ScreenShot
| Created | 2024.11.07 13:12 | Machine | s1_win7_x6401 |
| Filename | Everything.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 57 detected (AIDetectMalware, Malicious, score, YakbeexMSIL, Unsafe, confidence, high confidence, PWSX, Nanocore, PhemedroneStealer, Nekark, ksmkbr, Phemedrone, CLASSIC, cxjkc, KillMBR, R002C0DJ524, Static AI, Suspicious PE, Detected, ywnly, Eldorado, Artemis, Zenpak, RedLineStealer, QQPass, QQRob, Uwhl, SHhL4cX0h2M, susgen) | ||
| md5 | 6630b14845f7d092bdedddc7ca62036f | ||
| sha256 | 2d7a125b7f2b2b5577a22b3595d63eaff97fb7bf593327d9598aaf4f6015264d | ||
| ssdeep | 196608:eOGlj18AnhS+g/2v2goLmwqvgFda7+LN2+4LDVTl/FuO7A0ZmoCGLVSeicSH5OQ9:Glj18AhS+42v2goLm/gFda7QYx/xTssK | ||
| imphash | 91e96141ed5dbe3bc541c8aad7ff3c38 | ||
| impfuzzy | 48:J9FprOcLy1XFjn6S3gYMwBtDXzKc+pn5KFi:JVrFLy1XFLDVJBtDXzKc+pn5KFi | ||
Network IP location
Signature (17cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| watch | Appends a known CryptoMix ransomware file extension to files that have been encrypted |
| watch | Attempts to access Bitcoin/ALTCoin wallets |
| watch | Harvests credentials from local FTP client softwares |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (21cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | RedLine_Stealer_b_Zero | RedLine stealer | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| watch | Win32_Trojan_PWS_Net_1_Zero | Win32 Trojan PWS .NET Azorult | binaries (download) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | Is_DotNET_EXE | (no description) | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x429000 GetLastError
0x429004 SetLastError
0x429008 FormatMessageW
0x42900c GetFileType
0x429010 GetStdHandle
0x429014 WriteFile
0x429018 ReadFile
0x42901c FlushFileBuffers
0x429020 SetEndOfFile
0x429024 SetFilePointer
0x429028 SetFileTime
0x42902c CloseHandle
0x429030 CreateFileW
0x429034 GetCurrentProcessId
0x429038 CreateDirectoryW
0x42903c SetFileAttributesW
0x429040 GetFileAttributesW
0x429044 DeleteFileW
0x429048 MoveFileW
0x42904c FindClose
0x429050 FindFirstFileW
0x429054 FindNextFileW
0x429058 GetVersionExW
0x42905c GetCurrentDirectoryW
0x429060 GetFullPathNameW
0x429064 FoldStringW
0x429068 GetModuleFileNameW
0x42906c GetModuleHandleW
0x429070 FindResourceW
0x429074 FreeLibrary
0x429078 GetProcAddress
0x42907c ExitProcess
0x429080 SetThreadExecutionState
0x429084 Sleep
0x429088 LoadLibraryW
0x42908c GetSystemDirectoryW
0x429090 CompareStringW
0x429094 AllocConsole
0x429098 FreeConsole
0x42909c AttachConsole
0x4290a0 WriteConsoleW
0x4290a4 SystemTimeToTzSpecificLocalTime
0x4290a8 TzSpecificLocalTimeToSystemTime
0x4290ac SystemTimeToFileTime
0x4290b0 LocalFileTimeToFileTime
0x4290b4 FileTimeToSystemTime
0x4290b8 GetCPInfo
0x4290bc IsDBCSLeadByte
0x4290c0 MultiByteToWideChar
0x4290c4 WideCharToMultiByte
0x4290c8 GlobalAlloc
