ScreenShot
| Created | 2025.01.02 10:45 | Machine | s1_win7_x6403 |
| Filename | random.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | 53 detected (Common, Stealc, Malicious, score, Trojanpws, Coins, GenericKD, Unsafe, Vwhh, confidence, 100%, Genus, Attribute, HighConfidence, high confidence, Kryptik, HYFM, PWSX, Stealerc, TrojanPSW, IZjq09GRa0D, svtos, Static AI, Suspicious PE, Detected, Malware@#23hef2iw1rn4s, Fragtor, ABTrojan, GLBR, Artemis, Gencirc, susgen) | ||
| md5 | 2893a3033daf4b014031297ff29d157d | ||
| sha256 | c41b3aeb361912b6e938ace351253dbd79d39ec3a8a8cfabf7e3b498ea1aac39 | ||
| ssdeep | 24576:xjYAY3dLBTYhZtsh9M9Z/MnXfCQNfV6HeyhrIuU/zxvuo3A8azMy8R:xYDNTYhZtW9QZUnXqitAEva8azw | ||
| imphash | 7babef036a7882c8634af1cfc2da68d8 | ||
| impfuzzy | 96:rYQtt6EyAqnxRbWxpcXHgTubxtfPORup4I9yXiX1SNJGCG7qtj8:rztt6EyAIwSSHWySFHCGmtj8 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ntdll.dll
0x5374a0 NtGetContextThread
0x5374a4 NtOpenThread
0x5374a8 NtSetContextThread
advapi32.dll
0x5374b0 GetTokenInformation
0x5374b4 OpenProcessToken
0x5374b8 SystemFunction036
crypt.dll
0x5374c0 BCryptGenRandom
kernel32.dll
0x5374c8 AddVectoredExceptionHandler
0x5374cc CancelIo
0x5374d0 CloseHandle
0x5374d4 CompareStringOrdinal
0x5374d8 CopyFileExW
0x5374dc CreateDirectoryW
0x5374e0 CreateEventW
0x5374e4 CreateFileMappingA
0x5374e8 CreateFileW
0x5374ec CreateHardLinkW
0x5374f0 CreateMutexA
0x5374f4 CreateNamedPipeW
0x5374f8 CreateProcessW
0x5374fc CreateSymbolicLinkW
0x537500 CreateThread
0x537504 CreateTimerQueue
0x537508 CreateToolhelp32Snapshot
0x53750c CreateWaitableTimerExW
0x537510 DebugActiveProcess
0x537514 DeleteFileW
0x537518 DeleteProcThreadAttributeList
0x53751c DeleteTimerQueue
0x537520 DeviceIoControl
0x537524 DuplicateHandle
0x537528 ExitProcess
0x53752c FindClose
0x537530 FindFirstFileW
0x537534 FindNextFileW
0x537538 FlushFileBuffers
0x53753c FormatMessageW
0x537540 FreeEnvironmentStringsW
0x537544 GetCommandLineW
0x537548 GetConsoleMode
0x53754c GetCurrentDirectoryW
0x537550 GetCurrentProcess
0x537554 GetCurrentProcessId
0x537558 GetCurrentThread
0x53755c GetEnvironmentStringsW
0x537560 GetEnvironmentVariableW
0x537564 GetExitCodeProcess
0x537568 GetFileAttributesW
0x53756c GetFileInformationByHandle
0x537570 GetFileInformationByHandleEx
0x537574 GetFileType
0x537578 GetFinalPathNameByHandleW
0x53757c GetFullPathNameW
0x537580 GetLastError
0x537584 GetModuleFileNameW
0x537588 GetModuleHandleA
0x53758c GetModuleHandleExW
0x537590 GetModuleHandleW
0x537594 GetOverlappedResult
0x537598 GetProcAddress
0x53759c GetProcessHeap
0x5375a0 GetProcessId
0x5375a4 GetStartupInfoA
0x5375a8 GetStdHandle
0x5375ac GetSystemDirectoryW
0x5375b0 GetSystemInfo
0x5375b4 GetSystemTimePreciseAsFileTime
0x5375b8 GetTempPathW
0x5375bc GetWindowsDirectoryW
0x5375c0 HeapAlloc
0x5375c4 HeapFree
0x5375c8 HeapReAlloc
0x5375cc InitOnceBeginInitialize
0x5375d0 InitOnceComplete
0x5375d4 InitializeProcThreadAttributeList
0x5375d8 LoadLibraryA
0x5375dc MapViewOfFile
0x5375e0 Module32FirstW
