ScreenShot
| Created | 2024.11.29 13:34 | Machine | s1_win7_x6401 |
| Filename | uxN4wDZ.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 24 detected (AIDetectMalware, Malicious, score, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, HDSK, FileRepMalware, Stealerc, high, Static AI, Malicious PE, GrayWare, Kryptik, gpyt, Wacatac, BScope, Yylw, susgen) | ||
| md5 | a55d149ef6d095d1499d0668459c236f | ||
| sha256 | c4a5fdd606768f6f69aa9e6cad874296c8e1e85f88b17f12b4ecab2c247c54ce | ||
| ssdeep | 24576:JEN/si2azuLhn21szZkveEPNoYeOvxV3mhfyHUCxizDs5oy9F11:sNz3aWeE6YTifyHUg9P1 | ||
| imphash | bb056fb7e1da8cae84145e3bec77d9d4 | ||
| impfuzzy | 48:hW3KQCKy361P2JxbOPaIj5EEX/KAJS5FnB0WKGP:hW6QCKB1OJxbOPaIjNqOC | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Code injection by writing an executable or DLL to the memory of another process |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | ScreenShot | Take ScreenShot | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4a3d80 AcquireSRWLockExclusive
0x4a3d84 CloseHandle
0x4a3d88 CloseThreadpoolWork
0x4a3d8c CompareStringW
0x4a3d90 CreateEventW
0x4a3d94 CreateFileW
0x4a3d98 CreateThreadpoolWork
0x4a3d9c DecodePointer
0x4a3da0 DeleteCriticalSection
0x4a3da4 EncodePointer
0x4a3da8 EnterCriticalSection
0x4a3dac ExitProcess
0x4a3db0 FindClose
0x4a3db4 FindFirstFileExW
0x4a3db8 FindNextFileW
0x4a3dbc FlushFileBuffers
0x4a3dc0 FreeEnvironmentStringsW
0x4a3dc4 FreeLibrary
0x4a3dc8 FreeLibraryWhenCallbackReturns
0x4a3dcc GetACP
0x4a3dd0 GetCPInfo
0x4a3dd4 GetCommandLineA
0x4a3dd8 GetCommandLineW
0x4a3ddc GetConsoleMode
0x4a3de0 GetConsoleOutputCP
0x4a3de4 GetCurrentProcess
0x4a3de8 GetCurrentProcessId
0x4a3dec GetCurrentThreadId
0x4a3df0 GetEnvironmentStringsW
0x4a3df4 GetFileSize
0x4a3df8 GetFileSizeEx
0x4a3dfc GetFileType
0x4a3e00 GetLastError
0x4a3e04 GetModuleFileNameA
0x4a3e08 GetModuleFileNameW
0x4a3e0c GetModuleHandleA
0x4a3e10 GetModuleHandleExW
0x4a3e14 GetModuleHandleW
0x4a3e18 GetOEMCP
0x4a3e1c GetProcAddress
0x4a3e20 GetProcessHeap
0x4a3e24 GetStartupInfoW
0x4a3e28 GetStdHandle
0x4a3e2c GetStringTypeW
0x4a3e30 GetSystemTimeAsFileTime
0x4a3e34 HeapAlloc
0x4a3e38 HeapFree
0x4a3e3c HeapReAlloc
0x4a3e40 HeapSize
0x4a3e44 InitOnceBeginInitialize
0x4a3e48 InitOnceComplete
0x4a3e4c InitializeConditionVariable
0x4a3e50 InitializeCriticalSectionAndSpinCount
0x4a3e54 InitializeCriticalSectionEx
0x4a3e58 InitializeSListHead
0x4a3e5c InitializeSRWLock
0x4a3e60 IsDebuggerPresent
0x4a3e64 IsProcessorFeaturePresent
0x4a3e68 IsValidCodePage
0x4a3e6c LCMapStringW
0x4a3e70 LeaveCriticalSection
0x4a3e74 LoadLibraryExW
0x4a3e78 MultiByteToWideChar
0x4a3e7c QueryPerformanceCounter
0x4a3e80 RaiseException
0x4a3e84 ReadFile
0x4a3e88 ReleaseSRWLockExclusive
0x4a3e8c ResetEvent
0x4a3e90 RtlUnwind
0x4a3e94 SetEnvironmentVariableW
0x4a3e98 SetEvent
0x4a3e9c SetFilePointerEx
0x4a3ea0 SetLastError
0x4a3ea4 SetStdHandle
0x4a3ea8 SetUnhandledExceptionFilter
0x4a3eac SleepConditionVariableCS
0x4a3eb0 SleepConditionVariableSRW
0x4a3eb4 SubmitThreadpoolWork
0x4a3eb8 TerminateProcess
0x4a3ebc TlsAlloc
0x4a3ec0 TlsFree
0x4a3ec4 TlsGetValue
0x4a3ec8 TlsSetValue
0x4a3ecc TryEnterCriticalSection
0x4a3ed0 UnhandledExceptionFilter
0x4a3ed4 VirtualAlloc
0x4a3ed8 VirtualFree
