ScreenShot
| Created | 2024.12.30 14:20 | Machine | s1_win7_x6401 |
| Filename | putty.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | 52 detected (Common, Ghanarava, GenericKD, Unsafe, Save, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, HYMW, PWSX, Smokeloader, kudevu, Lumma, jFCX26ZxtCT, DownLoader47, Real Protect, high, score, Krypt, Static AI, Malicious PE, Detected, Quphix, Eldorado, LummaC, R685105, Artemis, GdSda, Gencirc, susgen, GenKryptik, HFAC) | ||
| md5 | 3bbac642557b0ab934addbac0594561c | ||
| sha256 | bc887fcd6805824ac58a107917c6d083056d688eef39e979da25d16eb388e798 | ||
| ssdeep | 3072:VC2pwqpX3QufagAKaKkWvqMFh1KjP40ZZ6s5dM6Y273v9blsf:I4wqpX3qgAKaIvqRjBZVM/y | ||
| imphash | d4d3ffca50bc999994f856732f42114f | ||
| impfuzzy | 24:j4qbG2OkQLcOovvljkffJcDxuwyvOve/CL+SHj7l7te2cfHYeKFQJT42lufSRjMv:gbD0HyAZ9HjRtvcfH55c2sak1 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x422000 GetComputerNameA
0x422004 SetDefaultCommConfigA
0x422008 SetLocaleInfoA
0x42200c SetErrorMode
0x422010 WriteConsoleOutputW
0x422014 DeleteVolumeMountPointA
0x422018 InterlockedIncrement
0x42201c InterlockedDecrement
0x422020 ReadConsoleOutputAttribute
0x422024 GetEnvironmentStringsW
0x422028 GetTimeFormatA
0x42202c GetModuleHandleW
0x422030 GetDateFormatA
0x422034 GetCommandLineA
0x422038 SetProcessPriorityBoost
0x42203c LoadLibraryW
0x422040 GetConsoleAliasW
0x422044 DisconnectNamedPipe
0x422048 GetStartupInfoA
0x42204c SetLastError
0x422050 GetProcAddress
0x422054 SearchPathA
0x422058 SetFileAttributesA
0x42205c GetNumaHighestNodeNumber
0x422060 ResetEvent
0x422064 GetAtomNameA
0x422068 LoadLibraryA
0x42206c LocalAlloc
0x422070 GetFileType
0x422074 AddAtomW
0x422078 AddAtomA
0x42207c FoldStringA
0x422080 GetModuleHandleA
0x422084 OpenFileMappingW
0x422088 BuildCommDCBA
0x42208c GetShortPathNameW
0x422090 Module32Next
0x422094 EndUpdateResourceA
0x422098 GetVersionExA
0x42209c FindFirstVolumeW
0x4220a0 UnregisterWaitEx
0x4220a4 GetLastError
0x4220a8 HeapFree
0x4220ac HeapAlloc
0x4220b0 MultiByteToWideChar
0x4220b4 HeapReAlloc
0x4220b8 TerminateProcess
0x4220bc GetCurrentProcess
0x4220c0 UnhandledExceptionFilter
0x4220c4 SetUnhandledExceptionFilter
0x4220c8 IsDebuggerPresent
0x4220cc HeapCreate
0x4220d0 VirtualFree
0x4220d4 DeleteCriticalSection
0x4220d8 LeaveCriticalSection
0x4220dc EnterCriticalSection
0x4220e0 VirtualAlloc
0x4220e4 Sleep
0x4220e8 ExitProcess
0x4220ec WriteFile
0x4220f0 GetStdHandle
0x4220f4 GetModuleFileNameA
0x4220f8 SetHandleCount
0x4220fc TlsGetValue
0x422100 TlsAlloc
0x422104 TlsSetValue
0x422108 TlsFree
0x42210c GetCurrentThreadId
0x422110 HeapSize
0x422114 GetCPInfo
0x422118 GetACP
0x42211c GetOEMCP
0x422120 IsValidCodePage
0x422124 FreeEnvironmentStringsA
0x422128 GetEnvironmentStrings
0x42212c FreeEnvironmentStringsW
0x422130 WideCharToMultiByte
0x422134 QueryPerformanceCounter
0x422138 GetTickCount
0x42213c GetCurrentProcessId
0x422140 GetSystemTimeAsFileTime
0x422144 InitializeCriticalSectionAndSpinCount
0x422148 RtlUnwind
