| Created | 2025.01.10 12:04 | Machine | s1_win7_x6401 |
| Filename | DyM4yXX.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 40 detected (AIDetectMalware, tsd0, Malicious, score, Unsafe, V1pe, confidence, 100%, GenericKD, moderate confidence, a variant of WinGo, aqhtx, cpelz, Steam, VIDAR, YXFAIZ, Static AI, Suspicious PE, Detected, Wacatac, Y9SDL0, ABRisk, AOGJ, BScope, TrojanPSW, WinGo, Chgt, susgen, Sabsik) | ||
| md5 | 67b35433e066311e95419af40384dd92 | ||
| sha256 | ef35b2565f53ea0320bf89a40de1589cf72ee363539da934c921d8b9ebccd7a3 | ||
| ssdeep | 49152:EZ56i1Ees+IdVGHMq40r5QrKiENtuJOmdMZlFXEmK4SacLrbzJy+EDKHy6k1Koy:Ej6i15wdVGHM9Q5tN2h/Fy+H9 | ||
| imphash | 9cbefe68f395e67356e2a5d8d1b285c0 | ||
| impfuzzy | 24:UbVjhNwO+VuT2oLtXOr6kwmDruMztxdEr6tP:KwO+VAXOmGx0oP | ||
No network connection information
Signature (11cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| danger | Executed a process and injected code into it |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Detects the presence of Wine emulator |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | One or more potentially interesting buffers were extracted |
| notice | Potentially malicious URLs were found in the process memory dump |
| notice | Yara rule detected in process memory |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (23cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x901ac0 WriteFile
0x901ac4 WriteConsoleW
0x901ac8 WaitForMultipleObjects
0x901acc WaitForSingleObject
0x901ad0 VirtualQuery
0x901ad4 VirtualFree
0x901ad8 VirtualAlloc
0x901adc SwitchToThread
0x901ae0 SuspendThread
0x901ae4 SetWaitableTimer
0x901ae8 SetUnhandledExceptionFilter
0x901aec SetProcessPriorityBoost
0x901af0 SetEvent
0x901af4 SetErrorMode
0x901af8 SetConsoleCtrlHandler
0x901afc ResumeThread
0x901b00 PostQueuedCompletionStatus
0x901b04 LoadLibraryA
0x901b08 LoadLibraryW
0x901b0c SetThreadContext
0x901b10 GetThreadContext
0x901b14 GetSystemInfo
0x901b18 GetSystemDirectoryA
0x901b1c GetStdHandle
0x901b20 GetQueuedCompletionStatusEx
0x901b24 GetProcessAffinityMask
0x901b28 GetProcAddress
0x901b2c GetEnvironmentStringsW
0x901b30 GetConsoleMode
0x901b34 FreeEnvironmentStringsW
0x901b38 ExitProcess
0x901b3c DuplicateHandle
0x901b40 CreateWaitableTimerExW
0x901b44 CreateThread
0x901b48 CreateIoCompletionPort
0x901b4c CreateFileA
0x901b50 CreateEventA
0x901b54 CloseHandle
0x901b58 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x901ac0 WriteFile
0x901ac4 WriteConsoleW
0x901ac8 WaitForMultipleObjects
0x901acc WaitForSingleObject
0x901ad0 VirtualQuery
0x901ad4 VirtualFree
0x901ad8 VirtualAlloc
0x901adc SwitchToThread
0x901ae0 SuspendThread
0x901ae4 SetWaitableTimer
0x901ae8 SetUnhandledExceptionFilter
0x901aec SetProcessPriorityBoost
0x901af0 SetEvent
0x901af4 SetErrorMode
0x901af8 SetConsoleCtrlHandler
0x901afc ResumeThread
0x901b00 PostQueuedCompletionStatus
0x901b04 LoadLibraryA
0x901b08 LoadLibraryW
0x901b0c SetThreadContext
0x901b10 GetThreadContext
0x901b14 GetSystemInfo
0x901b18 GetSystemDirectoryA
0x901b1c GetStdHandle
0x901b20 GetQueuedCompletionStatusEx
0x901b24 GetProcessAffinityMask
0x901b28 GetProcAddress
0x901b2c GetEnvironmentStringsW
0x901b30 GetConsoleMode
0x901b34 FreeEnvironmentStringsW
0x901b38 ExitProcess
0x901b3c DuplicateHandle
0x901b40 CreateWaitableTimerExW
0x901b44 CreateThread
0x901b48 CreateIoCompletionPort
0x901b4c CreateFileA
0x901b50 CreateEventA
0x901b54 CloseHandle
0x901b58 AddVectoredExceptionHandler
EAT(Export Address Table) is none