ScreenShot
| Created | 2024.10.28 11:11 | Machine | s1_win7_x6401 |
| Filename | nova.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 57 detected (Common, ClipBanker, Malicious, score, Doina, Unsafe, Vr5z, Genus, Attribute, HighConfidence, high confidence, TrojanBanker, kszubq, Kryptik@AI, RDML, 2PJ3, z5V+j1pTub1aXY0bg, AGEN, AMADEY, YXEJWZ, Real Protect, high, Detected, Malware@#3rd2s8ojqk8zq, Eldorado, Gandcrab08, Artemis, BScope, Chgt, Gencirc) | ||
| md5 | d416cd21f681904f47906b6bf0fcdfd7 | ||
| sha256 | f2bf5cd5d00f412f1e7d4bbfdc6a9693da0c0531a189c22522f2c7d5eda8d075 | ||
| ssdeep | 3072:FdilPMz3so1EflDYOw2sfMPRy4ywZmG2TAWR:bitM0YOLsG4RwZrpW | ||
| imphash | 0ae9731964fcf5cfd39b4d70a7c7add2 | ||
| impfuzzy | 24:mDoC2RckgQ+fcxOOfGe5kHRnlyvpJ3zT4+ZZlBp:Gg+fcEYGe54Krzc+ZZB | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| notice | A process attempted to delay the analysis task. |
| info | Checks if process is being debugged by a debugger |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41a000 GetProcAddress
0x41a004 LoadLibraryA
0x41a008 ExitProcess
0x41a00c GlobalLock
0x41a010 WriteFile
0x41a014 GlobalAlloc
0x41a018 Sleep
0x41a01c GlobalUnlock
0x41a020 GetLastError
0x41a024 IsDebuggerPresent
0x41a028 CreateThread
0x41a02c InterlockedIncrement
0x41a030 InterlockedDecrement
0x41a034 EncodePointer
0x41a038 DecodePointer
0x41a03c InitializeCriticalSection
0x41a040 DeleteCriticalSection
0x41a044 EnterCriticalSection
0x41a048 LeaveCriticalSection
0x41a04c GetCommandLineW
0x41a050 HeapSetInformation
0x41a054 GetStartupInfoW
0x41a058 HeapFree
0x41a05c HeapAlloc
0x41a060 HeapReAlloc
0x41a064 RaiseException
0x41a068 RtlUnwind
0x41a06c CompareStringW
0x41a070 MultiByteToWideChar
0x41a074 GetCPInfo
0x41a078 WideCharToMultiByte
0x41a07c LCMapStringW
0x41a080 SetUnhandledExceptionFilter
0x41a084 GetModuleHandleW
0x41a088 GetStdHandle
0x41a08c GetModuleFileNameW
0x41a090 FreeEnvironmentStringsW
0x41a094 GetEnvironmentStringsW
0x41a098 SetHandleCount
0x41a09c InitializeCriticalSectionAndSpinCount
0x41a0a0 GetFileType
0x41a0a4 TlsAlloc
0x41a0a8 TlsGetValue
0x41a0ac TlsSetValue
0x41a0b0 TlsFree
0x41a0b4 SetLastError
0x41a0b8 GetCurrentThreadId
0x41a0bc HeapCreate
0x41a0c0 QueryPerformanceCounter
0x41a0c4 GetTickCount
0x41a0c8 GetCurrentProcessId
0x41a0cc GetSystemTimeAsFileTime
0x41a0d0 TerminateProcess
0x41a0d4 GetCurrentProcess
0x41a0d8 UnhandledExceptionFilter
0x41a0dc IsProcessorFeaturePresent
0x41a0e0 HeapSize
0x41a0e4 GetACP
0x41a0e8 GetOEMCP
0x41a0ec IsValidCodePage
0x41a0f0 GetUserDefaultLCID
0x41a0f4 GetLocaleInfoW
0x41a0f8 GetLocaleInfoA
0x41a0fc EnumSystemLocalesA
0x41a100 IsValidLocale
0x41a104 GetStringTypeW
0x41a108 LoadLibraryW
EAT(Export Address Table) is none
KERNEL32.dll
0x41a000 GetProcAddress
0x41a004 LoadLibraryA
0x41a008 ExitProcess
0x41a00c GlobalLock
0x41a010 WriteFile
0x41a014 GlobalAlloc
0x41a018 Sleep
0x41a01c GlobalUnlock
0x41a020 GetLastError
0x41a024 IsDebuggerPresent
0x41a028 CreateThread
0x41a02c InterlockedIncrement
0x41a030 InterlockedDecrement
0x41a034 EncodePointer
0x41a038 DecodePointer
0x41a03c InitializeCriticalSection
0x41a040 DeleteCriticalSection
0x41a044 EnterCriticalSection
0x41a048 LeaveCriticalSection
0x41a04c GetCommandLineW
0x41a050 HeapSetInformation
0x41a054 GetStartupInfoW
0x41a058 HeapFree
0x41a05c HeapAlloc
0x41a060 HeapReAlloc
0x41a064 RaiseException
0x41a068 RtlUnwind
0x41a06c CompareStringW
0x41a070 MultiByteToWideChar
0x41a074 GetCPInfo
0x41a078 WideCharToMultiByte
0x41a07c LCMapStringW
0x41a080 SetUnhandledExceptionFilter
0x41a084 GetModuleHandleW
0x41a088 GetStdHandle
0x41a08c GetModuleFileNameW
0x41a090 FreeEnvironmentStringsW
0x41a094 GetEnvironmentStringsW
0x41a098 SetHandleCount
0x41a09c InitializeCriticalSectionAndSpinCount
0x41a0a0 GetFileType
0x41a0a4 TlsAlloc
0x41a0a8 TlsGetValue
0x41a0ac TlsSetValue
0x41a0b0 TlsFree
0x41a0b4 SetLastError
0x41a0b8 GetCurrentThreadId
0x41a0bc HeapCreate
0x41a0c0 QueryPerformanceCounter
0x41a0c4 GetTickCount
0x41a0c8 GetCurrentProcessId
0x41a0cc GetSystemTimeAsFileTime
0x41a0d0 TerminateProcess
0x41a0d4 GetCurrentProcess
0x41a0d8 UnhandledExceptionFilter
0x41a0dc IsProcessorFeaturePresent
0x41a0e0 HeapSize
0x41a0e4 GetACP
0x41a0e8 GetOEMCP
0x41a0ec IsValidCodePage
0x41a0f0 GetUserDefaultLCID
0x41a0f4 GetLocaleInfoW
0x41a0f8 GetLocaleInfoA
0x41a0fc EnumSystemLocalesA
0x41a100 IsValidLocale
0x41a104 GetStringTypeW
0x41a108 LoadLibraryW
EAT(Export Address Table) is none