ScreenShot
| Created | 2024.11.19 14:46 | Machine | s1_win7_x6403 |
| Filename | chelentano.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 32 detected (AIDetectMalware, Cerbu, Unsafe, Save, malicious, confidence, Attribute, HighConfidence, high confidence, Kryptik@AI, RDML, LrcP90h, c2NEOJmCmgIFw, Static AI, Suspicious PE, Detected, GrayWare, Wacapew, Kryptik, Wacatac, ABTrojan, LVGN, Artemis, Chgt, R002H09KH24, susgen, PossibleThreat) | ||
| md5 | 5895f9e89c273cb76edb86600e0910a6 | ||
| sha256 | 454e73a40c15a323d0dd56b322529cf70e74064ef4089605cf25577634678f56 | ||
| ssdeep | 24576:PSqMZN8DPK8HqVh0lhSMXlb0fvEQLb36wpunE9yPMdO7JUKv9Rr:PS1Nn89Afv1LbK1E9QOUG | ||
| imphash | fb701bcb0f600ee01f4f529e1b3e9476 | ||
| impfuzzy | 48:thqDxSRbXXBfCorZtTmFrmVgZeSrvics9rY7KF4FD9bN:tgD8btCorZtTmVmVAeSrvicsqeI1N | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks if process is being debugged by a debugger |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ntdll.dll
0x14004d360 RtlGetNtVersionNumbers
0x14004d368 RtlLeaveCriticalSection
0x14004d370 RtlEnterCriticalSection
0x14004d378 RtlCompareMemory
0x14004d380 NtProtectVirtualMemory
0x14004d388 RtlImageNtHeader
0x14004d390 NtQueryVirtualMemory
0x14004d398 RtlImageDirectoryEntryToData
KERNEL32.dll
0x14004d018 FreeEnvironmentStringsW
0x14004d020 GetEnvironmentStringsW
0x14004d028 GetCommandLineW
0x14004d030 GetCommandLineA
0x14004d038 LCMapStringEx
0x14004d040 VirtualFree
0x14004d048 VirtualAlloc
0x14004d050 GetModuleHandleW
0x14004d058 LoadLibraryA
0x14004d060 ReadFile
0x14004d068 WriteFile
0x14004d070 CreateFileW
0x14004d078 CloseHandle
0x14004d080 GetProcAddress
0x14004d088 GetCurrentProcess
0x14004d090 VirtualQuery
0x14004d098 IsDebuggerPresent
0x14004d0a0 CreateToolhelp32Snapshot
0x14004d0a8 Process32NextW
0x14004d0b0 Process32FirstW
0x14004d0b8 K32EnumDeviceDrivers
0x14004d0c0 K32GetDeviceDriverBaseNameW
0x14004d0c8 EnterCriticalSection
0x14004d0d0 GetModuleFileNameW
0x14004d0d8 LeaveCriticalSection
0x14004d0e0 MultiByteToWideChar
0x14004d0e8 ExitProcess
0x14004d0f0 WideCharToMultiByte
0x14004d0f8 GetLastError
0x14004d100 SetLastError
0x14004d108 RtlCaptureContext
0x14004d110 RtlLookupFunctionEntry
0x14004d118 RtlVirtualUnwind
0x14004d120 UnhandledExceptionFilter
0x14004d128 SetUnhandledExceptionFilter
0x14004d130 TerminateProcess
0x14004d138 IsProcessorFeaturePresent
0x14004d140 DeleteCriticalSection
0x14004d148 HeapAlloc
0x14004d150 HeapFree
0x14004d158 GetCurrentThreadId
0x14004d160 GetStdHandle
0x14004d168 GetFileType
0x14004d170 GetStartupInfoW
0x14004d178 RaiseException
0x14004d180 FlsAlloc
0x14004d188 FlsGetValue
0x14004d190 FlsSetValue
0x14004d198 FlsFree
0x14004d1a0 InitializeCriticalSectionAndSpinCount
0x14004d1a8 GetSystemTimeAsFileTime
0x14004d1b0 FreeLibrary
0x14004d1b8 LoadLibraryExW
0x14004d1c0 LCMapStringW
0x14004d1c8 GetLocaleInfoW
0x14004d1d0 IsValidLocale
0x14004d1d8 GetUserDefaultLCID
0x14004d1e0 EnumSystemLocalesW
0x14004d1e8 GetFileSizeEx
0x14004d1f0 SetFilePointerEx
0x14004d1f8 FlushFileBuffers
0x14004d200 GetConsoleOutputCP
0x14004d208 SetEndOfFile
0x14004d210 ReadConsoleW
0x14004d218 HeapReAlloc
0x14004d220 HeapSize
0x14004d228 GetProcessHeap
0x14004d230 IsValidCodePage
0x14004d238 GetACP
0x14004d240 GetOEMCP
0x14004d248 GetCPInfo
0x14004d250 GetStringTypeW
0x14004d258 GetModuleHandleExW
0x14004d260 SetStdHandle
0x14004d268 WriteConsoleW
0x14004d270 QueryPerformanceCounter
0x14004d278 GetCurrentProcessId
0x14004d280 InitializeSListHead
0x14004d288 RtlUnwindEx
0x14004d290 RtlUnwind
0x14004d298 RtlPcToFileHeader
0x14004d2a0 EncodePointer
0x14004d2a8 TlsAlloc
0x14004d2b0 TlsGetValue
0x14004d2b8 TlsSetValue
0x14004d2c0 TlsFree
0x14004d2c8 DecodePointer
0x14004d2d0 InitializeCriticalSectionEx
0x14004d2d8 GetFileInformationByHandleEx
0x14004d2e0 GetConsoleMode
