ScreenShot
| Created | 2025.01.27 17:01 | Machine | s1_win7_x6403 |
| Filename | abc.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (Malicious, score, Ghanarava, Lazy, Unsafe, Vg8s, confidence, 100%, Attribute, HighConfidence, high confidence, MalwareX, Temonde, Snojan, Kryptik@AI, RDML, wxN9uFu, IyaTjWQx3lWOYw, lpngb, Detected, GrayWare, Wacapew, Wacatac, ABTrojan, CVEM, Artemis, Neshta, FileInfector, R002H09JS24, Swhl, Kz0Rlj24I, susgen, PossibleThreat, B9nj) | ||
| md5 | d0f7b322f84f6f8af04ceb66565cabcd | ||
| sha256 | 522c13c5a1b5d176d21f9590dd649fb0b621eeaea9ad580e460724ceda4b954a | ||
| ssdeep | 12288:Ht855ZzfqjIGMObPSTG0iXhwj2Gl+1w4XdaBjEf62Dr75UmR:N855ZTFObPSvj2PHdaBjEbBb | ||
| imphash | aea395a22bfea3515497ad69fb2c35b1 | ||
| impfuzzy | 24:fhmc4KunMHuOGOovO8cpVWcD02tdS1CBg3JBl3eDoVatUv75aZYGMkOg2Fb9/cca:m8BccpV5HtdS1CBgPpUt+0ZTOz9/7T+ | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| watch | A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations. |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14006e020 FindClose
0x14006e028 CreateMutexA
0x14006e030 ReleaseMutex
0x14006e038 Sleep
0x14006e040 CopyFileA
0x14006e048 GetLastError
0x14006e050 GetVersionExA
0x14006e058 CloseHandle
0x14006e060 CreateDirectoryA
0x14006e068 GetComputerNameA
0x14006e070 GetEnvironmentVariableA
0x14006e078 CreateFileW
0x14006e080 SetStdHandle
0x14006e088 lstrlenA
0x14006e090 FindNextFileA
0x14006e098 FreeEnvironmentStringsW
0x14006e0a0 GetEnvironmentStringsW
0x14006e0a8 GetCommandLineW
0x14006e0b0 GetCommandLineA
0x14006e0b8 GetOEMCP
0x14006e0c0 GetACP
0x14006e0c8 IsValidCodePage
0x14006e0d0 FindNextFileW
0x14006e0d8 SetEndOfFile
0x14006e0e0 FindFirstFileA
0x14006e0e8 WideCharToMultiByte
0x14006e0f0 EnterCriticalSection
0x14006e0f8 LeaveCriticalSection
0x14006e100 InitializeCriticalSectionEx
0x14006e108 DeleteCriticalSection
0x14006e110 EncodePointer
0x14006e118 DecodePointer
0x14006e120 MultiByteToWideChar
0x14006e128 LCMapStringEx
0x14006e130 GetStringTypeW
0x14006e138 GetCPInfo
0x14006e140 RtlCaptureContext
0x14006e148 RtlLookupFunctionEntry
0x14006e150 RtlVirtualUnwind
0x14006e158 UnhandledExceptionFilter
0x14006e160 SetUnhandledExceptionFilter
0x14006e168 GetCurrentProcess
0x14006e170 TerminateProcess
0x14006e178 IsProcessorFeaturePresent
0x14006e180 IsDebuggerPresent
0x14006e188 GetStartupInfoW
0x14006e190 GetModuleHandleW
0x14006e198 QueryPerformanceCounter
0x14006e1a0 GetCurrentProcessId
0x14006e1a8 GetCurrentThreadId
0x14006e1b0 GetSystemTimeAsFileTime
0x14006e1b8 InitializeSListHead
0x14006e1c0 RtlUnwindEx
0x14006e1c8 RtlPcToFileHeader
0x14006e1d0 RaiseException
0x14006e1d8 SetLastError
0x14006e1e0 InitializeCriticalSectionAndSpinCount
0x14006e1e8 TlsAlloc
0x14006e1f0 TlsGetValue
0x14006e1f8 TlsSetValue
0x14006e200 TlsFree
0x14006e208 FreeLibrary
0x14006e210 GetProcAddress
0x14006e218 LoadLibraryExW
0x14006e220 GetModuleFileNameW
0x14006e228 GetModuleHandleExW
0x14006e230 HeapAlloc
0x14006e238 HeapSize
0x14006e240 HeapValidate
0x14006e248 GetSystemInfo
0x14006e250 ExitProcess
0x14006e258 GetStdHandle
0x14006e260 WriteFile
0x14006e268 GetFileType
0x14006e270 OutputDebugStringW
0x14006e278 WriteConsoleW
0x14006e280 GetFileSizeEx
0x14006e288 SetFilePointerEx
0x14006e290 FlsAlloc
0x14006e298 FlsGetValue
0x14006e2a0 FlsSetValue
0x14006e2a8 FlsFree
0x14006e2b0 LCMapStringW
0x14006e2b8 GetLocaleInfoW
0x14006e2c0 IsValidLocale
0x14006e2c8 GetUserDefaultLCID
0x14006e2d0 EnumSystemLocalesW
0x14006e2d8 FlushFileBuffers
0x14006e2e0 GetConsoleOutputCP
0x14006e2e8 GetConsoleMode
0x14006e2f0 DeleteFileW
0x14006e2f8 HeapFree
0x14006e300 HeapReAlloc
