611f0 GetEnvironmentVariableA
0x1400611f8 MultiByteToWideChar
0x140061200 WaitForSingleObjectEx
0x140061208 QueryPerformanceFrequency
0x140061210 GetSystemTimeAsFileTime
0x140061218 MoveFileExA
0x140061220 DeleteCriticalSection
0x140061228 GetLastError
0x140061230 InitializeCriticalSectionEx
0x140061238 OutputDebugStringW
0x140061240 InitializeSListHead
0x140061248 GetConsoleWindow
0x140061250 SetConsoleTitleA
0x140061258 SetConsoleTextAttribute
0x140061260 Sleep
0x140061268 GetStdHandle
USER32.dll
0x1400612f8 GetWindowLongPtrA
0x140061300 SetWindowLongPtrA
0x140061308 MessageBoxA
0x140061310 SetLayeredWindowAttributes
ADVAPI32.dll
0x140061000 CryptAcquireContextA
0x140061008 CryptReleaseContext
0x140061010 CryptGetHashParam
0x140061018 CryptGenRandom
0x140061020 CryptCreateHash
0x140061028 CryptHashData
0x140061030 CryptDestroyHash
0x140061038 CryptDestroyKey
0x140061040 CryptImportKey
0x140061048 CryptEncrypt
SHELL32.dll
0x1400612e8 ShellExecuteA
MSVCP140.dll
0x140061278 ?_Xlength_error@std@@YAXPEBD@Z
0x140061280 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
0x140061288 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x140061290 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x140061298 ?uncaught_exception@std@@YA_NXZ
0x1400612a0 ?_Xbad_function_call@std@@YAXXZ
0x1400612a8 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400612b0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400612b8 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400612c0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400612c8 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
urlmon.dll
0x140061808 URLDownloadToFileA
Normaliz.dll
0x1400612d8 IdnToAscii
WLDAP32.dll
0x1400613b0 None
0x1400613b8 None
0x1400613c0 None
0x1400613c8 None
0x1400613d0 None
0x1400613d8 None
0x1400613e0 None
0x1400613e8 None
0x1400613f0 None
0x1400613f8 None
0x140061400 None
0x140061408 None
0x140061410 None
0x140061418 None
0x140061420 None
0x140061428 None
0x140061430 None
0x140061438 None
CRYPT32.dll
0x140061058 CertGetCertificateChain
0x140061060 CertFreeCertificateChainEngine
0x140061068 CertCreateCertificateChainEngine
0x140061070 CryptQueryObject
0x140061078 CertGetNameStringA
0x140061080 CertFindExtension
0x140061088 CertAddCertificateContextToStore
0x140061090 CertFreeCertificateChain
0x140061098 PFXImportCertStore
0x1400610a0 CryptStringToBinaryA
0x1400610a8 CertFreeCertificateContext
0x1400610b0 CertFindCertificateInStore
0x1400610b8 CertEnumCertificatesInStore
0x1400610c0 CertCloseStore
0x1400610c8 CertOpenStore
0x1400610d0 CryptDecodeObjectEx
WS2_32.dll
0x140061448 gethostname
0x140061450 sendto
0x140061458 recvfrom
0x140061460 freeaddrinfo
0x140061468 getaddrinfo
0x140061470 select
0x140061478 ioctlsocket
0x140061480 listen
0x140061488 htonl
0x140061490 accept
0x140061498 WSACleanup
0x1400614a0 WSAStartup
0x1400614a8 WSAIoctl
0x1400614b0 WSASetLastError
0x1400614b8 socket
0x1400614c0 setsockopt
0x1400614c8 ntohs
0x1400614d0 htons
0x1400614d8 getsockopt
0x1400614e0 getsockname
0x1400614e8 getpeername
0x1400614f0 connect
0x1400614f8 ind
0x140061500 WSAGetLastError
0x140061508 send
0x140061510 recv
0x140061518 closesocket
0x140061520 ntohl
