ScreenShot
| Created | 2024.10.31 18:04 | Machine | s1_win7_x6401 |
| Filename | xnsjjxja.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 52 detected (AIDetectMalware, Stelpak, Malicious, score, Unsafe, Kysler, confidence, GenericKD, Attribute, HighConfidence, high confidence, GenKryptik, HDET, MalwareX, Lumma, Kryptik, mmduw, LUMMASTEALER, YXEJ4Z, high, Static AI, Malicious PE, Detected, Sabsik, Eldorado, R674533, Artemis, BScope, TrojanPSW, RedLine, Krypt, Chgt, Wwhl, HUTD) | ||
| md5 | fca874fcb9f344ec26f3ae4d359e75d7 | ||
| sha256 | 56fc365c91e437d19a582a267bfee66ae4d2b4e8c9b039523119d7c9dc6c9fce | ||
| ssdeep | 24576:1+BNeMxzXC64aUn+EbWKpFOEMalcU3Aa2FTL3JkMt4Qe1CqxO9zTp:cLDxzXC64aUnqKpHlv3Al7JH4t1CUy | ||
| imphash | b81adc1ab7b2f0076f5100372e512f8b | ||
| impfuzzy | 48:56KFL9oW/xRcpVljSXtXIrYtWEzTpQo3o0uFZIE:56KdWW/xRcpVl+XtXCYtWE/pQ3h | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| danger | Executed a process and injected code into it |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Code injection by writing an executable or DLL to the memory of another process |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Yara rule detected in process memory |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (16cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | ScreenShot | Take ScreenShot | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x499000 GetModuleHandleA
0x499004 GlobalFindAtomW
0x499008 GetProcAddress
0x49900c RaiseException
0x499010 RtlCaptureStackBackTrace
0x499014 GetCurrentThreadId
0x499018 IsProcessorFeaturePresent
0x49901c GetLastError
0x499020 FreeLibraryWhenCallbackReturns
0x499024 CreateThreadpoolWork
0x499028 SubmitThreadpoolWork
0x49902c CloseThreadpoolWork
0x499030 GetModuleHandleExW
0x499034 WakeConditionVariable
0x499038 WakeAllConditionVariable
0x49903c SleepConditionVariableSRW
0x499040 InitOnceComplete
0x499044 InitOnceBeginInitialize
0x499048 FormatMessageA
0x49904c ReleaseSRWLockExclusive
0x499050 AcquireSRWLockExclusive
0x499054 TryAcquireSRWLockExclusive
0x499058 WideCharToMultiByte
0x49905c CloseHandle
0x499060 WaitForSingleObjectEx
0x499064 Sleep
0x499068 SwitchToThread
0x49906c GetExitCodeThread
0x499070 GetNativeSystemInfo
0x499074 QueryPerformanceCounter
0x499078 QueryPerformanceFrequency
0x49907c EnterCriticalSection
0x499080 LeaveCriticalSection
0x499084 InitializeCriticalSectionEx
0x499088 DeleteCriticalSection
0x49908c EncodePointer
0x499090 DecodePointer
0x499094 LocalFree
0x499098 GetLocaleInfoEx
0x49909c MultiByteToWideChar
0x4990a0 LCMapStringEx
0x4990a4 SetFileInformationByHandle
0x4990a8 GetTempPathW
0x4990ac InitOnceExecuteOnce
0x4990b0 CreateEventExW
0x4990b4 CreateSemaphoreExW
0x4990b8 FlushProcessWriteBuffers
0x4990bc GetCurrentProcessorNumber
0x4990c0 GetSystemTimeAsFileTime