0x14006e308 HeapQueryInformation
0x14006e310 GetProcessHeap
0x14006e318 ReadFile
0x14006e320 ReadConsoleW
0x14006e328 FindFirstFileExW
0x14006e330 RtlUnwind
USER32.dll
0x14006e340 wsprintfA
ADVAPI32.dll
0x14006e000 GetUserNameA
WININET.dll
0x14006e350 InternetConnectA
0x14006e358 InternetOpenA
0x14006e360 InternetSetOptionA
0x14006e368 HttpOpenRequestA
0x14006e370 InternetCloseHandle
0x14006e378 HttpSendRequestA
WS2_32.dll
0x14006e388 inet_ntoa
IPHLPAPI.DLL
0x14006e010 GetAdaptersInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x14006e020 FindClose
0x14006e028 CreateMutexA
0x14006e030 ReleaseMutex
0x14006e038 Sleep
0x14006e040 CopyFileA
0x14006e048 GetLastError
0x14006e050 GetVersionExA
0x14006e058 CloseHandle
0x14006e060 CreateDirectoryA
0x14006e068 GetComputerNameA
0x14006e070 GetEnvironmentVariableA
0x14006e078 CreateFileW
0x14006e080 SetStdHandle
0x14006e088 lstrlenA
0x14006e090 FindNextFileA
0x14006e098 FreeEnvironmentStringsW
0x14006e0a0 GetEnvironmentStringsW
0x14006e0a8 GetCommandLineW
0x14006e0b0 GetCommandLineA
0x14006e0b8 GetOEMCP
0x14006e0c0 GetACP
0x14006e0c8 IsValidCodePage
0x14006e0d0 FindNextFileW
0x14006e0d8 SetEndOfFile
0x14006e0e0 FindFirstFileA
0x14006e0e8 WideCharToMultiByte
0x14006e0f0 EnterCriticalSection
0x14006e0f8 LeaveCriticalSection
0x14006e100 InitializeCriticalSectionEx
0x14006e108 DeleteCriticalSection
0x14006e110 EncodePointer
0x14006e118 DecodePointer
0x14006e120 MultiByteToWideChar
0x14006e128 LCMapStringEx
0x14006e130 GetStringTypeW
0x14006e138 GetCPInfo
0x14006e140 RtlCaptureContext
0x14006e148 RtlLookupFunctionEntry
0x14006e150 RtlVirtualUnwind
0x14006e158 UnhandledExceptionFilter
0x14006e160 SetUnhandledExceptionFilter
0x14006e168 GetCurrentProcess
0x14006e170 TerminateProcess
0x14006e178 IsProcessorFeaturePresent
0x14006e180 IsDebuggerPresent
0x14006e188 GetStartupInfoW
0x14006e190 GetModuleHandleW
0x14006e198 QueryPerformanceCounter
0x14006e1a0 GetCurrentProcessId
0x14006e1a8 GetCurrentThreadId
0x14006e1b0 GetSystemTimeAsFileTime
0x14006e1b8 InitializeSListHead
0x14006e1c0 RtlUnwindEx
0x14006e1c8 RtlPcToFileHeader
0x14006e1d0 RaiseException
0x14006e1d8 SetLastError
0x14006e1e0 InitializeCriticalSectionAndSpinCount
0x14006e1e8 TlsAlloc
0x14006e1f0 TlsGetValue
0x14006e1f8 TlsSetValue
0x14006e200 TlsFree
0x14006e208 FreeLibrary
0x14006e210 GetProcAddress
0x14006e218 LoadLibraryExW
0x14006e220 GetModuleFileNameW
0x14006e228 GetModuleHandleExW
0x14006e230 HeapAlloc
0x14006e238 HeapSize
0x14006e240 HeapValidate
0x14006e248 GetSystemInfo
0x14006e250 ExitProcess
0x14006e258 GetStdHandle
0x14006e260 WriteFile
0x14006e268 GetFileType
0x14006e270 OutputDebugStringW
0x14006e278 WriteConsoleW
0x14006e280 GetFileSizeEx
0x14006e288 SetFilePointerEx
0x14006e290 FlsAlloc
0x14006e298 FlsGetValue
0x14006e2a0 FlsSetValue
0x14006e2a8 FlsFree
0x14006e2b0 LCMapStringW
0x14006e2b8 GetLocaleInfoW
0x14006e2c0 IsValidLocale
0x14006e2c8 GetUserDefaultLCID
0x14006e2d0 EnumSystemLocalesW
0x14006e2d8 FlushFileBuffers
0x14006e2e0 GetConsoleOutputCP
0x14006e2e8 GetConsoleMode
0x14006e2f0 DeleteFileW
0x14006e2f8 HeapFree
0x14006e300 HeapReAlloc
0x14006e308 HeapQueryInformation
0x14006e310 GetProcessHeap
0x14006e318 ReadFile
0x14006e320 ReadConsoleW
0x14006e328 FindFirstFileExW
0x14006e330 RtlUnwind
USER32.dll
0x14006e340 wsprintfA
ADVAPI32.dll
0x14006e000 GetUserNameA
WININET.dll
0x14006e350 InternetConnectA
0x14006e358 InternetOpenA
0x14006e360 InternetSetOptionA
0x14006e368 HttpOpenRequestA
0x14006e370 InternetCloseHandle
0x14006e378 HttpSendRequestA
WS2_32.dll
0x14006e388 inet_ntoa
IPHLPAPI.DLL
0x14006e010 GetAdaptersInfo
EAT(Export Address Table) is none