ScreenShot
| Created | 2024.11.11 10:22 | Machine | s1_win7_x6403 |
| Filename | chrome_130.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 56 detected (AIDetectMalware, Stealc, Malicious, score, Convagent, Lockbit, GenericKD, Unsafe, confidence, 100%, Genus, Attribute, HighConfidence, high confidence, Kryptik, HYFO, DropperX, Stealerc, TrojanPSW, ktfriu, Kryptik@AI, RDML, 9OAHYAWjkiofKWMav1ktMQ, iznqe, DownLoader47, Real Protect, high, Krypt, Detected, Malware@#2f00oos1n3kzf, Wacatac, MREZZ9, Eldorado, R658943, Artemis, MalwareVision, Chgt, Tofsee, susgen, PossibleThreat) | ||
| md5 | b6b5c883190b5b3673f37458954688a3 | ||
| sha256 | 90bf1aea7c89baeed430c90a5d29709fa13391996d6258a3ef7c710431f3e663 | ||
| ssdeep | 12288:zDrNfRsHZR2fE2QyoS2/dvyohRS4NlOeNlrLJFgVoitcPC:z/wXDyZ21vLK4Nlt/ZFCcP | ||
| imphash | a20218377378835f816db93bd4ba0e01 | ||
| impfuzzy | 24:hkkPyYhBbG2SefMdNW3kCI9bDREdQBSrdgDqn+bEnxNOovttL0J3QcfdYvoFBRym:hRs1T0pdRUqVektYQcfy90SBJsH | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x487000 DebugActiveProcess
0x487004 SetVolumeLabelA
0x487008 GetNumaProcessorNode
0x48700c MoveFileExA
0x487010 GetConsoleAliasExesLengthA
0x487014 CallNamedPipeA
0x487018 InterlockedDecrement
0x48701c GetLogicalDriveStringsW
0x487020 GlobalSize
0x487024 SetDefaultCommConfigW
0x487028 GlobalLock
0x48702c GetModuleHandleW
0x487030 GetTickCount
0x487034 GlobalAlloc
0x487038 GetConsoleMode
0x48703c GetLocaleInfoW
0x487040 GetSystemWow64DirectoryW
0x487044 GetProcessHandleCount
0x487048 HeapCreate
0x48704c GetTimeFormatW
0x487050 GetConsoleAliasW
0x487054 SetConsoleCursorPosition
0x487058 GetFileAttributesW
0x48705c GetModuleFileNameW
0x487060 GetACP
0x487064 GetStartupInfoW
0x487068 GetStringTypeExA
0x48706c GetStdHandle
0x487070 ReadConsoleOutputCharacterA
0x487074 GetProcAddress
0x487078 MoveFileW
0x48707c VirtualAllocEx
0x487080 LoadLibraryA
0x487084 InterlockedExchangeAdd
0x487088 OpenWaitableTimerW
0x48708c SetCommMask
0x487090 FindAtomA
0x487094 SetNamedPipeHandleState
0x487098 OpenFileMappingW
0x48709c FreeEnvironmentStringsW
0x4870a0 BuildCommDCBA
0x4870a4 PurgeComm
0x4870a8 GetVersionExA
0x4870ac LocalFileTimeToFileTime
0x4870b0 CloseHandle
0x4870b4 WriteConsoleW
0x4870b8 GetConsoleOutputCP
0x4870bc WriteConsoleA
0x4870c0 MultiByteToWideChar
0x4870c4 HeapAlloc
0x4870c8 GetLastError
0x4870cc HeapReAlloc
0x4870d0 GetCommandLineA
0x4870d4 GetStartupInfoA
0x4870d8 TerminateProcess
0x4870dc GetCurrentProcess
0x4870e0 UnhandledExceptionFilter
0x4870e4 SetUnhandledExceptionFilter
0x4870e8 IsDebuggerPresent
0x4870ec GetCPInfo
0x4870f0 InterlockedIncrement
0x4870f4 GetOEMCP
0x4870f8 IsValidCodePage
0x4870fc TlsGetValue
0x487100 TlsAlloc
0x487104 TlsSetValue
0x487108 TlsFree
0x48710c SetLastError
0x487110 GetCurrentThreadId
0x487114 DeleteCriticalSection
0x487118 LeaveCriticalSection
0x48711c EnterCriticalSection
0x487120 HeapFree
0x487124 VirtualFree
0x487128 VirtualAlloc
0x48712c Sleep
0x487130 ExitProcess
0x487134 WriteFile
0x487138 GetModuleFileNameA
0x48713c HeapSize
0x487140 FreeEnvironmentStringsA
0x487144 GetEnvironmentStrings
0x487148 WideCharToMultiByte
0x48714c GetEnvironmentStringsW