0x4990c4 GetTickCount64
0x4990c8 CreateThreadpoolTimer
0x4990cc SetThreadpoolTimer
0x4990d0 WaitForThreadpoolTimerCallbacks
0x4990d4 CloseThreadpoolTimer
0x4990d8 CreateThreadpoolWait
0x4990dc SetThreadpoolWait
0x4990e0 CloseThreadpoolWait
0x4990e4 GetModuleHandleW
0x4990e8 GetFileInformationByHandleEx
0x4990ec CreateSymbolicLinkW
0x4990f0 GetStringTypeW
0x4990f4 CompareStringEx
0x4990f8 GetCPInfo
0x4990fc UnhandledExceptionFilter
0x499100 SetUnhandledExceptionFilter
0x499104 GetCurrentProcess
0x499108 TerminateProcess
0x49910c IsDebuggerPresent
0x499110 GetStartupInfoW
0x499114 GetCurrentProcessId
0x499118 InitializeSListHead
0x49911c WriteConsoleW
0x499120 RtlUnwind
0x499124 InterlockedPushEntrySList
0x499128 InterlockedFlushSList
0x49912c SetLastError
0x499130 InitializeCriticalSectionAndSpinCount
0x499134 TlsAlloc
0x499138 TlsGetValue
0x49913c TlsSetValue
0x499140 TlsFree
0x499144 FreeLibrary
0x499148 LoadLibraryExW
0x49914c CreateThread
0x499150 ExitThread
0x499154 ResumeThread
0x499158 FreeLibraryAndExitThread
0x49915c ExitProcess
0x499160 GetModuleFileNameW
0x499164 GetStdHandle
0x499168 WriteFile
0x49916c GetCommandLineA
0x499170 GetCommandLineW
0x499174 SetConsoleCtrlHandler
0x499178 GetFileSizeEx
0x49917c SetFilePointerEx
0x499180 GetCurrentThread
0x499184 GetFileType
0x499188 HeapAlloc
0x49918c HeapFree
0x499190 GetDateFormatW
0x499194 GetTimeFormatW
0x499198 CompareStringW
0x49919c LCMapStringW
0x4991a0 GetLocaleInfoW
0x4991a4 IsValidLocale
0x4991a8 GetUserDefaultLCID
0x4991ac EnumSystemLocalesW
0x4991b0 FlushFileBuffers
0x4991b4 GetConsoleOutputCP
0x4991b8 GetConsoleMode
0x4991bc ReadFile
0x4991c0 ReadConsoleW
0x4991c4 HeapReAlloc
0x4991c8 GetTimeZoneInformation
0x4991cc FindClose
0x4991d0 FindFirstFileExW
0x4991d4 FindNextFileW
0x4991d8 IsValidCodePage
0x4991dc GetACP
0x4991e0 GetOEMCP
0x4991e4 GetEnvironmentStringsW
0x4991e8 FreeEnvironmentStringsW
0x4991ec SetEnvironmentVariableW
0x4991f0 GetProcessHeap
0x4991f4 OutputDebugStringW
0x4991f8 SetStdHandle
0x4991fc CreateFileW
0x499200 HeapSize
0x499204 SetEndOfFile
EAT(Export Address Table) is none
KERNEL32.dll
0x499000 GetModuleHandleA
0x499004 GlobalFindAtomW
0x499008 GetProcAddress
0x49900c RaiseException
0x499010 RtlCaptureStackBackTrace
0x499014 GetCurrentThreadId
0x499018 IsProcessorFeaturePresent
0x49901c GetLastError
0x499020 FreeLibraryWhenCallbackReturns
0x499024 CreateThreadpoolWork
0x499028 SubmitThreadpoolWork
0x49902c CloseThreadpoolWork
0x499030 GetModuleHandleExW
0x499034 WakeConditionVariable
0x499038 WakeAllConditionVariable
0x49903c SleepConditionVariableSRW
0x499040 InitOnceComplete
0x499044 InitOnceBeginInitialize
0x499048 FormatMessageA
0x49904c ReleaseSRWLockExclusive
0x499050 AcquireSRWLockExclusive
0x499054 TryAcquireSRWLockExclusive
0x499058 WideCharToMultiByte
0x49905c CloseHandle
