ScreenShot
| Created | 2025.02.21 16:34 | Machine | s1_win7_x6403 |
| Filename | mtQ.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 43 detected (AIDetectMalware, GenericKDQ, Malicious, score, Artemis, Unsafe, Save, confidence, 100%, GenericQ, Attribute, HighConfidence, high confidence, VMProtect, X suspicious, xbvhtu, Real Protect, moderate, Static AI, Malicious PE, Detected, GrayWare, Wacapew, ABTrojan, ZMUQ, R002H09B725, Gencirc) | ||
| md5 | 6e6f46cefb577d77d7772a1c51de6da2 | ||
| sha256 | 913f0bf910c03920654804d3e618f4839977e990535da6e8d1a06411f7dcfa1a | ||
| ssdeep | 393216:FCwBeFMRU0Jf0mvLR8rSUInq1tppq+kekVaZOekxy3rhhvvVuNjCIKBfh:FF3fpTR8WnYtpE+kekVshnVuch | ||
| imphash | 3d78cabfedc8fd56608aeb994c22f8b6 | ||
| impfuzzy | 12:G3E+3MXPBHqT4ME2UI/A2Q4W2WDQLLMaiuHb5duD1FFTOZGqAJcDW:C3WpMJ05hDWM7C5du5FpadNDW | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
Normaliz.dll
0x140f31000 IdnToAscii
CRYPT32.dll
0x140f31010 CryptQueryObject
WLDAP32.dll
0x140f31020 None
WS2_32.dll
0x140f31030 WSAResetEvent
KERNEL32.dll
0x140f31040 AcquireSRWLockExclusive
USER32.dll
0x140f31050 GetClipboardData
GDI32.dll
0x140f31060 CreateRoundRectRgn
ADVAPI32.dll
0x140f31070 CryptDestroyKey
SHELL32.dll
0x140f31080 ShellExecuteA
ntdll.dll
0x140f31090 NtSuspendThread
MSVCP140.dll
0x140f310a0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
IMM32.dll
0x140f310b0 ImmGetContext
WININET.dll
0x140f310c0 InternetOpenA
d3d9.dll
0x140f310d0 Direct3DCreate9
VCRUNTIME140_1.dll
0x140f310e0 __CxxFrameHandler4
VCRUNTIME140.dll
0x140f310f0 __std_terminate
api-ms-win-crt-stdio-l1-1-0.dll
0x140f31100 __acrt_iob_func
api-ms-win-crt-string-l1-1-0.dll
0x140f31110 strncpy
api-ms-win-crt-utility-l1-1-0.dll
0x140f31120 rand
api-ms-win-crt-heap-l1-1-0.dll
0x140f31130 _set_new_mode
api-ms-win-crt-convert-l1-1-0.dll
0x140f31140 atoi
api-ms-win-crt-runtime-l1-1-0.dll
0x140f31150 _errno
api-ms-win-crt-filesystem-l1-1-0.dll
0x140f31160 _access
api-ms-win-crt-time-l1-1-0.dll
0x140f31170 _gmtime64
api-ms-win-crt-math-l1-1-0.dll
0x140f31180 ceilf
api-ms-win-crt-locale-l1-1-0.dll
0x140f31190 _configthreadlocale
KERNEL32.dll
0x140f311a0 GetSystemTimeAsFileTime
KERNEL32.dll
0x140f311b0 HeapAlloc
0x140f311b8 HeapFree
0x140f311c0 ExitProcess
0x140f311c8 LoadLibraryA
0x140f311d0 GetModuleHandleA
0x140f311d8 GetProcAddress
EAT(Export Address Table) is none
Normaliz.dll
0x140f31000 IdnToAscii
CRYPT32.dll
0x140f31010 CryptQueryObject
WLDAP32.dll
0x140f31020 None
WS2_32.dll
0x140f31030 WSAResetEvent
KERNEL32.dll
0x140f31040 AcquireSRWLockExclusive
USER32.dll
0x140f31050 GetClipboardData
GDI32.dll
0x140f31060 CreateRoundRectRgn
ADVAPI32.dll
0x140f31070 CryptDestroyKey
SHELL32.dll
0x140f31080 ShellExecuteA
ntdll.dll
0x140f31090 NtSuspendThread
MSVCP140.dll
0x140f310a0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
IMM32.dll
0x140f310b0 ImmGetContext
WININET.dll
0x140f310c0 InternetOpenA
d3d9.dll
0x140f310d0 Direct3DCreate9
VCRUNTIME140_1.dll
0x140f310e0 __CxxFrameHandler4
VCRUNTIME140.dll
0x140f310f0 __std_terminate
api-ms-win-crt-stdio-l1-1-0.dll
0x140f31100 __acrt_iob_func
api-ms-win-crt-string-l1-1-0.dll
0x140f31110 strncpy
api-ms-win-crt-utility-l1-1-0.dll
0x140f31120 rand
api-ms-win-crt-heap-l1-1-0.dll
0x140f31130 _set_new_mode
api-ms-win-crt-convert-l1-1-0.dll
0x140f31140 atoi
api-ms-win-crt-runtime-l1-1-0.dll
0x140f31150 _errno
api-ms-win-crt-filesystem-l1-1-0.dll
0x140f31160 _access
api-ms-win-crt-time-l1-1-0.dll
0x140f31170 _gmtime64
api-ms-win-crt-math-l1-1-0.dll
0x140f31180 ceilf
api-ms-win-crt-locale-l1-1-0.dll
0x140f31190 _configthreadlocale
KERNEL32.dll
0x140f311a0 GetSystemTimeAsFileTime
KERNEL32.dll
0x140f311b0 HeapAlloc
0x140f311b8 HeapFree
0x140f311c0 ExitProcess
0x140f311c8 LoadLibraryA
0x140f311d0 GetModuleHandleA
0x140f311d8 GetProcAddress
EAT(Export Address Table) is none