0x5375e4 Module32NextW
0x5375e8 MoveFileExW
0x5375ec MultiByteToWideChar
0x5375f0 Process32FirstW
0x5375f4 Process32NextW
0x5375f8 QueryPerformanceCounter
0x5375fc QueryPerformanceFrequency
0x537600 ReadConsoleW
0x537604 ReadFile
0x537608 ReadFileEx
0x53760c ReleaseMutex
0x537610 RemoveDirectoryW
0x537614 RtlCaptureContext
0x537618 SetCurrentDirectoryW
0x53761c SetEnvironmentVariableW
0x537620 SetEvent
0x537624 SetFileAttributesW
0x537628 SetFileInformationByHandle
0x53762c SetFilePointerEx
0x537630 SetFileTime
0x537634 SetHandleInformation
0x537638 SetLastError
0x53763c SetThreadStackGuarantee
0x537640 SetUnhandledExceptionFilter
0x537644 SetWaitableTimer
0x537648 Sleep
0x53764c SleepEx
0x537650 SwitchToThread
0x537654 TerminateProcess
0x537658 TlsAlloc
0x53765c TlsFree
0x537660 TlsGetValue
0x537664 TlsSetValue
0x537668 UnmapViewOfFile
0x53766c UpdateProcThreadAttribute
0x537670 VirtualAlloc
0x537674 VirtualProtect
0x537678 WaitForMultipleObjects
0x53767c WaitForSingleObject
0x537680 WaitForSingleObjectEx
0x537684 WideCharToMultiByte
0x537688 WriteConsoleW
0x53768c WriteFileEx
0x537690 lstrlenW
ntdll.dll
0x537698 NtClose
0x53769c NtCreateFile
0x5376a0 NtQueryInformationProcess
0x5376a4 NtQuerySystemInformation
0x5376a8 NtReadFile
0x5376ac NtWriteFile
0x5376b0 RtlNtStatusToDosError
userenv.dll
0x5376b8 GetUserProfileDirectoryW
ws2_32.dll
0x5376c0 WSACleanup
0x5376c4 WSADuplicateSocketW
0x5376c8 WSAGetLastError
0x5376cc WSARecv
0x5376d0 WSASend
0x5376d4 WSASocketW
0x5376d8 WSAStartup
0x5376dc accept
0x5376e0 ind
0x5376e4 closesocket
0x5376e8 connect
0x5376ec freeaddrinfo
0x5376f0 getaddrinfo
0x5376f4 getpeername
0x5376f8 getsockname
0x5376fc getsockopt
0x537700 ioctlsocket
0x537704 listen
0x537708 recv
0x53770c recvfrom
0x537710 select
0x537714 send
0x537718 sendto
0x53771c setsockopt
0x537720 shutdown
api-ms-win-core-synch-l1-2-0.dll
0x537728 WaitOnAddress
0x53772c WakeByAddressAll
0x537730 WakeByAddressSingle
cryptprimitives.dll
0x537738 ProcessPrng
KERNEL32.dll
0x537740 CreateEventA
0x537744 CreateSemaphoreA
0x537748 DeleteCriticalSection
0x53774c EnterCriticalSection
0x537750 GetCurrentThreadId
0x537754 GetHandleInformation
0x537758 GetProcessAffinityMask
0x53775c GetSystemTimeAsFileTime
0x537760 GetThreadContext
0x537764 GetThreadPriority
0x537768 GetTickCount
0x53776c InitializeCriticalSection
0x537770 IsDebuggerPresent
0x537774 LeaveCriticalSection
0x537778 OpenProcess
0x53777c OutputDebugStringA
0x537780 RaiseException
0x537784 ReleaseSemaphore
0x537788 RemoveVectoredExceptionHandler
0x53778c ResetEvent
0x537790 ResumeThread
0x537794 SetProcessAffinityMask
0x537798 SetThreadContext
0x53779c SetThreadPriority
0x5377a0 SuspendThread
0x5377a4 TryEnterCriticalSection
0x5377a8 VirtualQuery
msvcrt.dll
0x5377b0 __getmainargs
0x5377b4 __initenv
0x5377b8 __p__acmdln
0x5377bc __p__commode
0x5377c0 __p__fmode
0x5377c4 __set_app_type
0x5377c8 __setusermatherr
0x5377cc _amsg_exit
0x5377d0 _beginthreadex
0x5377d4 _cexit
0x5377d8 _commode
0x5377dc _endthreadex
0x5377e0 _errno
