ScreenShot
| Created | 2024.10.29 17:18 | Machine | s1_win7_x6401 |
| Filename | 3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 13 detected (AIDetectMalware, Attribute, HighConfidence, malicious, high confidence, a variant of WinGo, CLASSIC, score, Detected, LummaStealer, WinGo) | ||
| md5 | 2dc8cdf825e23ff1df1ad11b3a6f1973 | ||
| sha256 | 5d215747817125559e1a2d934c301ab466cbc956a6839c8a45f8b02b84b184d0 | ||
| ssdeep | 98304:dKulY9+o0L82IacWOEF8xbADr/xLCqjqdYCDBvYuSHFCxMg:DZVyj8/tCGiBdSHF7g | ||
| imphash | 1aae8bf580c846f39c71c05898e57e88 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6UP:AwO+VUjXOmokx0nP | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x134f6c0 WriteFile
0x134f6c4 WriteConsoleW
0x134f6c8 WerSetFlags
0x134f6cc WerGetFlags
0x134f6d0 WaitForMultipleObjects
0x134f6d4 WaitForSingleObject
0x134f6d8 VirtualQuery
0x134f6dc VirtualFree
0x134f6e0 VirtualAlloc
0x134f6e4 TlsAlloc
0x134f6e8 SwitchToThread
0x134f6ec SuspendThread
0x134f6f0 SetWaitableTimer
0x134f6f4 SetUnhandledExceptionFilter
0x134f6f8 SetProcessPriorityBoost
0x134f6fc SetEvent
0x134f700 SetErrorMode
0x134f704 SetConsoleCtrlHandler
0x134f708 ResumeThread
0x134f70c RaiseFailFastException
0x134f710 PostQueuedCompletionStatus
0x134f714 LoadLibraryW
0x134f718 LoadLibraryExW
0x134f71c SetThreadContext
0x134f720 GetThreadContext
0x134f724 GetSystemInfo
0x134f728 GetSystemDirectoryA
0x134f72c GetStdHandle
0x134f730 GetQueuedCompletionStatusEx
0x134f734 GetProcessAffinityMask
0x134f738 GetProcAddress
0x134f73c GetErrorMode
0x134f740 GetEnvironmentStringsW
0x134f744 GetCurrentThreadId
0x134f748 GetConsoleMode
0x134f74c FreeEnvironmentStringsW
0x134f750 ExitProcess
0x134f754 DuplicateHandle
0x134f758 CreateWaitableTimerExW
0x134f75c CreateThread
0x134f760 CreateIoCompletionPort
0x134f764 CreateEventA
0x134f768 CloseHandle
0x134f76c AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x134f6c0 WriteFile
0x134f6c4 WriteConsoleW
0x134f6c8 WerSetFlags
0x134f6cc WerGetFlags
0x134f6d0 WaitForMultipleObjects
0x134f6d4 WaitForSingleObject
0x134f6d8 VirtualQuery
0x134f6dc VirtualFree
0x134f6e0 VirtualAlloc
0x134f6e4 TlsAlloc
0x134f6e8 SwitchToThread
0x134f6ec SuspendThread
0x134f6f0 SetWaitableTimer
0x134f6f4 SetUnhandledExceptionFilter
0x134f6f8 SetProcessPriorityBoost
0x134f6fc SetEvent
0x134f700 SetErrorMode
0x134f704 SetConsoleCtrlHandler
0x134f708 ResumeThread
0x134f70c RaiseFailFastException
0x134f710 PostQueuedCompletionStatus
0x134f714 LoadLibraryW
0x134f718 LoadLibraryExW
0x134f71c SetThreadContext
0x134f720 GetThreadContext
0x134f724 GetSystemInfo
0x134f728 GetSystemDirectoryA
0x134f72c GetStdHandle
0x134f730 GetQueuedCompletionStatusEx
0x134f734 GetProcessAffinityMask
0x134f738 GetProcAddress
0x134f73c GetErrorMode
0x134f740 GetEnvironmentStringsW
0x134f744 GetCurrentThreadId
0x134f748 GetConsoleMode
0x134f74c FreeEnvironmentStringsW
0x134f750 ExitProcess
0x134f754 DuplicateHandle
0x134f758 CreateWaitableTimerExW
0x134f75c CreateThread
0x134f760 CreateIoCompletionPort
0x134f764 CreateEventA
0x134f768 CloseHandle
0x134f76c AddVectoredExceptionHandler
EAT(Export Address Table) is none