0x4a3edc WaitForSingleObjectEx
0x4a3ee0 WakeAllConditionVariable
0x4a3ee4 WakeConditionVariable
0x4a3ee8 WideCharToMultiByte
0x4a3eec WriteConsoleW
0x4a3ef0 WriteFile
USER32.dll
0x4a3ef8 BeginPaint
0x4a3efc CreateWindowExW
0x4a3f00 DefWindowProcW
0x4a3f04 DispatchMessageW
0x4a3f08 EndPaint
0x4a3f0c GetMessageW
0x4a3f10 PostQuitMessage
0x4a3f14 RegisterClassW
0x4a3f18 ShowWindow
0x4a3f1c TranslateMessage
0x4a3f20 UpdateWindow
GDI32.dll
0x4a3f28 TextOutW
EAT(Export Address Table) is none
KERNEL32.dll
0x4a3d80 AcquireSRWLockExclusive
0x4a3d84 CloseHandle
0x4a3d88 CloseThreadpoolWork
0x4a3d8c CompareStringW
0x4a3d90 CreateEventW
0x4a3d94 CreateFileW
0x4a3d98 CreateThreadpoolWork
0x4a3d9c DecodePointer
0x4a3da0 DeleteCriticalSection
0x4a3da4 EncodePointer
0x4a3da8 EnterCriticalSection
0x4a3dac ExitProcess
0x4a3db0 FindClose
0x4a3db4 FindFirstFileExW
0x4a3db8 FindNextFileW
0x4a3dbc FlushFileBuffers
0x4a3dc0 FreeEnvironmentStringsW
0x4a3dc4 FreeLibrary
0x4a3dc8 FreeLibraryWhenCallbackReturns
0x4a3dcc GetACP
0x4a3dd0 GetCPInfo
0x4a3dd4 GetCommandLineA
0x4a3dd8 GetCommandLineW
0x4a3ddc GetConsoleMode
0x4a3de0 GetConsoleOutputCP
0x4a3de4 GetCurrentProcess
0x4a3de8 GetCurrentProcessId
0x4a3dec GetCurrentThreadId
0x4a3df0 GetEnvironmentStringsW
0x4a3df4 GetFileSize
0x4a3df8 GetFileSizeEx
0x4a3dfc GetFileType
0x4a3e00 GetLastError
0x4a3e04 GetModuleFileNameA
0x4a3e08 GetModuleFileNameW
0x4a3e0c GetModuleHandleA
0x4a3e10 GetModuleHandleExW
0x4a3e14 GetModuleHandleW
0x4a3e18 GetOEMCP
0x4a3e1c GetProcAddress
0x4a3e20 GetProcessHeap
0x4a3e24 GetStartupInfoW
0x4a3e28 GetStdHandle
0x4a3e2c GetStringTypeW
0x4a3e30 GetSystemTimeAsFileTime
0x4a3e34 HeapAlloc
0x4a3e38 HeapFree
0x4a3e3c HeapReAlloc
0x4a3e40 HeapSize
0x4a3e44 InitOnceBeginInitialize
0x4a3e48 InitOnceComplete
0x4a3e4c InitializeConditionVariable
0x4a3e50 InitializeCriticalSectionAndSpinCount
0x4a3e54 InitializeCriticalSectionEx
0x4a3e58 InitializeSListHead
0x4a3e5c InitializeSRWLock
0x4a3e60 IsDebuggerPresent
0x4a3e64 IsProcessorFeaturePresent
0x4a3e68 IsValidCodePage
0x4a3e6c LCMapStringW
0x4a3e70 LeaveCriticalSection
0x4a3e74 LoadLibraryExW
0x4a3e78 MultiByteToWideChar
0x4a3e7c QueryPerformanceCounter
0x4a3e80 RaiseException
0x4a3e84 ReadFile
0x4a3e88 ReleaseSRWLockExclusive
0x4a3e8c ResetEvent
0x4a3e90 RtlUnwind
0x4a3e94 SetEnvironmentVariableW
0x4a3e98 SetEvent
0x4a3e9c SetFilePointerEx
0x4a3ea0 SetLastError
0x4a3ea4 SetStdHandle
0x4a3ea8 SetUnhandledExceptionFilter
0x4a3eac SleepConditionVariableCS
0x4a3eb0 SleepConditionVariableSRW
0x4a3eb4 SubmitThreadpoolWork
0x4a3eb8 TerminateProcess
0x4a3ebc TlsAlloc
0x4a3ec0 TlsFree
0x4a3ec4 TlsGetValue
0x4a3ec8 TlsSetValue
0x4a3ecc TryEnterCriticalSection
0x4a3ed0 UnhandledExceptionFilter
0x4a3ed4 VirtualAlloc
0x4a3ed8 VirtualFree
0x4a3edc WaitForSingleObjectEx
0x4a3ee0 WakeAllConditionVariable
0x4a3ee4 WakeConditionVariable
0x4a3ee8 WideCharToMultiByte
0x4a3eec WriteConsoleW
0x4a3ef0 WriteFile
USER32.dll
0x4a3ef8 BeginPaint
0x4a3efc CreateWindowExW
0x4a3f00 DefWindowProcW
0x4a3f04 DispatchMessageW
0x4a3f08 EndPaint
0x4a3f0c GetMessageW
0x4a3f10 PostQuitMessage
0x4a3f14 RegisterClassW
0x4a3f18 ShowWindow
0x4a3f1c TranslateMessage
0x4a3f20 UpdateWindow
GDI32.dll
0x4a3f28 TextOutW
EAT(Export Address Table) is none