ScreenShot
| Created | 2024.10.31 18:15 | Machine | s1_win7_x6401 |
| Filename | 4n.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 45 detected (AIDetectMalware, GenericKDQ, Artemis, Unsafe, GenericQ, Genus, Attribute, HighConfidence, malicious, high confidence, a variant of WinGo, Injuke, okjn, LummaStealer, CLASSIC, Redcap, ylcpx, YXEJ3Z, score, WinGo, Detected) | ||
| md5 | 0680170d17b99321500944eb7deded51 | ||
| sha256 | d4a2d9c10babdabd7bf16ee4773da3f82951c5741a682db002820deb6ff5eafd | ||
| ssdeep | 196608:4ce3WrKkBP/xttbTk6v69c6rW+s0Sq+eHJMI0/:4cLf1xtt165rjRMz/ | ||
| imphash | 4f2f006e2ecf7172ad368f8289dc96c1 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6tP:AwO+VUjXOmokx0oP | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | hide_executable_file | Hide executable file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x165fda0 WriteFile
0x165fda4 WriteConsoleW
0x165fda8 WerSetFlags
0x165fdac WerGetFlags
0x165fdb0 WaitForMultipleObjects
0x165fdb4 WaitForSingleObject
0x165fdb8 VirtualQuery
0x165fdbc VirtualFree
0x165fdc0 VirtualAlloc
0x165fdc4 TlsAlloc
0x165fdc8 SwitchToThread
0x165fdcc SuspendThread
0x165fdd0 SetWaitableTimer
0x165fdd4 SetUnhandledExceptionFilter
0x165fdd8 SetProcessPriorityBoost
0x165fddc SetEvent
0x165fde0 SetErrorMode
0x165fde4 SetConsoleCtrlHandler
0x165fde8 ResumeThread
0x165fdec RaiseFailFastException
0x165fdf0 PostQueuedCompletionStatus
0x165fdf4 LoadLibraryW
0x165fdf8 LoadLibraryExW
0x165fdfc SetThreadContext
0x165fe00 GetThreadContext
0x165fe04 GetSystemInfo
0x165fe08 GetSystemDirectoryA
0x165fe0c GetStdHandle
0x165fe10 GetQueuedCompletionStatusEx
0x165fe14 GetProcessAffinityMask
0x165fe18 GetProcAddress
0x165fe1c GetErrorMode
0x165fe20 GetEnvironmentStringsW
0x165fe24 GetCurrentThreadId
0x165fe28 GetConsoleMode
0x165fe2c FreeEnvironmentStringsW
0x165fe30 ExitProcess
0x165fe34 DuplicateHandle
0x165fe38 CreateWaitableTimerExW
0x165fe3c CreateThread
0x165fe40 CreateIoCompletionPort
0x165fe44 CreateFileA
0x165fe48 CreateEventA
0x165fe4c CloseHandle
0x165fe50 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x165fda0 WriteFile
0x165fda4 WriteConsoleW
0x165fda8 WerSetFlags
0x165fdac WerGetFlags
0x165fdb0 WaitForMultipleObjects
0x165fdb4 WaitForSingleObject
0x165fdb8 VirtualQuery
0x165fdbc VirtualFree
0x165fdc0 VirtualAlloc
0x165fdc4 TlsAlloc
0x165fdc8 SwitchToThread
0x165fdcc SuspendThread
0x165fdd0 SetWaitableTimer
0x165fdd4 SetUnhandledExceptionFilter
0x165fdd8 SetProcessPriorityBoost
0x165fddc SetEvent
0x165fde0 SetErrorMode
0x165fde4 SetConsoleCtrlHandler
0x165fde8 ResumeThread
0x165fdec RaiseFailFastException
0x165fdf0 PostQueuedCompletionStatus
0x165fdf4 LoadLibraryW
0x165fdf8 LoadLibraryExW
0x165fdfc SetThreadContext
0x165fe00 GetThreadContext
0x165fe04 GetSystemInfo
0x165fe08 GetSystemDirectoryA
0x165fe0c GetStdHandle
0x165fe10 GetQueuedCompletionStatusEx
0x165fe14 GetProcessAffinityMask
0x165fe18 GetProcAddress
0x165fe1c GetErrorMode
0x165fe20 GetEnvironmentStringsW
0x165fe24 GetCurrentThreadId
0x165fe28 GetConsoleMode
0x165fe2c FreeEnvironmentStringsW
0x165fe30 ExitProcess
0x165fe34 DuplicateHandle
0x165fe38 CreateWaitableTimerExW
0x165fe3c CreateThread
0x165fe40 CreateIoCompletionPort
0x165fe44 CreateFileA
0x165fe48 CreateEventA
0x165fe4c CloseHandle
0x165fe50 AddVectoredExceptionHandler
EAT(Export Address Table) is none