ScreenShot
| Created | 2025.01.27 17:07 | Machine | s1_win7_x6403 |
| Filename | amada2.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 59 detected (AIDetectMalware, Zbot, tpJY, Doina, Ghanarava, Unsafe, malicious, confidence, 100%, SpyBot, Amadey, Windows, Threat, score, zkig, fkkbuf, CLASSIC, AGEN, Static AI, Malicious PE, fnnn, Detected, Deyma, Zlob, Hancitor, Eldorado, IRCBot, R276868, GenericRXAA, BScope, GdSda, Gencirc, GenAsa, 7dthjqMr66k, ZDD2yNi) | ||
| md5 | 4bd4a99a7cf9e77972857a935d2cddcb | ||
| sha256 | 5b884a196cf85de56828d912eeeb9c417b2a074132c1f384150d6ffcfe1dab8d | ||
| ssdeep | 768:AN4a7os+Bd1biSJfBFdiGOsSyS5/hhurlzdx:3a2xb5+YSyE/hgpzH | ||
| imphash | 38c46ebea9bb002b350ca86f8d8d7108 | ||
| impfuzzy | 24:Q2AalgUA42D2FW9VHjUyTX5QFJSoSqR9jbujt9w:pBMLwyTXqFJSjqTjbus | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to identify installed AV products by installation directory |
| notice | Creates executable files on the filesystem |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable uses a known packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.DLL
0x41d1f4 GetUserNameA
KERNEL32.dll
0x41d200 AddAtomA
0x41d204 CloseHandle
0x41d208 CreateDirectoryA
0x41d20c CreateFileA
0x41d210 CreateProcessA
0x41d214 ExitProcess
0x41d218 FindAtomA
0x41d21c FreeLibrary
0x41d220 GetAtomNameA
0x41d224 GetComputerNameA
0x41d228 GetFileAttributesA
0x41d22c GetFileSize
0x41d230 GetModuleFileNameA
0x41d234 GetModuleHandleA
0x41d238 GetProcAddress
0x41d23c GetSystemDirectoryA
0x41d240 GetSystemInfo
0x41d244 GetTempPathA
0x41d248 GetVersionExA
0x41d24c GetVolumeInformationA
0x41d250 LoadLibraryA
0x41d254 SetUnhandledExceptionFilter
0x41d258 Sleep
0x41d25c WaitForSingleObject
0x41d260 WriteFile
msvcrt.dll
0x41d26c _itoa
0x41d270 _strlwr
msvcrt.dll
0x41d27c __getmainargs
0x41d280 __p__environ
0x41d284 __p__fmode
0x41d288 __set_app_type
0x41d28c _cexit
0x41d290 _iob
0x41d294 _onexit
0x41d298 _setmode
0x41d29c abort
0x41d2a0 atexit
0x41d2a4 atoi
0x41d2a8 exit
0x41d2ac fclose
0x41d2b0 fflush
0x41d2b4 fopen
0x41d2b8 fprintf
0x41d2bc fread
0x41d2c0 free
0x41d2c4 fwrite
0x41d2c8 malloc
0x41d2cc memcpy
0x41d2d0 memmove
0x41d2d4 memset
0x41d2d8 signal
0x41d2dc strcat
0x41d2e0 strcmp
0x41d2e4 strcpy
0x41d2e8 strlen
0x41d2ec strncat
SHELL32.DLL
0x41d2f8 ShellExecuteExA
USER32.dll
0x41d304 GetSystemMetrics
WSOCK32.DLL
0x41d310 WSACleanup
0x41d314 WSAStartup
0x41d318 closesocket
0x41d31c connect
0x41d320 gethostbyname
0x41d324 htons
0x41d328 inet_addr
0x41d32c inet_ntoa
0x41d330 recv
0x41d334 send
0x41d338 socket
EAT(Export Address Table) is none
ADVAPI32.DLL
0x41d1f4 GetUserNameA
KERNEL32.dll
0x41d200 AddAtomA
0x41d204 CloseHandle
0x41d208 CreateDirectoryA
0x41d20c CreateFileA
0x41d210 CreateProcessA
0x41d214 ExitProcess
0x41d218 FindAtomA
0x41d21c FreeLibrary
0x41d220 GetAtomNameA
0x41d224 GetComputerNameA
0x41d228 GetFileAttributesA
0x41d22c GetFileSize
0x41d230 GetModuleFileNameA
0x41d234 GetModuleHandleA
0x41d238 GetProcAddress
0x41d23c GetSystemDirectoryA
0x41d240 GetSystemInfo
0x41d244 GetTempPathA
0x41d248 GetVersionExA
0x41d24c GetVolumeInformationA
0x41d250 LoadLibraryA
0x41d254 SetUnhandledExceptionFilter
0x41d258 Sleep
0x41d25c WaitForSingleObject
0x41d260 WriteFile
msvcrt.dll
0x41d26c _itoa
0x41d270 _strlwr
msvcrt.dll
0x41d27c __getmainargs
0x41d280 __p__environ
0x41d284 __p__fmode
0x41d288 __set_app_type
0x41d28c _cexit
0x41d290 _iob
0x41d294 _onexit
0x41d298 _setmode
0x41d29c abort
0x41d2a0 atexit
0x41d2a4 atoi
0x41d2a8 exit
0x41d2ac fclose
0x41d2b0 fflush
0x41d2b4 fopen
0x41d2b8 fprintf
0x41d2bc fread
0x41d2c0 free
0x41d2c4 fwrite
0x41d2c8 malloc
0x41d2cc memcpy
0x41d2d0 memmove
0x41d2d4 memset
0x41d2d8 signal
0x41d2dc strcat
0x41d2e0 strcmp
0x41d2e4 strcpy
0x41d2e8 strlen
0x41d2ec strncat
SHELL32.DLL
0x41d2f8 ShellExecuteExA
USER32.dll
0x41d304 GetSystemMetrics
WSOCK32.DLL
0x41d310 WSACleanup
0x41d314 WSAStartup
0x41d318 closesocket
0x41d31c connect
0x41d320 gethostbyname
0x41d324 htons
0x41d328 inet_addr
0x41d32c inet_ntoa
0x41d330 recv
0x41d334 send
0x41d338 socket
EAT(Export Address Table) is none