ScreenShot
| Created | 2025.01.03 18:00 | Machine | s1_win7_x6401 |
| Filename | vnc.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 56 detected (Common, Tinukebot, Malicious, score, Tinynuke, Unsafe, Save, confidence, 100%, Genus, Attribute, HighConfidence, high confidence, MalwareX, TrojanBanker, CLASSIC, xbdrr, TINUKE, Static AI, Malicious PE, Detected, Wacatac, Eldorado, Artemis, FwBIi7vKH3c, Zbot) | ||
| md5 | b7e00e7be81fefb7c57f2e5f9ba53310 | ||
| sha256 | 4d2af9283f59dd98dc1852a5213d5092dd832c3e797c7ee57908fa9ff122983d | ||
| ssdeep | 3072:rtwm5FikJSWy/Z5H3/nWSWyCsu2Z8mx6tWyEJQJW8chJeE:rWmPiKSBnVu2Z8zXt4JeE | ||
| imphash | efe9c653199957170a92ef694ca6f2f1 | ||
| impfuzzy | 24:mDoV+zbTncQj74tvS18dlJ2MLl39roUOovbO3URZHu9kovPjMDM:03cvtvS18AMLpZi3U6aM | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x413000 GetProcAddress
0x413004 LoadLibraryA
0x413008 CreateFileA
0x41300c GetFileSize
0x413010 ReadFile
0x413014 CloseHandle
0x413018 Sleep
0x41301c TerminateProcess
0x413020 OpenProcess
0x413024 lstrcatA
0x413028 CreateToolhelp32Snapshot
0x41302c Process32First
0x413030 Process32Next
0x413034 EnterCriticalSection
0x413038 LeaveCriticalSection
0x41303c WaitForSingleObject
0x413040 GetConsoleWindow
0x413044 WriteConsoleW
0x413048 CreateFileW
0x41304c UnhandledExceptionFilter
0x413050 SetUnhandledExceptionFilter
0x413054 GetCurrentProcess
0x413058 IsProcessorFeaturePresent
0x41305c IsDebuggerPresent
0x413060 GetStartupInfoW
0x413064 GetModuleHandleW
0x413068 QueryPerformanceCounter
0x41306c GetCurrentProcessId
0x413070 GetCurrentThreadId
0x413074 GetSystemTimeAsFileTime
0x413078 InitializeSListHead
0x41307c RaiseException
0x413080 GetLastError
0x413084 SetLastError
0x413088 DeleteCriticalSection
0x41308c RtlUnwind
0x413090 InitializeCriticalSectionAndSpinCount
0x413094 TlsAlloc
0x413098 TlsGetValue
0x41309c TlsSetValue
0x4130a0 TlsFree
0x4130a4 FreeLibrary
0x4130a8 LoadLibraryExW
0x4130ac ExitProcess
0x4130b0 GetModuleHandleExW
0x4130b4 GetModuleFileNameW
0x4130b8 GetStdHandle
0x4130bc WriteFile
0x4130c0 GetCommandLineA
0x4130c4 GetCommandLineW
0x4130c8 HeapAlloc
0x4130cc HeapFree
0x4130d0 FindClose
0x4130d4 FindFirstFileExW
0x4130d8 FindNextFileW
0x4130dc IsValidCodePage
0x4130e0 GetACP
0x4130e4 GetOEMCP
0x4130e8 GetCPInfo
0x4130ec MultiByteToWideChar
0x4130f0 WideCharToMultiByte
0x4130f4 GetEnvironmentStringsW
0x4130f8 FreeEnvironmentStringsW
0x4130fc SetEnvironmentVariableW
0x413100 CompareStringW
0x413104 LCMapStringW
0x413108 GetProcessHeap
0x41310c GetFileType
0x413110 SetStdHandle
0x413114 GetStringTypeW
0x413118 HeapSize
0x41311c HeapReAlloc
0x413120 FlushFileBuffers
0x413124 GetConsoleCP
0x413128 GetConsoleMode
0x41312c SetFilePointerEx
0x413130 DecodePointer
USER32.dll
0x413138 ShowWindow
EAT(Export Address Table) is none
KERNEL32.dll
0x413000 GetProcAddress
0x413004 LoadLibraryA
0x413008 CreateFileA
0x41300c GetFileSize
0x413010 ReadFile
0x413014 CloseHandle
0x413018 Sleep
0x41301c TerminateProcess
0x413020 OpenProcess
0x413024 lstrcatA
0x413028 CreateToolhelp32Snapshot
0x41302c Process32First
0x413030 Process32Next
0x413034 EnterCriticalSection
0x413038 LeaveCriticalSection
0x41303c WaitForSingleObject
0x413040 GetConsoleWindow
0x413044 WriteConsoleW
0x413048 CreateFileW
0x41304c UnhandledExceptionFilter
0x413050 SetUnhandledExceptionFilter
0x413054 GetCurrentProcess
0x413058 IsProcessorFeaturePresent
0x41305c IsDebuggerPresent
0x413060 GetStartupInfoW
0x413064 GetModuleHandleW
0x413068 QueryPerformanceCounter
0x41306c GetCurrentProcessId
0x413070 GetCurrentThreadId
0x413074 GetSystemTimeAsFileTime
0x413078 InitializeSListHead
0x41307c RaiseException
0x413080 GetLastError
0x413084 SetLastError
0x413088 DeleteCriticalSection
0x41308c RtlUnwind
0x413090 InitializeCriticalSectionAndSpinCount
0x413094 TlsAlloc
0x413098 TlsGetValue
0x41309c TlsSetValue
0x4130a0 TlsFree
0x4130a4 FreeLibrary
0x4130a8 LoadLibraryExW
0x4130ac ExitProcess
0x4130b0 GetModuleHandleExW
0x4130b4 GetModuleFileNameW
0x4130b8 GetStdHandle
0x4130bc WriteFile
0x4130c0 GetCommandLineA
0x4130c4 GetCommandLineW
0x4130c8 HeapAlloc
0x4130cc HeapFree
0x4130d0 FindClose
0x4130d4 FindFirstFileExW
0x4130d8 FindNextFileW
0x4130dc IsValidCodePage
0x4130e0 GetACP
0x4130e4 GetOEMCP
0x4130e8 GetCPInfo
0x4130ec MultiByteToWideChar
0x4130f0 WideCharToMultiByte
0x4130f4 GetEnvironmentStringsW
0x4130f8 FreeEnvironmentStringsW
0x4130fc SetEnvironmentVariableW
0x413100 CompareStringW
0x413104 LCMapStringW
0x413108 GetProcessHeap
0x41310c GetFileType
0x413110 SetStdHandle
0x413114 GetStringTypeW
0x413118 HeapSize
0x41311c HeapReAlloc
0x413120 FlushFileBuffers
0x413124 GetConsoleCP
0x413128 GetConsoleMode
0x41312c SetFilePointerEx
0x413130 DecodePointer
USER32.dll
0x413138 ShowWindow
EAT(Export Address Table) is none