0x140061528 __WSAFDIsSet
VCRUNTIME140.dll
0x140061320 __std_exception_copy
0x140061328 __std_exception_destroy
0x140061330 _CxxThrowException
0x140061338 memcpy
0x140061340 memset
0x140061348 __std_terminate
0x140061350 __C_specific_handler
0x140061358 __current_exception_context
0x140061360 __current_exception
0x140061368 memchr
0x140061370 memcmp
0x140061378 strchr
0x140061380 strstr
0x140061388 memmove
0x140061390 strrchr
VCRUNTIME140_1.dll
0x1400613a0 __CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0.dll
0x140061600 _invalid_parameter_noinfo_noreturn
0x140061608 _beginthreadex
0x140061610 _errno
0x140061618 __sys_nerr
0x140061620 _getpid
0x140061628 exit
0x140061630 system
0x140061638 terminate
0x140061640 _register_thread_local_exe_atexit_callback
0x140061648 _configure_narrow_argv
0x140061650 _initialize_narrow_environment
0x140061658 _initialize_onexit_table
0x140061660 _register_onexit_function
0x140061668 _crt_atexit
0x140061670 _cexit
0x140061678 _seh_filter_exe
0x140061680 _set_app_type
0x140061688 strerror
0x140061690 _c_exit
0x140061698 _initterm
0x1400616a0 _initterm_e
0x1400616a8 _exit
0x1400616b0 __p___argv
0x1400616b8 __p___argc
0x1400616c0 _get_initial_narrow_environment
api-ms-win-crt-heap-l1-1-0.dll
0x140061598 realloc
0x1400615a0 _callnewh
0x1400615a8 free
0x1400615b0 calloc
0x1400615b8 _set_new_mode
0x1400615c0 malloc
api-ms-win-crt-utility-l1-1-0.dll
0x1400617f0 rand
0x1400617f8 qsort
api-ms-win-crt-stdio-l1-1-0.dll
0x1400616d0 __stdio_common_vfprintf
0x1400616d8 fseek
0x1400616e0 feof
0x1400616e8 __p__commode
0x1400616f0 __acrt_iob_func
0x1400616f8 ftell
0x140061700 fputc
0x140061708 _lseeki64
0x140061710 _read
0x140061718 _write
0x140061720 _close
0x140061728 _open
0x140061730 fflush
0x140061738 __stdio_common_vsscanf
0x140061740 __stdio_common_vsprintf
0x140061748 fread
0x140061750 fputs
0x140061758 fopen
0x140061760 fwrite
0x140061768 fgets
0x140061770 fclose
0x140061778 _set_fmode
api-ms-win-crt-convert-l1-1-0.dll
0x140061538 strtod
0x140061540 atoi
0x140061548 strtoul
0x140061550 strtoull
0x140061558 strtol
0x140061560 strtoll
api-ms-win-crt-locale-l1-1-0.dll
0x1400615d0 _configthreadlocale
0x1400615d8 localeconv
api-ms-win-crt-time-l1-1-0.dll
0x1400617d8 _time64
0x1400617e0 _gmtime64
api-ms-win-crt-string-l1-1-0.dll
0x140061788 strcmp
0x140061790 strncmp
0x140061798 isupper
0x1400617a0 strcspn
0x1400617a8 strspn
0x1400617b0 _strdup
0x1400617b8 strncpy
0x1400617c0 tolower
0x1400617c8 strpbrk
api-ms-win-crt-filesystem-l1-1-0.dll
0x140061570 _stat64
0x140061578 _unlink
0x140061580 _access
0x140061588 _fstat64
api-ms-win-crt-math-l1-1-0.dll
0x1400615e8 __setusermatherr
0x1400615f0 _dclass
EAT(Export Address Table) is none
KERNEL32.dll
0x1400610e0 WideCharToMultiByte
0x1400610e8 RtlCaptureContext
0x1400610f0 RtlLookupFunctionEntry
0x1400610f8 RtlVirtualUnwind
0x140061100 UnhandledExceptionFilter
0x140061108 GetTickCount
0x140061110 QueryPerformanceCounter
0x140061118 VerifyVersionInfoA
0x140061120 LoadLibraryA
0x140061128 GetProcAddress
0x140061130 GetModuleHandleA
0x140061138 FreeLibrary
0x140061140 GetSystemDirectoryA
0x140061148 CreateFileA
0x140061150 VerSetConditionMask
0x140061158 SleepEx
0x140061160 LeaveCriticalSection
