ScreenShot
| Created | 2024.11.01 09:19 | Machine | s1_win7_x6403 |
| Filename | 123321.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 34 detected (AIDetectMalware, Lazy, Unsafe, malicious, confidence, Attribute, HighConfidence, GenKryptik, HCVV, MalwareX, Kryptik@AI, RDML, Ad+mIpcnhQMi7+ft1A, Generic Reputation PUA, Detected, Kryptik, Wacapew, Artemis, Outbreak, Chgt, susgen, C9nj) | ||
| md5 | a917b1d8182ab760220c1f9a59c5576c | ||
| sha256 | 2be1a242289c38722a8019eed87900389f591c799974fe986f635bcd88ee3f60 | ||
| ssdeep | 24576:9OJJ3zJrQ+zoEYPVibg9+tpm2h0lhSMXl13gu2w:Qr3zJE+Jqkkau | ||
| imphash | 1e9630f6a4cba2c0fa7296e4fb274cd5 | ||
| impfuzzy | 48:lEVrCiWxAtJ3Uc+XFrsCgZpLSrvidkqLhptxA4CTswUA:lWrCiWxAtuc+XVsCApLSrviOqfxCowZ | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140088000 VirtualFree
0x140088008 VirtualAlloc
0x140088010 GetModuleHandleW
0x140088018 LoadLibraryA
0x140088020 ReadFile
0x140088028 WriteFile
0x140088030 CreateFileW
0x140088038 UnmapViewOfFile
0x140088040 CloseHandle
0x140088048 CreateFileMappingW
0x140088050 MapViewOfFile
0x140088058 GetProcAddress
0x140088060 GetCurrentProcess
0x140088068 FlushInstructionCache
0x140088070 VirtualQuery
0x140088078 RemoveVectoredExceptionHandler
0x140088080 WriteProcessMemory
0x140088088 GetModuleHandleA
0x140088090 MultiByteToWideChar
0x140088098 LoadLibraryW
0x1400880a0 AddVectoredExceptionHandler
0x1400880a8 WideCharToMultiByte
0x1400880b0 GetTickCount
0x1400880b8 FreeEnvironmentStringsW
0x1400880c0 GetEnvironmentStringsW
0x1400880c8 LCMapStringEx
0x1400880d0 DecodePointer
0x1400880d8 InitializeCriticalSectionEx
0x1400880e0 TryAcquireSRWLockExclusive
0x1400880e8 AcquireSRWLockExclusive
0x1400880f0 ReleaseSRWLockExclusive
0x1400880f8 QueryPerformanceFrequency
0x140088100 GetLastError
0x140088108 SetLastError
0x140088110 RtlCaptureContext
0x140088118 RtlLookupFunctionEntry
0x140088120 RtlVirtualUnwind
0x140088128 IsDebuggerPresent
0x140088130 UnhandledExceptionFilter
0x140088138 SetUnhandledExceptionFilter
0x140088140 TerminateProcess
0x140088148 IsProcessorFeaturePresent
0x140088150 GetCommandLineA
0x140088158 GetCommandLineW
0x140088160 EnterCriticalSection
0x140088168 LeaveCriticalSection
0x140088170 DeleteCriticalSection
0x140088178 GetSystemTimeAsFileTime
0x140088180 HeapAlloc
0x140088188 HeapFree
0x140088190 GetCurrentThreadId
0x140088198 GetStdHandle
0x1400881a0 GetFileType
0x1400881a8 GetStartupInfoW
0x1400881b0 RaiseException
0x1400881b8 GetFileSizeEx
0x1400881c0 SetFilePointerEx
0x1400881c8 FlushFileBuffers
0x1400881d0 GetConsoleOutputCP
0x1400881d8 GetConsoleMode
0x1400881e0 FlsAlloc
0x1400881e8 FlsGetValue
0x1400881f0 FlsSetValue
0x1400881f8 FlsFree
0x140088200 InitializeCriticalSectionAndSpinCount