0x4290cc LockResource
0x4290d0 GlobalLock
0x4290d4 GlobalUnlock
0x4290d8 GlobalFree
0x4290dc LoadResource
0x4290e0 SizeofResource
0x4290e4 SetCurrentDirectoryW
0x4290e8 GetTimeFormatW
0x4290ec GetDateFormatW
0x4290f0 GetExitCodeProcess
0x4290f4 WaitForSingleObject
0x4290f8 GetLocalTime
0x4290fc GetTickCount
0x429100 MapViewOfFile
0x429104 UnmapViewOfFile
0x429108 CreateFileMappingW
0x42910c OpenFileMappingW
0x429110 GetCommandLineW
0x429114 SetEnvironmentVariableW
0x429118 ExpandEnvironmentStringsW
0x42911c GetTempPathW
0x429120 MoveFileExW
0x429124 GetLocaleInfoW
0x429128 GetNumberFormatW
0x42912c GetProcessHeap
0x429130 FreeEnvironmentStringsW
0x429134 GetEnvironmentStringsW
0x429138 GetCommandLineA
0x42913c GetOEMCP
0x429140 DecodePointer
0x429144 SetFilePointerEx
0x429148 GetConsoleMode
0x42914c GetConsoleCP
0x429150 HeapSize
0x429154 SetStdHandle
0x429158 RaiseException
0x42915c GetSystemInfo
0x429160 VirtualProtect
0x429164 VirtualQuery
0x429168 LoadLibraryExA
0x42916c IsProcessorFeaturePresent
0x429170 IsDebuggerPresent
0x429174 UnhandledExceptionFilter
0x429178 SetUnhandledExceptionFilter
0x42917c GetStartupInfoW
0x429180 QueryPerformanceCounter
0x429184 GetCurrentThreadId
0x429188 GetSystemTimeAsFileTime
0x42918c InitializeSListHead
0x429190 GetCurrentProcess
0x429194 TerminateProcess
0x429198 LocalFree
0x42919c RtlUnwind
0x4291a0 EncodePointer
0x4291a4 EnterCriticalSection
0x4291a8 LeaveCriticalSection
0x4291ac DeleteCriticalSection
0x4291b0 InitializeCriticalSectionAndSpinCount
0x4291b4 TlsAlloc
0x4291b8 TlsGetValue
0x4291bc TlsSetValue
0x4291c0 TlsFree
0x4291c4 LoadLibraryExW
0x4291c8 QueryPerformanceFrequency
0x4291cc GetModuleHandleExW
0x4291d0 GetModuleFileNameA
0x4291d4 GetACP
0x4291d8 HeapFree
0x4291dc HeapAlloc
0x4291e0 HeapReAlloc
0x4291e4 GetStringTypeW
0x4291e8 LCMapStringW
0x4291ec FindFirstFileExA
0x4291f0 FindNextFileA
0x4291f4 IsValidCodePage
OLEAUT32.dll
0x4291fc VariantClear
gdiplus.dll
0x429204 GdiplusStartup
0x429208 GdipCreateHBITMAPFromBitmap
0x42920c GdipCreateBitmapFromStreamICM
0x429210 GdiplusShutdown
0x429214 GdipCreateBitmapFromStream
0x429218 GdipDisposeImage
0x42921c GdipCloneImage
0x429220 GdipFree
0x429224 GdipAlloc
EAT(Export Address Table) Library
KERNEL32.dll
0x429000 GetLastError
0x429004 SetLastError
0x429008 FormatMessageW
0x42900c GetFileType
0x429010 GetStdHandle
0x429014 WriteFile
0x429018 ReadFile
0x42901c FlushFileBuffers
0x429020 SetEndOfFile
0x429024 SetFilePointer
0x429028 SetFileTime
0x42902c CloseHandle
0x429030 CreateFileW
0x429034 GetCurrentProcessId
0x429038 CreateDirectoryW
0x42903c SetFileAttributesW
0x429040 GetFileAttributesW
0x429044 DeleteFileW
0x429048 MoveFileW
0x42904c FindClose
0x429050 FindFirstFileW
0x429054 FindNextFileW
0x429058 GetVersionExW
0x42905c GetCurrentDirectoryW
0x429060 GetFullPathNameW
0x429064 FoldStringW
0x429068 GetModuleFileNameW
