ScreenShot
| Created | 2025.02.03 09:47 | Machine | s1_win7_x6401 |
| Filename | BLACKKKK.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 54 detected (AIDetectMalware, Malicious, score, Ghanarava, Barys, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, SpywareX, CLOUD, AGEN, Static AI, Suspicious PE, Detected, RustyStealer, Eldorado, Artemis, Chgt, Gencirc, g88ontzMsuE, susgen, Lumma) | ||
| md5 | 4493948a68128a4e6249dc44623b87e8 | ||
| sha256 | 883be986c8b579b9dd15fd9b820089675cb4382a466aa76e01a38b57cd04510f | ||
| ssdeep | 49152:VUI5sQ5R8hFjdJG3xL0d4LIqEj1b1ibq0eYTo5gqb9nIzRS/BcY4Q3gdBIIdF8Ic:+I5sdaLdLIn5gaRw/BQESky | ||
| imphash | 24ffed53aa9cc97ff36d1a4944fcb485 | ||
| impfuzzy | 96:t0UxK9WZrItnn4ZazaH5fcg+PyXYvWnijhaH6aWOCNA9J4FWfIV/:tuWkn4ZazafIvWKaHxW4JYWfIV/ | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x14029b2d8 GetStdHandle
0x14029b2e0 GetConsoleMode
0x14029b2e8 WaitForSingleObject
0x14029b2f0 WriteConsoleW
0x14029b2f8 WaitForSingleObjectEx
0x14029b300 CreateMutexA
0x14029b308 ReleaseMutex
0x14029b310 GetEnvironmentVariableW
0x14029b318 RtlLookupFunctionEntry
0x14029b320 GetModuleHandleW
0x14029b328 FormatMessageW
0x14029b330 GetTempPathW
0x14029b338 GetModuleFileNameW
0x14029b340 CreateFileW
0x14029b348 GetFileInformationByHandleEx
0x14029b350 GetFullPathNameW
0x14029b358 SetFilePointerEx
0x14029b360 FindNextFileW
0x14029b368 GlobalFree
0x14029b370 FindFirstFileW
0x14029b378 FindClose
0x14029b380 InitializeSListHead
0x14029b388 SwitchToThread
0x14029b390 ReleaseSRWLockExclusive
0x14029b398 GetFileInformationByHandle
0x14029b3a0 GetEnvironmentStringsW
0x14029b3a8 FreeEnvironmentStringsW
0x14029b3b0 CompareStringOrdinal
0x14029b3b8 GetSystemDirectoryW
0x14029b3c0 GlobalUnlock
0x14029b3c8 CreateProcessW
0x14029b3d0 GetFileAttributesW
0x14029b3d8 DuplicateHandle
0x14029b3e0 GetCurrentProcessId
0x14029b3e8 CreateNamedPipeW
0x14029b3f0 CreateThread
0x14029b3f8 ReadFileEx
0x14029b400 SleepEx
0x14029b408 WriteFileEx
0x14029b410 GlobalLock
0x14029b418 QueryPerformanceCounter
0x14029b420 QueryPerformanceFrequency
0x14029b428 GetSystemTimeAsFileTime
0x14029b430 GetCurrentDirectoryW
0x14029b438 RtlCaptureContext
0x14029b440 AcquireSRWLockShared
0x14029b448 ReleaseSRWLockShared
0x14029b450 CopyFileExW
0x14029b458 SleepConditionVariableSRW
0x14029b460 GlobalSize
0x14029b468 WakeConditionVariable
0x14029b470 GetCurrentThread
0x14029b478 GlobalAlloc
0x14029b480 WideCharToMultiByte
0x14029b488 SetFileCompletionNotificationModes
0x14029b490 GetProcessHeap
0x14029b498 CreateIoCompletionPort
0x14029b4a0 UnhandledExceptionFilter
0x14029b4a8 FileTimeToSystemTime
0x14029b4b0 SystemTimeToTzSpecificLocalTime
0x14029b4b8 SystemTimeToFileTime
0x14029b4c0 GetTimeZoneInformation
