ScreenShot
| Created | 2024.10.26 17:33 | Machine | s1_win7_x6403 |
| Filename | plushvci.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 43 detected (AIDetectMalware, VMProtect, GenericKD, Unsafe, Save, malicious, confidence, Attribute, HighConfidence, high confidence, L suspicious, score, AGEN, Real Protect, VMProtBad, Static AI, Malicious PE, Detected, GrayWare, Puwaders, Wacapew, R673869) | ||
| md5 | bfff4b9e84f981b5fa23b87288b21c4c | ||
| sha256 | e0616b6bdb78085aecd51d48455b76173aa6a9c72fc3033e05a55875d3bb7dfd | ||
| ssdeep | 393216:L5xUl0XjqXenV0q31rb4vd28Rv+nQfxg:LLVXjIMVjAvd28Rhg | ||
| imphash | 03f8fdb61d1ee75e4c09d1f972e966b4 | ||
| impfuzzy | 24:/ILWJsyTDID1zz+4tMMwg6oOO5yWN7bPJRu5FnaQtXJHc9NDI5Q8:/oWJsyQp3T/RNHPJRAnXpcM5Q8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
crypt.dll
0x14104b000 BCryptFinishHash
d3dx11_43.dll
0x14104b010 D3DX11CreateShaderResourceViewFromMemory
d3d11.dll
0x14104b020 D3D11CreateDeviceAndSwapChain
D3DCOMPILER_43.dll
0x14104b030 D3DCompile
KERNEL32.dll
0x14104b040 GetProcAddress
USER32.dll
0x14104b050 ScreenToClient
ADVAPI32.dll
0x14104b060 OpenProcessToken
SHELL32.dll
0x14104b070 ShellExecuteA
MSVCP140.dll
0x14104b080 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
dwmapi.dll
0x14104b090 DwmExtendFrameIntoClientArea
WINHTTP.dll
0x14104b0a0 WinHttpOpen
CRYPT32.dll
0x14104b0b0 CertFreeCertificateChain
IMM32.dll
0x14104b0c0 ImmGetContext
Normaliz.dll
0x14104b0d0 IdnToAscii
WLDAP32.dll
0x14104b0e0 None
WS2_32.dll
0x14104b0f0 listen
RPCRT4.dll
0x14104b100 UuidToStringA
PSAPI.DLL
0x14104b110 GetModuleInformation
USERENV.dll
0x14104b120 UnloadUserProfile
VCRUNTIME140_1.dll
0x14104b130 __CxxFrameHandler4
VCRUNTIME140.dll
0x14104b140 __current_exception
api-ms-win-crt-runtime-l1-1-0.dll
0x14104b150 exit
api-ms-win-crt-stdio-l1-1-0.dll
0x14104b160 fclose
api-ms-win-crt-heap-l1-1-0.dll
0x14104b170 _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
0x14104b180 atanf
api-ms-win-crt-string-l1-1-0.dll
0x14104b190 isupper
api-ms-win-crt-time-l1-1-0.dll
0x14104b1a0 _localtime64_s
api-ms-win-crt-convert-l1-1-0.dll
0x14104b1b0 strtod
api-ms-win-crt-utility-l1-1-0.dll
0x14104b1c0 rand
api-ms-win-crt-filesystem-l1-1-0.dll
0x14104b1d0 _fstat64
api-ms-win-crt-locale-l1-1-0.dll
0x14104b1e0 _configthreadlocale
WTSAPI32.dll
0x14104b1f0 WTSSendMessageW
KERNEL32.dll
0x14104b200 GetSystemTimeAsFileTime
USER32.dll
0x14104b210 GetUserObjectInformationW
KERNEL32.dll
0x14104b220 LocalAlloc
0x14104b228 LocalFree
0x14104b230 GetModuleFileNameW
0x14104b238 GetProcessAffinityMask
0x14104b240 SetProcessAffinityMask
0x14104b248 SetThreadAffinityMask
0x14104b250 Sleep
0x14104b258 ExitProcess
0x14104b260 FreeLibrary
0x14104b268 LoadLibraryA
0x14104b270 GetModuleHandleA
0x14104b278 GetProcAddress
USER32.dll
0x14104b288 GetProcessWindowStation
0x14104b290 GetUserObjectInformationW
EAT(Export Address Table) Library
crypt.dll
0x14104b000 BCryptFinishHash
d3dx11_43.dll
0x14104b010 D3DX11CreateShaderResourceViewFromMemory
d3d11.dll
0x14104b020 D3D11CreateDeviceAndSwapChain
D3DCOMPILER_43.dll
0x14104b030 D3DCompile
KERNEL32.dll
0x14104b040 GetProcAddress
USER32.dll
0x14104b050 ScreenToClient
ADVAPI32.dll
0x14104b060 OpenProcessToken
SHELL32.dll
0x14104b070 ShellExecuteA
MSVCP140.dll
0x14104b080 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
dwmapi.dll
0x14104b090 DwmExtendFrameIntoClientArea
WINHTTP.dll
0x14104b0a0 WinHttpOpen
CRYPT32.dll
0x14104b0b0 CertFreeCertificateChain
IMM32.dll
0x14104b0c0 ImmGetContext
Normaliz.dll
0x14104b0d0 IdnToAscii
WLDAP32.dll
0x14104b0e0 None
WS2_32.dll
0x14104b0f0 listen
RPCRT4.dll
0x14104b100 UuidToStringA
PSAPI.DLL
0x14104b110 GetModuleInformation
USERENV.dll
0x14104b120 UnloadUserProfile
VCRUNTIME140_1.dll
0x14104b130 __CxxFrameHandler4
VCRUNTIME140.dll
0x14104b140 __current_exception
api-ms-win-crt-runtime-l1-1-0.dll
0x14104b150 exit
api-ms-win-crt-stdio-l1-1-0.dll
0x14104b160 fclose
api-ms-win-crt-heap-l1-1-0.dll
0x14104b170 _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
0x14104b180 atanf
api-ms-win-crt-string-l1-1-0.dll
0x14104b190 isupper
api-ms-win-crt-time-l1-1-0.dll
0x14104b1a0 _localtime64_s
api-ms-win-crt-convert-l1-1-0.dll
0x14104b1b0 strtod
api-ms-win-crt-utility-l1-1-0.dll
0x14104b1c0 rand
api-ms-win-crt-filesystem-l1-1-0.dll
0x14104b1d0 _fstat64
api-ms-win-crt-locale-l1-1-0.dll
0x14104b1e0 _configthreadlocale
WTSAPI32.dll
0x14104b1f0 WTSSendMessageW
KERNEL32.dll
0x14104b200 GetSystemTimeAsFileTime
USER32.dll
0x14104b210 GetUserObjectInformationW
KERNEL32.dll
0x14104b220 LocalAlloc
0x14104b228 LocalFree
0x14104b230 GetModuleFileNameW
0x14104b238 GetProcessAffinityMask
0x14104b240 SetProcessAffinityMask
0x14104b248 SetThreadAffinityMask
0x14104b250 Sleep
0x14104b258 ExitProcess
0x14104b260 FreeLibrary
0x14104b268 LoadLibraryA
0x14104b270 GetModuleHandleA
0x14104b278 GetProcAddress
USER32.dll
0x14104b288 GetProcessWindowStation
0x14104b290 GetUserObjectInformationW
EAT(Export Address Table) Library