0x42906c GetModuleHandleW
0x429070 FindResourceW
0x429074 FreeLibrary
0x429078 GetProcAddress
0x42907c ExitProcess
0x429080 SetThreadExecutionState
0x429084 Sleep
0x429088 LoadLibraryW
0x42908c GetSystemDirectoryW
0x429090 CompareStringW
0x429094 AllocConsole
0x429098 FreeConsole
0x42909c AttachConsole
0x4290a0 WriteConsoleW
0x4290a4 SystemTimeToTzSpecificLocalTime
0x4290a8 TzSpecificLocalTimeToSystemTime
0x4290ac SystemTimeToFileTime
0x4290b0 LocalFileTimeToFileTime
0x4290b4 FileTimeToSystemTime
0x4290b8 GetCPInfo
0x4290bc IsDBCSLeadByte
0x4290c0 MultiByteToWideChar
0x4290c4 WideCharToMultiByte
0x4290c8 GlobalAlloc
0x4290cc LockResource
0x4290d0 GlobalLock
0x4290d4 GlobalUnlock
0x4290d8 GlobalFree
0x4290dc LoadResource
0x4290e0 SizeofResource
0x4290e4 SetCurrentDirectoryW
0x4290e8 GetTimeFormatW
0x4290ec GetDateFormatW
0x4290f0 GetExitCodeProcess
0x4290f4 WaitForSingleObject
0x4290f8 GetLocalTime
0x4290fc GetTickCount
0x429100 MapViewOfFile
0x429104 UnmapViewOfFile
0x429108 CreateFileMappingW
0x42910c OpenFileMappingW
0x429110 GetCommandLineW
0x429114 SetEnvironmentVariableW
0x429118 ExpandEnvironmentStringsW
0x42911c GetTempPathW
0x429120 MoveFileExW
0x429124 GetLocaleInfoW
0x429128 GetNumberFormatW
0x42912c GetProcessHeap
0x429130 FreeEnvironmentStringsW
0x429134 GetEnvironmentStringsW
0x429138 GetCommandLineA
0x42913c GetOEMCP
0x429140 DecodePointer
0x429144 SetFilePointerEx
0x429148 GetConsoleMode
0x42914c GetConsoleCP
0x429150 HeapSize
0x429154 SetStdHandle
0x429158 RaiseException
0x42915c GetSystemInfo
0x429160 VirtualProtect
0x429164 VirtualQuery
0x429168 LoadLibraryExA
0x42916c IsProcessorFeaturePresent
0x429170 IsDebuggerPresent
0x429174 UnhandledExceptionFilter
0x429178 SetUnhandledExceptionFilter
0x42917c GetStartupInfoW
0x429180 QueryPerformanceCounter
0x429184 GetCurrentThreadId
0x429188 GetSystemTimeAsFileTime
0x42918c InitializeSListHead
0x429190 GetCurrentProcess
0x429194 TerminateProcess
0x429198 LocalFree
0x42919c RtlUnwind
0x4291a0 EncodePointer
0x4291a4 EnterCriticalSection
0x4291a8 LeaveCriticalSection
0x4291ac DeleteCriticalSection
0x4291b0 InitializeCriticalSectionAndSpinCount
0x4291b4 TlsAlloc
0x4291b8 TlsGetValue
0x4291bc TlsSetValue
0x4291c0 TlsFree
0x4291c4 LoadLibraryExW
0x4291c8 QueryPerformanceFrequency
0x4291cc GetModuleHandleExW
0x4291d0 GetModuleFileNameA
0x4291d4 GetACP
0x4291d8 HeapFree
0x4291dc HeapAlloc
0x4291e0 HeapReAlloc
0x4291e4 GetStringTypeW
0x4291e8 LCMapStringW
0x4291ec FindFirstFileExA
0x4291f0 FindNextFileA
0x4291f4 IsValidCodePage
OLEAUT32.dll
0x4291fc VariantClear
gdiplus.dll
0x429204 GdiplusStartup
0x429208 GdipCreateHBITMAPFromBitmap
0x42920c GdipCreateBitmapFromStreamICM
0x429210 GdiplusShutdown
0x429214 GdipCreateBitmapFromStream
0x429218 GdipDisposeImage
0x42921c GdipCloneImage
0x429220 GdipFree
0x429224 GdipAlloc
EAT(Export Address Table) Library