0x14004d2e8 FormatMessageA
0x14004d2f0 LocalFree
0x14004d2f8 GetLocaleInfoEx
0x14004d300 FindClose
0x14004d308 FindFirstFileW
0x14004d310 FindFirstFileExW
0x14004d318 FindNextFileW
0x14004d320 GetFileAttributesExW
0x14004d328 AreFileApisANSI
USER32.dll
0x14004d338 LoadAcceleratorsA
0x14004d340 GetRawInputDeviceInfoW
0x14004d348 GetRawInputDeviceList
0x14004d350 LoadAcceleratorsW
ADVAPI32.dll
0x14004d000 GetTokenInformation
0x14004d008 OpenProcessToken
EAT(Export Address Table) is none
ntdll.dll
0x14004d360 RtlGetNtVersionNumbers
0x14004d368 RtlLeaveCriticalSection
0x14004d370 RtlEnterCriticalSection
0x14004d378 RtlCompareMemory
0x14004d380 NtProtectVirtualMemory
0x14004d388 RtlImageNtHeader
0x14004d390 NtQueryVirtualMemory
0x14004d398 RtlImageDirectoryEntryToData
KERNEL32.dll
0x14004d018 FreeEnvironmentStringsW
0x14004d020 GetEnvironmentStringsW
0x14004d028 GetCommandLineW
0x14004d030 GetCommandLineA
0x14004d038 LCMapStringEx
0x14004d040 VirtualFree
0x14004d048 VirtualAlloc
0x14004d050 GetModuleHandleW
0x14004d058 LoadLibraryA
0x14004d060 ReadFile
0x14004d068 WriteFile
0x14004d070 CreateFileW
0x14004d078 CloseHandle
0x14004d080 GetProcAddress
0x14004d088 GetCurrentProcess
0x14004d090 VirtualQuery
0x14004d098 IsDebuggerPresent
0x14004d0a0 CreateToolhelp32Snapshot
0x14004d0a8 Process32NextW
0x14004d0b0 Process32FirstW
0x14004d0b8 K32EnumDeviceDrivers
0x14004d0c0 K32GetDeviceDriverBaseNameW
0x14004d0c8 EnterCriticalSection
0x14004d0d0 GetModuleFileNameW
0x14004d0d8 LeaveCriticalSection
0x14004d0e0 MultiByteToWideChar
0x14004d0e8 ExitProcess
0x14004d0f0 WideCharToMultiByte
0x14004d0f8 GetLastError
0x14004d100 SetLastError
0x14004d108 RtlCaptureContext
0x14004d110 RtlLookupFunctionEntry
0x14004d118 RtlVirtualUnwind
0x14004d120 UnhandledExceptionFilter
0x14004d128 SetUnhandledExceptionFilter
0x14004d130 TerminateProcess
0x14004d138 IsProcessorFeaturePresent
0x14004d140 DeleteCriticalSection
0x14004d148 HeapAlloc
0x14004d150 HeapFree
0x14004d158 GetCurrentThreadId
0x14004d160 GetStdHandle
0x14004d168 GetFileType
0x14004d170 GetStartupInfoW
0x14004d178 RaiseException
0x14004d180 FlsAlloc
0x14004d188 FlsGetValue
0x14004d190 FlsSetValue
0x14004d198 FlsFree
0x14004d1a0 InitializeCriticalSectionAndSpinCount
0x14004d1a8 GetSystemTimeAsFileTime
0x14004d1b0 FreeLibrary
0x14004d1b8 LoadLibraryExW
0x14004d1c0 LCMapStringW
0x14004d1c8 GetLocaleInfoW
0x14004d1d0 IsValidLocale
0x14004d1d8 GetUserDefaultLCID
0x14004d1e0 EnumSystemLocalesW
0x14004d1e8 GetFileSizeEx
0x14004d1f0 SetFilePointerEx
0x14004d1f8 FlushFileBuffers
0x14004d200 GetConsoleOutputCP
0x14004d208 SetEndOfFile
0x14004d210 ReadConsoleW
0x14004d218 HeapReAlloc
0x14004d220 HeapSize
0x14004d228 GetProcessHeap
0x14004d230 IsValidCodePage
0x14004d238 GetACP
0x14004d240 GetOEMCP
0x14004d248 GetCPInfo
0x14004d250 GetStringTypeW
0x14004d258 GetModuleHandleExW
0x14004d260 SetStdHandle
0x14004d268 WriteConsoleW
0x14004d270 QueryPerformanceCounter
0x14004d278 GetCurrentProcessId
0x14004d280 InitializeSListHead
0x14004d288 RtlUnwindEx
0x14004d290 RtlUnwind
0x14004d298 RtlPcToFileHeader
0x14004d2a0 EncodePointer
0x14004d2a8 TlsAlloc
0x14004d2b0 TlsGetValue
0x14004d2b8 TlsSetValue
0x14004d2c0 TlsFree
0x14004d2c8 DecodePointer
0x14004d2d0 InitializeCriticalSectionEx
0x14004d2d8 GetFileInformationByHandleEx
0x14004d2e0 GetConsoleMode
0x14004d2e8 FormatMessageA
0x14004d2f0 LocalFree
0x14004d2f8 GetLocaleInfoEx
0x14004d300 FindClose
0x14004d308 FindFirstFileW
0x14004d310 FindFirstFileExW
0x14004d318 FindNextFileW
0x14004d320 GetFileAttributesExW
0x14004d328 AreFileApisANSI
USER32.dll
0x14004d338 LoadAcceleratorsA
0x14004d340 GetRawInputDeviceInfoW
0x14004d348 GetRawInputDeviceList
0x14004d350 LoadAcceleratorsW
ADVAPI32.dll
0x14004d000 GetTokenInformation
0x14004d008 OpenProcessToken
EAT(Export Address Table) is none