ScreenShot
| Created | 2025.01.27 17:09 | Machine | s1_win7_x6403 |
| Filename | 15.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (AIDetectMalware, Babar, Malicious, score, Unsafe, Jaik, confidence, 100%, Windows, TwistedTinsel, AHCE, BDDR, Agentb, Undefined, 9u6a2PLrbiL, smydy, Detected, GrayWare, Wacapew, Wacatac, R689899, Artemis, BScope, R002H09AQ25, Gencirc, lfR1OZ8, susgen, B9nj) | ||
| md5 | 25399cb8cb5a702bc38b0ccbe13ff100 | ||
| sha256 | c0d4f2482f61d716a74356f0a913cd325217690601a32570190b527ff27e6521 | ||
| ssdeep | 24576:EX/DC7Vpa1T/ou8nHz7aGkh3TL81p5qITyB:EX/ua17o3zI3TLQyB | ||
| imphash | c67ef5a5a21b6fceb58b3ff6fde243b5 | ||
| impfuzzy | 24:tsZ6LjMIteS1QkGhlJnc+pl3eDo/AEOovbOIOuFZAl4ZHu93vdTxFwD1w2XA:OeteS1QkG5c+ppw3RuFZMdkrA | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44c018 CreateThread
0x44c01c GetVersionExA
0x44c020 VirtualAlloc
0x44c024 GetModuleFileNameA
0x44c028 ExitProcess
0x44c02c Process32FirstW
0x44c030 Process32NextW
0x44c034 WriteConsoleW
0x44c038 CreateFileW
0x44c03c ReadConsoleW
0x44c040 GetCurrentProcess
0x44c044 CloseHandle
0x44c048 ReadFile
0x44c04c GetFileSize
0x44c050 CreateToolhelp32Snapshot
0x44c054 CreateFileA
0x44c058 SetFilePointerEx
0x44c05c GetFileSizeEx
0x44c060 GetConsoleMode
0x44c064 UnhandledExceptionFilter
0x44c068 SetUnhandledExceptionFilter
0x44c06c TerminateProcess
0x44c070 IsProcessorFeaturePresent
0x44c074 QueryPerformanceCounter
0x44c078 GetCurrentProcessId
0x44c07c GetCurrentThreadId
0x44c080 GetSystemTimeAsFileTime
0x44c084 InitializeSListHead
0x44c088 IsDebuggerPresent
0x44c08c GetStartupInfoW
0x44c090 GetModuleHandleW
0x44c094 InterlockedPushEntrySList
0x44c098 InterlockedFlushSList
0x44c09c RaiseException
0x44c0a0 RtlUnwind
0x44c0a4 GetLastError
0x44c0a8 SetLastError
0x44c0ac EnterCriticalSection
0x44c0b0 LeaveCriticalSection
0x44c0b4 DeleteCriticalSection
0x44c0b8 InitializeCriticalSectionAndSpinCount
0x44c0bc TlsAlloc
0x44c0c0 TlsGetValue
0x44c0c4 TlsSetValue
0x44c0c8 TlsFree
0x44c0cc FreeLibrary
0x44c0d0 GetProcAddress
0x44c0d4 LoadLibraryExW
0x44c0d8 EncodePointer
0x44c0dc GetStdHandle
0x44c0e0 WriteFile
0x44c0e4 GetModuleFileNameW
0x44c0e8 GetModuleHandleExW
0x44c0ec GetCommandLineA
0x44c0f0 GetCommandLineW
0x44c0f4 HeapFree
0x44c0f8 HeapAlloc
0x44c0fc GetCurrentThread
0x44c100 GetDateFormatW
0x44c104 GetTimeFormatW
0x44c108 CompareStringW
0x44c10c LCMapStringW
0x44c110 GetLocaleInfoW
0x44c114 IsValidLocale
0x44c118 GetUserDefaultLCID
0x44c11c EnumSystemLocalesW
0x44c120 MultiByteToWideChar
0x44c124 GetFileAttributesExW
0x44c128 OutputDebugStringW
0x44c12c FindClose
0x44c130 FindFirstFileExW
0x44c134 FindNextFileW
0x44c138 IsValidCodePage
0x44c13c GetACP
0x44c140 GetOEMCP
0x44c144 GetCPInfo
0x44c148 WideCharToMultiByte
0x44c14c GetEnvironmentStringsW
0x44c150 FreeEnvironmentStringsW
0x44c154 SetEnvironmentVariableW
0x44c158 SetStdHandle
0x44c15c GetFileType
0x44c160 GetStringTypeW
0x44c164 GetProcessHeap