0x14029b4c8 RtlVirtualUnwind
0x14029b4d0 FlushFileBuffers
0x14029b4d8 GetTickCount
0x14029b4e0 MapViewOfFile
0x14029b4e8 CreateFileMappingW
0x14029b4f0 FormatMessageA
0x14029b4f8 GetSystemTime
0x14029b500 FreeLibrary
0x14029b508 GetFileSize
0x14029b510 LockFileEx
0x14029b518 LocalFree
0x14029b520 UnlockFile
0x14029b528 HeapDestroy
0x14029b530 HeapCompact
0x14029b538 LoadLibraryW
0x14029b540 DeleteFileW
0x14029b548 DeleteFileA
0x14029b550 CreateFileA
0x14029b558 FlushViewOfFile
0x14029b560 OutputDebugStringW
0x14029b568 GetFileAttributesExW
0x14029b570 GetFileAttributesA
0x14029b578 GetDiskFreeSpaceA
0x14029b580 GetTempPathA
0x14029b588 HeapSize
0x14029b590 HeapValidate
0x14029b598 UnmapViewOfFile
0x14029b5a0 CreateMutexW
0x14029b5a8 UnlockFileEx
0x14029b5b0 SetEndOfFile
0x14029b5b8 GetFullPathNameA
0x14029b5c0 SetFilePointer
0x14029b5c8 LockFile
0x14029b5d0 OutputDebugStringA
0x14029b5d8 GetDiskFreeSpaceW
0x14029b5e0 WriteFile
0x14029b5e8 HeapCreate
0x14029b5f0 ReadFile
0x14029b5f8 AreFileApisANSI
0x14029b600 InitializeCriticalSection
0x14029b608 EnterCriticalSection
0x14029b610 LeaveCriticalSection
0x14029b618 TryEnterCriticalSection
0x14029b620 DeleteCriticalSection
0x14029b628 GetCurrentThreadId
0x14029b630 TryAcquireSRWLockExclusive
0x14029b638 GetFinalPathNameByHandleW
0x14029b640 GetModuleHandleA
0x14029b648 HeapAlloc
0x14029b650 MultiByteToWideChar
0x14029b658 SetLastError
0x14029b660 GetQueuedCompletionStatusEx
0x14029b668 SetThreadStackGuarantee
0x14029b670 PostQueuedCompletionStatus
0x14029b678 AddVectoredExceptionHandler
0x14029b680 GetCurrentProcess
0x14029b688 GetProcAddress
0x14029b690 LoadLibraryA
0x14029b698 WakeAllConditionVariable
0x14029b6a0 HeapReAlloc
0x14029b6a8 GetSystemInfo
0x14029b6b0 Sleep
0x14029b6b8 GetLastError
0x14029b6c0 SetHandleInformation
0x14029b6c8 IsDebuggerPresent
0x14029b6d0 CloseHandle
0x14029b6d8 AcquireSRWLockExclusive
0x14029b6e0 SetUnhandledExceptionFilter
0x14029b6e8 TerminateProcess
0x14029b6f0 GetWindowsDirectoryW
0x14029b6f8 IsProcessorFeaturePresent
0x14029b700 CreateDirectoryW
0x14029b708 HeapFree
ws2_32.dll
0x14029b7f8 ioctlsocket
0x14029b800 WSASocketW
0x14029b808 socket
0x14029b810 ind
0x14029b818 listen
0x14029b820 accept
0x14029b828 setsockopt
0x14029b830 WSASend
0x14029b838 connect
0x14029b840 getaddrinfo
0x14029b848 freeaddrinfo
0x14029b850 WSAStartup
0x14029b858 getsockopt
0x14029b860 WSAIoctl
0x14029b868 WSACleanup
0x14029b870 recv
0x14029b878 send
0x14029b880 getsockname
0x14029b888 WSAGetLastError
0x14029b890 getpeername
0x14029b898 shutdown
0x14029b8a0 closesocket
crypt32.dll
0x14029b210 CryptUnprotectData
0x14029b218 CertDuplicateCertificateContext
0x14029b220 CertCloseStore
0x14029b228 CertFreeCertificateContext
