ScreenShot
| Created | 2025.02.03 09:35 | Machine | s1_win7_x6401 |
| Filename | GREEEEEN.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 52 detected (AIDetectMalware, Malicious, score, Ghanarava, Barys, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, SpywareX, CLOUD, rwrou, Static AI, Suspicious PE, czrw, Detected, RustyStealer, Eldorado, Artemis, Chgt, Gencirc, susgen, Lumma) | ||
| md5 | dc55f6636ce27b80ccf8e8784519ee2e | ||
| sha256 | 804fad13f6f36fd104fb556330a60f60943f56218254a9eeb97250e0c5c45e30 | ||
| ssdeep | 49152:EZWaUQ5mm6uhGsCfb1/ZhaKIKRM9vPHRME6408LXh9nIzlPrD3IWT31zNwD3Tvl8:KWaJh81hhaR64fdsDJNomspyN | ||
| imphash | 24ffed53aa9cc97ff36d1a4944fcb485 | ||
| impfuzzy | 96:t0UxK9WZrItnn4ZazaH5fcg+PyXYvWnijhaH6aWOCNA9J4FWfIV/:tuWkn4ZazafIvWKaHxW4JYWfIV/ | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x14029a2d8 GetStdHandle
0x14029a2e0 GetConsoleMode
0x14029a2e8 WaitForSingleObject
0x14029a2f0 WriteConsoleW
0x14029a2f8 WaitForSingleObjectEx
0x14029a300 CreateMutexA
0x14029a308 ReleaseMutex
0x14029a310 GetEnvironmentVariableW
0x14029a318 RtlLookupFunctionEntry
0x14029a320 GetModuleHandleW
0x14029a328 FormatMessageW
0x14029a330 GetTempPathW
0x14029a338 GetModuleFileNameW
0x14029a340 CreateFileW
0x14029a348 GetFileInformationByHandleEx
0x14029a350 GetFullPathNameW
0x14029a358 SetFilePointerEx
0x14029a360 FindNextFileW
0x14029a368 GlobalFree
0x14029a370 FindFirstFileW
0x14029a378 FindClose
0x14029a380 InitializeSListHead
0x14029a388 SwitchToThread
0x14029a390 ReleaseSRWLockExclusive
0x14029a398 GetFileInformationByHandle
0x14029a3a0 GetEnvironmentStringsW
0x14029a3a8 FreeEnvironmentStringsW
0x14029a3b0 CompareStringOrdinal
0x14029a3b8 GetSystemDirectoryW
0x14029a3c0 GlobalUnlock
0x14029a3c8 CreateProcessW
0x14029a3d0 GetFileAttributesW
0x14029a3d8 DuplicateHandle
0x14029a3e0 GetCurrentProcessId
0x14029a3e8 CreateNamedPipeW
0x14029a3f0 CreateThread
0x14029a3f8 ReadFileEx
0x14029a400 SleepEx
0x14029a408 WriteFileEx
0x14029a410 GlobalLock
0x14029a418 QueryPerformanceCounter
0x14029a420 QueryPerformanceFrequency
0x14029a428 GetSystemTimeAsFileTime
0x14029a430 GetCurrentDirectoryW
0x14029a438 RtlCaptureContext
0x14029a440 AcquireSRWLockShared
0x14029a448 ReleaseSRWLockShared
0x14029a450 CopyFileExW
0x14029a458 SleepConditionVariableSRW
0x14029a460 GlobalSize
0x14029a468 WakeConditionVariable
0x14029a470 GetCurrentThread
0x14029a478 GlobalAlloc
0x14029a480 WideCharToMultiByte
0x14029a488 SetFileCompletionNotificationModes
0x14029a490 GetProcessHeap
0x14029a498 CreateIoCompletionPort
0x14029a4a0 UnhandledExceptionFilter
0x14029a4a8 FileTimeToSystemTime
0x14029a4b0 SystemTimeToTzSpecificLocalTime
0x14029a4b8 SystemTimeToFileTime
0x14029a4c0 GetTimeZoneInformation
