ScreenShot
| Created | 2024.11.13 15:00 | Machine | s1_win7_x6401 |
| Filename | espsemhvcioff.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 47 detected (AIDetectMalware, VMProtect, Malicious, score, Trojanpacked, GenericKD, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, L suspicious, MalwareX, Lazy, CLOUD, AGEN, Real Protect, VMProtBad, Static AI, Suspicious PE, Detected, Wacatac, R673869, Artemis, susgen) | ||
| md5 | bbe62e176be79bc0a150fe76a651cae2 | ||
| sha256 | ef97e2cccacdf9e48d32e0d08ff25e960d00c56e79aa70757010744239b0a1f4 | ||
| ssdeep | 393216:8JqjB8tnts8cS+dV0GQgzTZJA8G6Zqii:T8tn+81+JTzTZJA87Z | ||
| imphash | 59d8d7a346844d574a8af1d5364ae167 | ||
| impfuzzy | 24:/ILWJsyTDID1zz+4tMM0eg6oOO5yWN7bPJRu5FnaQtXJHc9NDI5Q8:/oWJsyQp3TGRNHPJRAnXpcM5Q8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
crypt.dll
0x141036000 BCryptFinishHash
d3dx11_43.dll
0x141036010 D3DX11CreateShaderResourceViewFromMemory
d3d11.dll
0x141036020 D3D11CreateDeviceAndSwapChain
D3DCOMPILER_43.dll
0x141036030 D3DCompile
KERNEL32.dll
0x141036040 GetProcAddress
USER32.dll
0x141036050 ScreenToClient
ADVAPI32.dll
0x141036060 OpenProcessToken
SHELL32.dll
0x141036070 ShellExecuteA
MSVCP140.dll
0x141036080 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
dwmapi.dll
0x141036090 DwmExtendFrameIntoClientArea
WINHTTP.dll
0x1410360a0 WinHttpOpen
CRYPT32.dll
0x1410360b0 CertFreeCertificateChain
IMM32.dll
0x1410360c0 ImmReleaseContext
Normaliz.dll
0x1410360d0 IdnToAscii
WLDAP32.dll
0x1410360e0 None
WS2_32.dll
0x1410360f0 listen
RPCRT4.dll
0x141036100 UuidToStringA
PSAPI.DLL
0x141036110 GetModuleInformation
USERENV.dll
0x141036120 UnloadUserProfile
VCRUNTIME140_1.dll
0x141036130 __CxxFrameHandler4
VCRUNTIME140.dll
0x141036140 __current_exception
api-ms-win-crt-runtime-l1-1-0.dll
0x141036150 exit
api-ms-win-crt-stdio-l1-1-0.dll
0x141036160 fclose
api-ms-win-crt-heap-l1-1-0.dll
0x141036170 _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
0x141036180 atanf
api-ms-win-crt-string-l1-1-0.dll
0x141036190 isupper
api-ms-win-crt-time-l1-1-0.dll
0x1410361a0 _localtime64_s
api-ms-win-crt-convert-l1-1-0.dll
0x1410361b0 strtod
api-ms-win-crt-utility-l1-1-0.dll
0x1410361c0 rand
api-ms-win-crt-filesystem-l1-1-0.dll
0x1410361d0 _fstat64
api-ms-win-crt-locale-l1-1-0.dll
0x1410361e0 _configthreadlocale
WTSAPI32.dll
0x1410361f0 WTSSendMessageW
KERNEL32.dll
0x141036200 GetSystemTimeAsFileTime
USER32.dll
0x141036210 GetUserObjectInformationW
KERNEL32.dll
0x141036220 LocalAlloc
0x141036228 LocalFree
0x141036230 GetModuleFileNameW
0x141036238 GetProcessAffinityMask
0x141036240 SetProcessAffinityMask
0x141036248 SetThreadAffinityMask
0x141036250 Sleep
0x141036258 ExitProcess
0x141036260 FreeLibrary
0x141036268 LoadLibraryA
0x141036270 GetModuleHandleA
0x141036278 GetProcAddress
USER32.dll
0x141036288 GetProcessWindowStation
0x141036290 GetUserObjectInformationW
EAT(Export Address Table) Library
crypt.dll
0x141036000 BCryptFinishHash
d3dx11_43.dll
0x141036010 D3DX11CreateShaderResourceViewFromMemory
d3d11.dll
0x141036020 D3D11CreateDeviceAndSwapChain
D3DCOMPILER_43.dll
0x141036030 D3DCompile
KERNEL32.dll
0x141036040 GetProcAddress
USER32.dll
0x141036050 ScreenToClient
ADVAPI32.dll
0x141036060 OpenProcessToken
SHELL32.dll
0x141036070 ShellExecuteA
MSVCP140.dll
0x141036080 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
dwmapi.dll
0x141036090 DwmExtendFrameIntoClientArea
WINHTTP.dll
0x1410360a0 WinHttpOpen
CRYPT32.dll
0x1410360b0 CertFreeCertificateChain
IMM32.dll
0x1410360c0 ImmReleaseContext
Normaliz.dll
0x1410360d0 IdnToAscii
WLDAP32.dll
0x1410360e0 None
WS2_32.dll
0x1410360f0 listen
RPCRT4.dll
0x141036100 UuidToStringA
PSAPI.DLL
0x141036110 GetModuleInformation
USERENV.dll
0x141036120 UnloadUserProfile
VCRUNTIME140_1.dll
0x141036130 __CxxFrameHandler4
VCRUNTIME140.dll
0x141036140 __current_exception
api-ms-win-crt-runtime-l1-1-0.dll
0x141036150 exit
api-ms-win-crt-stdio-l1-1-0.dll
0x141036160 fclose
api-ms-win-crt-heap-l1-1-0.dll
0x141036170 _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
0x141036180 atanf
api-ms-win-crt-string-l1-1-0.dll
0x141036190 isupper
api-ms-win-crt-time-l1-1-0.dll
0x1410361a0 _localtime64_s
api-ms-win-crt-convert-l1-1-0.dll
0x1410361b0 strtod
api-ms-win-crt-utility-l1-1-0.dll
0x1410361c0 rand
api-ms-win-crt-filesystem-l1-1-0.dll
0x1410361d0 _fstat64
api-ms-win-crt-locale-l1-1-0.dll
0x1410361e0 _configthreadlocale
WTSAPI32.dll
0x1410361f0 WTSSendMessageW
KERNEL32.dll
0x141036200 GetSystemTimeAsFileTime
USER32.dll
0x141036210 GetUserObjectInformationW
KERNEL32.dll
0x141036220 LocalAlloc
0x141036228 LocalFree
0x141036230 GetModuleFileNameW
0x141036238 GetProcessAffinityMask
0x141036240 SetProcessAffinityMask
0x141036248 SetThreadAffinityMask
0x141036250 Sleep
0x141036258 ExitProcess
0x141036260 FreeLibrary
0x141036268 LoadLibraryA
0x141036270 GetModuleHandleA
0x141036278 GetProcAddress
USER32.dll
0x141036288 GetProcessWindowStation
0x141036290 GetUserObjectInformationW
EAT(Export Address Table) Library