ScreenShot
| Created | 2024.11.11 09:44 | Machine | s1_win7_x6403 |
| Filename | main.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 50 detected (AIDetectMalware, Malicious, score, GenericKD, Unsafe, confidence, Attribute, HighConfidence, high confidence, a variant of WinGo, Kryptik, XPACK, Real Protect, Static AI, Malicious PE, Detected, GrayWare, Wacapew, Malware@#2ewxjcfi75uez, Farfli, ABTrojan, ASCB, Artemis, BScope, SvcHorse, WinGo, Chgt, Iajl, susgen) | ||
| md5 | 4054233ef6205f36c696ab115691a830 | ||
| sha256 | 5df1541ad60ef41fc8f0b873c3ee05031b3d1a2320b13a56ba516b909989cf4c | ||
| ssdeep | 24576:CG95TieVuBiRRnw6ECtFh1PLezR4LQmE4uda0E5j61D4ZUdayXYB4PeKgoGJCswf:CURasrIYEC/BFWzz9 | ||
| imphash | 4f2f006e2ecf7172ad368f8289dc96c1 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6tP:AwO+VUjXOmokx0oP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | hide_executable_file | Hide executable file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x540160 WriteFile
0x540164 WriteConsoleW
0x540168 WerSetFlags
0x54016c WerGetFlags
0x540170 WaitForMultipleObjects
0x540174 WaitForSingleObject
0x540178 VirtualQuery
0x54017c VirtualFree
0x540180 VirtualAlloc
0x540184 TlsAlloc
0x540188 SwitchToThread
0x54018c SuspendThread
0x540190 SetWaitableTimer
0x540194 SetUnhandledExceptionFilter
0x540198 SetProcessPriorityBoost
0x54019c SetEvent
0x5401a0 SetErrorMode
0x5401a4 SetConsoleCtrlHandler
0x5401a8 ResumeThread
0x5401ac RaiseFailFastException
0x5401b0 PostQueuedCompletionStatus
0x5401b4 LoadLibraryW
0x5401b8 LoadLibraryExW
0x5401bc SetThreadContext
0x5401c0 GetThreadContext
0x5401c4 GetSystemInfo
0x5401c8 GetSystemDirectoryA
0x5401cc GetStdHandle
0x5401d0 GetQueuedCompletionStatusEx
0x5401d4 GetProcessAffinityMask
0x5401d8 GetProcAddress
0x5401dc GetErrorMode
0x5401e0 GetEnvironmentStringsW
0x5401e4 GetCurrentThreadId
0x5401e8 GetConsoleMode
0x5401ec FreeEnvironmentStringsW
0x5401f0 ExitProcess
0x5401f4 DuplicateHandle
0x5401f8 CreateWaitableTimerExW
0x5401fc CreateThread
0x540200 CreateIoCompletionPort
0x540204 CreateFileA
0x540208 CreateEventA
0x54020c CloseHandle
0x540210 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x540160 WriteFile
0x540164 WriteConsoleW
0x540168 WerSetFlags
0x54016c WerGetFlags
0x540170 WaitForMultipleObjects
0x540174 WaitForSingleObject
0x540178 VirtualQuery
0x54017c VirtualFree
0x540180 VirtualAlloc
0x540184 TlsAlloc
0x540188 SwitchToThread
0x54018c SuspendThread
0x540190 SetWaitableTimer
0x540194 SetUnhandledExceptionFilter
0x540198 SetProcessPriorityBoost
0x54019c SetEvent
0x5401a0 SetErrorMode
0x5401a4 SetConsoleCtrlHandler
0x5401a8 ResumeThread
0x5401ac RaiseFailFastException
0x5401b0 PostQueuedCompletionStatus
0x5401b4 LoadLibraryW
0x5401b8 LoadLibraryExW
0x5401bc SetThreadContext
0x5401c0 GetThreadContext
0x5401c4 GetSystemInfo
0x5401c8 GetSystemDirectoryA
0x5401cc GetStdHandle
0x5401d0 GetQueuedCompletionStatusEx
0x5401d4 GetProcessAffinityMask
0x5401d8 GetProcAddress
0x5401dc GetErrorMode
0x5401e0 GetEnvironmentStringsW
0x5401e4 GetCurrentThreadId
0x5401e8 GetConsoleMode
0x5401ec FreeEnvironmentStringsW
0x5401f0 ExitProcess
0x5401f4 DuplicateHandle
0x5401f8 CreateWaitableTimerExW
0x5401fc CreateThread
0x540200 CreateIoCompletionPort
0x540204 CreateFileA
0x540208 CreateEventA
0x54020c CloseHandle
0x540210 AddVectoredExceptionHandler
EAT(Export Address Table) is none