ScreenShot
| Created | 2024.11.11 09:51 | Machine | s1_win7_x6401 |
| Filename | build.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 52 detected (AIDetectMalware, Ulise, Malicious, score, Lazy, Unsafe, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, MalwareX, Kryptik@AI, RDML, E05dSbtG3JPWmQ7eEN+rFg, xxszk, AMADEY, YXEKGZ, high, Detected, Malware@#33m7ped7sabq5, ABTrojan, TWBN, R673333, Artemis, GdSda, Ywhl, susgen) | ||
| md5 | 32bd212358faf07219b8aee96bf42a78 | ||
| sha256 | 582cd56afe40a1e49d91486e40c4d5a27d1a890f451e5ba5d0d948511cde3987 | ||
| ssdeep | 49152:e/GWFE7w5U4Cm/oKoGSMc67BkMqcB1rkCPRjTe+L4/okMUzzUnEt:usZezSi2CPZ4/L | ||
| imphash | d55bc42f9935bb90cc3aa9508248d4ba | ||
| impfuzzy | 12:ombeFiwVuZOovuDCARLAYPXJDCqAG7uMHKhP:FbUvVuZOovuDHLV5iMaP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x1402d9170 RegEnumKeyExA
0x1402d9178 RegEnumValueW
0x1402d9180 RegQueryInfoKeyA
0x1402d9188 RegQueryInfoKeyW
0x1402d9190 RegSetValueExW
KERNEL32.dll
0x1402d91a0 GetCommandLineA
0x1402d91a8 GetProcAddress
0x1402d91b0 GetStringTypeExW
0x1402d91b8 GetVersionExW
0x1402d91c0 InitializeCriticalSection
0x1402d91c8 LoadLibraryA
0x1402d91d0 SetUnhandledExceptionFilter
0x1402d91d8 Sleep
0x1402d91e0 TlsAlloc
0x1402d91e8 TlsGetValue
0x1402d91f0 TlsSetValue
0x1402d91f8 VirtualAlloc
0x1402d9200 VirtualFree
0x1402d9208 VirtualProtect
0x1402d9210 VirtualProtectEx
0x1402d9218 VirtualQuery
0x1402d9220 VirtualUnlock
msvcrt.dll
0x1402d9230 __C_specific_handler
0x1402d9238 atexit
0x1402d9240 exit
0x1402d9248 memcpy
0x1402d9250 memset
0x1402d9258 signal
USER32.dll
0x1402d9268 SystemParametersInfoW
EAT(Export Address Table) is none
ADVAPI32.dll
0x1402d9170 RegEnumKeyExA
0x1402d9178 RegEnumValueW
0x1402d9180 RegQueryInfoKeyA
0x1402d9188 RegQueryInfoKeyW
0x1402d9190 RegSetValueExW
KERNEL32.dll
0x1402d91a0 GetCommandLineA
0x1402d91a8 GetProcAddress
0x1402d91b0 GetStringTypeExW
0x1402d91b8 GetVersionExW
0x1402d91c0 InitializeCriticalSection
0x1402d91c8 LoadLibraryA
0x1402d91d0 SetUnhandledExceptionFilter
0x1402d91d8 Sleep
0x1402d91e0 TlsAlloc
0x1402d91e8 TlsGetValue
0x1402d91f0 TlsSetValue
0x1402d91f8 VirtualAlloc
0x1402d9200 VirtualFree
0x1402d9208 VirtualProtect
0x1402d9210 VirtualProtectEx
0x1402d9218 VirtualQuery
0x1402d9220 VirtualUnlock
msvcrt.dll
0x1402d9230 __C_specific_handler
0x1402d9238 atexit
0x1402d9240 exit
0x1402d9248 memcpy
0x1402d9250 memset
0x1402d9258 signal
USER32.dll
0x1402d9268 SystemParametersInfoW
EAT(Export Address Table) is none