ScreenShot
| Created | 2024.11.11 10:08 | Machine | s1_win7_x6401 |
| Filename | we.exe | ||
| Type | PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 57 detected (AIDetectMalware, Hacktool, Earthworm, Malicious, score, Artemis, GenericKD, Unsafe, grayware, confidence, high confidence, NetHacker, Tool, NetTool, SocksSevice, icjkwq, Presenoker, YzY0OiS9Hx9Suwxm, tivyv, Generic Reputation PUA, Detected, Earthlusca, Patcher, Malware@#3nay66mlwbcz5, Ymacco, Eldorado, R303865, GenericRXAA, CVE-2020-0601, BScope, GdSda, Gencirc, susgen, Proxytool) | ||
| md5 | d7c40c24060c5d6f38e8dc41e7490778 | ||
| sha256 | a76eaabc4e8ba5d6b3747825a9fbc286d44d3981ac521119902d64ae2fdcc4b7 | ||
| ssdeep | 768:mp+68GRK6/p+Iv26bC3NuCThUkGMi9kxiYhnRbsL:1KKYpLVbC9uCCJehn6 | ||
| imphash | 14bf2a0b2c46c28de7035254c941b6ea | ||
| impfuzzy | 24:tkfCllDIcVKuX5QFJlDopqLJZufVnu5YRw:CfCEcVBXqFJlD6qKtnu/ | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| info | Command line console output was observed |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40f13c CreateThread
0x40f140 DeleteCriticalSection
0x40f144 EnterCriticalSection
0x40f148 ExitProcess
0x40f14c GetLastError
0x40f150 GetModuleHandleA
0x40f154 GetProcAddress
0x40f158 InitializeCriticalSection
0x40f15c LeaveCriticalSection
0x40f160 SetUnhandledExceptionFilter
0x40f164 Sleep
0x40f168 TlsGetValue
0x40f16c VirtualProtect
0x40f170 VirtualQuery
msvcrt.dll
0x40f178 __getmainargs
0x40f17c __p__environ
0x40f180 __p__fmode
0x40f184 __set_app_type
0x40f188 _cexit
0x40f18c _iob
0x40f190 _onexit
0x40f194 _setmode
0x40f198 abort
0x40f19c atexit
0x40f1a0 atoi
0x40f1a4 calloc
0x40f1a8 fprintf
0x40f1ac free
0x40f1b0 fwrite
0x40f1b4 getenv
0x40f1b8 malloc
0x40f1bc memcpy
0x40f1c0 memset
0x40f1c4 perror
0x40f1c8 printf
0x40f1cc putchar
0x40f1d0 puts
0x40f1d4 signal
0x40f1d8 strcmp
0x40f1dc strcpy
0x40f1e0 strncpy
0x40f1e4 vfprintf
WSOCK32.DLL
0x40f1ec WSAStartup
0x40f1f0 __WSAFDIsSet
0x40f1f4 accept
0x40f1f8 ind
0x40f1fc closesocket
0x40f200 connect
0x40f204 gethostbyname
0x40f208 htons
0x40f20c inet_ntoa
0x40f210 listen
0x40f214 recv
0x40f218 select
0x40f21c send
0x40f220 socket
EAT(Export Address Table) is none
KERNEL32.dll
0x40f13c CreateThread
0x40f140 DeleteCriticalSection
0x40f144 EnterCriticalSection
0x40f148 ExitProcess
0x40f14c GetLastError
0x40f150 GetModuleHandleA
0x40f154 GetProcAddress
0x40f158 InitializeCriticalSection
0x40f15c LeaveCriticalSection
0x40f160 SetUnhandledExceptionFilter
0x40f164 Sleep
0x40f168 TlsGetValue
0x40f16c VirtualProtect
0x40f170 VirtualQuery
msvcrt.dll
0x40f178 __getmainargs
0x40f17c __p__environ
0x40f180 __p__fmode
0x40f184 __set_app_type
0x40f188 _cexit
0x40f18c _iob
0x40f190 _onexit
0x40f194 _setmode
0x40f198 abort
0x40f19c atexit
0x40f1a0 atoi
0x40f1a4 calloc
0x40f1a8 fprintf
0x40f1ac free
0x40f1b0 fwrite
0x40f1b4 getenv
0x40f1b8 malloc
0x40f1bc memcpy
0x40f1c0 memset
0x40f1c4 perror
0x40f1c8 printf
0x40f1cc putchar
0x40f1d0 puts
0x40f1d4 signal
0x40f1d8 strcmp
0x40f1dc strcpy
0x40f1e0 strncpy
0x40f1e4 vfprintf
WSOCK32.DLL
0x40f1ec WSAStartup
0x40f1f0 __WSAFDIsSet
0x40f1f4 accept
0x40f1f8 ind
0x40f1fc closesocket
0x40f200 connect
0x40f204 gethostbyname
0x40f208 htons
0x40f20c inet_ntoa
0x40f210 listen
0x40f214 recv
0x40f218 select
0x40f21c send
0x40f220 socket
EAT(Export Address Table) is none