ScreenShot
| Created | 2024.10.26 17:35 | Machine | s1_win7_x6403 |
| Filename | aimhvci.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 45 detected (AIDetectMalware, VMProtect, Malicious, score, GenericKD, Unsafe, Save, confidence, Attribute, HighConfidence, high confidence, L suspicious, MalwareX, AGEN, Real Protect, VMProtBad, Static AI, Malicious PE, Detected, GrayWare, Puwaders, Wacapew, RKPPQK, R673869, Artemis) | ||
| md5 | a831760905618a8fe674b912a5a75ca1 | ||
| sha256 | afc044b6770c002e187bc9a0d8b99ec7e65d23d0adfdf187cf3d0e010db2a7b5 | ||
| ssdeep | 196608:/T5A87u4NOOX1W1Wkle/KPpZcTI/Hd7FKFYLAwDPW5B4R6kMqML45U8Q6h5/tZYX:9AksAYe/01JcFYFzbMx8zzK | ||
| imphash | 03f8fdb61d1ee75e4c09d1f972e966b4 | ||
| impfuzzy | 24:/ILWJsyTDID1zz+4tMMwg6oOO5yWN7bPJRu5FnaQtXJHc9NDI5Q8:/oWJsyQp3T/RNHPJRAnXpcM5Q8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
crypt.dll
0x141728000 BCryptFinishHash
d3dx11_43.dll
0x141728010 D3DX11CreateShaderResourceViewFromMemory
d3d11.dll
0x141728020 D3D11CreateDeviceAndSwapChain
D3DCOMPILER_43.dll
0x141728030 D3DCompile
KERNEL32.dll
0x141728040 GetProcAddress
USER32.dll
0x141728050 ScreenToClient
ADVAPI32.dll
0x141728060 OpenProcessToken
SHELL32.dll
0x141728070 ShellExecuteA
MSVCP140.dll
0x141728080 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
dwmapi.dll
0x141728090 DwmExtendFrameIntoClientArea
WINHTTP.dll
0x1417280a0 WinHttpOpen
CRYPT32.dll
0x1417280b0 CertFreeCertificateChain
IMM32.dll
0x1417280c0 ImmGetContext
Normaliz.dll
0x1417280d0 IdnToAscii
WLDAP32.dll
0x1417280e0 None
WS2_32.dll
0x1417280f0 listen
RPCRT4.dll
0x141728100 UuidToStringA
PSAPI.DLL
0x141728110 GetModuleInformation
USERENV.dll
0x141728120 UnloadUserProfile
VCRUNTIME140_1.dll
0x141728130 __CxxFrameHandler4
VCRUNTIME140.dll
0x141728140 __current_exception
api-ms-win-crt-runtime-l1-1-0.dll
0x141728150 exit
api-ms-win-crt-stdio-l1-1-0.dll
0x141728160 fclose
api-ms-win-crt-heap-l1-1-0.dll
0x141728170 _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
0x141728180 atanf
api-ms-win-crt-string-l1-1-0.dll
0x141728190 isupper
api-ms-win-crt-time-l1-1-0.dll
0x1417281a0 _localtime64_s
api-ms-win-crt-convert-l1-1-0.dll
0x1417281b0 strtod
api-ms-win-crt-utility-l1-1-0.dll
0x1417281c0 rand
api-ms-win-crt-filesystem-l1-1-0.dll
0x1417281d0 _fstat64
api-ms-win-crt-locale-l1-1-0.dll
0x1417281e0 _configthreadlocale
WTSAPI32.dll
0x1417281f0 WTSSendMessageW
KERNEL32.dll
0x141728200 GetSystemTimeAsFileTime
USER32.dll
0x141728210 GetUserObjectInformationW
KERNEL32.dll
0x141728220 LocalAlloc
0x141728228 LocalFree
0x141728230 GetModuleFileNameW
0x141728238 GetProcessAffinityMask
0x141728240 SetProcessAffinityMask
0x141728248 SetThreadAffinityMask
0x141728250 Sleep
0x141728258 ExitProcess
0x141728260 FreeLibrary
0x141728268 LoadLibraryA
0x141728270 GetModuleHandleA
0x141728278 GetProcAddress
USER32.dll
0x141728288 GetProcessWindowStation
0x141728290 GetUserObjectInformationW
EAT(Export Address Table) Library
crypt.dll
0x141728000 BCryptFinishHash
d3dx11_43.dll
0x141728010 D3DX11CreateShaderResourceViewFromMemory
d3d11.dll
0x141728020 D3D11CreateDeviceAndSwapChain
D3DCOMPILER_43.dll
0x141728030 D3DCompile
KERNEL32.dll
0x141728040 GetProcAddress
USER32.dll
0x141728050 ScreenToClient
ADVAPI32.dll
0x141728060 OpenProcessToken
SHELL32.dll
0x141728070 ShellExecuteA
MSVCP140.dll
0x141728080 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
dwmapi.dll
0x141728090 DwmExtendFrameIntoClientArea
WINHTTP.dll
0x1417280a0 WinHttpOpen
CRYPT32.dll
0x1417280b0 CertFreeCertificateChain
IMM32.dll
0x1417280c0 ImmGetContext
Normaliz.dll
0x1417280d0 IdnToAscii
WLDAP32.dll
0x1417280e0 None
WS2_32.dll
0x1417280f0 listen
RPCRT4.dll
0x141728100 UuidToStringA
PSAPI.DLL
0x141728110 GetModuleInformation
USERENV.dll
0x141728120 UnloadUserProfile
VCRUNTIME140_1.dll
0x141728130 __CxxFrameHandler4
VCRUNTIME140.dll
0x141728140 __current_exception
api-ms-win-crt-runtime-l1-1-0.dll
0x141728150 exit
api-ms-win-crt-stdio-l1-1-0.dll
0x141728160 fclose
api-ms-win-crt-heap-l1-1-0.dll
0x141728170 _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
0x141728180 atanf
api-ms-win-crt-string-l1-1-0.dll
0x141728190 isupper
api-ms-win-crt-time-l1-1-0.dll
0x1417281a0 _localtime64_s
api-ms-win-crt-convert-l1-1-0.dll
0x1417281b0 strtod
api-ms-win-crt-utility-l1-1-0.dll
0x1417281c0 rand
api-ms-win-crt-filesystem-l1-1-0.dll
0x1417281d0 _fstat64
api-ms-win-crt-locale-l1-1-0.dll
0x1417281e0 _configthreadlocale
WTSAPI32.dll
0x1417281f0 WTSSendMessageW
KERNEL32.dll
0x141728200 GetSystemTimeAsFileTime
USER32.dll
0x141728210 GetUserObjectInformationW
KERNEL32.dll
0x141728220 LocalAlloc
0x141728228 LocalFree
0x141728230 GetModuleFileNameW
0x141728238 GetProcessAffinityMask
0x141728240 SetProcessAffinityMask
0x141728248 SetThreadAffinityMask
0x141728250 Sleep
0x141728258 ExitProcess
0x141728260 FreeLibrary
0x141728268 LoadLibraryA
0x141728270 GetModuleHandleA
0x141728278 GetProcAddress
USER32.dll
0x141728288 GetProcessWindowStation
0x141728290 GetUserObjectInformationW
EAT(Export Address Table) Library