ScreenShot
| Created | 2025.01.06 18:35 | Machine | s1_win7_x6401 |
| Filename | l3v0.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 49 detected (ReverseShell, Malicious, score, Ghanarava, Artemis, Unsafe, Bodegun, V6sn, confidence, Attribute, HighConfidence, high confidence, MalwareX, myvtnh, Redcap, kunndc, Kryptik@AI, RDML, 4MADlYUV48mjphoSbwUI8g, Static AI, Suspicious PE, Detected, evkdd, Malware@#32uvq5hfx0ddq, Wacatac, ABTrojan, COSP, Ekjl, susgen) | ||
| md5 | bce921da7e4ed6138b0d5cb30952a855 | ||
| sha256 | 6def8cb28331b9b23f7c2601fc55efe8008a4d88c04286b48db42b673c0ab8e8 | ||
| ssdeep | 192:GidoRJHb9Ee/je1v2kN5Bc9r8RsQ5tfZc3:pSPHb9EsjOH5Bi8Rs | ||
| imphash | b88f4cd742ae7c77b018b6db1bbdb1ee | ||
| impfuzzy | 24:Wj4Z8vWtCLvfuzOJyYgMyWNwyWPWUBJCJLTbocA4Tg9ZhfBSKB29hzAAihycBbQj:X8vWtMF5Ng94tquviBMQSLMM | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140003000 WaitForSingleObject
0x140003008 Sleep
0x140003010 CloseHandle
0x140003018 FreeConsole
0x140003020 CreateProcessW
0x140003028 RtlLookupFunctionEntry
0x140003030 GetModuleHandleW
0x140003038 IsDebuggerPresent
0x140003040 InitializeSListHead
0x140003048 GetSystemTimeAsFileTime
0x140003050 GetCurrentThreadId
0x140003058 GetCurrentProcessId
0x140003060 QueryPerformanceCounter
0x140003068 IsProcessorFeaturePresent
0x140003070 RtlVirtualUnwind
0x140003078 UnhandledExceptionFilter
0x140003080 SetUnhandledExceptionFilter
0x140003088 GetCurrentProcess
0x140003090 TerminateProcess
0x140003098 RtlCaptureContext
WS2_32.dll
0x1400030d8 WSASocketW
0x1400030e0 closesocket
0x1400030e8 WSACleanup
0x1400030f0 htons
0x1400030f8 WSAConnect
0x140003100 inet_pton
0x140003108 WSAStartup
0x140003110 recv
VCRUNTIME140.dll
0x1400030a8 __C_specific_handler
0x1400030b0 __current_exception
0x1400030b8 __current_exception_context
0x1400030c0 memset
0x1400030c8 memcpy
api-ms-win-crt-runtime-l1-1-0.dll
0x140003160 _register_onexit_function
0x140003168 _register_thread_local_exe_atexit_callback
0x140003170 _get_initial_narrow_environment
0x140003178 _crt_atexit
0x140003180 _c_exit
0x140003188 _configure_narrow_argv
0x140003190 _initialize_onexit_table
0x140003198 _set_app_type
0x1400031a0 _seh_filter_exe
0x1400031a8 _initialize_narrow_environment
0x1400031b0 exit
0x1400031b8 __p___argv
0x1400031c0 __p___argc
0x1400031c8 _exit
0x1400031d0 _initterm_e
0x1400031d8 _initterm
0x1400031e0 terminate
0x1400031e8 _cexit
api-ms-win-crt-convert-l1-1-0.dll
0x140003120 atoi
api-ms-win-crt-math-l1-1-0.dll
0x140003150 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x1400031f8 _set_fmode
0x140003200 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x140003140 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x140003130 _set_new_mode
EAT(Export Address Table) is none
KERNEL32.dll
0x140003000 WaitForSingleObject
0x140003008 Sleep
0x140003010 CloseHandle
0x140003018 FreeConsole
0x140003020 CreateProcessW
0x140003028 RtlLookupFunctionEntry
0x140003030 GetModuleHandleW
0x140003038 IsDebuggerPresent
0x140003040 InitializeSListHead
0x140003048 GetSystemTimeAsFileTime
0x140003050 GetCurrentThreadId
0x140003058 GetCurrentProcessId
0x140003060 QueryPerformanceCounter
0x140003068 IsProcessorFeaturePresent
0x140003070 RtlVirtualUnwind
0x140003078 UnhandledExceptionFilter
0x140003080 SetUnhandledExceptionFilter
0x140003088 GetCurrentProcess
0x140003090 TerminateProcess
0x140003098 RtlCaptureContext
WS2_32.dll
0x1400030d8 WSASocketW
0x1400030e0 closesocket
0x1400030e8 WSACleanup
0x1400030f0 htons
0x1400030f8 WSAConnect
0x140003100 inet_pton
0x140003108 WSAStartup
0x140003110 recv
VCRUNTIME140.dll
0x1400030a8 __C_specific_handler
0x1400030b0 __current_exception
0x1400030b8 __current_exception_context
0x1400030c0 memset
0x1400030c8 memcpy
api-ms-win-crt-runtime-l1-1-0.dll
0x140003160 _register_onexit_function
0x140003168 _register_thread_local_exe_atexit_callback
0x140003170 _get_initial_narrow_environment
0x140003178 _crt_atexit
0x140003180 _c_exit
0x140003188 _configure_narrow_argv
0x140003190 _initialize_onexit_table
0x140003198 _set_app_type
0x1400031a0 _seh_filter_exe
0x1400031a8 _initialize_narrow_environment
0x1400031b0 exit
0x1400031b8 __p___argv
0x1400031c0 __p___argc
0x1400031c8 _exit
0x1400031d0 _initterm_e
0x1400031d8 _initterm
0x1400031e0 terminate
0x1400031e8 _cexit
api-ms-win-crt-convert-l1-1-0.dll
0x140003120 atoi
api-ms-win-crt-math-l1-1-0.dll
0x140003150 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x1400031f8 _set_fmode
0x140003200 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x140003140 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x140003130 _set_new_mode
EAT(Export Address Table) is none