ScreenShot
| Created | 2024.11.08 17:23 | Machine | s1_win7_x6403 |
| Filename | locker.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 51 detected (AIDetectMalware, Malicious, score, NetLoader, GenericKD, Unsafe, confidence, Attribute, HighConfidence, high confidence, Filecoder, MalwareX, CLOUD, Nekark, fxmbb, Static AI, Malicious PE, Detected, Dcrypt, Malware@#3ftdywqvz7jio, GandCrab, ABRansom, EGGG, Ransomware, Artemis, FileCryptor, FileCrypter, Chgt, R002H09K524, PossibleThreat) | ||
| md5 | a44a69112351292c14e58a30ad3fa790 | ||
| sha256 | e195bef31e5a7609f5e410339f4d7ebfcb9ee51e3f0a8076eacd68ebe9bbf951 | ||
| ssdeep | 3072:g6G8kWB6+M4kyoMP8OqFnEEua6Td3zHZ0DELbT4Um+64W/:g6GHeBM6zP8jExa6V50DErY/ | ||
| imphash | 7541e37d15e5e332b2a83de6c13bfcc2 | ||
| impfuzzy | 24:iqE8VKHZ3q1obavuyWxhjDlo5MUmgHYOGOovet0X83Jnc+pl3eDo/ko+hvMOKlTB:Af6DVqoBBVt0X8xc+ppIp1KqmN/Rz | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Executes one or more WMI queries |
| info | Queries for the computername |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ntdll.dll
0x14001b318 RtlLookupFunctionEntry
0x14001b320 RtlVirtualUnwind
0x14001b328 ZwClose
0x14001b330 RtlCaptureContext
0x14001b338 RtlUnwindEx
0x14001b340 ZwWaitForSingleObject
0x14001b348 NtWaitForSingleObject
0x14001b350 NtWriteFile
0x14001b358 ZwReadFile
0x14001b360 ZwQueryInformationFile
0x14001b368 NtQueryAttributesFile
0x14001b370 ZwOpenFile
0x14001b378 ZwSetInformationFile
0x14001b380 RtlPcToFileHeader
KERNEL32.dll
0x14001b038 LCMapStringW
0x14001b040 WriteConsoleW
0x14001b048 GetLastError
0x14001b050 WaitForMultipleObjects
0x14001b058 CreateThread
0x14001b060 GetLogicalDrives
0x14001b068 OutputDebugStringA
0x14001b070 OutputDebugStringW
0x14001b078 CloseHandle
0x14001b080 FindClose
0x14001b088 FindFirstFileW
0x14001b090 FindNextFileW
0x14001b098 MoveFileW
0x14001b0a0 GlobalAlloc
0x14001b0a8 GlobalFree
0x14001b0b0 CreateFileW
0x14001b0b8 WaitForSingleObject
0x14001b0c0 CreateProcessW
0x14001b0c8 Wow64DisableWow64FsRedirection
0x14001b0d0 Wow64RevertWow64FsRedirection
0x14001b0d8 lstrcpyW
0x14001b0e0 GetCurrentProcessId
0x14001b0e8 TerminateProcess
0x14001b0f0 GetConsoleMode
0x14001b0f8 GetConsoleOutputCP
0x14001b100 FlushFileBuffers
0x14001b108 HeapReAlloc
0x14001b110 FlsFree
0x14001b118 FlsSetValue
0x14001b120 FlsGetValue
0x14001b128 FlsAlloc
0x14001b130 GetProcessHeap
0x14001b138 SetStdHandle
0x14001b140 GetStringTypeW
0x14001b148 SetFilePointerEx
0x14001b150 GetNativeSystemInfo
0x14001b158 GetStartupInfoW
0x14001b160 FreeEnvironmentStringsW
0x14001b168 GetEnvironmentStringsW
0x14001b170 WideCharToMultiByte
0x14001b178 MultiByteToWideChar
0x14001b180 GetCommandLineW
0x14001b188 GetCommandLineA
0x14001b190 HeapSize
0x14001b198 IsDebuggerPresent
0x14001b1a0 UnhandledExceptionFilter
0x14001b1a8 SetUnhandledExceptionFilter
0x14001b1b0 GetCPInfo
0x14001b1b8 IsProcessorFeaturePresent
0x14001b1c0 GetModuleHandleW
0x14001b1c8 QueryPerformanceCounter
0x14001b1d0 GetCurrentThreadId
0x14001b1d8 GetSystemTimeAsFileTime
0x14001b1e0 InitializeSListHead
0x14001b1e8 RaiseException
0x14001b1f0 SetLastError
0x14001b1f8 EnterCriticalSection
0x14001b200 LeaveCriticalSection
0x14001b208 DeleteCriticalSection
0x14001b210 InitializeCriticalSectionAndSpinCount
0x14001b218 TlsAlloc
0x14001b220 TlsGetValue
0x14001b228 TlsSetValue
0x14001b230 TlsFree
0x14001b238 FreeLibrary
0x14001b240 GetProcAddress
0x14001b248 LoadLibraryExW
0x14001b250 EncodePointer
0x14001b258 GetCurrentProcess
0x14001b260 ExitProcess
0x14001b268 GetModuleHandleExW
0x14001b270 GetModuleFileNameW
0x14001b278 GetStdHandle
0x14001b280 WriteFile
0x14001b288 HeapFree
0x14001b290 HeapAlloc
0x14001b298 GetFileType
0x14001b2a0 FindFirstFileExW
0x14001b2a8 IsValidCodePage
0x14001b2b0 GetACP
0x14001b2b8 GetOEMCP
USER32.dll
0x14001b308 wsprintfW
ole32.dll
