ScreenShot
| Created | 2024.10.22 09:58 | Machine | s1_win7_x6403 |
| Filename | mysq1.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 11 detected (AIDetectMalware, Server, Proxy, Lotok, Detected, MALICIOUS, Outbreak, PossibleThreat, ProxyTool) | ||
| md5 | fa2efb3b704384a5fe40b382738657c1 | ||
| sha256 | 2457a3241ec13c77b4132d6c5923e63b51a4d05a96dc0ae249c92a43ed9c7c04 | ||
| ssdeep | 49152:xwQXmaTqC3awgEdhUTQvHr4uuGxM/QBzv3MF9:7PFBHcuujQBzv8b | ||
| imphash | 4f2f006e2ecf7172ad368f8289dc96c1 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6tP:AwO+VUjXOmokx0oP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 11 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x5df1c0 WriteFile
0x5df1c8 WriteConsoleW
0x5df1d0 WerSetFlags
0x5df1d8 WerGetFlags
0x5df1e0 WaitForMultipleObjects
0x5df1e8 WaitForSingleObject
0x5df1f0 VirtualQuery
0x5df1f8 VirtualFree
0x5df200 VirtualAlloc
0x5df208 TlsAlloc
0x5df210 SwitchToThread
0x5df218 SuspendThread
0x5df220 SetWaitableTimer
0x5df228 SetUnhandledExceptionFilter
0x5df230 SetProcessPriorityBoost
0x5df238 SetEvent
0x5df240 SetErrorMode
0x5df248 SetConsoleCtrlHandler
0x5df250 ResumeThread
0x5df258 RaiseFailFastException
0x5df260 PostQueuedCompletionStatus
0x5df268 LoadLibraryW
0x5df270 LoadLibraryExW
0x5df278 SetThreadContext
0x5df280 GetThreadContext
0x5df288 GetSystemInfo
0x5df290 GetSystemDirectoryA
0x5df298 GetStdHandle
0x5df2a0 GetQueuedCompletionStatusEx
0x5df2a8 GetProcessAffinityMask
0x5df2b0 GetProcAddress
0x5df2b8 GetErrorMode
0x5df2c0 GetEnvironmentStringsW
0x5df2c8 GetCurrentThreadId
0x5df2d0 GetConsoleMode
0x5df2d8 FreeEnvironmentStringsW
0x5df2e0 ExitProcess
0x5df2e8 DuplicateHandle
0x5df2f0 CreateWaitableTimerExW
0x5df2f8 CreateThread
0x5df300 CreateIoCompletionPort
0x5df308 CreateFileA
0x5df310 CreateEventA
0x5df318 CloseHandle
0x5df320 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x5df1c0 WriteFile
0x5df1c8 WriteConsoleW
0x5df1d0 WerSetFlags
0x5df1d8 WerGetFlags
0x5df1e0 WaitForMultipleObjects
0x5df1e8 WaitForSingleObject
0x5df1f0 VirtualQuery
0x5df1f8 VirtualFree
0x5df200 VirtualAlloc
0x5df208 TlsAlloc
0x5df210 SwitchToThread
0x5df218 SuspendThread
0x5df220 SetWaitableTimer
0x5df228 SetUnhandledExceptionFilter
0x5df230 SetProcessPriorityBoost
0x5df238 SetEvent
0x5df240 SetErrorMode
0x5df248 SetConsoleCtrlHandler
0x5df250 ResumeThread
0x5df258 RaiseFailFastException
0x5df260 PostQueuedCompletionStatus
0x5df268 LoadLibraryW
0x5df270 LoadLibraryExW
0x5df278 SetThreadContext
0x5df280 GetThreadContext
0x5df288 GetSystemInfo
0x5df290 GetSystemDirectoryA
0x5df298 GetStdHandle
0x5df2a0 GetQueuedCompletionStatusEx
0x5df2a8 GetProcessAffinityMask
0x5df2b0 GetProcAddress
0x5df2b8 GetErrorMode
0x5df2c0 GetEnvironmentStringsW
0x5df2c8 GetCurrentThreadId
0x5df2d0 GetConsoleMode
0x5df2d8 FreeEnvironmentStringsW
0x5df2e0 ExitProcess
0x5df2e8 DuplicateHandle
0x5df2f0 CreateWaitableTimerExW
0x5df2f8 CreateThread
0x5df300 CreateIoCompletionPort
0x5df308 CreateFileA
0x5df310 CreateEventA
0x5df318 CloseHandle
0x5df320 AddVectoredExceptionHandler
EAT(Export Address Table) is none