0x140088208 FreeLibrary
0x140088210 LoadLibraryExW
0x140088218 LCMapStringW
0x140088220 GetLocaleInfoW
0x140088228 IsValidLocale
0x140088230 GetUserDefaultLCID
0x140088238 EnumSystemLocalesW
0x140088240 ReadConsoleW
0x140088248 HeapReAlloc
0x140088250 HeapSize
0x140088258 GetProcessHeap
0x140088260 IsValidCodePage
0x140088268 GetACP
0x140088270 GetOEMCP
0x140088278 GetCPInfo
0x140088280 GetStringTypeW
0x140088288 ExitProcess
0x140088290 GetModuleHandleExW
0x140088298 SetStdHandle
0x1400882a0 GetModuleFileNameW
0x1400882a8 WriteConsoleW
0x1400882b0 QueryPerformanceCounter
0x1400882b8 GetCurrentProcessId
0x1400882c0 InitializeSListHead
0x1400882c8 RtlUnwindEx
0x1400882d0 RtlUnwind
0x1400882d8 RtlPcToFileHeader
0x1400882e0 EncodePointer
0x1400882e8 TlsAlloc
0x1400882f0 TlsGetValue
0x1400882f8 TlsSetValue
0x140088300 TlsFree
0x140088308 VirtualProtect
0x140088310 VirtualQueryEx
0x140088318 ReadProcessMemory
0x140088320 GetSystemInfo
0x140088328 InitializeCriticalSection
0x140088330 LocalFree
0x140088338 FindClose
0x140088340 FindFirstFileExW
0x140088348 FindNextFileW
ntdll.dll
0x1400883a0 NtUnmapViewOfSection
0x1400883a8 RtlFreeHeap
0x1400883b0 NtContinue
0x1400883b8 NtCreateSection
0x1400883c0 RtlAllocateHeap
0x1400883c8 NtGetContextThread
0x1400883d0 RtlCompareUnicodeString
0x1400883d8 NtQueryObject
0x1400883e0 NtOpenSection
0x1400883e8 RtlCreateUnicodeString
0x1400883f0 NtMapViewOfSection
0x1400883f8 NtRaiseHardError
0x140088400 RtlAdjustPrivilege
0x140088408 NtClose
OLEAUT32.dll
0x140088358 SafeArrayDestroy
0x140088360 SysFreeString
0x140088368 SafeArrayPutElement
0x140088370 SafeArrayCreate
0x140088378 SafeArrayCreateVector
0x140088380 SysAllocString
mscoree.dll
0x140088390 CLRCreateInstance
EAT(Export Address Table) is none
KERNEL32.dll
0x140088000 VirtualFree
0x140088008 VirtualAlloc
0x140088010 GetModuleHandleW
0x140088018 LoadLibraryA
0x140088020 ReadFile
0x140088028 WriteFile
0x140088030 CreateFileW
0x140088038 UnmapViewOfFile
0x140088040 CloseHandle
0x140088048 CreateFileMappingW
0x140088050 MapViewOfFile
0x140088058 GetProcAddress
0x140088060 GetCurrentProcess
0x140088068 FlushInstructionCache
0x140088070 VirtualQuery
0x140088078 RemoveVectoredExceptionHandler
0x140088080 WriteProcessMemory
0x140088088 GetModuleHandleA
0x140088090 MultiByteToWideChar
0x140088098 LoadLibraryW
0x1400880a0 AddVectoredExceptionHandler
0x1400880a8 WideCharToMultiByte
0x1400880b0 GetTickCount
0x1400880b8 FreeEnvironmentStringsW
0x1400880c0 GetEnvironmentStringsW
0x1400880c8 LCMapStringEx
0x1400880d0 DecodePointer
0x1400880d8 InitializeCriticalSectionEx
0x1400880e0 TryAcquireSRWLockExclusive
0x1400880e8 AcquireSRWLockExclusive
0x1400880f0 ReleaseSRWLockExclusive
0x1400880f8 QueryPerformanceFrequency
