ScreenShot
| Created | 2024.10.27 11:56 | Machine | s1_win7_x6401 |
| Filename | fortpriv5.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 44 detected (AIDetectMalware, Malicious, score, Unsafe, GenericKD, Save, confidence, 100%, Attribute, HighConfidence, high confidence, VMProtect, MalwareX, AGEN, Real Protect, VMProtBad, Detected, GrayWare, Wacapew, 20DK5L, Artemis, susgen, PossibleThreat) | ||
| md5 | 4c428e14cf5fc2c5e54ba377389c8253 | ||
| sha256 | f142f2fefbbd174fbc0d3d6cbe4cb5caa48389dfce9ee63f10d82b503e705468 | ||
| ssdeep | 98304:gpWXpGEOHr+mg3awzDSS/GLjqdRK47nr+ktzLy7Mb7hMUwcIesBw1W:gpWPKrtOawXTu/qdRJrSkt3Tb7hMUNIk | ||
| imphash | f86f1d8dc6f11a3ff46c688154b1d7e2 | ||
| impfuzzy | 24:Wj8+C4XzSbIAqF6oOO5YQ4TgPPyMdu5Fw5fzBwaQtXJHc9NDI5Q8:nv4DSGV7VdB5LBwnXpcM5Q8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1404b6000 WaitForSingleObjectEx
USER32.dll
0x1404b6010 LoadCursorA
MSVCP140.dll
0x1404b6020 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
d3d9.dll
0x1404b6030 Direct3DCreate9Ex
dwmapi.dll
0x1404b6040 DwmExtendFrameIntoClientArea
urlmon.dll
0x1404b6050 URLDownloadToFileA
CRYPT32.dll
0x1404b6060 CertFreeCertificateChainEngine
IMM32.dll
0x1404b6070 ImmReleaseContext
Normaliz.dll
0x1404b6080 IdnToAscii
WLDAP32.dll
0x1404b6090 None
WS2_32.dll
0x1404b60a0 getsockname
RPCRT4.dll
0x1404b60b0 RpcStringFreeA
PSAPI.DLL
0x1404b60c0 GetModuleInformation
USERENV.dll
0x1404b60d0 UnloadUserProfile
VCRUNTIME140_1.dll
0x1404b60e0 __CxxFrameHandler4
VCRUNTIME140.dll
0x1404b60f0 __C_specific_handler
api-ms-win-crt-runtime-l1-1-0.dll
0x1404b6100 _configure_narrow_argv
api-ms-win-crt-stdio-l1-1-0.dll
0x1404b6110 _lseeki64
api-ms-win-crt-heap-l1-1-0.dll
0x1404b6120 realloc
api-ms-win-crt-time-l1-1-0.dll
0x1404b6130 _gmtime64
api-ms-win-crt-utility-l1-1-0.dll
0x1404b6140 qsort
api-ms-win-crt-filesystem-l1-1-0.dll
0x1404b6150 _stat64
api-ms-win-crt-convert-l1-1-0.dll
0x1404b6160 strtoul
api-ms-win-crt-string-l1-1-0.dll
0x1404b6170 tolower
api-ms-win-crt-locale-l1-1-0.dll
0x1404b6180 _configthreadlocale
api-ms-win-crt-math-l1-1-0.dll
0x1404b6190 ceilf
ADVAPI32.dll
0x1404b61a0 OpenProcessToken
SHELL32.dll
0x1404b61b0 ShellExecuteA
WTSAPI32.dll
0x1404b61c0 WTSSendMessageW
KERNEL32.dll
0x1404b61d0 GetSystemTimeAsFileTime
USER32.dll
0x1404b61e0 GetUserObjectInformationW
KERNEL32.dll
0x1404b61f0 LocalAlloc
0x1404b61f8 LocalFree
0x1404b6200 GetModuleFileNameW
0x1404b6208 GetProcessAffinityMask
0x1404b6210 SetProcessAffinityMask
0x1404b6218 SetThreadAffinityMask
0x1404b6220 Sleep
0x1404b6228 ExitProcess
0x1404b6230 FreeLibrary
0x1404b6238 LoadLibraryA
0x1404b6240 GetModuleHandleA
0x1404b6248 GetProcAddress
USER32.dll
0x1404b6258 GetProcessWindowStation
0x1404b6260 GetUserObjectInformationW
EAT(Export Address Table) Library
KERNEL32.dll
0x1404b6000 WaitForSingleObjectEx
USER32.dll
0x1404b6010 LoadCursorA
MSVCP140.dll
0x1404b6020 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
d3d9.dll
0x1404b6030 Direct3DCreate9Ex
dwmapi.dll
0x1404b6040 DwmExtendFrameIntoClientArea
urlmon.dll
0x1404b6050 URLDownloadToFileA
CRYPT32.dll
0x1404b6060 CertFreeCertificateChainEngine
IMM32.dll
0x1404b6070 ImmReleaseContext
Normaliz.dll
0x1404b6080 IdnToAscii
WLDAP32.dll
0x1404b6090 None
WS2_32.dll
0x1404b60a0 getsockname
RPCRT4.dll
0x1404b60b0 RpcStringFreeA
PSAPI.DLL
0x1404b60c0 GetModuleInformation
USERENV.dll
0x1404b60d0 UnloadUserProfile
VCRUNTIME140_1.dll
0x1404b60e0 __CxxFrameHandler4
VCRUNTIME140.dll
0x1404b60f0 __C_specific_handler
api-ms-win-crt-runtime-l1-1-0.dll
0x1404b6100 _configure_narrow_argv
api-ms-win-crt-stdio-l1-1-0.dll
0x1404b6110 _lseeki64
api-ms-win-crt-heap-l1-1-0.dll
0x1404b6120 realloc
api-ms-win-crt-time-l1-1-0.dll
0x1404b6130 _gmtime64
api-ms-win-crt-utility-l1-1-0.dll
0x1404b6140 qsort
api-ms-win-crt-filesystem-l1-1-0.dll
0x1404b6150 _stat64
api-ms-win-crt-convert-l1-1-0.dll
0x1404b6160 strtoul
api-ms-win-crt-string-l1-1-0.dll
0x1404b6170 tolower
api-ms-win-crt-locale-l1-1-0.dll
0x1404b6180 _configthreadlocale
api-ms-win-crt-math-l1-1-0.dll
0x1404b6190 ceilf
ADVAPI32.dll
0x1404b61a0 OpenProcessToken
SHELL32.dll
0x1404b61b0 ShellExecuteA
WTSAPI32.dll
0x1404b61c0 WTSSendMessageW
KERNEL32.dll
0x1404b61d0 GetSystemTimeAsFileTime
USER32.dll
0x1404b61e0 GetUserObjectInformationW
KERNEL32.dll
0x1404b61f0 LocalAlloc
0x1404b61f8 LocalFree
0x1404b6200 GetModuleFileNameW
0x1404b6208 GetProcessAffinityMask
0x1404b6210 SetProcessAffinityMask
0x1404b6218 SetThreadAffinityMask
0x1404b6220 Sleep
0x1404b6228 ExitProcess
0x1404b6230 FreeLibrary
0x1404b6238 LoadLibraryA
0x1404b6240 GetModuleHandleA
0x1404b6248 GetProcAddress
USER32.dll
0x1404b6258 GetProcessWindowStation
0x1404b6260 GetUserObjectInformationW
EAT(Export Address Table) Library