ScreenShot
| Created | 2024.10.29 18:17 | Machine | s1_win7_x6401 |
| Filename | cryyy.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 53 detected (AIDetectMalware, Stealerc, Malicious, score, Stop, Lockbit, GenericKD, Unsafe, Save, confidence, 100%, GenusT, ECEK, Attribute, HighConfidence, high confidence, GenKryptik, HDDK, PWSX, Kryptik, ktdqgi, Kryptik@AI, RDML, 75uYR3G6o+SGRxYkzhQ1Ow, vftoc, MulDrop9, Real Protect, high, Krypt, Static AI, Malicious PE, Detected, Yakes, Stealc, InjectorCrypt, 1SE2B7C, Artemis, Chgt, Tofsee, HF#G) | ||
| md5 | 0f103ba48d169f87b6d066ca88bc03c1 | ||
| sha256 | 925c5c0d232f0b735e1eb0823890fe8b40c01d93f976a58ec605f36997c25079 | ||
| ssdeep | 6144:PUvJccZEtlVqligrLlAGyI3q0hdicY+X0fV/OAOv:QTEKI6lABI3q07ijf8A | ||
| imphash | e5c7f5241db44a40977f45411126b318 | ||
| impfuzzy | 24:j4PbG2AHZ1h6QL905akCI0psJcD/pG8dQBSMdgUk5xvHOovngcfdYTPJKsQQyv0k:nrPgW90iY8dRru0gcfoP00c2sqy | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43c000 GetComputerNameA
0x43c004 GetNumaNodeProcessorMask
0x43c008 SetDefaultCommConfigA
0x43c00c GetNumaProcessorNode
0x43c010 GetLocaleInfoA
0x43c014 DebugActiveProcessStop
0x43c018 CallNamedPipeA
0x43c01c UpdateResourceA
0x43c020 DeleteVolumeMountPointA
0x43c024 InterlockedIncrement
0x43c028 MoveFileExW
0x43c02c GetEnvironmentStringsW
0x43c030 GlobalLock
0x43c034 GetTimeFormatA
0x43c038 SetCommBreak
0x43c03c FreeEnvironmentStringsA
0x43c040 GetModuleHandleW
0x43c044 FormatMessageA
0x43c048 FatalAppExitW
0x43c04c GetSystemWow64DirectoryW
0x43c050 GetVersionExW
0x43c054 GlobalFlags
0x43c058 HeapCreate
0x43c05c GetNamedPipeInfo
0x43c060 GetConsoleAliasW
0x43c064 SetConsoleCursorPosition
0x43c068 GetFileAttributesW
0x43c06c GetModuleFileNameW
0x43c070 GetConsoleFontSize
0x43c074 GetBinaryTypeW
0x43c078 GetStringTypeExA
0x43c07c GetStdHandle
0x43c080 SetLastError
0x43c084 GetProcAddress
0x43c088 VirtualAllocEx
0x43c08c BuildCommDCBW
0x43c090 LoadLibraryA
0x43c094 Process32FirstW
0x43c098 UnhandledExceptionFilter
0x43c09c InterlockedExchangeAdd
0x43c0a0 OpenWaitableTimerW
0x43c0a4 LocalAlloc
0x43c0a8 SetCalendarInfoW
0x43c0ac MoveFileA
0x43c0b0 SetCommMask
0x43c0b4 FindAtomA
0x43c0b8 GetOEMCP
0x43c0bc DebugBreakProcess
0x43c0c0 ReadConsoleOutputCharacterW
0x43c0c4 OpenFileMappingA
0x43c0c8 LocalFree
0x43c0cc LocalFileTimeToFileTime
0x43c0d0 CreateFileA
0x43c0d4 CloseHandle
0x43c0d8 HeapAlloc
0x43c0dc MultiByteToWideChar
0x43c0e0 GetCommandLineA
0x43c0e4 GetStartupInfoA
0x43c0e8 TerminateProcess
0x43c0ec GetCurrentProcess
0x43c0f0 SetUnhandledExceptionFilter
0x43c0f4 IsDebuggerPresent
0x43c0f8 DeleteCriticalSection
0x43c0fc LeaveCriticalSection
0x43c100 EnterCriticalSection
0x43c104 HeapFree
0x43c108 VirtualFree
0x43c10c VirtualAlloc
0x43c110 HeapReAlloc
0x43c114 Sleep
0x43c118 ExitProcess
0x43c11c WriteFile
0x43c120 GetModuleFileNameA
0x43c124 TlsGetValue
0x43c128 TlsAlloc
0x43c12c TlsSetValue
0x43c130 TlsFree
0x43c134 GetCurrentThreadId
0x43c138 GetLastError
0x43c13c InterlockedDecrement
0x43c140 HeapSize
0x43c144 GetCPInfo
0x43c148 GetACP
0x43c14c IsValidCodePage
0x43c150 GetEnvironmentStrings
0x43c154 FreeEnvironmentStringsW
0x43c158 WideCharToMultiByte
0x43c15c SetHandleCount
0x43c160 GetFileType
0x43c164 QueryPerformanceCounter
0x43c168 GetTickCount
0x43c16c GetCurrentProcessId
