ScreenShot
| Created | 2024.12.16 19:20 | Machine | s1_win7_x6403 |
| Filename | l4.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 52 detected (AIDetectMalware, tsGi, Malicious, score, Tedy, Unsafe, Save, confidence, Attribute, HighConfidence, high confidence, a variant of Generik, NFCFMNM, KryptonC2, Redcap, ktzlot, ipzap, AMADEY, YXELKZ, Static AI, Suspicious PE, Detected, Wacatac, ABTrojan, VXCY, Artemis, Chgt, Gencirc, susgen, PossibleThreat, Wacapew, C9nj) | ||
| md5 | d68f79c459ee4ae03b76fa5ba151a41f | ||
| sha256 | aa50c900e210abb6be7d2420d9d5ae34c66818e0491aabd141421d175211fed6 | ||
| ssdeep | 98304:copJ0ndCADji3dh8iemrdbYOssb5+7wFADy/+sXBuVoDtnOPyz70fhhQAHHDRWfU:cc0cWjigIbCs+ZivuVoDFOKn0fPyqEvo | ||
| imphash | 8e3dad4d4ea6736338bcc4aca7b446c9 | ||
| impfuzzy | 24:QsXlVJmTLO1u9CjFhCgD7J9v02tyXbIc+pl39/CuYoEOovL9RPvRzZHGMc:QsXlnFJ97tyXbIc+ppQuYcCne | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| watch | Drops a binary and executes it |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (17cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | ftp_command | ftp command | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | wget_command | wget command | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHELL32.dll
0x1400222c0 SHFileOperationW
0x1400222c8 SHGetFolderPathW
0x1400222d0 CommandLineToArgvW
KERNEL32.dll
0x140022000 SetLastError
0x140022008 WriteConsoleW
0x140022010 HeapReAlloc
0x140022018 CreateDirectoryW
0x140022020 SizeofResource
0x140022028 SetConsoleCtrlHandler
0x140022030 GetCommandLineW
0x140022038 GetStdHandle
0x140022040 WriteFile
0x140022048 TerminateProcess
0x140022050 GetModuleFileNameW
0x140022058 SetEnvironmentVariableW
0x140022060 GetTempPathW
0x140022068 FindResourceA
0x140022070 WaitForSingleObject
0x140022078 CreateFileW
0x140022080 GetFileAttributesW
0x140022088 Sleep
0x140022090 GetLastError
0x140022098 LockResource
0x1400220a0 CloseHandle
0x1400220a8 LoadResource
0x1400220b0 GetProcAddress
0x1400220b8 GetCurrentProcessId
0x1400220c0 CreateProcessW
0x1400220c8 WideCharToMultiByte
0x1400220d0 GetSystemTimeAsFileTime
0x1400220d8 FormatMessageA
0x1400220e0 GetExitCodeProcess
0x1400220e8 RtlCaptureContext
0x1400220f0 RtlLookupFunctionEntry
0x1400220f8 RtlVirtualUnwind
0x140022100 UnhandledExceptionFilter
0x140022108 SetUnhandledExceptionFilter
0x140022110 GetCurrentProcess
0x140022118 IsProcessorFeaturePresent
0x140022120 QueryPerformanceCounter
0x140022128 GetCurrentThreadId
0x140022130 InitializeSListHead
0x140022138 IsDebuggerPresent
0x140022140 GetStartupInfoW
0x140022148 GetModuleHandleW
0x140022150 HeapSize
0x140022158 RtlUnwindEx
0x140022160 EnterCriticalSection
0x140022168 LeaveCriticalSection
0x140022170 DeleteCriticalSection
0x140022178 InitializeCriticalSectionAndSpinCount
0x140022180 TlsAlloc
0x140022188 TlsGetValue
0x140022190 TlsSetValue
0x140022198 TlsFree
0x1400221a0 FreeLibrary
0x1400221a8 LoadLibraryExW
0x1400221b0 EncodePointer
0x1400221b8 RaiseException
0x1400221c0 RtlPcToFileHeader
0x1400221c8 ExitProcess
0x1400221d0 GetModuleHandleExW
0x1400221d8 GetCommandLineA
0x1400221e0 HeapAlloc
0x1400221e8 MultiByteToWideChar
0x1400221f0 HeapFree
0x1400221f8 FlsAlloc
0x140022200 FlsGetValue