0x14029b230 CertDuplicateCertificateChain
0x14029b238 CertAddCertificateContextToStore
0x14029b240 CertEnumCertificatesInStore
0x14029b248 CertDuplicateStore
0x14029b250 CertOpenStore
0x14029b258 CertGetCertificateChain
0x14029b260 CertFreeCertificateChain
0x14029b268 CertVerifyCertificateChainPolicy
advapi32.dll
0x14029b050 RegQueryValueExW
0x14029b058 AllocateAndInitializeSid
0x14029b060 CheckTokenMembership
0x14029b068 FreeSid
0x14029b070 RegOpenKeyExW
0x14029b078 SystemFunction036
0x14029b080 RegCloseKey
crypt.dll
0x14029b200 BCryptGenRandom
user32.dll
0x14029b7b0 EnumDisplaySettingsExW
0x14029b7b8 GetMonitorInfoW
0x14029b7c0 OpenClipboard
0x14029b7c8 EnumDisplayMonitors
0x14029b7d0 SetClipboardData
0x14029b7d8 EmptyClipboard
0x14029b7e0 CloseClipboard
0x14029b7e8 GetClipboardData
ntdll.dll
0x14029b718 NtCreateFile
0x14029b720 NtCancelIoFileEx
0x14029b728 NtDeviceIoControlFile
0x14029b730 RtlNtStatusToDosError
secur32.dll
0x14029b758 InitializeSecurityContextW
0x14029b760 QueryContextAttributesW
0x14029b768 EncryptMessage
0x14029b770 FreeContextBuffer
0x14029b778 DeleteSecurityContext
0x14029b780 DecryptMessage
0x14029b788 ApplyControlToken
0x14029b790 FreeCredentialsHandle
0x14029b798 AcceptSecurityContext
0x14029b7a0 AcquireCredentialsHandleA
gdi32.dll
0x14029b278 CreateCompatibleDC
0x14029b280 CreateCompatibleBitmap
0x14029b288 SelectObject
0x14029b290 SetStretchBltMode
0x14029b298 StretchBlt
0x14029b2a0 GetDIBits
0x14029b2a8 GetObjectW
0x14029b2b0 DeleteObject
0x14029b2b8 GetDeviceCaps
0x14029b2c0 CreateDCW
0x14029b2c8 DeleteDC
ole32.dll
0x14029b740 CoInitializeEx
0x14029b748 CoInitializeSecurity
VCRUNTIME140.dll
0x14029b000 memset
0x14029b008 memcpy
0x14029b010 __current_exception_context
0x14029b018 __current_exception
0x14029b020 __C_specific_handler
0x14029b028 memmove
0x14029b030 memcmp
0x14029b038 __CxxFrameHandler3
0x14029b040 strrchr
api-ms-win-crt-string-l1-1-0.dll
0x14029b1b0 strlen
0x14029b1b8 strncmp
0x14029b1c0 strcspn
0x14029b1c8 strcmp
api-ms-win-crt-utility-l1-1-0.dll
0x14029b1e8 qsort
0x14029b1f0 _rotl64
api-ms-win-crt-heap-l1-1-0.dll
0x14029b090 _msize
0x14029b098 _set_new_mode
0x14029b0a0 malloc
0x14029b0a8 free
0x14029b0b0 realloc
api-ms-win-crt-time-l1-1-0.dll
0x14029b1d8 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
0x14029b0d0 log
0x14029b0d8 _dclass
0x14029b0e0 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x14029b0f0 exit
0x14029b0f8 _exit
0x14029b100 __p___argv
0x14029b108 _initialize_onexit_table
0x14029b110 __p___argc
0x14029b118 _initterm_e
0x14029b120 _beginthreadex
0x14029b128 _endthreadex
0x14029b130 _register_thread_local_exe_atexit_callback
0x14029b138 _register_onexit_function
0x14029b140 _seh_filter_exe
0x14029b148 _cexit