0x14029a4c8 RtlVirtualUnwind
0x14029a4d0 FlushFileBuffers
0x14029a4d8 GetTickCount
0x14029a4e0 MapViewOfFile
0x14029a4e8 CreateFileMappingW
0x14029a4f0 FormatMessageA
0x14029a4f8 GetSystemTime
0x14029a500 FreeLibrary
0x14029a508 GetFileSize
0x14029a510 LockFileEx
0x14029a518 LocalFree
0x14029a520 UnlockFile
0x14029a528 HeapDestroy
0x14029a530 HeapCompact
0x14029a538 LoadLibraryW
0x14029a540 DeleteFileW
0x14029a548 DeleteFileA
0x14029a550 CreateFileA
0x14029a558 FlushViewOfFile
0x14029a560 OutputDebugStringW
0x14029a568 GetFileAttributesExW
0x14029a570 GetFileAttributesA
0x14029a578 GetDiskFreeSpaceA
0x14029a580 GetTempPathA
0x14029a588 HeapSize
0x14029a590 HeapValidate
0x14029a598 UnmapViewOfFile
0x14029a5a0 CreateMutexW
0x14029a5a8 UnlockFileEx
0x14029a5b0 SetEndOfFile
0x14029a5b8 GetFullPathNameA
0x14029a5c0 SetFilePointer
0x14029a5c8 LockFile
0x14029a5d0 OutputDebugStringA
0x14029a5d8 GetDiskFreeSpaceW
0x14029a5e0 WriteFile
0x14029a5e8 HeapCreate
0x14029a5f0 ReadFile
0x14029a5f8 AreFileApisANSI
0x14029a600 InitializeCriticalSection
0x14029a608 EnterCriticalSection
0x14029a610 LeaveCriticalSection
0x14029a618 TryEnterCriticalSection
0x14029a620 DeleteCriticalSection
0x14029a628 GetCurrentThreadId
0x14029a630 TryAcquireSRWLockExclusive
0x14029a638 GetFinalPathNameByHandleW
0x14029a640 GetModuleHandleA
0x14029a648 HeapAlloc
0x14029a650 MultiByteToWideChar
0x14029a658 SetLastError
0x14029a660 GetQueuedCompletionStatusEx
0x14029a668 SetThreadStackGuarantee
0x14029a670 PostQueuedCompletionStatus
0x14029a678 AddVectoredExceptionHandler
0x14029a680 GetCurrentProcess
0x14029a688 GetProcAddress
0x14029a690 LoadLibraryA
0x14029a698 WakeAllConditionVariable
0x14029a6a0 HeapReAlloc
0x14029a6a8 GetSystemInfo
0x14029a6b0 Sleep
0x14029a6b8 GetLastError
0x14029a6c0 SetHandleInformation
0x14029a6c8 IsDebuggerPresent
0x14029a6d0 CloseHandle
0x14029a6d8 AcquireSRWLockExclusive
0x14029a6e0 SetUnhandledExceptionFilter
0x14029a6e8 TerminateProcess
0x14029a6f0 GetWindowsDirectoryW
0x14029a6f8 IsProcessorFeaturePresent
0x14029a700 CreateDirectoryW
0x14029a708 HeapFree
ws2_32.dll
0x14029a7f8 ioctlsocket
0x14029a800 WSASocketW
0x14029a808 socket
0x14029a810 ind
0x14029a818 listen
0x14029a820 accept
0x14029a828 setsockopt
0x14029a830 WSASend
0x14029a838 connect
0x14029a840 getaddrinfo
0x14029a848 freeaddrinfo
0x14029a850 WSAStartup
0x14029a858 getsockopt
0x14029a860 WSAIoctl
0x14029a868 WSACleanup
0x14029a870 recv
0x14029a878 send
0x14029a880 getsockname
0x14029a888 WSAGetLastError
0x14029a890 getpeername
0x14029a898 shutdown
0x14029a8a0 closesocket
crypt32.dll
0x14029a210 CryptUnprotectData
0x14029a218 CertDuplicateCertificateContext
0x14029a220 CertCloseStore
0x14029a228 CertFreeCertificateContext