0x499060 WaitForSingleObjectEx
0x499064 Sleep
0x499068 SwitchToThread
0x49906c GetExitCodeThread
0x499070 GetNativeSystemInfo
0x499074 QueryPerformanceCounter
0x499078 QueryPerformanceFrequency
0x49907c EnterCriticalSection
0x499080 LeaveCriticalSection
0x499084 InitializeCriticalSectionEx
0x499088 DeleteCriticalSection
0x49908c EncodePointer
0x499090 DecodePointer
0x499094 LocalFree
0x499098 GetLocaleInfoEx
0x49909c MultiByteToWideChar
0x4990a0 LCMapStringEx
0x4990a4 SetFileInformationByHandle
0x4990a8 GetTempPathW
0x4990ac InitOnceExecuteOnce
0x4990b0 CreateEventExW
0x4990b4 CreateSemaphoreExW
0x4990b8 FlushProcessWriteBuffers
0x4990bc GetCurrentProcessorNumber
0x4990c0 GetSystemTimeAsFileTime
0x4990c4 GetTickCount64
0x4990c8 CreateThreadpoolTimer
0x4990cc SetThreadpoolTimer
0x4990d0 WaitForThreadpoolTimerCallbacks
0x4990d4 CloseThreadpoolTimer
0x4990d8 CreateThreadpoolWait
0x4990dc SetThreadpoolWait
0x4990e0 CloseThreadpoolWait
0x4990e4 GetModuleHandleW
0x4990e8 GetFileInformationByHandleEx
0x4990ec CreateSymbolicLinkW
0x4990f0 GetStringTypeW
0x4990f4 CompareStringEx
0x4990f8 GetCPInfo
0x4990fc UnhandledExceptionFilter
0x499100 SetUnhandledExceptionFilter
0x499104 GetCurrentProcess
0x499108 TerminateProcess
0x49910c IsDebuggerPresent
0x499110 GetStartupInfoW
0x499114 GetCurrentProcessId
0x499118 InitializeSListHead
0x49911c WriteConsoleW
0x499120 RtlUnwind
0x499124 InterlockedPushEntrySList
0x499128 InterlockedFlushSList
0x49912c SetLastError
0x499130 InitializeCriticalSectionAndSpinCount
0x499134 TlsAlloc
0x499138 TlsGetValue
0x49913c TlsSetValue
0x499140 TlsFree
0x499144 FreeLibrary
0x499148 LoadLibraryExW
0x49914c CreateThread
0x499150 ExitThread
0x499154 ResumeThread
0x499158 FreeLibraryAndExitThread
0x49915c ExitProcess
0x499160 GetModuleFileNameW
0x499164 GetStdHandle
0x499168 WriteFile
0x49916c GetCommandLineA
0x499170 GetCommandLineW
0x499174 SetConsoleCtrlHandler
0x499178 GetFileSizeEx
0x49917c SetFilePointerEx
0x499180 GetCurrentThread
0x499184 GetFileType
0x499188 HeapAlloc
0x49918c HeapFree
0x499190 GetDateFormatW
0x499194 GetTimeFormatW
0x499198 CompareStringW
0x49919c LCMapStringW
0x4991a0 GetLocaleInfoW
0x4991a4 IsValidLocale
0x4991a8 GetUserDefaultLCID
0x4991ac EnumSystemLocalesW
0x4991b0 FlushFileBuffers
0x4991b4 GetConsoleOutputCP
0x4991b8 GetConsoleMode
0x4991bc ReadFile
0x4991c0 ReadConsoleW
0x4991c4 HeapReAlloc
0x4991c8 GetTimeZoneInformation
0x4991cc FindClose
0x4991d0 FindFirstFileExW
0x4991d4 FindNextFileW
0x4991d8 IsValidCodePage
0x4991dc GetACP
0x4991e0 GetOEMCP
0x4991e4 GetEnvironmentStringsW
0x4991e8 FreeEnvironmentStringsW
0x4991ec SetEnvironmentVariableW
0x4991f0 GetProcessHeap
0x4991f4 OutputDebugStringW
0x4991f8 SetStdHandle
0x4991fc CreateFileW
0x499200 HeapSize
0x499204 SetEndOfFile
EAT(Export Address Table) is none