0x140022208 FlsSetValue
0x140022210 FlsFree
0x140022218 CompareStringW
0x140022220 LCMapStringW
0x140022228 GetFileType
0x140022230 FindClose
0x140022238 FindFirstFileExW
0x140022240 FindNextFileW
0x140022248 IsValidCodePage
0x140022250 GetACP
0x140022258 GetOEMCP
0x140022260 GetCPInfo
0x140022268 GetEnvironmentStringsW
0x140022270 FreeEnvironmentStringsW
0x140022278 SetStdHandle
0x140022280 GetStringTypeW
0x140022288 GetProcessHeap
0x140022290 FlushFileBuffers
0x140022298 GetConsoleOutputCP
0x1400222a0 GetConsoleMode
0x1400222a8 GetFileSizeEx
0x1400222b0 SetFilePointerEx
EAT(Export Address Table) is none
SHELL32.dll
0x1400222c0 SHFileOperationW
0x1400222c8 SHGetFolderPathW
0x1400222d0 CommandLineToArgvW
KERNEL32.dll
0x140022000 SetLastError
0x140022008 WriteConsoleW
0x140022010 HeapReAlloc
0x140022018 CreateDirectoryW
0x140022020 SizeofResource
0x140022028 SetConsoleCtrlHandler
0x140022030 GetCommandLineW
0x140022038 GetStdHandle
0x140022040 WriteFile
0x140022048 TerminateProcess
0x140022050 GetModuleFileNameW
0x140022058 SetEnvironmentVariableW
0x140022060 GetTempPathW
0x140022068 FindResourceA
0x140022070 WaitForSingleObject
0x140022078 CreateFileW
0x140022080 GetFileAttributesW
0x140022088 Sleep
0x140022090 GetLastError
0x140022098 LockResource
0x1400220a0 CloseHandle
0x1400220a8 LoadResource
0x1400220b0 GetProcAddress
0x1400220b8 GetCurrentProcessId
0x1400220c0 CreateProcessW
0x1400220c8 WideCharToMultiByte
0x1400220d0 GetSystemTimeAsFileTime
0x1400220d8 FormatMessageA
0x1400220e0 GetExitCodeProcess
0x1400220e8 RtlCaptureContext
0x1400220f0 RtlLookupFunctionEntry
0x1400220f8 RtlVirtualUnwind
0x140022100 UnhandledExceptionFilter
0x140022108 SetUnhandledExceptionFilter
0x140022110 GetCurrentProcess
0x140022118 IsProcessorFeaturePresent
0x140022120 QueryPerformanceCounter
0x140022128 GetCurrentThreadId
0x140022130 InitializeSListHead
0x140022138 IsDebuggerPresent
0x140022140 GetStartupInfoW
0x140022148 GetModuleHandleW
0x140022150 HeapSize
0x140022158 RtlUnwindEx
0x140022160 EnterCriticalSection
0x140022168 LeaveCriticalSection
0x140022170 DeleteCriticalSection
0x140022178 InitializeCriticalSectionAndSpinCount
0x140022180 TlsAlloc
0x140022188 TlsGetValue
0x140022190 TlsSetValue
0x140022198 TlsFree
0x1400221a0 FreeLibrary
0x1400221a8 LoadLibraryExW
0x1400221b0 EncodePointer
0x1400221b8 RaiseException
0x1400221c0 RtlPcToFileHeader
0x1400221c8 ExitProcess
0x1400221d0 GetModuleHandleExW
0x1400221d8 GetCommandLineA
0x1400221e0 HeapAlloc
0x1400221e8 MultiByteToWideChar
0x1400221f0 HeapFree
0x1400221f8 FlsAlloc
0x140022200 FlsGetValue
0x140022208 FlsSetValue
0x140022210 FlsFree
0x140022218 CompareStringW
0x140022220 LCMapStringW
0x140022228 GetFileType
0x140022230 FindClose
0x140022238 FindFirstFileExW
0x140022240 FindNextFileW
0x140022248 IsValidCodePage
0x140022250 GetACP
0x140022258 GetOEMCP
0x140022260 GetCPInfo
0x140022268 GetEnvironmentStringsW
0x140022270 FreeEnvironmentStringsW
0x140022278 SetStdHandle
0x140022280 GetStringTypeW
0x140022288 GetProcessHeap
0x140022290 FlushFileBuffers
0x140022298 GetConsoleOutputCP
0x1400222a0 GetConsoleMode
0x1400222a8 GetFileSizeEx
0x1400222b0 SetFilePointerEx
EAT(Export Address Table) is none