0x14029a230 CertDuplicateCertificateChain
0x14029a238 CertAddCertificateContextToStore
0x14029a240 CertEnumCertificatesInStore
0x14029a248 CertDuplicateStore
0x14029a250 CertOpenStore
0x14029a258 CertGetCertificateChain
0x14029a260 CertFreeCertificateChain
0x14029a268 CertVerifyCertificateChainPolicy
advapi32.dll
0x14029a050 RegQueryValueExW
0x14029a058 AllocateAndInitializeSid
0x14029a060 CheckTokenMembership
0x14029a068 FreeSid
0x14029a070 RegOpenKeyExW
0x14029a078 SystemFunction036
0x14029a080 RegCloseKey
crypt.dll
0x14029a200 BCryptGenRandom
user32.dll
0x14029a7b0 EnumDisplaySettingsExW
0x14029a7b8 GetMonitorInfoW
0x14029a7c0 OpenClipboard
0x14029a7c8 EnumDisplayMonitors
0x14029a7d0 SetClipboardData
0x14029a7d8 EmptyClipboard
0x14029a7e0 CloseClipboard
0x14029a7e8 GetClipboardData
ntdll.dll
0x14029a718 NtCreateFile
0x14029a720 NtCancelIoFileEx
0x14029a728 NtDeviceIoControlFile
0x14029a730 RtlNtStatusToDosError
secur32.dll
0x14029a758 InitializeSecurityContextW
0x14029a760 QueryContextAttributesW
0x14029a768 EncryptMessage
0x14029a770 FreeContextBuffer
0x14029a778 DeleteSecurityContext
0x14029a780 DecryptMessage
0x14029a788 ApplyControlToken
0x14029a790 FreeCredentialsHandle
0x14029a798 AcceptSecurityContext
0x14029a7a0 AcquireCredentialsHandleA
gdi32.dll
0x14029a278 CreateCompatibleDC
0x14029a280 CreateCompatibleBitmap
0x14029a288 SelectObject
0x14029a290 SetStretchBltMode
0x14029a298 StretchBlt
0x14029a2a0 GetDIBits
0x14029a2a8 GetObjectW
0x14029a2b0 DeleteObject
0x14029a2b8 GetDeviceCaps
0x14029a2c0 CreateDCW
0x14029a2c8 DeleteDC
ole32.dll
0x14029a740 CoInitializeEx
0x14029a748 CoInitializeSecurity
VCRUNTIME140.dll
0x14029a000 memset
0x14029a008 memcpy
0x14029a010 __current_exception_context
0x14029a018 __current_exception
0x14029a020 __C_specific_handler
0x14029a028 memmove
0x14029a030 memcmp
0x14029a038 __CxxFrameHandler3
0x14029a040 strrchr
api-ms-win-crt-string-l1-1-0.dll
0x14029a1b0 strlen
0x14029a1b8 strncmp
0x14029a1c0 strcspn
0x14029a1c8 strcmp
api-ms-win-crt-utility-l1-1-0.dll
0x14029a1e8 qsort
0x14029a1f0 _rotl64
api-ms-win-crt-heap-l1-1-0.dll
0x14029a090 _msize
0x14029a098 _set_new_mode
0x14029a0a0 malloc
0x14029a0a8 free
0x14029a0b0 realloc
api-ms-win-crt-time-l1-1-0.dll
0x14029a1d8 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
0x14029a0d0 log
0x14029a0d8 _dclass
0x14029a0e0 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x14029a0f0 exit
0x14029a0f8 _exit
0x14029a100 __p___argv
0x14029a108 _initialize_onexit_table
0x14029a110 __p___argc
0x14029a118 _initterm_e
0x14029a120 _beginthreadex
0x14029a128 _endthreadex
0x14029a130 _register_thread_local_exe_atexit_callback
0x14029a138 _register_onexit_function
0x14029a140 _seh_filter_exe
0x14029a148 _cexit
