ScreenShot
| Created | 2024.10.28 10:24 | Machine | s1_win7_x6403 |
| Filename | Legend-Rank1Shop.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 31 detected (AIDetectMalware, VMProtect, Malicious, score, Unsafe, Vmpk, confidence, Attribute, HighConfidence, high confidence, L suspicious, Real Protect, moderate, Detected, GrayWare, Puwaders, Wacapew, ABApplication, FAJB, Artemis, susgen) | ||
| md5 | f7fc951c907b03e65c2b1238eae1c226 | ||
| sha256 | 13370fd41fdb1d9673c854a121f734f8991b8bc677f9df65e987c38e0c5316a4 | ||
| ssdeep | 98304:6d6HXQHicjSVsGiblwfUu1H/5FSBo558N6h9agVfZOofDcvfO6IPYEy2L7/H/Mm/:6AgHiASuGAGfUwf5FAZQ3aChcXOxPYEx | ||
| imphash | b2441dba6e8763e48513cb7a162594f3 | ||
| impfuzzy | 12:rQwDsCKkK6oOZ9sfS95kBZGoQtXJxZGb9AJcDfA5kLfP9m:UwKJ6oOZoS958QtXJHc9NDI5Q8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14084b000 HeapSize
USER32.dll
0x14084b010 MessageBoxW
ADVAPI32.dll
0x14084b020 IsValidSid
SHELL32.dll
0x14084b030 ShellExecuteA
libcurl.dll
0x14084b040 curl_easy_perform
ntdll.dll
0x14084b050 RtlAdjustPrivilege
USERENV.dll
0x14084b060 UnloadUserProfile
NETAPI32.dll
0x14084b070 NetUserChangePassword
RPCRT4.dll
0x14084b080 RpcStringFreeA
WTSAPI32.dll
0x14084b090 WTSSendMessageW
KERNEL32.dll
0x14084b0a0 FlsSetValue
USER32.dll
0x14084b0b0 GetProcessWindowStation
KERNEL32.dll
0x14084b0c0 LocalAlloc
0x14084b0c8 LocalFree
0x14084b0d0 GetModuleFileNameW
0x14084b0d8 GetProcessAffinityMask
0x14084b0e0 SetProcessAffinityMask
0x14084b0e8 SetThreadAffinityMask
0x14084b0f0 Sleep
0x14084b0f8 ExitProcess
0x14084b100 FreeLibrary
0x14084b108 LoadLibraryA
0x14084b110 GetModuleHandleA
0x14084b118 GetProcAddress
USER32.dll
0x14084b128 GetProcessWindowStation
0x14084b130 GetUserObjectInformationW
EAT(Export Address Table) Library
KERNEL32.dll
0x14084b000 HeapSize
USER32.dll
0x14084b010 MessageBoxW
ADVAPI32.dll
0x14084b020 IsValidSid
SHELL32.dll
0x14084b030 ShellExecuteA
libcurl.dll
0x14084b040 curl_easy_perform
ntdll.dll
0x14084b050 RtlAdjustPrivilege
USERENV.dll
0x14084b060 UnloadUserProfile
NETAPI32.dll
0x14084b070 NetUserChangePassword
RPCRT4.dll
0x14084b080 RpcStringFreeA
WTSAPI32.dll
0x14084b090 WTSSendMessageW
KERNEL32.dll
0x14084b0a0 FlsSetValue
USER32.dll
0x14084b0b0 GetProcessWindowStation
KERNEL32.dll
0x14084b0c0 LocalAlloc
0x14084b0c8 LocalFree
0x14084b0d0 GetModuleFileNameW
0x14084b0d8 GetProcessAffinityMask
0x14084b0e0 SetProcessAffinityMask
0x14084b0e8 SetThreadAffinityMask
0x14084b0f0 Sleep
0x14084b0f8 ExitProcess
0x14084b100 FreeLibrary
0x14084b108 LoadLibraryA
0x14084b110 GetModuleHandleA
0x14084b118 GetProcAddress
USER32.dll
0x14084b128 GetProcessWindowStation
0x14084b130 GetUserObjectInformationW
EAT(Export Address Table) Library