ScreenShot
| Created | 2025.02.27 15:00 | Machine | s1_win7_x6401 |
| Filename | VBUN8fn.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 25 detected (AIDetectMalware, Lumma, Unsafe, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, HGTB, PWSX, Kryptik@AI, RDML, zTngX6P0FYTD, cMHW5kZZg, Wacatac, Artemis, BScope, Cocom, Dplw) | ||
| md5 | 32caa1d65fa9e190ba77fadb84c64698 | ||
| sha256 | b5713079bc540d78a13d71edfe7387f97d771a3f30305a5b2978d77829ead3b1 | ||
| ssdeep | 98304:KkyEEC+/CQ35SpZakHWs4DQA92vfFUALEggvM4Uts/faKJmVkc6bJ0l/vnuJdJCR:+ffN0fmuW | ||
| imphash | b76e0abc5c135fccfefff5d32b453ca5 | ||
| impfuzzy | 12:jOovLJEgRCZZG5ZDoAGKR0NkvuaZwDD7QH/0o:jOov1EUCfuZDo1LaZw3kf0o | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xae2000 GetCommandLineA
0xae2004 GetLastError
0xae2008 HeapAlloc
0xae200c HeapFree
0xae2010 GetProcessHeap
0xae2014 SetCriticalSectionSpinCount
0xae2018 Sleep
0xae201c ExitProcess
0xae2020 GetSystemInfo
0xae2024 GetTickCount
0xae2028 GetModuleHandleW
0xae202c GetProcAddress
0xae2030 LoadLibraryW
0xae2034 GlobalAlloc
0xae2038 GlobalFree
0xae203c MultiByteToWideChar
0xae2040 ConvertDefaultLocale
USER32.dll
0xae2048 IsWindowVisible
0xae204c GetWindowContextHelpId
0xae2050 MessageBoxA
0xae2054 GetWindowLongW
0xae2058 IsDialogMessageW
0xae205c RegisterClassW
EAT(Export Address Table) is none
KERNEL32.dll
0xae2000 GetCommandLineA
0xae2004 GetLastError
0xae2008 HeapAlloc
0xae200c HeapFree
0xae2010 GetProcessHeap
0xae2014 SetCriticalSectionSpinCount
0xae2018 Sleep
0xae201c ExitProcess
0xae2020 GetSystemInfo
0xae2024 GetTickCount
0xae2028 GetModuleHandleW
0xae202c GetProcAddress
0xae2030 LoadLibraryW
0xae2034 GlobalAlloc
0xae2038 GlobalFree
0xae203c MultiByteToWideChar
0xae2040 ConvertDefaultLocale
USER32.dll
0xae2048 IsWindowVisible
0xae204c GetWindowContextHelpId
0xae2050 MessageBoxA
0xae2054 GetWindowLongW
0xae2058 IsDialogMessageW
0xae205c RegisterClassW
EAT(Export Address Table) is none