0x14029a150 _c_exit
0x14029a158 _set_app_type
0x14029a160 terminate
0x14029a168 _configure_narrow_argv
0x14029a170 _initialize_narrow_environment
0x14029a178 _get_initial_narrow_environment
0x14029a180 _initterm
0x14029a188 _crt_atexit
api-ms-win-crt-stdio-l1-1-0.dll
0x14029a198 _set_fmode
0x14029a1a0 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x14029a0c0 _configthreadlocale
EAT(Export Address Table) is none
kernel32.dll
0x14029a2d8 GetStdHandle
0x14029a2e0 GetConsoleMode
0x14029a2e8 WaitForSingleObject
0x14029a2f0 WriteConsoleW
0x14029a2f8 WaitForSingleObjectEx
0x14029a300 CreateMutexA
0x14029a308 ReleaseMutex
0x14029a310 GetEnvironmentVariableW
0x14029a318 RtlLookupFunctionEntry
0x14029a320 GetModuleHandleW
0x14029a328 FormatMessageW
0x14029a330 GetTempPathW
0x14029a338 GetModuleFileNameW
0x14029a340 CreateFileW
0x14029a348 GetFileInformationByHandleEx
0x14029a350 GetFullPathNameW
0x14029a358 SetFilePointerEx
0x14029a360 FindNextFileW
0x14029a368 GlobalFree
0x14029a370 FindFirstFileW
0x14029a378 FindClose
0x14029a380 InitializeSListHead
0x14029a388 SwitchToThread
0x14029a390 ReleaseSRWLockExclusive
0x14029a398 GetFileInformationByHandle
0x14029a3a0 GetEnvironmentStringsW
0x14029a3a8 FreeEnvironmentStringsW
0x14029a3b0 CompareStringOrdinal
0x14029a3b8 GetSystemDirectoryW
0x14029a3c0 GlobalUnlock
0x14029a3c8 CreateProcessW
0x14029a3d0 GetFileAttributesW
0x14029a3d8 DuplicateHandle
0x14029a3e0 GetCurrentProcessId
0x14029a3e8 CreateNamedPipeW
0x14029a3f0 CreateThread
0x14029a3f8 ReadFileEx
0x14029a400 SleepEx
0x14029a408 WriteFileEx
0x14029a410 GlobalLock
0x14029a418 QueryPerformanceCounter
0x14029a420 QueryPerformanceFrequency
0x14029a428 GetSystemTimeAsFileTime
0x14029a430 GetCurrentDirectoryW
0x14029a438 RtlCaptureContext
0x14029a440 AcquireSRWLockShared
0x14029a448 ReleaseSRWLockShared
0x14029a450 CopyFileExW
0x14029a458 SleepConditionVariableSRW
0x14029a460 GlobalSize
0x14029a468 WakeConditionVariable
0x14029a470 GetCurrentThread
0x14029a478 GlobalAlloc
0x14029a480 WideCharToMultiByte
0x14029a488 SetFileCompletionNotificationModes
0x14029a490 GetProcessHeap
0x14029a498 CreateIoCompletionPort
0x14029a4a0 UnhandledExceptionFilter
0x14029a4a8 FileTimeToSystemTime
0x14029a4b0 SystemTimeToTzSpecificLocalTime
0x14029a4b8 SystemTimeToFileTime
0x14029a4c0 GetTimeZoneInformation
0x14029a4c8 RtlVirtualUnwind
0x14029a4d0 FlushFileBuffers
0x14029a4d8 GetTickCount
0x14029a4e0 MapViewOfFile
0x14029a4e8 CreateFileMappingW
0x14029a4f0 FormatMessageA
0x14029a4f8 GetSystemTime
0x14029a500 FreeLibrary
0x14029a508 GetFileSize
0x14029a510 LockFileEx
0x14029a518 LocalFree
0x14029a520 UnlockFile
0x14029a528 HeapDestroy
0x14029a530 HeapCompact
0x14029a538 LoadLibraryW
0x14029a540 DeleteFileW
