ScreenShot
| Created | 2024.12.04 16:15 | Machine | s1_win7_x6403 |
| Filename | sound.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 15 detected (AIDetectMalware, Unsafe, Attribute, HighConfidence, malicious, moderate confidence, Disco, TrojanPSW, Static AI, Suspicious PE, QQPass, QQRob, Bkjl, PossibleThreat) | ||
| md5 | 770bc9a9a9ff4284b8cb6e333478d25c | ||
| sha256 | 6a915f0e2eaa35eb47d70a933a4d8822d65e64ebea485d9dcb5657f1f4bd1cf8 | ||
| ssdeep | 49152:phizG03sNtvZdvbOjJPmpH5q9HOvLv5Fe1n5E4Gp9zSYpjvhZj:phiNya1+DfLvzQE3NSYRvhZ | ||
| imphash | d42595b695fc008ef2c56aabd8efd68e | ||
| impfuzzy | 24:ibVjh9wOuuTkkboVaXOr6kwmDgUPMztxdEr6Ul:AwOuUjXOmokx0nl | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x882120 WriteFile
0x882128 WriteConsoleW
0x882130 WerSetFlags
0x882138 WerGetFlags
0x882140 WaitForMultipleObjects
0x882148 WaitForSingleObject
0x882150 VirtualQuery
0x882158 VirtualFree
0x882160 VirtualAlloc
0x882168 TlsAlloc
0x882170 SwitchToThread
0x882178 SuspendThread
0x882180 SetWaitableTimer
0x882188 SetProcessPriorityBoost
0x882190 SetEvent
0x882198 SetErrorMode
0x8821a0 SetConsoleCtrlHandler
0x8821a8 RtlVirtualUnwind
0x8821b0 RtlLookupFunctionEntry
0x8821b8 ResumeThread
0x8821c0 RaiseFailFastException
0x8821c8 PostQueuedCompletionStatus
0x8821d0 LoadLibraryW
0x8821d8 LoadLibraryExW
0x8821e0 SetThreadContext
0x8821e8 GetThreadContext
0x8821f0 GetSystemInfo
0x8821f8 GetSystemDirectoryA
0x882200 GetStdHandle
0x882208 GetQueuedCompletionStatusEx
0x882210 GetProcessAffinityMask
0x882218 GetProcAddress
0x882220 GetErrorMode
0x882228 GetEnvironmentStringsW
0x882230 GetCurrentThreadId
0x882238 GetConsoleMode
0x882240 FreeEnvironmentStringsW
0x882248 ExitProcess
0x882250 DuplicateHandle
0x882258 CreateWaitableTimerExW
0x882260 CreateThread
0x882268 CreateIoCompletionPort
0x882270 CreateEventA
0x882278 CloseHandle
0x882280 AddVectoredExceptionHandler
0x882288 AddVectoredContinueHandler
EAT(Export Address Table) is none
kernel32.dll
0x882120 WriteFile
0x882128 WriteConsoleW
0x882130 WerSetFlags
0x882138 WerGetFlags
0x882140 WaitForMultipleObjects
0x882148 WaitForSingleObject
0x882150 VirtualQuery
0x882158 VirtualFree
0x882160 VirtualAlloc
0x882168 TlsAlloc
0x882170 SwitchToThread
0x882178 SuspendThread
0x882180 SetWaitableTimer
0x882188 SetProcessPriorityBoost
0x882190 SetEvent
0x882198 SetErrorMode
0x8821a0 SetConsoleCtrlHandler
0x8821a8 RtlVirtualUnwind
0x8821b0 RtlLookupFunctionEntry
0x8821b8 ResumeThread
0x8821c0 RaiseFailFastException
0x8821c8 PostQueuedCompletionStatus
0x8821d0 LoadLibraryW
0x8821d8 LoadLibraryExW
0x8821e0 SetThreadContext
0x8821e8 GetThreadContext
0x8821f0 GetSystemInfo
0x8821f8 GetSystemDirectoryA
0x882200 GetStdHandle
0x882208 GetQueuedCompletionStatusEx
0x882210 GetProcessAffinityMask
0x882218 GetProcAddress
0x882220 GetErrorMode
0x882228 GetEnvironmentStringsW
0x882230 GetCurrentThreadId
0x882238 GetConsoleMode
0x882240 FreeEnvironmentStringsW
0x882248 ExitProcess
0x882250 DuplicateHandle
0x882258 CreateWaitableTimerExW
0x882260 CreateThread
0x882268 CreateIoCompletionPort
0x882270 CreateEventA
0x882278 CloseHandle
0x882280 AddVectoredExceptionHandler
0x882288 AddVectoredContinueHandler
EAT(Export Address Table) is none