0x43c170 GetSystemTimeAsFileTime
0x43c174 InitializeCriticalSectionAndSpinCount
0x43c178 RtlUnwind
0x43c17c LCMapStringA
0x43c180 LCMapStringW
0x43c184 GetStringTypeA
0x43c188 GetStringTypeW
0x43c18c SetFilePointer
0x43c190 GetConsoleCP
0x43c194 GetConsoleMode
0x43c198 FlushFileBuffers
0x43c19c SetStdHandle
0x43c1a0 WriteConsoleA
0x43c1a4 GetConsoleOutputCP
0x43c1a8 WriteConsoleW
0x43c1ac GetModuleHandleA
WINHTTP.dll
0x43c1b4 WinHttpOpenRequest
EAT(Export Address Table) is none
KERNEL32.dll
0x43c000 GetComputerNameA
0x43c004 GetNumaNodeProcessorMask
0x43c008 SetDefaultCommConfigA
0x43c00c GetNumaProcessorNode
0x43c010 GetLocaleInfoA
0x43c014 DebugActiveProcessStop
0x43c018 CallNamedPipeA
0x43c01c UpdateResourceA
0x43c020 DeleteVolumeMountPointA
0x43c024 InterlockedIncrement
0x43c028 MoveFileExW
0x43c02c GetEnvironmentStringsW
0x43c030 GlobalLock
0x43c034 GetTimeFormatA
0x43c038 SetCommBreak
0x43c03c FreeEnvironmentStringsA
0x43c040 GetModuleHandleW
0x43c044 FormatMessageA
0x43c048 FatalAppExitW
0x43c04c GetSystemWow64DirectoryW
0x43c050 GetVersionExW
0x43c054 GlobalFlags
0x43c058 HeapCreate
0x43c05c GetNamedPipeInfo
0x43c060 GetConsoleAliasW
0x43c064 SetConsoleCursorPosition
0x43c068 GetFileAttributesW
0x43c06c GetModuleFileNameW
0x43c070 GetConsoleFontSize
0x43c074 GetBinaryTypeW
0x43c078 GetStringTypeExA
0x43c07c GetStdHandle
0x43c080 SetLastError
0x43c084 GetProcAddress
0x43c088 VirtualAllocEx
0x43c08c BuildCommDCBW
0x43c090 LoadLibraryA
0x43c094 Process32FirstW
0x43c098 UnhandledExceptionFilter
0x43c09c InterlockedExchangeAdd
0x43c0a0 OpenWaitableTimerW
0x43c0a4 LocalAlloc
0x43c0a8 SetCalendarInfoW
0x43c0ac MoveFileA
0x43c0b0 SetCommMask
0x43c0b4 FindAtomA
0x43c0b8 GetOEMCP
0x43c0bc DebugBreakProcess
0x43c0c0 ReadConsoleOutputCharacterW
0x43c0c4 OpenFileMappingA
0x43c0c8 LocalFree
0x43c0cc LocalFileTimeToFileTime
0x43c0d0 CreateFileA
0x43c0d4 CloseHandle
0x43c0d8 HeapAlloc
0x43c0dc MultiByteToWideChar
0x43c0e0 GetCommandLineA
0x43c0e4 GetStartupInfoA
0x43c0e8 TerminateProcess
0x43c0ec GetCurrentProcess
0x43c0f0 SetUnhandledExceptionFilter
0x43c0f4 IsDebuggerPresent
0x43c0f8 DeleteCriticalSection
0x43c0fc LeaveCriticalSection
0x43c100 EnterCriticalSection
0x43c104 HeapFree
0x43c108 VirtualFree
0x43c10c VirtualAlloc
0x43c110 HeapReAlloc
0x43c114 Sleep
0x43c118 ExitProcess
0x43c11c WriteFile
0x43c120 GetModuleFileNameA
0x43c124 TlsGetValue
0x43c128 TlsAlloc
0x43c12c TlsSetValue
0x43c130 TlsFree
0x43c134 GetCurrentThreadId
0x43c138 GetLastError
0x43c13c InterlockedDecrement
0x43c140 HeapSize
0x43c144 GetCPInfo
0x43c148 GetACP
0x43c14c IsValidCodePage
0x43c150 GetEnvironmentStrings
0x43c154 FreeEnvironmentStringsW
0x43c158 WideCharToMultiByte
0x43c15c SetHandleCount
0x43c160 GetFileType
0x43c164 QueryPerformanceCounter
0x43c168 GetTickCount
0x43c16c GetCurrentProcessId
0x43c170 GetSystemTimeAsFileTime
0x43c174 InitializeCriticalSectionAndSpinCount
0x43c178 RtlUnwind
0x43c17c LCMapStringA
0x43c180 LCMapStringW
0x43c184 GetStringTypeA
0x43c188 GetStringTypeW
0x43c18c SetFilePointer
0x43c190 GetConsoleCP
0x43c194 GetConsoleMode
0x43c198 FlushFileBuffers
0x43c19c SetStdHandle
0x43c1a0 WriteConsoleA
0x43c1a4 GetConsoleOutputCP
0x43c1a8 WriteConsoleW
0x43c1ac GetModuleHandleA
WINHTTP.dll
0x43c1b4 WinHttpOpenRequest
EAT(Export Address Table) is none