0x42214c ReadFile
0x422150 LCMapStringA
0x422154 LCMapStringW
0x422158 GetStringTypeA
0x42215c GetStringTypeW
0x422160 GetLocaleInfoA
0x422164 GetConsoleCP
0x422168 GetConsoleMode
0x42216c FlushFileBuffers
0x422170 SetFilePointer
0x422174 SetStdHandle
0x422178 CloseHandle
0x42217c WriteConsoleA
0x422180 GetConsoleOutputCP
0x422184 WriteConsoleW
0x422188 CreateFileA
USER32.dll
0x422190 GetProcessDefaultLayout
EAT(Export Address Table) is none
KERNEL32.dll
0x422000 GetComputerNameA
0x422004 SetDefaultCommConfigA
0x422008 SetLocaleInfoA
0x42200c SetErrorMode
0x422010 WriteConsoleOutputW
0x422014 DeleteVolumeMountPointA
0x422018 InterlockedIncrement
0x42201c InterlockedDecrement
0x422020 ReadConsoleOutputAttribute
0x422024 GetEnvironmentStringsW
0x422028 GetTimeFormatA
0x42202c GetModuleHandleW
0x422030 GetDateFormatA
0x422034 GetCommandLineA
0x422038 SetProcessPriorityBoost
0x42203c LoadLibraryW
0x422040 GetConsoleAliasW
0x422044 DisconnectNamedPipe
0x422048 GetStartupInfoA
0x42204c SetLastError
0x422050 GetProcAddress
0x422054 SearchPathA
0x422058 SetFileAttributesA
0x42205c GetNumaHighestNodeNumber
0x422060 ResetEvent
0x422064 GetAtomNameA
0x422068 LoadLibraryA
0x42206c LocalAlloc
0x422070 GetFileType
0x422074 AddAtomW
0x422078 AddAtomA
0x42207c FoldStringA
0x422080 GetModuleHandleA
0x422084 OpenFileMappingW
0x422088 BuildCommDCBA
0x42208c GetShortPathNameW
0x422090 Module32Next
0x422094 EndUpdateResourceA
0x422098 GetVersionExA
0x42209c FindFirstVolumeW
0x4220a0 UnregisterWaitEx
0x4220a4 GetLastError
0x4220a8 HeapFree
0x4220ac HeapAlloc
0x4220b0 MultiByteToWideChar
0x4220b4 HeapReAlloc
0x4220b8 TerminateProcess
0x4220bc GetCurrentProcess
0x4220c0 UnhandledExceptionFilter
0x4220c4 SetUnhandledExceptionFilter
0x4220c8 IsDebuggerPresent
0x4220cc HeapCreate
0x4220d0 VirtualFree
0x4220d4 DeleteCriticalSection
0x4220d8 LeaveCriticalSection
0x4220dc EnterCriticalSection
0x4220e0 VirtualAlloc
0x4220e4 Sleep
0x4220e8 ExitProcess
0x4220ec WriteFile
0x4220f0 GetStdHandle
0x4220f4 GetModuleFileNameA
0x4220f8 SetHandleCount
0x4220fc TlsGetValue
0x422100 TlsAlloc
0x422104 TlsSetValue
0x422108 TlsFree
0x42210c GetCurrentThreadId
0x422110 HeapSize
0x422114 GetCPInfo
0x422118 GetACP
0x42211c GetOEMCP
0x422120 IsValidCodePage
0x422124 FreeEnvironmentStringsA
0x422128 GetEnvironmentStrings
0x42212c FreeEnvironmentStringsW
0x422130 WideCharToMultiByte
0x422134 QueryPerformanceCounter
0x422138 GetTickCount
0x42213c GetCurrentProcessId
0x422140 GetSystemTimeAsFileTime
0x422144 InitializeCriticalSectionAndSpinCount
0x422148 RtlUnwind
0x42214c ReadFile
0x422150 LCMapStringA
0x422154 LCMapStringW
0x422158 GetStringTypeA
0x42215c GetStringTypeW
0x422160 GetLocaleInfoA
0x422164 GetConsoleCP
0x422168 GetConsoleMode
0x42216c FlushFileBuffers
0x422170 SetFilePointer
0x422174 SetStdHandle
0x422178 CloseHandle
0x42217c WriteConsoleA
0x422180 GetConsoleOutputCP
0x422184 WriteConsoleW
0x422188 CreateFileA
USER32.dll
0x422190 GetProcessDefaultLayout
EAT(Export Address Table) is none