0x14029b150 _c_exit
0x14029b158 _set_app_type
0x14029b160 terminate
0x14029b168 _configure_narrow_argv
0x14029b170 _initialize_narrow_environment
0x14029b178 _get_initial_narrow_environment
0x14029b180 _initterm
0x14029b188 _crt_atexit
api-ms-win-crt-stdio-l1-1-0.dll
0x14029b198 _set_fmode
0x14029b1a0 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x14029b0c0 _configthreadlocale
EAT(Export Address Table) is none
kernel32.dll
0x14029b2d8 GetStdHandle
0x14029b2e0 GetConsoleMode
0x14029b2e8 WaitForSingleObject
0x14029b2f0 WriteConsoleW
0x14029b2f8 WaitForSingleObjectEx
0x14029b300 CreateMutexA
0x14029b308 ReleaseMutex
0x14029b310 GetEnvironmentVariableW
0x14029b318 RtlLookupFunctionEntry
0x14029b320 GetModuleHandleW
0x14029b328 FormatMessageW
0x14029b330 GetTempPathW
0x14029b338 GetModuleFileNameW
0x14029b340 CreateFileW
0x14029b348 GetFileInformationByHandleEx
0x14029b350 GetFullPathNameW
0x14029b358 SetFilePointerEx
0x14029b360 FindNextFileW
0x14029b368 GlobalFree
0x14029b370 FindFirstFileW
0x14029b378 FindClose
0x14029b380 InitializeSListHead
0x14029b388 SwitchToThread
0x14029b390 ReleaseSRWLockExclusive
0x14029b398 GetFileInformationByHandle
0x14029b3a0 GetEnvironmentStringsW
0x14029b3a8 FreeEnvironmentStringsW
0x14029b3b0 CompareStringOrdinal
0x14029b3b8 GetSystemDirectoryW
0x14029b3c0 GlobalUnlock
0x14029b3c8 CreateProcessW
0x14029b3d0 GetFileAttributesW
0x14029b3d8 DuplicateHandle
0x14029b3e0 GetCurrentProcessId
0x14029b3e8 CreateNamedPipeW
0x14029b3f0 CreateThread
0x14029b3f8 ReadFileEx
0x14029b400 SleepEx
0x14029b408 WriteFileEx
0x14029b410 GlobalLock
0x14029b418 QueryPerformanceCounter
0x14029b420 QueryPerformanceFrequency
0x14029b428 GetSystemTimeAsFileTime
0x14029b430 GetCurrentDirectoryW
0x14029b438 RtlCaptureContext
0x14029b440 AcquireSRWLockShared
0x14029b448 ReleaseSRWLockShared
0x14029b450 CopyFileExW
0x14029b458 SleepConditionVariableSRW
0x14029b460 GlobalSize
0x14029b468 WakeConditionVariable
0x14029b470 GetCurrentThread
0x14029b478 GlobalAlloc
0x14029b480 WideCharToMultiByte
0x14029b488 SetFileCompletionNotificationModes
0x14029b490 GetProcessHeap
0x14029b498 CreateIoCompletionPort
0x14029b4a0 UnhandledExceptionFilter
0x14029b4a8 FileTimeToSystemTime
0x14029b4b0 SystemTimeToTzSpecificLocalTime
0x14029b4b8 SystemTimeToFileTime
0x14029b4c0 GetTimeZoneInformation
0x14029b4c8 RtlVirtualUnwind
0x14029b4d0 FlushFileBuffers
0x14029b4d8 GetTickCount
0x14029b4e0 MapViewOfFile
0x14029b4e8 CreateFileMappingW
0x14029b4f0 FormatMessageA
0x14029b4f8 GetSystemTime
0x14029b500 FreeLibrary
0x14029b508 GetFileSize
0x14029b510 LockFileEx
0x14029b518 LocalFree
0x14029b520 UnlockFile
0x14029b528 HeapDestroy
0x14029b530 HeapCompact
0x14029b538 LoadLibraryW
0x14029b540 DeleteFileW