0x14029a548 DeleteFileA
0x14029a550 CreateFileA
0x14029a558 FlushViewOfFile
0x14029a560 OutputDebugStringW
0x14029a568 GetFileAttributesExW
0x14029a570 GetFileAttributesA
0x14029a578 GetDiskFreeSpaceA
0x14029a580 GetTempPathA
0x14029a588 HeapSize
0x14029a590 HeapValidate
0x14029a598 UnmapViewOfFile
0x14029a5a0 CreateMutexW
0x14029a5a8 UnlockFileEx
0x14029a5b0 SetEndOfFile
0x14029a5b8 GetFullPathNameA
0x14029a5c0 SetFilePointer
0x14029a5c8 LockFile
0x14029a5d0 OutputDebugStringA
0x14029a5d8 GetDiskFreeSpaceW
0x14029a5e0 WriteFile
0x14029a5e8 HeapCreate
0x14029a5f0 ReadFile
0x14029a5f8 AreFileApisANSI
0x14029a600 InitializeCriticalSection
0x14029a608 EnterCriticalSection
0x14029a610 LeaveCriticalSection
0x14029a618 TryEnterCriticalSection
0x14029a620 DeleteCriticalSection
0x14029a628 GetCurrentThreadId
0x14029a630 TryAcquireSRWLockExclusive
0x14029a638 GetFinalPathNameByHandleW
0x14029a640 GetModuleHandleA
0x14029a648 HeapAlloc
0x14029a650 MultiByteToWideChar
0x14029a658 SetLastError
0x14029a660 GetQueuedCompletionStatusEx
0x14029a668 SetThreadStackGuarantee
0x14029a670 PostQueuedCompletionStatus
0x14029a678 AddVectoredExceptionHandler
0x14029a680 GetCurrentProcess
0x14029a688 GetProcAddress
0x14029a690 LoadLibraryA
0x14029a698 WakeAllConditionVariable
0x14029a6a0 HeapReAlloc
0x14029a6a8 GetSystemInfo
0x14029a6b0 Sleep
0x14029a6b8 GetLastError
0x14029a6c0 SetHandleInformation
0x14029a6c8 IsDebuggerPresent
0x14029a6d0 CloseHandle
0x14029a6d8 AcquireSRWLockExclusive
0x14029a6e0 SetUnhandledExceptionFilter
0x14029a6e8 TerminateProcess
0x14029a6f0 GetWindowsDirectoryW
0x14029a6f8 IsProcessorFeaturePresent
0x14029a700 CreateDirectoryW
0x14029a708 HeapFree
ws2_32.dll
0x14029a7f8 ioctlsocket
0x14029a800 WSASocketW
0x14029a808 socket
0x14029a810 ind
0x14029a818 listen
0x14029a820 accept
0x14029a828 setsockopt
0x14029a830 WSASend
0x14029a838 connect
0x14029a840 getaddrinfo
0x14029a848 freeaddrinfo
0x14029a850 WSAStartup
0x14029a858 getsockopt
0x14029a860 WSAIoctl
0x14029a868 WSACleanup
0x14029a870 recv
0x14029a878 send
0x14029a880 getsockname
0x14029a888 WSAGetLastError
0x14029a890 getpeername
0x14029a898 shutdown
0x14029a8a0 closesocket
crypt32.dll
0x14029a210 CryptUnprotectData
0x14029a218 CertDuplicateCertificateContext
0x14029a220 CertCloseStore
0x14029a228 CertFreeCertificateContext
0x14029a230 CertDuplicateCertificateChain
0x14029a238 CertAddCertificateContextToStore
0x14029a240 CertEnumCertificatesInStore
0x14029a248 CertDuplicateStore
0x14029a250 CertOpenStore
0x14029a258 CertGetCertificateChain
0x14029a260 CertFreeCertificateChain
0x14029a268 CertVerifyCertificateChainPolicy
advapi32.dll
0x14029a050 RegQueryValueExW
0x14029a058 AllocateAndInitializeSid
0x14029a060 CheckTokenMembership
