ScreenShot
| Created | 2024.10.29 17:12 | Machine | s1_win7_x6401 |
| Filename | Bybit.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 38 detected (AIDetectMalware, Lumma, Unsafe, Vm6x, Genus, Attribute, HighConfidence, malicious, high confidence, a variant of WinGo, CLASSIC, Redcap, cdtxw, LUMMASTEALER, YXEITZ, moderate, score, Detected, Wacatac, ABTrojan, SYAT, Wingo, QQPass, QQRob, Hmnw) | ||
| md5 | 5714fda573903cc3a216c135ae24317c | ||
| sha256 | dcebdabfa1a0cdbd79211415d000141b6ce923bce9817533c57a7c0450279259 | ||
| ssdeep | 98304:hI/c/Y0DXHIwD4ZEOYsmszYfynsCv33TOYUezsHeK2rdZ/FkgrQaK4zr0euLlCfa:hIN0rLMXyysCf3dzspC7LrLuxCfYKLk | ||
| imphash | 1aae8bf580c846f39c71c05898e57e88 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6UP:AwO+VUjXOmokx0nP | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1617760 WriteFile
0x1617764 WriteConsoleW
0x1617768 WerSetFlags
0x161776c WerGetFlags
0x1617770 WaitForMultipleObjects
0x1617774 WaitForSingleObject
0x1617778 VirtualQuery
0x161777c VirtualFree
0x1617780 VirtualAlloc
0x1617784 TlsAlloc
0x1617788 SwitchToThread
0x161778c SuspendThread
0x1617790 SetWaitableTimer
0x1617794 SetUnhandledExceptionFilter
0x1617798 SetProcessPriorityBoost
0x161779c SetEvent
0x16177a0 SetErrorMode
0x16177a4 SetConsoleCtrlHandler
0x16177a8 ResumeThread
0x16177ac RaiseFailFastException
0x16177b0 PostQueuedCompletionStatus
0x16177b4 LoadLibraryW
0x16177b8 LoadLibraryExW
0x16177bc SetThreadContext
0x16177c0 GetThreadContext
0x16177c4 GetSystemInfo
0x16177c8 GetSystemDirectoryA
0x16177cc GetStdHandle
0x16177d0 GetQueuedCompletionStatusEx
0x16177d4 GetProcessAffinityMask
0x16177d8 GetProcAddress
0x16177dc GetErrorMode
0x16177e0 GetEnvironmentStringsW
0x16177e4 GetCurrentThreadId
0x16177e8 GetConsoleMode
0x16177ec FreeEnvironmentStringsW
0x16177f0 ExitProcess
0x16177f4 DuplicateHandle
0x16177f8 CreateWaitableTimerExW
0x16177fc CreateThread
0x1617800 CreateIoCompletionPort
0x1617804 CreateEventA
0x1617808 CloseHandle
0x161780c AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x1617760 WriteFile
0x1617764 WriteConsoleW
0x1617768 WerSetFlags
0x161776c WerGetFlags
0x1617770 WaitForMultipleObjects
0x1617774 WaitForSingleObject
0x1617778 VirtualQuery
0x161777c VirtualFree
0x1617780 VirtualAlloc
0x1617784 TlsAlloc
0x1617788 SwitchToThread
0x161778c SuspendThread
0x1617790 SetWaitableTimer
0x1617794 SetUnhandledExceptionFilter
0x1617798 SetProcessPriorityBoost
0x161779c SetEvent
0x16177a0 SetErrorMode
0x16177a4 SetConsoleCtrlHandler
0x16177a8 ResumeThread
0x16177ac RaiseFailFastException
0x16177b0 PostQueuedCompletionStatus
0x16177b4 LoadLibraryW
0x16177b8 LoadLibraryExW
0x16177bc SetThreadContext
0x16177c0 GetThreadContext
0x16177c4 GetSystemInfo
0x16177c8 GetSystemDirectoryA
0x16177cc GetStdHandle
0x16177d0 GetQueuedCompletionStatusEx
0x16177d4 GetProcessAffinityMask
0x16177d8 GetProcAddress
0x16177dc GetErrorMode
0x16177e0 GetEnvironmentStringsW
0x16177e4 GetCurrentThreadId
0x16177e8 GetConsoleMode
0x16177ec FreeEnvironmentStringsW
0x16177f0 ExitProcess
0x16177f4 DuplicateHandle
0x16177f8 CreateWaitableTimerExW
0x16177fc CreateThread
0x1617800 CreateIoCompletionPort
0x1617804 CreateEventA
0x1617808 CloseHandle
0x161780c AddVectoredExceptionHandler
EAT(Export Address Table) is none