0x14029b548 DeleteFileA
0x14029b550 CreateFileA
0x14029b558 FlushViewOfFile
0x14029b560 OutputDebugStringW
0x14029b568 GetFileAttributesExW
0x14029b570 GetFileAttributesA
0x14029b578 GetDiskFreeSpaceA
0x14029b580 GetTempPathA
0x14029b588 HeapSize
0x14029b590 HeapValidate
0x14029b598 UnmapViewOfFile
0x14029b5a0 CreateMutexW
0x14029b5a8 UnlockFileEx
0x14029b5b0 SetEndOfFile
0x14029b5b8 GetFullPathNameA
0x14029b5c0 SetFilePointer
0x14029b5c8 LockFile
0x14029b5d0 OutputDebugStringA
0x14029b5d8 GetDiskFreeSpaceW
0x14029b5e0 WriteFile
0x14029b5e8 HeapCreate
0x14029b5f0 ReadFile
0x14029b5f8 AreFileApisANSI
0x14029b600 InitializeCriticalSection
0x14029b608 EnterCriticalSection
0x14029b610 LeaveCriticalSection
0x14029b618 TryEnterCriticalSection
0x14029b620 DeleteCriticalSection
0x14029b628 GetCurrentThreadId
0x14029b630 TryAcquireSRWLockExclusive
0x14029b638 GetFinalPathNameByHandleW
0x14029b640 GetModuleHandleA
0x14029b648 HeapAlloc
0x14029b650 MultiByteToWideChar
0x14029b658 SetLastError
0x14029b660 GetQueuedCompletionStatusEx
0x14029b668 SetThreadStackGuarantee
0x14029b670 PostQueuedCompletionStatus
0x14029b678 AddVectoredExceptionHandler
0x14029b680 GetCurrentProcess
0x14029b688 GetProcAddress
0x14029b690 LoadLibraryA
0x14029b698 WakeAllConditionVariable
0x14029b6a0 HeapReAlloc
0x14029b6a8 GetSystemInfo
0x14029b6b0 Sleep
0x14029b6b8 GetLastError
0x14029b6c0 SetHandleInformation
0x14029b6c8 IsDebuggerPresent
0x14029b6d0 CloseHandle
0x14029b6d8 AcquireSRWLockExclusive
0x14029b6e0 SetUnhandledExceptionFilter
0x14029b6e8 TerminateProcess
0x14029b6f0 GetWindowsDirectoryW
0x14029b6f8 IsProcessorFeaturePresent
0x14029b700 CreateDirectoryW
0x14029b708 HeapFree
ws2_32.dll
0x14029b7f8 ioctlsocket
0x14029b800 WSASocketW
0x14029b808 socket
0x14029b810 ind
0x14029b818 listen
0x14029b820 accept
0x14029b828 setsockopt
0x14029b830 WSASend
0x14029b838 connect
0x14029b840 getaddrinfo
0x14029b848 freeaddrinfo
0x14029b850 WSAStartup
0x14029b858 getsockopt
0x14029b860 WSAIoctl
0x14029b868 WSACleanup
0x14029b870 recv
0x14029b878 send
0x14029b880 getsockname
0x14029b888 WSAGetLastError
0x14029b890 getpeername
0x14029b898 shutdown
0x14029b8a0 closesocket
crypt32.dll
0x14029b210 CryptUnprotectData
0x14029b218 CertDuplicateCertificateContext
0x14029b220 CertCloseStore
0x14029b228 CertFreeCertificateContext
0x14029b230 CertDuplicateCertificateChain
0x14029b238 CertAddCertificateContextToStore
0x14029b240 CertEnumCertificatesInStore
0x14029b248 CertDuplicateStore
0x14029b250 CertOpenStore
0x14029b258 CertGetCertificateChain
0x14029b260 CertFreeCertificateChain
0x14029b268 CertVerifyCertificateChainPolicy
advapi32.dll
0x14029b050 RegQueryValueExW
0x14029b058 AllocateAndInitializeSid
0x14029b060 CheckTokenMembership