0x5377e4 _fmode
0x5377e8 _fpreset
0x5377ec _initterm
0x5377f0 _iob
0x5377f4 _onexit
0x5377f8 _setjmp3
0x5377fc _strdup
0x537800 _ultoa
0x537804 abort
0x537808 calloc
0x53780c exit
0x537810 fprintf
0x537814 free
0x537818 fwrite
0x53781c longjmp
0x537820 malloc
0x537824 memcmp
0x537828 memcpy
0x53782c memmove
0x537830 memset
0x537834 printf
0x537838 realloc
0x53783c signal
0x537840 strlen
0x537844 strncmp
0x537848 vfprintf
EAT(Export Address Table) is none
ntdll.dll
0x5374a0 NtGetContextThread
0x5374a4 NtOpenThread
0x5374a8 NtSetContextThread
advapi32.dll
0x5374b0 GetTokenInformation
0x5374b4 OpenProcessToken
0x5374b8 SystemFunction036
crypt.dll
0x5374c0 BCryptGenRandom
kernel32.dll
0x5374c8 AddVectoredExceptionHandler
0x5374cc CancelIo
0x5374d0 CloseHandle
0x5374d4 CompareStringOrdinal
0x5374d8 CopyFileExW
0x5374dc CreateDirectoryW
0x5374e0 CreateEventW
0x5374e4 CreateFileMappingA
0x5374e8 CreateFileW
0x5374ec CreateHardLinkW
0x5374f0 CreateMutexA
0x5374f4 CreateNamedPipeW
0x5374f8 CreateProcessW
0x5374fc CreateSymbolicLinkW
0x537500 CreateThread
0x537504 CreateTimerQueue
0x537508 CreateToolhelp32Snapshot
0x53750c CreateWaitableTimerExW
0x537510 DebugActiveProcess
0x537514 DeleteFileW
0x537518 DeleteProcThreadAttributeList
0x53751c DeleteTimerQueue
0x537520 DeviceIoControl
0x537524 DuplicateHandle
0x537528 ExitProcess
0x53752c FindClose
0x537530 FindFirstFileW
0x537534 FindNextFileW
0x537538 FlushFileBuffers
0x53753c FormatMessageW
0x537540 FreeEnvironmentStringsW
0x537544 GetCommandLineW
0x537548 GetConsoleMode
0x53754c GetCurrentDirectoryW
0x537550 GetCurrentProcess
0x537554 GetCurrentProcessId
0x537558 GetCurrentThread
0x53755c GetEnvironmentStringsW
0x537560 GetEnvironmentVariableW
0x537564 GetExitCodeProcess
0x537568 GetFileAttributesW
0x53756c GetFileInformationByHandle
0x537570 GetFileInformationByHandleEx
0x537574 GetFileType
0x537578 GetFinalPathNameByHandleW
0x53757c GetFullPathNameW
0x537580 GetLastError
0x537584 GetModuleFileNameW
0x537588 GetModuleHandleA
0x53758c GetModuleHandleExW
0x537590 GetModuleHandleW
0x537594 GetOverlappedResult
0x537598 GetProcAddress
0x53759c GetProcessHeap
0x5375a0 GetProcessId
0x5375a4 GetStartupInfoA
0x5375a8 GetStdHandle
0x5375ac GetSystemDirectoryW
0x5375b0 GetSystemInfo
0x5375b4 GetSystemTimePreciseAsFileTime
0x5375b8 GetTempPathW
0x5375bc GetWindowsDirectoryW
0x5375c0 HeapAlloc
0x5375c4 HeapFree
0x5375c8 HeapReAlloc
0x5375cc InitOnceBeginInitialize
0x5375d0 InitOnceComplete
0x5375d4 InitializeProcThreadAttributeList
0x5375d8 LoadLibraryA
0x5375dc MapViewOfFile
0x5375e0 Module32FirstW
0x5375e4 Module32NextW
0x5375e8 MoveFileExW
0x5375ec MultiByteToWideChar
0x5375f0 Process32FirstW
0x5375f4 Process32NextW
0x5375f8 QueryPerformanceCounter
0x5375fc QueryPerformanceFrequency
0x537600 ReadConsoleW
0x537604 ReadFile
0x537608 ReadFileEx
0x53760c ReleaseMutex
0x537610 RemoveDirectoryW
0x537614 RtlCaptureContext
0x537618 SetCurrentDirectoryW
0x53761c SetEnvironmentVariableW
0x537620 SetEvent
0x537624 SetFileAttributesW
0x537628 SetFileInformationByHandle
