ScreenShot
| Created | 2024.11.11 10:26 | Machine | s1_win7_x6403 |
| Filename | xwo.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 51 detected (AIDetectMalware, Stelpak, Malicious, score, GenericKD, Unsafe, confidence, 100%, Genus, Attribute, HighConfidence, high confidence, a variant of Generik, CVFVOGF, Fugrafa, kcmEtnJh2FU, XWorm, sphdl, Lumma, Static AI, Malicious PE, Detected, Malware@#a50tfxkfr9v2, Wacatac, NNPM, R675910, Artemis, Chgt, Kryptik, susgen, PossibleThreat) | ||
| md5 | 7949220a0b341111716a81695324be27 | ||
| sha256 | a22f6db007744f7768782280e66832487b3b193ff20825203bb56210b7c4e923 | ||
| ssdeep | 3072:jqWg0oaxBGieuvQTtv6c/mTRPyZqqiIdhI+czv/gJQE7zK+l+2aVtUq9JosKh:jgP8GiHvQTV+d/qi25eKfU2cDJ18 | ||
| imphash | 2afc6980a7ebf889d0553bb0b21b68dd | ||
| impfuzzy | 24:UqWDClgmjtWOovbOGMUD1ulvgmWDQyl3LPOXqEu9VJUsz/TI:UqQCJx361AIhbO6Ysg | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4241ec CloseHandle
0x4241f0 CompareStringW
0x4241f4 CreateFileW
0x4241f8 DecodePointer
0x4241fc DeleteCriticalSection
0x424200 EncodePointer
0x424204 EnterCriticalSection
0x424208 ExitProcess
0x42420c FindAtomA
0x424210 FindClose
0x424214 FindFirstFileExW
0x424218 FindNextFileW
0x42421c FlushFileBuffers
0x424220 FreeEnvironmentStringsW
0x424224 FreeLibrary
0x424228 GetACP
0x42422c GetCPInfo
0x424230 GetCommandLineA
0x424234 GetCommandLineW
0x424238 GetConsoleMode
0x42423c GetConsoleOutputCP
0x424240 GetCurrentProcess
0x424244 GetCurrentProcessId
0x424248 GetCurrentThreadId
0x42424c GetEnvironmentStringsW
0x424250 GetFileType
0x424254 GetLastError
0x424258 GetModuleFileNameW
0x42425c GetModuleHandleExW
0x424260 GetModuleHandleW
0x424264 GetOEMCP
0x424268 GetProcAddress
0x42426c GetProcessHeap
0x424270 GetStartupInfoW
0x424274 GetStdHandle
0x424278 GetStringTypeW
0x42427c GetSystemTimeAsFileTime
0x424280 HeapAlloc
0x424284 HeapFree
0x424288 HeapReAlloc
0x42428c HeapSize
0x424290 InitializeCriticalSectionAndSpinCount
0x424294 InitializeSListHead
0x424298 IsDebuggerPresent
0x42429c IsProcessorFeaturePresent
0x4242a0 IsValidCodePage
0x4242a4 LCMapStringW
0x4242a8 LeaveCriticalSection
0x4242ac LoadLibraryExW
0x4242b0 MultiByteToWideChar
0x4242b4 QueryPerformanceCounter
0x4242b8 RaiseException
0x4242bc ReadConsoleW
0x4242c0 ReadFile
0x4242c4 RtlUnwind
0x4242c8 SetEndOfFile
0x4242cc SetEnvironmentVariableW
0x4242d0 SetFilePointerEx
0x4242d4 SetLastError
0x4242d8 SetStdHandle
0x4242dc SetUnhandledExceptionFilter
0x4242e0 TerminateProcess
0x4242e4 TlsAlloc
0x4242e8 TlsFree
0x4242ec TlsGetValue
0x4242f0 TlsSetValue
0x4242f4 UnhandledExceptionFilter
0x4242f8 WideCharToMultiByte
0x4242fc WriteConsoleW
0x424300 WriteFile
ADVAPI32.dll
0x424308 CryptAcquireContextA
EAT(Export Address Table) is none
KERNEL32.dll
0x4241ec CloseHandle
0x4241f0 CompareStringW
0x4241f4 CreateFileW
0x4241f8 DecodePointer
0x4241fc DeleteCriticalSection
0x424200 EncodePointer
0x424204 EnterCriticalSection
0x424208 ExitProcess
0x42420c FindAtomA
0x424210 FindClose
0x424214 FindFirstFileExW
0x424218 FindNextFileW
0x42421c FlushFileBuffers
0x424220 FreeEnvironmentStringsW
0x424224 FreeLibrary
0x424228 GetACP
0x42422c GetCPInfo
0x424230 GetCommandLineA
0x424234 GetCommandLineW
0x424238 GetConsoleMode
0x42423c GetConsoleOutputCP
0x424240 GetCurrentProcess
0x424244 GetCurrentProcessId
0x424248 GetCurrentThreadId
0x42424c GetEnvironmentStringsW
0x424250 GetFileType
0x424254 GetLastError
0x424258 GetModuleFileNameW
0x42425c GetModuleHandleExW
0x424260 GetModuleHandleW
0x424264 GetOEMCP
0x424268 GetProcAddress
0x42426c GetProcessHeap
0x424270 GetStartupInfoW
0x424274 GetStdHandle
0x424278 GetStringTypeW
0x42427c GetSystemTimeAsFileTime
0x424280 HeapAlloc
0x424284 HeapFree
0x424288 HeapReAlloc
0x42428c HeapSize
0x424290 InitializeCriticalSectionAndSpinCount
0x424294 InitializeSListHead
0x424298 IsDebuggerPresent
0x42429c IsProcessorFeaturePresent
0x4242a0 IsValidCodePage
0x4242a4 LCMapStringW
0x4242a8 LeaveCriticalSection
0x4242ac LoadLibraryExW
0x4242b0 MultiByteToWideChar
0x4242b4 QueryPerformanceCounter
0x4242b8 RaiseException
0x4242bc ReadConsoleW
0x4242c0 ReadFile
0x4242c4 RtlUnwind
0x4242c8 SetEndOfFile
0x4242cc SetEnvironmentVariableW
0x4242d0 SetFilePointerEx
0x4242d4 SetLastError
0x4242d8 SetStdHandle
0x4242dc SetUnhandledExceptionFilter
0x4242e0 TerminateProcess
0x4242e4 TlsAlloc
0x4242e8 TlsFree
0x4242ec TlsGetValue
0x4242f0 TlsSetValue
0x4242f4 UnhandledExceptionFilter
0x4242f8 WideCharToMultiByte
0x4242fc WriteConsoleW
0x424300 WriteFile
ADVAPI32.dll
0x424308 CryptAcquireContextA
EAT(Export Address Table) is none