0x140088100 GetLastError
0x140088108 SetLastError
0x140088110 RtlCaptureContext
0x140088118 RtlLookupFunctionEntry
0x140088120 RtlVirtualUnwind
0x140088128 IsDebuggerPresent
0x140088130 UnhandledExceptionFilter
0x140088138 SetUnhandledExceptionFilter
0x140088140 TerminateProcess
0x140088148 IsProcessorFeaturePresent
0x140088150 GetCommandLineA
0x140088158 GetCommandLineW
0x140088160 EnterCriticalSection
0x140088168 LeaveCriticalSection
0x140088170 DeleteCriticalSection
0x140088178 GetSystemTimeAsFileTime
0x140088180 HeapAlloc
0x140088188 HeapFree
0x140088190 GetCurrentThreadId
0x140088198 GetStdHandle
0x1400881a0 GetFileType
0x1400881a8 GetStartupInfoW
0x1400881b0 RaiseException
0x1400881b8 GetFileSizeEx
0x1400881c0 SetFilePointerEx
0x1400881c8 FlushFileBuffers
0x1400881d0 GetConsoleOutputCP
0x1400881d8 GetConsoleMode
0x1400881e0 FlsAlloc
0x1400881e8 FlsGetValue
0x1400881f0 FlsSetValue
0x1400881f8 FlsFree
0x140088200 InitializeCriticalSectionAndSpinCount
0x140088208 FreeLibrary
0x140088210 LoadLibraryExW
0x140088218 LCMapStringW
0x140088220 GetLocaleInfoW
0x140088228 IsValidLocale
0x140088230 GetUserDefaultLCID
0x140088238 EnumSystemLocalesW
0x140088240 ReadConsoleW
0x140088248 HeapReAlloc
0x140088250 HeapSize
0x140088258 GetProcessHeap
0x140088260 IsValidCodePage
0x140088268 GetACP
0x140088270 GetOEMCP
0x140088278 GetCPInfo
0x140088280 GetStringTypeW
0x140088288 ExitProcess
0x140088290 GetModuleHandleExW
0x140088298 SetStdHandle
0x1400882a0 GetModuleFileNameW
0x1400882a8 WriteConsoleW
0x1400882b0 QueryPerformanceCounter
0x1400882b8 GetCurrentProcessId
0x1400882c0 InitializeSListHead
0x1400882c8 RtlUnwindEx
0x1400882d0 RtlUnwind
0x1400882d8 RtlPcToFileHeader
0x1400882e0 EncodePointer
0x1400882e8 TlsAlloc
0x1400882f0 TlsGetValue
0x1400882f8 TlsSetValue
0x140088300 TlsFree
0x140088308 VirtualProtect
0x140088310 VirtualQueryEx
0x140088318 ReadProcessMemory
0x140088320 GetSystemInfo
0x140088328 InitializeCriticalSection
0x140088330 LocalFree
0x140088338 FindClose
0x140088340 FindFirstFileExW
0x140088348 FindNextFileW
ntdll.dll
0x1400883a0 NtUnmapViewOfSection
0x1400883a8 RtlFreeHeap
0x1400883b0 NtContinue
0x1400883b8 NtCreateSection
0x1400883c0 RtlAllocateHeap
0x1400883c8 NtGetContextThread
0x1400883d0 RtlCompareUnicodeString
0x1400883d8 NtQueryObject
0x1400883e0 NtOpenSection
0x1400883e8 RtlCreateUnicodeString
0x1400883f0 NtMapViewOfSection
0x1400883f8 NtRaiseHardError
0x140088400 RtlAdjustPrivilege
0x140088408 NtClose
OLEAUT32.dll
0x140088358 SafeArrayDestroy
0x140088360 SysFreeString
0x140088368 SafeArrayPutElement
0x140088370 SafeArrayCreate
0x140088378 SafeArrayCreateVector
0x140088380 SysAllocString
mscoree.dll
0x140088390 CLRCreateInstance
EAT(Export Address Table) is none