0x14029b068 FreeSid
0x14029b070 RegOpenKeyExW
0x14029b078 SystemFunction036
0x14029b080 RegCloseKey
crypt.dll
0x14029b200 BCryptGenRandom
user32.dll
0x14029b7b0 EnumDisplaySettingsExW
0x14029b7b8 GetMonitorInfoW
0x14029b7c0 OpenClipboard
0x14029b7c8 EnumDisplayMonitors
0x14029b7d0 SetClipboardData
0x14029b7d8 EmptyClipboard
0x14029b7e0 CloseClipboard
0x14029b7e8 GetClipboardData
ntdll.dll
0x14029b718 NtCreateFile
0x14029b720 NtCancelIoFileEx
0x14029b728 NtDeviceIoControlFile
0x14029b730 RtlNtStatusToDosError
secur32.dll
0x14029b758 InitializeSecurityContextW
0x14029b760 QueryContextAttributesW
0x14029b768 EncryptMessage
0x14029b770 FreeContextBuffer
0x14029b778 DeleteSecurityContext
0x14029b780 DecryptMessage
0x14029b788 ApplyControlToken
0x14029b790 FreeCredentialsHandle
0x14029b798 AcceptSecurityContext
0x14029b7a0 AcquireCredentialsHandleA
gdi32.dll
0x14029b278 CreateCompatibleDC
0x14029b280 CreateCompatibleBitmap
0x14029b288 SelectObject
0x14029b290 SetStretchBltMode
0x14029b298 StretchBlt
0x14029b2a0 GetDIBits
0x14029b2a8 GetObjectW
0x14029b2b0 DeleteObject
0x14029b2b8 GetDeviceCaps
0x14029b2c0 CreateDCW
0x14029b2c8 DeleteDC
ole32.dll
0x14029b740 CoInitializeEx
0x14029b748 CoInitializeSecurity
VCRUNTIME140.dll
0x14029b000 memset
0x14029b008 memcpy
0x14029b010 __current_exception_context
0x14029b018 __current_exception
0x14029b020 __C_specific_handler
0x14029b028 memmove
0x14029b030 memcmp
0x14029b038 __CxxFrameHandler3
0x14029b040 strrchr
api-ms-win-crt-string-l1-1-0.dll
0x14029b1b0 strlen
0x14029b1b8 strncmp
0x14029b1c0 strcspn
0x14029b1c8 strcmp
api-ms-win-crt-utility-l1-1-0.dll
0x14029b1e8 qsort
0x14029b1f0 _rotl64
api-ms-win-crt-heap-l1-1-0.dll
0x14029b090 _msize
0x14029b098 _set_new_mode
0x14029b0a0 malloc
0x14029b0a8 free
0x14029b0b0 realloc
api-ms-win-crt-time-l1-1-0.dll
0x14029b1d8 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
0x14029b0d0 log
0x14029b0d8 _dclass
0x14029b0e0 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x14029b0f0 exit
0x14029b0f8 _exit
0x14029b100 __p___argv
0x14029b108 _initialize_onexit_table
0x14029b110 __p___argc
0x14029b118 _initterm_e
0x14029b120 _beginthreadex
0x14029b128 _endthreadex
0x14029b130 _register_thread_local_exe_atexit_callback
0x14029b138 _register_onexit_function
0x14029b140 _seh_filter_exe
0x14029b148 _cexit
0x14029b150 _c_exit
0x14029b158 _set_app_type
0x14029b160 terminate
0x14029b168 _configure_narrow_argv
0x14029b170 _initialize_narrow_environment
0x14029b178 _get_initial_narrow_environment
0x14029b180 _initterm
0x14029b188 _crt_atexit
api-ms-win-crt-stdio-l1-1-0.dll
0x14029b198 _set_fmode
0x14029b1a0 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x14029b0c0 _configthreadlocale
EAT(Export Address Table) is none