ScreenShot
| Created | 2024.11.19 19:29 | Machine | s1_win7_x6401 |
| Filename | 4f3200e5324a333579e06ed5aa264ed2.bin.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 43 detected (AIDetectMalware, GenericKD, Unsafe, Save, malicious, confidence, Attribute, HighConfidence, high confidence, Kryptik, HYGY, score, Stelpak, Convagent, thkolWElf4R, muynp, Inject5, Real Protect, Generic ML PUA, Static AI, Malicious PE, Detected, Vidar, 1103JM4, QCQT, R681772, GdSda, Gencirc) | ||
| md5 | 4f3200e5324a333579e06ed5aa264ed2 | ||
| sha256 | a300c5659a4b2575a7deb8cfb04a978bbf939d473e0842fb6e759f4a77de83ea | ||
| ssdeep | 49152:KGEs3d2XPdz5v7lVLODcFONjE1CiKHWH2AZPyuPyD:KPs0/vuEKE162HzPyuPyD | ||
| imphash | ace62586a99cd94b3404d807008ae88e | ||
| impfuzzy | 24:QZqWDCejtWOovbOGMUD1uBvgmWDQyl3LPOXqEu9VJUsO:QZqQCKx361GIhbO6YsO | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| danger | Executed a process and injected code into it |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Code injection by writing an executable or DLL to the memory of another process |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Yara rule detected in process memory |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | ScreenShot | Take ScreenShot | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x623d78 IsClipboardFormatAvailable
KERNEL32.dll
0x623d80 CloseHandle
0x623d84 CompareStringW
0x623d88 CreateFileW
0x623d8c DecodePointer
0x623d90 DeleteCriticalSection
0x623d94 EncodePointer
0x623d98 EnterCriticalSection
0x623d9c ExitProcess
0x623da0 FindClose
0x623da4 FindFirstFileExW
0x623da8 FindNextFileW
0x623dac FlushFileBuffers
0x623db0 FreeEnvironmentStringsW
0x623db4 FreeLibrary
0x623db8 GetACP
0x623dbc GetCPInfo
0x623dc0 GetCommandLineA
0x623dc4 GetCommandLineW
0x623dc8 GetConsoleMode
0x623dcc GetConsoleOutputCP
0x623dd0 GetCurrentProcess
0x623dd4 GetCurrentProcessId
0x623dd8 GetCurrentThreadId
0x623ddc GetEnvironmentStringsW
0x623de0 GetFileSizeEx
0x623de4 GetFileType
0x623de8 GetLastError
0x623dec GetModuleFileNameW
0x623df0 GetModuleHandleExW
0x623df4 GetModuleHandleW
0x623df8 GetOEMCP
0x623dfc GetProcAddress
0x623e00 GetProcessHeap
0x623e04 GetStartupInfoW
0x623e08 GetStdHandle
0x623e0c GetStringTypeW
0x623e10 GetSystemTimeAsFileTime
0x623e14 HeapAlloc
0x623e18 HeapFree
0x623e1c HeapReAlloc
0x623e20 HeapSize
0x623e24 InitializeCriticalSectionAndSpinCount
0x623e28 InitializeSListHead
0x623e2c IsDebuggerPresent
0x623e30 IsProcessorFeaturePresent
0x623e34 IsValidCodePage
0x623e38 LCMapStringW
0x623e3c LeaveCriticalSection
0x623e40 LoadLibraryExW
0x623e44 MultiByteToWideChar
0x623e48 QueryPerformanceCounter
0x623e4c RaiseException
0x623e50 ReadConsoleW
0x623e54 ReadFile
0x623e58 RtlUnwind
0x623e5c SetEndOfFile
0x623e60 SetEnvironmentVariableW
0x623e64 SetFilePointerEx
0x623e68 SetLastError
0x623e6c SetStdHandle
0x623e70 SetUnhandledExceptionFilter
0x623e74 TerminateProcess
0x623e78 TlsAlloc
0x623e7c TlsFree
0x623e80 TlsGetValue
0x623e84 TlsSetValue
0x623e88 UnhandledExceptionFilter
0x623e8c WideCharToMultiByte
0x623e90 WriteConsoleW
0x623e94 WriteFile
EAT(Export Address Table) is none
USER32.dll
0x623d78 IsClipboardFormatAvailable
KERNEL32.dll
0x623d80 CloseHandle
0x623d84 CompareStringW
0x623d88 CreateFileW
0x623d8c DecodePointer
0x623d90 DeleteCriticalSection
0x623d94 EncodePointer
0x623d98 EnterCriticalSection
0x623d9c ExitProcess
0x623da0 FindClose
0x623da4 FindFirstFileExW
0x623da8 FindNextFileW
0x623dac FlushFileBuffers
0x623db0 FreeEnvironmentStringsW
0x623db4 FreeLibrary
0x623db8 GetACP
0x623dbc GetCPInfo
0x623dc0 GetCommandLineA
0x623dc4 GetCommandLineW
0x623dc8 GetConsoleMode
0x623dcc GetConsoleOutputCP
0x623dd0 GetCurrentProcess
0x623dd4 GetCurrentProcessId
0x623dd8 GetCurrentThreadId
0x623ddc GetEnvironmentStringsW
0x623de0 GetFileSizeEx
0x623de4 GetFileType
0x623de8 GetLastError
0x623dec GetModuleFileNameW
0x623df0 GetModuleHandleExW
0x623df4 GetModuleHandleW
0x623df8 GetOEMCP
0x623dfc GetProcAddress
0x623e00 GetProcessHeap
0x623e04 GetStartupInfoW
0x623e08 GetStdHandle
0x623e0c GetStringTypeW
0x623e10 GetSystemTimeAsFileTime
0x623e14 HeapAlloc
0x623e18 HeapFree
0x623e1c HeapReAlloc
0x623e20 HeapSize
0x623e24 InitializeCriticalSectionAndSpinCount
0x623e28 InitializeSListHead
0x623e2c IsDebuggerPresent
0x623e30 IsProcessorFeaturePresent
0x623e34 IsValidCodePage
0x623e38 LCMapStringW
0x623e3c LeaveCriticalSection
0x623e40 LoadLibraryExW
0x623e44 MultiByteToWideChar
0x623e48 QueryPerformanceCounter
0x623e4c RaiseException
0x623e50 ReadConsoleW
0x623e54 ReadFile
0x623e58 RtlUnwind
0x623e5c SetEndOfFile
0x623e60 SetEnvironmentVariableW
0x623e64 SetFilePointerEx
0x623e68 SetLastError
0x623e6c SetStdHandle
0x623e70 SetUnhandledExceptionFilter
0x623e74 TerminateProcess
0x623e78 TlsAlloc
0x623e7c TlsFree
0x623e80 TlsGetValue
0x623e84 TlsSetValue
0x623e88 UnhandledExceptionFilter
0x623e8c WideCharToMultiByte
0x623e90 WriteConsoleW
0x623e94 WriteFile
EAT(Export Address Table) is none