ScreenShot
| Created | 2025.01.13 16:45 | Machine | s1_win7_x6401 |
| Filename | 3.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 46 detected (AIDetectMalware, Malicious, score, Ghanarava, FWHP, Unsafe, Mint, Zard, Kryptik, Va1s, confidence, Attribute, HighConfidence, Windows, Threat, MalwareX, xbvczs, Coinminer, CLOUD, AGEN, Detected, ABTrojan, DKIZ, Outbreak, GdSda, GenKryptik, GQCB, Miner, Zdsq) | ||
| md5 | dd36f6f79e68d5e54c75527db2da97ad | ||
| sha256 | 3030ba393865e41fee490205bf5873b4041275a8830d5e764693771fec2bd35e | ||
| ssdeep | 12288:2iQnVXYD4TNwzBcgXn0dE/xmiNrP64F78O9PpctLMbl0UVh4OsYX0bLDHOM5p:KNw1iS/EiNb64F78yPd+WDsYX0bLzOCp | ||
| imphash | 25b2e2929328699a3b459a68f5fdc7fb | ||
| impfuzzy | 48:FslJJG/2gVqJ8dRpT1vmIqgBorWUfiX+kTooe:FYJJG/2gY6dRpRFqgBCWUfMrTooe | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x140030280 __C_specific_handler
0x140030288 ___lc_codepage_func
0x140030290 ___mb_cur_max_func
0x140030298 __getmainargs
0x1400302a0 __initenv
0x1400302a8 __iob_func
0x1400302b0 __set_app_type
0x1400302b8 __setusermatherr
0x1400302c0 _aligned_free
0x1400302c8 _aligned_malloc
0x1400302d0 _amsg_exit
0x1400302d8 _assert
0x1400302e0 _cexit
0x1400302e8 _commode
0x1400302f0 _errno
0x1400302f8 _fmode
0x140030300 _initterm
0x140030308 _localtime64
0x140030310 _lock
0x140030318 _onexit
0x140030320 _time64
0x140030328 _unlock
0x140030330 _wcsicmp
0x140030338 _wcsnicmp
0x140030340 abort
0x140030348 calloc
0x140030350 exit
0x140030358 fflush
0x140030360 fprintf
0x140030368 fputc
0x140030370 fputwc
0x140030378 free
0x140030380 fwprintf
0x140030388 fwrite
0x140030390 getenv
0x140030398 isxdigit
0x1400303a0 localeconv
0x1400303a8 malloc
0x1400303b0 memchr
0x1400303b8 memcmp
0x1400303c0 memcpy
0x1400303c8 memmove
0x1400303d0 memset
0x1400303d8 realloc
0x1400303e0 signal
0x1400303e8 strcmp
0x1400303f0 strerror
0x1400303f8 strlen
0x140030400 strncmp
0x140030408 vfprintf
0x140030410 wcscat
0x140030418 wcscpy
0x140030420 wcsftime
0x140030428 wcslen
0x140030430 wcsncmp
KERNEL32.dll
0x140030440 AcquireSRWLockExclusive
0x140030448 DeleteCriticalSection
0x140030450 EnterCriticalSection
0x140030458 FlsAlloc
0x140030460 FlsGetValue
0x140030468 FlsSetValue
0x140030470 GetLastError
0x140030478 GetModuleHandleW
0x140030480 GetProcAddress
0x140030488 GetSystemTimeAsFileTime
0x140030490 InitOnceExecuteOnce
0x140030498 InitializeCriticalSection
0x1400304a0 IsDBCSLeadByteEx
0x1400304a8 LeaveCriticalSection
0x1400304b0 MultiByteToWideChar
0x1400304b8 RaiseException
0x1400304c0 ReleaseSRWLockExclusive
0x1400304c8 RtlCaptureContext
0x1400304d0 RtlLookupFunctionEntry
0x1400304d8 RtlRestoreContext
0x1400304e0 RtlUnwindEx
0x1400304e8 RtlVirtualUnwind
0x1400304f0 SetUnhandledExceptionFilter
0x1400304f8 Sleep
0x140030500 TlsGetValue
0x140030508 VirtualProtect
0x140030510 VirtualQuery
0x140030518 WideCharToMultiByte
EAT(Export Address Table) is none
msvcrt.dll
0x140030280 __C_specific_handler
0x140030288 ___lc_codepage_func
0x140030290 ___mb_cur_max_func
0x140030298 __getmainargs
0x1400302a0 __initenv
0x1400302a8 __iob_func
0x1400302b0 __set_app_type
0x1400302b8 __setusermatherr
0x1400302c0 _aligned_free
0x1400302c8 _aligned_malloc
0x1400302d0 _amsg_exit
0x1400302d8 _assert
0x1400302e0 _cexit
0x1400302e8 _commode
0x1400302f0 _errno
0x1400302f8 _fmode
0x140030300 _initterm
0x140030308 _localtime64
0x140030310 _lock
0x140030318 _onexit
0x140030320 _time64
0x140030328 _unlock
0x140030330 _wcsicmp
0x140030338 _wcsnicmp
0x140030340 abort
0x140030348 calloc
0x140030350 exit
0x140030358 fflush
0x140030360 fprintf
0x140030368 fputc
0x140030370 fputwc
0x140030378 free
0x140030380 fwprintf
0x140030388 fwrite
0x140030390 getenv
0x140030398 isxdigit
0x1400303a0 localeconv
0x1400303a8 malloc
0x1400303b0 memchr
0x1400303b8 memcmp
0x1400303c0 memcpy
0x1400303c8 memmove
0x1400303d0 memset
0x1400303d8 realloc
0x1400303e0 signal
0x1400303e8 strcmp
0x1400303f0 strerror
0x1400303f8 strlen
0x140030400 strncmp
0x140030408 vfprintf
0x140030410 wcscat
0x140030418 wcscpy
0x140030420 wcsftime
0x140030428 wcslen
0x140030430 wcsncmp
KERNEL32.dll
0x140030440 AcquireSRWLockExclusive
0x140030448 DeleteCriticalSection
0x140030450 EnterCriticalSection
0x140030458 FlsAlloc
0x140030460 FlsGetValue
0x140030468 FlsSetValue
0x140030470 GetLastError
0x140030478 GetModuleHandleW
0x140030480 GetProcAddress
0x140030488 GetSystemTimeAsFileTime
0x140030490 InitOnceExecuteOnce
0x140030498 InitializeCriticalSection
0x1400304a0 IsDBCSLeadByteEx
0x1400304a8 LeaveCriticalSection
0x1400304b0 MultiByteToWideChar
0x1400304b8 RaiseException
0x1400304c0 ReleaseSRWLockExclusive
0x1400304c8 RtlCaptureContext
0x1400304d0 RtlLookupFunctionEntry
0x1400304d8 RtlRestoreContext
0x1400304e0 RtlUnwindEx
0x1400304e8 RtlVirtualUnwind
0x1400304f0 SetUnhandledExceptionFilter
0x1400304f8 Sleep
0x140030500 TlsGetValue
0x140030508 VirtualProtect
0x140030510 VirtualQuery
0x140030518 WideCharToMultiByte
EAT(Export Address Table) is none