0x44c168 SetConsoleCtrlHandler
0x44c16c HeapSize
0x44c170 HeapReAlloc
0x44c174 FlushFileBuffers
0x44c178 GetConsoleOutputCP
0x44c17c DecodePointer
USER32.dll
0x44c190 MessageBoxA
ADVAPI32.dll
0x44c000 RegQueryValueExA
0x44c004 RegOpenKeyExA
0x44c008 RegCloseKey
0x44c00c InitializeAcl
0x44c010 SetSecurityInfo
SHELL32.dll
0x44c184 ShellExecuteExA
0x44c188 None
EAT(Export Address Table) is none
KERNEL32.dll
0x44c018 CreateThread
0x44c01c GetVersionExA
0x44c020 VirtualAlloc
0x44c024 GetModuleFileNameA
0x44c028 ExitProcess
0x44c02c Process32FirstW
0x44c030 Process32NextW
0x44c034 WriteConsoleW
0x44c038 CreateFileW
0x44c03c ReadConsoleW
0x44c040 GetCurrentProcess
0x44c044 CloseHandle
0x44c048 ReadFile
0x44c04c GetFileSize
0x44c050 CreateToolhelp32Snapshot
0x44c054 CreateFileA
0x44c058 SetFilePointerEx
0x44c05c GetFileSizeEx
0x44c060 GetConsoleMode
0x44c064 UnhandledExceptionFilter
0x44c068 SetUnhandledExceptionFilter
0x44c06c TerminateProcess
0x44c070 IsProcessorFeaturePresent
0x44c074 QueryPerformanceCounter
0x44c078 GetCurrentProcessId
0x44c07c GetCurrentThreadId
0x44c080 GetSystemTimeAsFileTime
0x44c084 InitializeSListHead
0x44c088 IsDebuggerPresent
0x44c08c GetStartupInfoW
0x44c090 GetModuleHandleW
0x44c094 InterlockedPushEntrySList
0x44c098 InterlockedFlushSList
0x44c09c RaiseException
0x44c0a0 RtlUnwind
0x44c0a4 GetLastError
0x44c0a8 SetLastError
0x44c0ac EnterCriticalSection
0x44c0b0 LeaveCriticalSection
0x44c0b4 DeleteCriticalSection
0x44c0b8 InitializeCriticalSectionAndSpinCount
0x44c0bc TlsAlloc
0x44c0c0 TlsGetValue
0x44c0c4 TlsSetValue
0x44c0c8 TlsFree
0x44c0cc FreeLibrary
0x44c0d0 GetProcAddress
0x44c0d4 LoadLibraryExW
0x44c0d8 EncodePointer
0x44c0dc GetStdHandle
0x44c0e0 WriteFile
0x44c0e4 GetModuleFileNameW
0x44c0e8 GetModuleHandleExW
0x44c0ec GetCommandLineA
0x44c0f0 GetCommandLineW
0x44c0f4 HeapFree
0x44c0f8 HeapAlloc
0x44c0fc GetCurrentThread
0x44c100 GetDateFormatW
0x44c104 GetTimeFormatW
0x44c108 CompareStringW
0x44c10c LCMapStringW
0x44c110 GetLocaleInfoW
0x44c114 IsValidLocale
0x44c118 GetUserDefaultLCID
0x44c11c EnumSystemLocalesW
0x44c120 MultiByteToWideChar
0x44c124 GetFileAttributesExW
0x44c128 OutputDebugStringW
0x44c12c FindClose
0x44c130 FindFirstFileExW
0x44c134 FindNextFileW
0x44c138 IsValidCodePage
0x44c13c GetACP
0x44c140 GetOEMCP
0x44c144 GetCPInfo
0x44c148 WideCharToMultiByte
0x44c14c GetEnvironmentStringsW
0x44c150 FreeEnvironmentStringsW
0x44c154 SetEnvironmentVariableW
0x44c158 SetStdHandle
0x44c15c GetFileType
0x44c160 GetStringTypeW
0x44c164 GetProcessHeap
0x44c168 SetConsoleCtrlHandler
0x44c16c HeapSize
0x44c170 HeapReAlloc
0x44c174 FlushFileBuffers
0x44c178 GetConsoleOutputCP
0x44c17c DecodePointer
USER32.dll
0x44c190 MessageBoxA
ADVAPI32.dll
0x44c000 RegQueryValueExA
0x44c004 RegOpenKeyExA
0x44c008 RegCloseKey
0x44c00c InitializeAcl
0x44c010 SetSecurityInfo
SHELL32.dll
0x44c184 ShellExecuteExA
0x44c188 None
EAT(Export Address Table) is none