0x140061168 EnterCriticalSection
0x140061170 FormatMessageA
0x140061178 SetLastError
0x140061180 CloseHandle
0x140061188 GetCurrentProcess
0x140061190 SetUnhandledExceptionFilter
0x140061198 TerminateProcess
0x1400611a0 IsProcessorFeaturePresent
0x1400611a8 IsDebuggerPresent
0x1400611b0 GetModuleHandleW
0x1400611b8 GetCurrentProcessId
0x1400611c0 GetCurrentThreadId
0x1400611c8 GetFileSizeEx
0x1400611d0 WaitForMultipleObjects
0x1400611d8 PeekNamedPipe
0x1400611e0 ReadFile
0x1400611e8 GetFileType
0x1400611f0 GetEnvironmentVariableA
0x1400611f8 MultiByteToWideChar
0x140061200 WaitForSingleObjectEx
0x140061208 QueryPerformanceFrequency
0x140061210 GetSystemTimeAsFileTime
0x140061218 MoveFileExA
0x140061220 DeleteCriticalSection
0x140061228 GetLastError
0x140061230 InitializeCriticalSectionEx
0x140061238 OutputDebugStringW
0x140061240 InitializeSListHead
0x140061248 GetConsoleWindow
0x140061250 SetConsoleTitleA
0x140061258 SetConsoleTextAttribute
0x140061260 Sleep
0x140061268 GetStdHandle
USER32.dll
0x1400612f8 GetWindowLongPtrA
0x140061300 SetWindowLongPtrA
0x140061308 MessageBoxA
0x140061310 SetLayeredWindowAttributes
ADVAPI32.dll
0x140061000 CryptAcquireContextA
0x140061008 CryptReleaseContext
0x140061010 CryptGetHashParam
0x140061018 CryptGenRandom
0x140061020 CryptCreateHash
0x140061028 CryptHashData
0x140061030 CryptDestroyHash
0x140061038 CryptDestroyKey
0x140061040 CryptImportKey
0x140061048 CryptEncrypt
SHELL32.dll
0x1400612e8 ShellExecuteA
MSVCP140.dll
0x140061278 ?_Xlength_error@std@@YAXPEBD@Z
0x140061280 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
0x140061288 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x140061290 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x140061298 ?uncaught_exception@std@@YA_NXZ
0x1400612a0 ?_Xbad_function_call@std@@YAXXZ
0x1400612a8 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400612b0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400612b8 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400612c0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400612c8 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
urlmon.dll
0x140061808 URLDownloadToFileA
Normaliz.dll
0x1400612d8 IdnToAscii
WLDAP32.dll
0x1400613b0 None
0x1400613b8 None
0x1400613c0 None
0x1400613c8 None
0x1400613d0 None
0x1400613d8 None
0x1400613e0 None
0x1400613e8 None
0x1400613f0 None
0x1400613f8 None
0x140061400 None
0x140061408 None
0x140061410 None
0x140061418 None
0x140061420 None
0x140061428 None
0x140061430 None
0x140061438 None
CRYPT32.dll
0x140061058 CertGetCertificateChain
0x140061060 CertFreeCertificateChainEngine
0x140061068 CertCreateCertificateChainEngine
0x140061070 CryptQueryObject
0x140061078 CertGetNameStringA
0x140061080 CertFindExtension
0x140061088 CertAddCertificateContextToStore
0x140061090 CertFreeCertificateChain
0x140061098 PFXImportCertStore
0x1400610a0 CryptStringToBinaryA
0x1400610a8 CertFreeCertificateContext
0x1400610b0 CertFindCertificateInStore
0x1400610b8 CertEnumCertificatesInStore
0x1400610c0 CertCloseStore
0x1400610c8 CertOpenStore
0x1400610d0 CryptDecodeObjectEx
WS2_32.dll
0x140061448 gethostname
0x140061450 sendto
0x140061458 recvfrom
0x140061460 freeaddrinfo