0x53762c SetFilePointerEx
0x537630 SetFileTime
0x537634 SetHandleInformation
0x537638 SetLastError
0x53763c SetThreadStackGuarantee
0x537640 SetUnhandledExceptionFilter
0x537644 SetWaitableTimer
0x537648 Sleep
0x53764c SleepEx
0x537650 SwitchToThread
0x537654 TerminateProcess
0x537658 TlsAlloc
0x53765c TlsFree
0x537660 TlsGetValue
0x537664 TlsSetValue
0x537668 UnmapViewOfFile
0x53766c UpdateProcThreadAttribute
0x537670 VirtualAlloc
0x537674 VirtualProtect
0x537678 WaitForMultipleObjects
0x53767c WaitForSingleObject
0x537680 WaitForSingleObjectEx
0x537684 WideCharToMultiByte
0x537688 WriteConsoleW
0x53768c WriteFileEx
0x537690 lstrlenW
ntdll.dll
0x537698 NtClose
0x53769c NtCreateFile
0x5376a0 NtQueryInformationProcess
0x5376a4 NtQuerySystemInformation
0x5376a8 NtReadFile
0x5376ac NtWriteFile
0x5376b0 RtlNtStatusToDosError
userenv.dll
0x5376b8 GetUserProfileDirectoryW
ws2_32.dll
0x5376c0 WSACleanup
0x5376c4 WSADuplicateSocketW
0x5376c8 WSAGetLastError
0x5376cc WSARecv
0x5376d0 WSASend
0x5376d4 WSASocketW
0x5376d8 WSAStartup
0x5376dc accept
0x5376e0 ind
0x5376e4 closesocket
0x5376e8 connect
0x5376ec freeaddrinfo
0x5376f0 getaddrinfo
0x5376f4 getpeername
0x5376f8 getsockname
0x5376fc getsockopt
0x537700 ioctlsocket
0x537704 listen
0x537708 recv
0x53770c recvfrom
0x537710 select
0x537714 send
0x537718 sendto
0x53771c setsockopt
0x537720 shutdown
api-ms-win-core-synch-l1-2-0.dll
0x537728 WaitOnAddress
0x53772c WakeByAddressAll
0x537730 WakeByAddressSingle
cryptprimitives.dll
0x537738 ProcessPrng
KERNEL32.dll
0x537740 CreateEventA
0x537744 CreateSemaphoreA
0x537748 DeleteCriticalSection
0x53774c EnterCriticalSection
0x537750 GetCurrentThreadId
0x537754 GetHandleInformation
0x537758 GetProcessAffinityMask
0x53775c GetSystemTimeAsFileTime
0x537760 GetThreadContext
0x537764 GetThreadPriority
0x537768 GetTickCount
0x53776c InitializeCriticalSection
0x537770 IsDebuggerPresent
0x537774 LeaveCriticalSection
0x537778 OpenProcess
0x53777c OutputDebugStringA
0x537780 RaiseException
0x537784 ReleaseSemaphore
0x537788 RemoveVectoredExceptionHandler
0x53778c ResetEvent
0x537790 ResumeThread
0x537794 SetProcessAffinityMask
0x537798 SetThreadContext
0x53779c SetThreadPriority
0x5377a0 SuspendThread
0x5377a4 TryEnterCriticalSection
0x5377a8 VirtualQuery
msvcrt.dll
0x5377b0 __getmainargs
0x5377b4 __initenv
0x5377b8 __p__acmdln
0x5377bc __p__commode
0x5377c0 __p__fmode
0x5377c4 __set_app_type
0x5377c8 __setusermatherr
0x5377cc _amsg_exit
0x5377d0 _beginthreadex
0x5377d4 _cexit
0x5377d8 _commode
0x5377dc _endthreadex
0x5377e0 _errno
0x5377e4 _fmode
0x5377e8 _fpreset
0x5377ec _initterm
0x5377f0 _iob
0x5377f4 _onexit
0x5377f8 _setjmp3
0x5377fc _strdup
0x537800 _ultoa
0x537804 abort
0x537808 calloc
0x53780c exit
0x537810 fprintf
0x537814 free
0x537818 fwrite
0x53781c longjmp
0x537820 malloc
0x537824 memcmp
0x537828 memcpy
0x53782c memmove
0x537830 memset
0x537834 printf
0x537838 realloc
0x53783c signal
0x537840 strlen
0x537844 strncmp
0x537848 vfprintf
EAT(Export Address Table) is none