0x487150 SetHandleCount
0x487154 GetFileType
0x487158 QueryPerformanceCounter
0x48715c GetCurrentProcessId
0x487160 GetSystemTimeAsFileTime
0x487164 LCMapStringA
0x487168 LCMapStringW
0x48716c GetStringTypeA
0x487170 GetStringTypeW
0x487174 GetLocaleInfoA
0x487178 InitializeCriticalSectionAndSpinCount
0x48717c RtlUnwind
0x487180 SetFilePointer
0x487184 GetConsoleCP
0x487188 FlushFileBuffers
0x48718c SetStdHandle
0x487190 CreateFileA
ole32.dll
0x487198 CoTaskMemAlloc
EAT(Export Address Table) is none
KERNEL32.dll
0x487000 DebugActiveProcess
0x487004 SetVolumeLabelA
0x487008 GetNumaProcessorNode
0x48700c MoveFileExA
0x487010 GetConsoleAliasExesLengthA
0x487014 CallNamedPipeA
0x487018 InterlockedDecrement
0x48701c GetLogicalDriveStringsW
0x487020 GlobalSize
0x487024 SetDefaultCommConfigW
0x487028 GlobalLock
0x48702c GetModuleHandleW
0x487030 GetTickCount
0x487034 GlobalAlloc
0x487038 GetConsoleMode
0x48703c GetLocaleInfoW
0x487040 GetSystemWow64DirectoryW
0x487044 GetProcessHandleCount
0x487048 HeapCreate
0x48704c GetTimeFormatW
0x487050 GetConsoleAliasW
0x487054 SetConsoleCursorPosition
0x487058 GetFileAttributesW
0x48705c GetModuleFileNameW
0x487060 GetACP
0x487064 GetStartupInfoW
0x487068 GetStringTypeExA
0x48706c GetStdHandle
0x487070 ReadConsoleOutputCharacterA
0x487074 GetProcAddress
0x487078 MoveFileW
0x48707c VirtualAllocEx
0x487080 LoadLibraryA
0x487084 InterlockedExchangeAdd
0x487088 OpenWaitableTimerW
0x48708c SetCommMask
0x487090 FindAtomA
0x487094 SetNamedPipeHandleState
0x487098 OpenFileMappingW
0x48709c FreeEnvironmentStringsW
0x4870a0 BuildCommDCBA
0x4870a4 PurgeComm
0x4870a8 GetVersionExA
0x4870ac LocalFileTimeToFileTime
0x4870b0 CloseHandle
0x4870b4 WriteConsoleW
0x4870b8 GetConsoleOutputCP
0x4870bc WriteConsoleA
0x4870c0 MultiByteToWideChar
0x4870c4 HeapAlloc
0x4870c8 GetLastError
0x4870cc HeapReAlloc
0x4870d0 GetCommandLineA
0x4870d4 GetStartupInfoA
0x4870d8 TerminateProcess
0x4870dc GetCurrentProcess
0x4870e0 UnhandledExceptionFilter
0x4870e4 SetUnhandledExceptionFilter
0x4870e8 IsDebuggerPresent
0x4870ec GetCPInfo
0x4870f0 InterlockedIncrement
0x4870f4 GetOEMCP
0x4870f8 IsValidCodePage
0x4870fc TlsGetValue
0x487100 TlsAlloc
0x487104 TlsSetValue
0x487108 TlsFree
0x48710c SetLastError
0x487110 GetCurrentThreadId
0x487114 DeleteCriticalSection
0x487118 LeaveCriticalSection
0x48711c EnterCriticalSection
0x487120 HeapFree
0x487124 VirtualFree
0x487128 VirtualAlloc
0x48712c Sleep
0x487130 ExitProcess
0x487134 WriteFile
0x487138 GetModuleFileNameA
0x48713c HeapSize
0x487140 FreeEnvironmentStringsA
0x487144 GetEnvironmentStrings
0x487148 WideCharToMultiByte
0x48714c GetEnvironmentStringsW
0x487150 SetHandleCount
0x487154 GetFileType
0x487158 QueryPerformanceCounter
0x48715c GetCurrentProcessId
0x487160 GetSystemTimeAsFileTime
0x487164 LCMapStringA
0x487168 LCMapStringW
0x48716c GetStringTypeA
0x487170 GetStringTypeW
0x487174 GetLocaleInfoA
0x487178 InitializeCriticalSectionAndSpinCount
0x48717c RtlUnwind
0x487180 SetFilePointer
0x487184 GetConsoleCP
0x487188 FlushFileBuffers
0x48718c SetStdHandle
0x487190 CreateFileA
ole32.dll
0x487198 CoTaskMemAlloc
EAT(Export Address Table) is none