0x140061468 getaddrinfo
0x140061470 select
0x140061478 ioctlsocket
0x140061480 listen
0x140061488 htonl
0x140061490 accept
0x140061498 WSACleanup
0x1400614a0 WSAStartup
0x1400614a8 WSAIoctl
0x1400614b0 WSASetLastError
0x1400614b8 socket
0x1400614c0 setsockopt
0x1400614c8 ntohs
0x1400614d0 htons
0x1400614d8 getsockopt
0x1400614e0 getsockname
0x1400614e8 getpeername
0x1400614f0 connect
0x1400614f8 ind
0x140061500 WSAGetLastError
0x140061508 send
0x140061510 recv
0x140061518 closesocket
0x140061520 ntohl
0x140061528 __WSAFDIsSet
VCRUNTIME140.dll
0x140061320 __std_exception_copy
0x140061328 __std_exception_destroy
0x140061330 _CxxThrowException
0x140061338 memcpy
0x140061340 memset
0x140061348 __std_terminate
0x140061350 __C_specific_handler
0x140061358 __current_exception_context
0x140061360 __current_exception
0x140061368 memchr
0x140061370 memcmp
0x140061378 strchr
0x140061380 strstr
0x140061388 memmove
0x140061390 strrchr
VCRUNTIME140_1.dll
0x1400613a0 __CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0.dll
0x140061600 _invalid_parameter_noinfo_noreturn
0x140061608 _beginthreadex
0x140061610 _errno
0x140061618 __sys_nerr
0x140061620 _getpid
0x140061628 exit
0x140061630 system
0x140061638 terminate
0x140061640 _register_thread_local_exe_atexit_callback
0x140061648 _configure_narrow_argv
0x140061650 _initialize_narrow_environment
0x140061658 _initialize_onexit_table
0x140061660 _register_onexit_function
0x140061668 _crt_atexit
0x140061670 _cexit
0x140061678 _seh_filter_exe
0x140061680 _set_app_type
0x140061688 strerror
0x140061690 _c_exit
0x140061698 _initterm
0x1400616a0 _initterm_e
0x1400616a8 _exit
0x1400616b0 __p___argv
0x1400616b8 __p___argc
0x1400616c0 _get_initial_narrow_environment
api-ms-win-crt-heap-l1-1-0.dll
0x140061598 realloc
0x1400615a0 _callnewh
0x1400615a8 free
0x1400615b0 calloc
0x1400615b8 _set_new_mode
0x1400615c0 malloc
api-ms-win-crt-utility-l1-1-0.dll
0x1400617f0 rand
0x1400617f8 qsort
api-ms-win-crt-stdio-l1-1-0.dll
0x1400616d0 __stdio_common_vfprintf
0x1400616d8 fseek
0x1400616e0 feof
0x1400616e8 __p__commode
0x1400616f0 __acrt_iob_func
0x1400616f8 ftell
0x140061700 fputc
0x140061708 _lseeki64
0x140061710 _read
0x140061718 _write
0x140061720 _close
0x140061728 _open
0x140061730 fflush
0x140061738 __stdio_common_vsscanf
0x140061740 __stdio_common_vsprintf
0x140061748 fread
0x140061750 fputs
0x140061758 fopen
0x140061760 fwrite
0x140061768 fgets
0x140061770 fclose
0x140061778 _set_fmode
api-ms-win-crt-convert-l1-1-0.dll
0x140061538 strtod
0x140061540 atoi
0x140061548 strtoul
0x140061550 strtoull
0x140061558 strtol
0x140061560 strtoll
api-ms-win-crt-locale-l1-1-0.dll
0x1400615d0 _configthreadlocale
0x1400615d8 localeconv
api-ms-win-crt-time-l1-1-0.dll
0x1400617d8 _time64
0x1400617e0 _gmtime64
api-ms-win-crt-string-l1-1-0.dll
0x140061788 strcmp
0x140061790 strncmp
0x140061798 isupper
0x1400617a0 strcspn
0x1400617a8 strspn
0x1400617b0 _strdup
0x1400617b8 strncpy
0x1400617c0 tolower
0x1400617c8 strpbrk
api-ms-win-crt-filesystem-l1-1-0.dll
0x140061570 _stat64
0x140061578 _unlink
0x140061580 _access
0x140061588 _fstat64
api-ms-win-crt-math-l1-1-0.dll
0x1400615e8 __setusermatherr
0x1400615f0 _dclass
EAT(Export Address Table) is none