0x14029a068 FreeSid
0x14029a070 RegOpenKeyExW
0x14029a078 SystemFunction036
0x14029a080 RegCloseKey
crypt.dll
0x14029a200 BCryptGenRandom
user32.dll
0x14029a7b0 EnumDisplaySettingsExW
0x14029a7b8 GetMonitorInfoW
0x14029a7c0 OpenClipboard
0x14029a7c8 EnumDisplayMonitors
0x14029a7d0 SetClipboardData
0x14029a7d8 EmptyClipboard
0x14029a7e0 CloseClipboard
0x14029a7e8 GetClipboardData
ntdll.dll
0x14029a718 NtCreateFile
0x14029a720 NtCancelIoFileEx
0x14029a728 NtDeviceIoControlFile
0x14029a730 RtlNtStatusToDosError
secur32.dll
0x14029a758 InitializeSecurityContextW
0x14029a760 QueryContextAttributesW
0x14029a768 EncryptMessage
0x14029a770 FreeContextBuffer
0x14029a778 DeleteSecurityContext
0x14029a780 DecryptMessage
0x14029a788 ApplyControlToken
0x14029a790 FreeCredentialsHandle
0x14029a798 AcceptSecurityContext
0x14029a7a0 AcquireCredentialsHandleA
gdi32.dll
0x14029a278 CreateCompatibleDC
0x14029a280 CreateCompatibleBitmap
0x14029a288 SelectObject
0x14029a290 SetStretchBltMode
0x14029a298 StretchBlt
0x14029a2a0 GetDIBits
0x14029a2a8 GetObjectW
0x14029a2b0 DeleteObject
0x14029a2b8 GetDeviceCaps
0x14029a2c0 CreateDCW
0x14029a2c8 DeleteDC
ole32.dll
0x14029a740 CoInitializeEx
0x14029a748 CoInitializeSecurity
VCRUNTIME140.dll
0x14029a000 memset
0x14029a008 memcpy
0x14029a010 __current_exception_context
0x14029a018 __current_exception
0x14029a020 __C_specific_handler
0x14029a028 memmove
0x14029a030 memcmp
0x14029a038 __CxxFrameHandler3
0x14029a040 strrchr
api-ms-win-crt-string-l1-1-0.dll
0x14029a1b0 strlen
0x14029a1b8 strncmp
0x14029a1c0 strcspn
0x14029a1c8 strcmp
api-ms-win-crt-utility-l1-1-0.dll
0x14029a1e8 qsort
0x14029a1f0 _rotl64
api-ms-win-crt-heap-l1-1-0.dll
0x14029a090 _msize
0x14029a098 _set_new_mode
0x14029a0a0 malloc
0x14029a0a8 free
0x14029a0b0 realloc
api-ms-win-crt-time-l1-1-0.dll
0x14029a1d8 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
0x14029a0d0 log
0x14029a0d8 _dclass
0x14029a0e0 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x14029a0f0 exit
0x14029a0f8 _exit
0x14029a100 __p___argv
0x14029a108 _initialize_onexit_table
0x14029a110 __p___argc
0x14029a118 _initterm_e
0x14029a120 _beginthreadex
0x14029a128 _endthreadex
0x14029a130 _register_thread_local_exe_atexit_callback
0x14029a138 _register_onexit_function
0x14029a140 _seh_filter_exe
0x14029a148 _cexit
0x14029a150 _c_exit
0x14029a158 _set_app_type
0x14029a160 terminate
0x14029a168 _configure_narrow_argv
0x14029a170 _initialize_narrow_environment
0x14029a178 _get_initial_narrow_environment
0x14029a180 _initterm
0x14029a188 _crt_atexit
api-ms-win-crt-stdio-l1-1-0.dll
0x14029a198 _set_fmode
0x14029a1a0 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x14029a0c0 _configthreadlocale
EAT(Export Address Table) is none