0x14001b390 CoInitializeSecurity
0x14001b398 CoInitializeEx
0x14001b3a0 CoUninitialize
0x14001b3a8 CoSetProxyBlanket
0x14001b3b0 CoCreateInstance
OLEAUT32.dll
0x14001b2e8 SysAllocString
0x14001b2f0 VariantInit
0x14001b2f8 VariantClear
ADVAPI32.dll
0x14001b000 CryptEncrypt
0x14001b008 CryptImportKey
0x14001b010 CryptGenRandom
0x14001b018 CryptDestroyKey
0x14001b020 CryptReleaseContext
0x14001b028 CryptAcquireContextA
MPR.dll
0x14001b2c8 WNetOpenEnumW
0x14001b2d0 WNetEnumResourceW
0x14001b2d8 WNetCloseEnum
EAT(Export Address Table) is none
ntdll.dll
0x14001b318 RtlLookupFunctionEntry
0x14001b320 RtlVirtualUnwind
0x14001b328 ZwClose
0x14001b330 RtlCaptureContext
0x14001b338 RtlUnwindEx
0x14001b340 ZwWaitForSingleObject
0x14001b348 NtWaitForSingleObject
0x14001b350 NtWriteFile
0x14001b358 ZwReadFile
0x14001b360 ZwQueryInformationFile
0x14001b368 NtQueryAttributesFile
0x14001b370 ZwOpenFile
0x14001b378 ZwSetInformationFile
0x14001b380 RtlPcToFileHeader
KERNEL32.dll
0x14001b038 LCMapStringW
0x14001b040 WriteConsoleW
0x14001b048 GetLastError
0x14001b050 WaitForMultipleObjects
0x14001b058 CreateThread
0x14001b060 GetLogicalDrives
0x14001b068 OutputDebugStringA
0x14001b070 OutputDebugStringW
0x14001b078 CloseHandle
0x14001b080 FindClose
0x14001b088 FindFirstFileW
0x14001b090 FindNextFileW
0x14001b098 MoveFileW
0x14001b0a0 GlobalAlloc
0x14001b0a8 GlobalFree
0x14001b0b0 CreateFileW
0x14001b0b8 WaitForSingleObject
0x14001b0c0 CreateProcessW
0x14001b0c8 Wow64DisableWow64FsRedirection
0x14001b0d0 Wow64RevertWow64FsRedirection
0x14001b0d8 lstrcpyW
0x14001b0e0 GetCurrentProcessId
0x14001b0e8 TerminateProcess
0x14001b0f0 GetConsoleMode
0x14001b0f8 GetConsoleOutputCP
0x14001b100 FlushFileBuffers
0x14001b108 HeapReAlloc
0x14001b110 FlsFree
0x14001b118 FlsSetValue
0x14001b120 FlsGetValue
0x14001b128 FlsAlloc
0x14001b130 GetProcessHeap
0x14001b138 SetStdHandle
0x14001b140 GetStringTypeW
0x14001b148 SetFilePointerEx
0x14001b150 GetNativeSystemInfo
0x14001b158 GetStartupInfoW
0x14001b160 FreeEnvironmentStringsW
0x14001b168 GetEnvironmentStringsW
0x14001b170 WideCharToMultiByte
0x14001b178 MultiByteToWideChar
0x14001b180 GetCommandLineW
0x14001b188 GetCommandLineA
0x14001b190 HeapSize
0x14001b198 IsDebuggerPresent
0x14001b1a0 UnhandledExceptionFilter
0x14001b1a8 SetUnhandledExceptionFilter
0x14001b1b0 GetCPInfo
0x14001b1b8 IsProcessorFeaturePresent
0x14001b1c0 GetModuleHandleW
0x14001b1c8 QueryPerformanceCounter
0x14001b1d0 GetCurrentThreadId
0x14001b1d8 GetSystemTimeAsFileTime
0x14001b1e0 InitializeSListHead
0x14001b1e8 RaiseException
0x14001b1f0 SetLastError
0x14001b1f8 EnterCriticalSection
0x14001b200 LeaveCriticalSection
0x14001b208 DeleteCriticalSection
0x14001b210 InitializeCriticalSectionAndSpinCount
0x14001b218 TlsAlloc
0x14001b220 TlsGetValue
0x14001b228 TlsSetValue
0x14001b230 TlsFree
0x14001b238 FreeLibrary
0x14001b240 GetProcAddress
0x14001b248 LoadLibraryExW
0x14001b250 EncodePointer
0x14001b258 GetCurrentProcess
0x14001b260 ExitProcess
0x14001b268 GetModuleHandleExW
0x14001b270 GetModuleFileNameW
0x14001b278 GetStdHandle
0x14001b280 WriteFile
0x14001b288 HeapFree
0x14001b290 HeapAlloc
0x14001b298 GetFileType
0x14001b2a0 FindFirstFileExW
0x14001b2a8 IsValidCodePage
0x14001b2b0 GetACP
0x14001b2b8 GetOEMCP
USER32.dll
0x14001b308 wsprintfW
ole32.dll
0x14001b390 CoInitializeSecurity
0x14001b398 CoInitializeEx
0x14001b3a0 CoUninitialize
0x14001b3a8 CoSetProxyBlanket
0x14001b3b0 CoCreateInstance
OLEAUT32.dll
0x14001b2e8 SysAllocString
0x14001b2f0 VariantInit
0x14001b2f8 VariantClear
ADVAPI32.dll
0x14001b000 CryptEncrypt
0x14001b008 CryptImportKey
0x14001b010 CryptGenRandom
0x14001b018 CryptDestroyKey
0x14001b020 CryptReleaseContext
0x14001b028 CryptAcquireContextA
MPR.dll
0x14001b2c8 WNetOpenEnumW
0x14001b2d0 WNetEnumResourceW
0x14001b2d8 WNetCloseEnum
EAT(Export Address Table) is none