ScreenShot
| Created | 2024.12.31 13:31 | Machine | s1_win7_x6403 |
| Filename | NewApp.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | 40 detected (AIDetectMalware, Malicious, score, Artemis, GenericKD, Unsafe, Vumi, confidence, Attribute, HighConfidence, high confidence, a variant of Generik, FOJBYDI, TrojanX, xbuzse, Reflo, 4KEnqrPNWbT, Nekark, isecy, Siggen30, Static AI, Suspicious PE, Detected, Caynamer, ABRisk, YMWR, susgen, PossibleThreat) | ||
| md5 | 5d1255087c4512f2121410a008218430 | ||
| sha256 | c9d6ebdff127c1486e402b5f4fbcdc5fac953cdd390890a5066464261b1eef34 | ||
| ssdeep | 98304:9Lpx43K6PrRnUzI/8/hwuXkbJs274MMckVCd4PhtjJNKML2pq6AzuFuuwy:97uK6PtSjJRyeVm4Phtj7xLyWW | ||
| imphash | 866dd80efc8771cadfdcea834977b0bb | ||
| impfuzzy | 24:FMGf5XGf6ZgJkoDqnvZJfQfjBcVma20DW:FzJGfwgkoqnLfQfNcVh+ | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x1405ad000 __C_specific_handler
0x1405ad008 __getmainargs
0x1405ad010 __initenv
0x1405ad018 __iob_func
0x1405ad020 __set_app_type
0x1405ad028 __setusermatherr
0x1405ad030 _amsg_exit
0x1405ad038 _cexit
0x1405ad040 _commode
0x1405ad048 _fmode
0x1405ad050 _initterm
0x1405ad058 _onexit
0x1405ad060 _wcsicmp
0x1405ad068 _wcsnicmp
0x1405ad070 abort
0x1405ad078 calloc
0x1405ad080 exit
0x1405ad088 fprintf
0x1405ad090 free
0x1405ad098 fwrite
0x1405ad0a0 malloc
0x1405ad0a8 memcpy
0x1405ad0b0 memset
0x1405ad0b8 signal
0x1405ad0c0 strcat
0x1405ad0c8 strcpy
0x1405ad0d0 strlen
0x1405ad0d8 strncmp
0x1405ad0e0 strstr
0x1405ad0e8 vfprintf
0x1405ad0f0 wcscat
0x1405ad0f8 wcscpy
0x1405ad100 wcslen
0x1405ad108 wcsncmp
0x1405ad110 wcsstr
KERNEL32.dll
0x1405ad120 DeleteCriticalSection
0x1405ad128 EnterCriticalSection
0x1405ad130 GetLastError
0x1405ad138 InitializeCriticalSection
0x1405ad140 LeaveCriticalSection
0x1405ad148 SetUnhandledExceptionFilter
0x1405ad150 Sleep
0x1405ad158 TlsGetValue
0x1405ad160 VirtualProtect
0x1405ad168 VirtualQuery
KERNEL32.dll
0x1405ad178 HeapAlloc
0x1405ad180 HeapFree
0x1405ad188 ExitProcess
0x1405ad190 GetModuleHandleA
0x1405ad198 LoadLibraryA
0x1405ad1a0 GetProcAddress
EAT(Export Address Table) is none
msvcrt.dll
0x1405ad000 __C_specific_handler
0x1405ad008 __getmainargs
0x1405ad010 __initenv
0x1405ad018 __iob_func
0x1405ad020 __set_app_type
0x1405ad028 __setusermatherr
0x1405ad030 _amsg_exit
0x1405ad038 _cexit
0x1405ad040 _commode
0x1405ad048 _fmode
0x1405ad050 _initterm
0x1405ad058 _onexit
0x1405ad060 _wcsicmp
0x1405ad068 _wcsnicmp
0x1405ad070 abort
0x1405ad078 calloc
0x1405ad080 exit
0x1405ad088 fprintf
0x1405ad090 free
0x1405ad098 fwrite
0x1405ad0a0 malloc
0x1405ad0a8 memcpy
0x1405ad0b0 memset
0x1405ad0b8 signal
0x1405ad0c0 strcat
0x1405ad0c8 strcpy
0x1405ad0d0 strlen
0x1405ad0d8 strncmp
0x1405ad0e0 strstr
0x1405ad0e8 vfprintf
0x1405ad0f0 wcscat
0x1405ad0f8 wcscpy
0x1405ad100 wcslen
0x1405ad108 wcsncmp
0x1405ad110 wcsstr
KERNEL32.dll
0x1405ad120 DeleteCriticalSection
0x1405ad128 EnterCriticalSection
0x1405ad130 GetLastError
0x1405ad138 InitializeCriticalSection
0x1405ad140 LeaveCriticalSection
0x1405ad148 SetUnhandledExceptionFilter
0x1405ad150 Sleep
0x1405ad158 TlsGetValue
0x1405ad160 VirtualProtect
0x1405ad168 VirtualQuery
KERNEL32.dll
0x1405ad178 HeapAlloc
0x1405ad180 HeapFree
0x1405ad188 ExitProcess
0x1405ad190 GetModuleHandleA
0x1405ad198 LoadLibraryA
0x1405ad1a0 GetProcAddress
EAT(Export Address Table) is none