ScreenShot
| Created | 2025.02.07 14:23 | Machine | s1_win7_x6401 |
| Filename | sas.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 39 detected (Caynamer, Malicious, score, GenericKD, Unsafe, confidence, 100%, Attribute, HighConfidence, moderate confidence, MalwareX, CLOUD, Static AI, Suspicious PE, Detected, ABTrojan, PGTP, Artemis, Chgt, PossibleThreat, Software, A9nj) | ||
| md5 | f0328a0d719b2a80e950b562ca0d8f80 | ||
| sha256 | 9badd465f31d5917842d308b87a806288fec44424b85458427c3984be5019482 | ||
| ssdeep | 1536:f/WPxp+NdK3kCNoG0pE1M6IbJu996zCisi7k1:3W3+ypNoUjIbk996eilk | ||
| imphash | 8adddf41765404439890a4fea2ba14c8 | ||
| impfuzzy | 6:HMJq3+s0qqYGdwG5SyJIqsJra2SR1rH5XJxSoD4sIWXqWv4En5X5A+mVMRy0bOL4:sJq3AYPwGHJ22Sf5HznJa7AOs | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x40e4bc malloc
0x40e4c4 strcat
0x40e4cc sprintf
0x40e4d4 free
0x40e4dc memset
0x40e4e4 calloc
0x40e4ec gets
0x40e4f4 vsprintf
0x40e4fc getenv
0x40e504 system
0x40e50c abort
0x40e514 atexit
0x40e51c _getcwd
0x40e524 tolower
0x40e52c toupper
0x40e534 strstr
0x40e53c strncpy
0x40e544 sscanf
0x40e54c _vsnprintf
0x40e554 _strdup
0x40e55c _controlfp
0x40e564 __set_app_type
0x40e56c __argc
0x40e574 __argv
0x40e57c _environ
0x40e584 __getmainargs
0x40e58c exit
kernel32.dll
0x40e59c WriteConsoleA
0x40e5a4 GetStdHandle
0x40e5ac GetModuleHandleA
0x40e5b4 IsDebuggerPresent
0x40e5bc GetLastError
0x40e5c4 FreeLibrary
0x40e5cc VirtualAlloc
0x40e5d4 Sleep
0x40e5dc GetStartupInfoA
0x40e5e4 GetCommandLineA
EAT(Export Address Table) is none
msvcrt.dll
0x40e4bc malloc
0x40e4c4 strcat
0x40e4cc sprintf
0x40e4d4 free
0x40e4dc memset
0x40e4e4 calloc
0x40e4ec gets
0x40e4f4 vsprintf
0x40e4fc getenv
0x40e504 system
0x40e50c abort
0x40e514 atexit
0x40e51c _getcwd
0x40e524 tolower
0x40e52c toupper
0x40e534 strstr
0x40e53c strncpy
0x40e544 sscanf
0x40e54c _vsnprintf
0x40e554 _strdup
0x40e55c _controlfp
0x40e564 __set_app_type
0x40e56c __argc
0x40e574 __argv
0x40e57c _environ
0x40e584 __getmainargs
0x40e58c exit
kernel32.dll
0x40e59c WriteConsoleA
0x40e5a4 GetStdHandle
0x40e5ac GetModuleHandleA
0x40e5b4 IsDebuggerPresent
0x40e5bc GetLastError
0x40e5c4 FreeLibrary
0x40e5cc VirtualAlloc
0x40e5d4 Sleep
0x40e5dc GetStartupInfoA
0x40e5e4 GetCommandLineA
EAT(Export Address Table) is none