ScreenShot
| Created | 2024.10.29 17:13 | Machine | s1_win7_x6403 |
| Filename | EDge.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 41 detected (AIDetectMalware, ShellcodeRunner, Malicious, score, Unsafe, Save, confidence, Autoruns, GenericKD, Attribute, HighConfidence, high confidence, a variant of WinGo, FileRepMalware, utbzo, AMADEY, YXEJ3Z, Static AI, Suspicious PE, Detected, Androm, Donut, 1515V3, ABTrojan, OPWA, Artemis, WinGo, Chgt, Ekjl) | ||
| md5 | f01ed03b7a786c24ebd92eab9b441b9d | ||
| sha256 | 6dc5fcbd3d05cb11dc4731aea996c7cbc213253c4d4b119799c5ddedebe537fb | ||
| ssdeep | 24576:VmbfFJN3P6yM97l2cMPdjjy/ZIbRCTtM+UcI6TRq3jUN6DMhQKjyJ9IFz1uXy:k7N3P6ykZ2cmjjalM+E3SMQJW | ||
| imphash | c2d457ad8ac36fc9f18d45bffcd450c2 | ||
| impfuzzy | 24:ibVjh9wOuuTkkboVaXOr6kwmDgUPMztxdEr6tl:AwOuUjXOmokx0ol | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x63b2c0 WriteFile
0x63b2c8 WriteConsoleW
0x63b2d0 WerSetFlags
0x63b2d8 WerGetFlags
0x63b2e0 WaitForMultipleObjects
0x63b2e8 WaitForSingleObject
0x63b2f0 VirtualQuery
0x63b2f8 VirtualFree
0x63b300 VirtualAlloc
0x63b308 TlsAlloc
0x63b310 SwitchToThread
0x63b318 SuspendThread
0x63b320 SetWaitableTimer
0x63b328 SetProcessPriorityBoost
0x63b330 SetEvent
0x63b338 SetErrorMode
0x63b340 SetConsoleCtrlHandler
0x63b348 RtlVirtualUnwind
0x63b350 RtlLookupFunctionEntry
0x63b358 ResumeThread
0x63b360 RaiseFailFastException
0x63b368 PostQueuedCompletionStatus
0x63b370 LoadLibraryW
0x63b378 LoadLibraryExW
0x63b380 SetThreadContext
0x63b388 GetThreadContext
0x63b390 GetSystemInfo
0x63b398 GetSystemDirectoryA
0x63b3a0 GetStdHandle
0x63b3a8 GetQueuedCompletionStatusEx
0x63b3b0 GetProcessAffinityMask
0x63b3b8 GetProcAddress
0x63b3c0 GetErrorMode
0x63b3c8 GetEnvironmentStringsW
0x63b3d0 GetCurrentThreadId
0x63b3d8 GetConsoleMode
0x63b3e0 FreeEnvironmentStringsW
0x63b3e8 ExitProcess
0x63b3f0 DuplicateHandle
0x63b3f8 CreateWaitableTimerExW
0x63b400 CreateThread
0x63b408 CreateIoCompletionPort
0x63b410 CreateFileA
0x63b418 CreateEventA
0x63b420 CloseHandle
0x63b428 AddVectoredExceptionHandler
0x63b430 AddVectoredContinueHandler
EAT(Export Address Table) is none
kernel32.dll
0x63b2c0 WriteFile
0x63b2c8 WriteConsoleW
0x63b2d0 WerSetFlags
0x63b2d8 WerGetFlags
0x63b2e0 WaitForMultipleObjects
0x63b2e8 WaitForSingleObject
0x63b2f0 VirtualQuery
0x63b2f8 VirtualFree
0x63b300 VirtualAlloc
0x63b308 TlsAlloc
0x63b310 SwitchToThread
0x63b318 SuspendThread
0x63b320 SetWaitableTimer
0x63b328 SetProcessPriorityBoost
0x63b330 SetEvent
0x63b338 SetErrorMode
0x63b340 SetConsoleCtrlHandler
0x63b348 RtlVirtualUnwind
0x63b350 RtlLookupFunctionEntry
0x63b358 ResumeThread
0x63b360 RaiseFailFastException
0x63b368 PostQueuedCompletionStatus
0x63b370 LoadLibraryW
0x63b378 LoadLibraryExW
0x63b380 SetThreadContext
0x63b388 GetThreadContext
0x63b390 GetSystemInfo
0x63b398 GetSystemDirectoryA
0x63b3a0 GetStdHandle
0x63b3a8 GetQueuedCompletionStatusEx
0x63b3b0 GetProcessAffinityMask
0x63b3b8 GetProcAddress
0x63b3c0 GetErrorMode
0x63b3c8 GetEnvironmentStringsW
0x63b3d0 GetCurrentThreadId
0x63b3d8 GetConsoleMode
0x63b3e0 FreeEnvironmentStringsW
0x63b3e8 ExitProcess
0x63b3f0 DuplicateHandle
0x63b3f8 CreateWaitableTimerExW
0x63b400 CreateThread
0x63b408 CreateIoCompletionPort
0x63b410 CreateFileA
0x63b418 CreateEventA
0x63b420 CloseHandle
0x63b428 AddVectoredExceptionHandler
0x63b430 AddVectoredContinueHandler
EAT(Export Address Table) is none