ScreenShot
| Created | 2024.10.27 12:09 | Machine | s1_win7_x6403 |
| Filename | clitoritissR.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 56 detected (AIDetectMalware, Azorult, Malicious, score, Lazy, Unsafe, Save, confidence, GenX, Attribute, HighConfidence, Windows, Threat, GenKryptik, FMVX, CrypterX, Kryptik, 24ym6yZErqO, AGEN, Real Protect, Krypt, Static AI, Malicious PE, Detected, Sdum, ABTrojan, FQVB, R663270, Artemis, BScope, Sabsik, KoiLoader, GdSda, Gencirc, Emotet, C9OKG) | ||
| md5 | 03b6be8fed80988489e171c7092d9541 | ||
| sha256 | e66fe85a6a0b7c2dd85c4e8d884832f5b358de27f77b64ee6673ed1b7acd1d96 | ||
| ssdeep | 3072:gA+MPNsjU+g/Pu92PkWMW50y4jrv34ClUCezULLtfYJpjcvnopvLRlpr7IlC/T8f:HJPxktlKIwJpjcwhLRlF3jCv | ||
| imphash | 66deda4204cb009d8c01c3f28c17567f | ||
| impfuzzy | 24:2scDRJpuMUttwS1GM3JeDc+pl39xuXSOovbO9Ziv9:IJpEtwS1GM2c+ppu3A9 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to access Bitcoin/ALTCoin wallets |
| watch | Detects VirtualBox through the presence of a file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
| info | Queries for the computername |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x413008 VirtualFree
0x41300c GetCurrentProcess
0x413010 VirtualAlloc
0x413014 TerminateProcess
0x413018 GetModuleHandleA
0x41301c GetLastError
0x413020 GetProcAddress
0x413024 ExitProcess
0x413028 VirtualProtect
0x41302c BuildCommDCBAndTimeoutsA
0x413030 WriteConsoleW
0x413034 CloseHandle
0x413038 CreateFileW
0x41303c SetFilePointerEx
0x413040 GetConsoleMode
0x413044 GetConsoleOutputCP
0x413048 FlushFileBuffers
0x41304c HeapReAlloc
0x413050 HeapSize
0x413054 GetModuleHandleW
0x413058 UnhandledExceptionFilter
0x41305c SetUnhandledExceptionFilter
0x413060 IsProcessorFeaturePresent
0x413064 QueryPerformanceCounter
0x413068 GetCurrentProcessId
0x41306c GetCurrentThreadId
0x413070 GetSystemTimeAsFileTime
0x413074 InitializeSListHead
0x413078 IsDebuggerPresent
0x41307c GetStartupInfoW
0x413080 RtlUnwind
0x413084 RaiseException
0x413088 SetLastError
0x41308c EncodePointer
0x413090 EnterCriticalSection
0x413094 LeaveCriticalSection
0x413098 DeleteCriticalSection
0x41309c InitializeCriticalSectionAndSpinCount
0x4130a0 TlsAlloc
0x4130a4 TlsGetValue
0x4130a8 TlsSetValue
0x4130ac TlsFree
0x4130b0 FreeLibrary
0x4130b4 LoadLibraryExW
0x4130b8 GetStdHandle
0x4130bc WriteFile
0x4130c0 GetModuleFileNameW
0x4130c4 GetModuleHandleExW
0x4130c8 HeapFree
0x4130cc HeapAlloc
0x4130d0 FindClose
0x4130d4 FindFirstFileExW
0x4130d8 FindNextFileW
0x4130dc IsValidCodePage
0x4130e0 GetACP
0x4130e4 GetOEMCP
0x4130e8 GetCPInfo
0x4130ec GetCommandLineA
0x4130f0 GetCommandLineW
0x4130f4 MultiByteToWideChar
0x4130f8 WideCharToMultiByte
0x4130fc GetEnvironmentStringsW
0x413100 FreeEnvironmentStringsW
0x413104 SetStdHandle
0x413108 GetFileType
0x41310c GetStringTypeW
0x413110 LCMapStringW
0x413114 GetProcessHeap
0x413118 DecodePointer
GDI32.dll
0x413000 LPtoDP
EAT(Export Address Table) is none
KERNEL32.dll
0x413008 VirtualFree
0x41300c GetCurrentProcess
0x413010 VirtualAlloc
0x413014 TerminateProcess
0x413018 GetModuleHandleA
0x41301c GetLastError
0x413020 GetProcAddress
0x413024 ExitProcess
0x413028 VirtualProtect
0x41302c BuildCommDCBAndTimeoutsA
0x413030 WriteConsoleW
0x413034 CloseHandle
0x413038 CreateFileW
0x41303c SetFilePointerEx
0x413040 GetConsoleMode
0x413044 GetConsoleOutputCP
0x413048 FlushFileBuffers
0x41304c HeapReAlloc
0x413050 HeapSize
0x413054 GetModuleHandleW
0x413058 UnhandledExceptionFilter
0x41305c SetUnhandledExceptionFilter
0x413060 IsProcessorFeaturePresent
0x413064 QueryPerformanceCounter
0x413068 GetCurrentProcessId
0x41306c GetCurrentThreadId
0x413070 GetSystemTimeAsFileTime
0x413074 InitializeSListHead
0x413078 IsDebuggerPresent
0x41307c GetStartupInfoW
0x413080 RtlUnwind
0x413084 RaiseException
0x413088 SetLastError
0x41308c EncodePointer
0x413090 EnterCriticalSection
0x413094 LeaveCriticalSection
0x413098 DeleteCriticalSection
0x41309c InitializeCriticalSectionAndSpinCount
0x4130a0 TlsAlloc
0x4130a4 TlsGetValue
0x4130a8 TlsSetValue
0x4130ac TlsFree
0x4130b0 FreeLibrary
0x4130b4 LoadLibraryExW
0x4130b8 GetStdHandle
0x4130bc WriteFile
0x4130c0 GetModuleFileNameW
0x4130c4 GetModuleHandleExW
0x4130c8 HeapFree
0x4130cc HeapAlloc
0x4130d0 FindClose
0x4130d4 FindFirstFileExW
0x4130d8 FindNextFileW
0x4130dc IsValidCodePage
0x4130e0 GetACP
0x4130e4 GetOEMCP
0x4130e8 GetCPInfo
0x4130ec GetCommandLineA
0x4130f0 GetCommandLineW
0x4130f4 MultiByteToWideChar
0x4130f8 WideCharToMultiByte
0x4130fc GetEnvironmentStringsW
0x413100 FreeEnvironmentStringsW
0x413104 SetStdHandle
0x413108 GetFileType
0x41310c GetStringTypeW
0x413110 LCMapStringW
0x413114 GetProcessHeap
0x413118 DecodePointer
GDI32.dll
0x413000 LPtoDP
EAT(Export Address Table) is none