ScreenShot
| Created | 2024.10.21 17:16 | Machine | s1_win7_x6403 |
| Filename | 11wY50spoofer.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 49 detected (AIDetectMalware, VMProtect, Malicious, score, GenericKD, Unsafe, Save, confidence, Attribute, HighConfidence, high confidence, L suspicious, MalwareX, AGEN, Real Protect, moderate, VMProtBad, Static AI, Malicious PE, Detected, GrayWare, Wacapew, Wacatac, Eldorado, Artemis, R002H0CIS24, susgen, CoinMiner, C9nj) | ||
| md5 | 366820e26797d49013c1d0e21beb26cb | ||
| sha256 | d999ddc0a194cb124ac84861e3ecc0e746c9a13f90f6a4d003918e3bae891539 | ||
| ssdeep | 98304:FWnZpfpcx+qB+zA6PZTdeLd4fVdQBuegPjiOZRRliOJrJRT:EnZpfuSXPZTdKcBPew7iOJ3 | ||
| imphash | 18564b1cf3df285f6aada8e4727159f9 | ||
| impfuzzy | 24:a9Qn6E+wSS6oOOJxASgwu5FUBKaQtXJHc9NDI5Q8:8Qn6E7Smb2wzBKnXpcM5Q8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14040b000 GetFileType
USER32.dll
0x14040b010 SetWindowLongA
ADVAPI32.dll
0x14040b020 CryptEncrypt
SHELL32.dll
0x14040b030 ShellExecuteA
MSVCP140.dll
0x14040b040 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
urlmon.dll
0x14040b050 URLDownloadToFileA
Normaliz.dll
0x14040b060 IdnToAscii
WLDAP32.dll
0x14040b070 None
CRYPT32.dll
0x14040b080 CertFreeCertificateChain
WS2_32.dll
0x14040b090 ntohl
USERENV.dll
0x14040b0a0 UnloadUserProfile
VCRUNTIME140.dll
0x14040b0b0 __std_exception_destroy
VCRUNTIME140_1.dll
0x14040b0c0 __CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0.dll
0x14040b0d0 _initterm_e
api-ms-win-crt-heap-l1-1-0.dll
0x14040b0e0 calloc
api-ms-win-crt-utility-l1-1-0.dll
0x14040b0f0 rand
api-ms-win-crt-stdio-l1-1-0.dll
0x14040b100 feof
api-ms-win-crt-convert-l1-1-0.dll
0x14040b110 strtoul
api-ms-win-crt-locale-l1-1-0.dll
0x14040b120 _configthreadlocale
api-ms-win-crt-time-l1-1-0.dll
0x14040b130 _time64
api-ms-win-crt-string-l1-1-0.dll
0x14040b140 strncmp
api-ms-win-crt-filesystem-l1-1-0.dll
0x14040b150 _unlink
api-ms-win-crt-math-l1-1-0.dll
0x14040b160 __setusermatherr
WTSAPI32.dll
0x14040b170 WTSSendMessageW
KERNEL32.dll
0x14040b180 GetSystemTimeAsFileTime
USER32.dll
0x14040b190 GetUserObjectInformationW
KERNEL32.dll
0x14040b1a0 LocalAlloc
0x14040b1a8 LocalFree
0x14040b1b0 GetModuleFileNameW
0x14040b1b8 GetProcessAffinityMask
0x14040b1c0 SetProcessAffinityMask
0x14040b1c8 SetThreadAffinityMask
0x14040b1d0 Sleep
0x14040b1d8 ExitProcess
0x14040b1e0 FreeLibrary
0x14040b1e8 LoadLibraryA
0x14040b1f0 GetModuleHandleA
0x14040b1f8 GetProcAddress
USER32.dll
0x14040b208 GetProcessWindowStation
0x14040b210 GetUserObjectInformationW
EAT(Export Address Table) Library
KERNEL32.dll
0x14040b000 GetFileType
USER32.dll
0x14040b010 SetWindowLongA
ADVAPI32.dll
0x14040b020 CryptEncrypt
SHELL32.dll
0x14040b030 ShellExecuteA
MSVCP140.dll
0x14040b040 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
urlmon.dll
0x14040b050 URLDownloadToFileA
Normaliz.dll
0x14040b060 IdnToAscii
WLDAP32.dll
0x14040b070 None
CRYPT32.dll
0x14040b080 CertFreeCertificateChain
WS2_32.dll
0x14040b090 ntohl
USERENV.dll
0x14040b0a0 UnloadUserProfile
VCRUNTIME140.dll
0x14040b0b0 __std_exception_destroy
VCRUNTIME140_1.dll
0x14040b0c0 __CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0.dll
0x14040b0d0 _initterm_e
api-ms-win-crt-heap-l1-1-0.dll
0x14040b0e0 calloc
api-ms-win-crt-utility-l1-1-0.dll
0x14040b0f0 rand
api-ms-win-crt-stdio-l1-1-0.dll
0x14040b100 feof
api-ms-win-crt-convert-l1-1-0.dll
0x14040b110 strtoul
api-ms-win-crt-locale-l1-1-0.dll
0x14040b120 _configthreadlocale
api-ms-win-crt-time-l1-1-0.dll
0x14040b130 _time64
api-ms-win-crt-string-l1-1-0.dll
0x14040b140 strncmp
api-ms-win-crt-filesystem-l1-1-0.dll
0x14040b150 _unlink
api-ms-win-crt-math-l1-1-0.dll
0x14040b160 __setusermatherr
WTSAPI32.dll
0x14040b170 WTSSendMessageW
KERNEL32.dll
0x14040b180 GetSystemTimeAsFileTime
USER32.dll
0x14040b190 GetUserObjectInformationW
KERNEL32.dll
0x14040b1a0 LocalAlloc
0x14040b1a8 LocalFree
0x14040b1b0 GetModuleFileNameW
0x14040b1b8 GetProcessAffinityMask
0x14040b1c0 SetProcessAffinityMask
0x14040b1c8 SetThreadAffinityMask
0x14040b1d0 Sleep
0x14040b1d8 ExitProcess
0x14040b1e0 FreeLibrary
0x14040b1e8 LoadLibraryA
0x14040b1f0 GetModuleHandleA
0x14040b1f8 GetProcAddress
USER32.dll
0x14040b208 GetProcessWindowStation
0x14040b210 GetUserObjectInformationW
EAT(Export Address Table) Library