ScreenShot
| Created | 2025.03.04 09:30 | Machine | s1_win7_x6403 |
| Filename | sonic.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 11 detected (malicious, confidence, FileRepMalware, Misc, LESS, bWQ1OiJG5Ndx46fzil, Kx6F+UwI, Wacapew, Artemis, susgen) | ||
| md5 | 3cc32d37dc6b03cad9a786752dddc434 | ||
| sha256 | c746bf479c4b8e6ae6ad45b19511f9155f46ec2038b12cf13c401600b01c71c3 | ||
| ssdeep | 1536:Ik7+PA2drzHLucoFjfFw3HeA/9SDjGRw3rK+9hZQHphzvI+nsW5jqed59dlLtdB4:DiVWiHeg6jhrK+8htbqkxJtdno | ||
| imphash | 5b7ae057f6e2555ce5822c51e4307f8f | ||
| impfuzzy | 24:S402tMS17mlJnc+pl3eDo/CuyoBDSOovbO9Ziv8GGMR:ntMS17kc+ppmuyo3AB | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 11 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x14000f240 MessageBoxA
KERNEL32.dll
0x14000f000 FindClose
0x14000f008 WriteConsoleW
0x14000f010 RtlCaptureContext
0x14000f018 RtlLookupFunctionEntry
0x14000f020 RtlVirtualUnwind
0x14000f028 UnhandledExceptionFilter
0x14000f030 SetUnhandledExceptionFilter
0x14000f038 GetCurrentProcess
0x14000f040 TerminateProcess
0x14000f048 IsProcessorFeaturePresent
0x14000f050 QueryPerformanceCounter
0x14000f058 GetCurrentProcessId
0x14000f060 GetCurrentThreadId
0x14000f068 GetSystemTimeAsFileTime
0x14000f070 InitializeSListHead
0x14000f078 IsDebuggerPresent
0x14000f080 GetStartupInfoW
0x14000f088 GetModuleHandleW
0x14000f090 RtlUnwindEx
0x14000f098 GetLastError
0x14000f0a0 SetLastError
0x14000f0a8 EnterCriticalSection
0x14000f0b0 LeaveCriticalSection
0x14000f0b8 DeleteCriticalSection
0x14000f0c0 InitializeCriticalSectionAndSpinCount
0x14000f0c8 TlsAlloc
0x14000f0d0 TlsGetValue
0x14000f0d8 TlsSetValue
0x14000f0e0 TlsFree
0x14000f0e8 FreeLibrary
0x14000f0f0 GetProcAddress
0x14000f0f8 LoadLibraryExW
0x14000f100 EncodePointer
0x14000f108 RaiseException
0x14000f110 RtlPcToFileHeader
0x14000f118 GetStdHandle
0x14000f120 WriteFile
0x14000f128 GetModuleFileNameW
0x14000f130 ExitProcess
0x14000f138 GetModuleHandleExW
0x14000f140 HeapAlloc
0x14000f148 HeapFree
0x14000f150 FindFirstFileExW
0x14000f158 FindNextFileW
0x14000f160 IsValidCodePage
0x14000f168 GetACP
0x14000f170 GetOEMCP
0x14000f178 GetCPInfo
0x14000f180 GetCommandLineA
0x14000f188 GetCommandLineW
0x14000f190 MultiByteToWideChar
0x14000f198 WideCharToMultiByte
0x14000f1a0 GetEnvironmentStringsW
0x14000f1a8 FreeEnvironmentStringsW
0x14000f1b0 SetStdHandle
0x14000f1b8 GetFileType
0x14000f1c0 GetStringTypeW
0x14000f1c8 FlsAlloc
0x14000f1d0 FlsGetValue
0x14000f1d8 FlsSetValue
0x14000f1e0 FlsFree
0x14000f1e8 LCMapStringW
0x14000f1f0 GetProcessHeap
0x14000f1f8 HeapSize
0x14000f200 HeapReAlloc
0x14000f208 FlushFileBuffers
0x14000f210 GetConsoleOutputCP
0x14000f218 GetConsoleMode
0x14000f220 SetFilePointerEx
0x14000f228 CreateFileW
0x14000f230 CloseHandle
EAT(Export Address Table) is none
USER32.dll
0x14000f240 MessageBoxA
KERNEL32.dll
0x14000f000 FindClose
0x14000f008 WriteConsoleW
0x14000f010 RtlCaptureContext
0x14000f018 RtlLookupFunctionEntry
0x14000f020 RtlVirtualUnwind
0x14000f028 UnhandledExceptionFilter
0x14000f030 SetUnhandledExceptionFilter
0x14000f038 GetCurrentProcess
0x14000f040 TerminateProcess
0x14000f048 IsProcessorFeaturePresent
0x14000f050 QueryPerformanceCounter
0x14000f058 GetCurrentProcessId
0x14000f060 GetCurrentThreadId
0x14000f068 GetSystemTimeAsFileTime
0x14000f070 InitializeSListHead
0x14000f078 IsDebuggerPresent
0x14000f080 GetStartupInfoW
0x14000f088 GetModuleHandleW
0x14000f090 RtlUnwindEx
0x14000f098 GetLastError
0x14000f0a0 SetLastError
0x14000f0a8 EnterCriticalSection
0x14000f0b0 LeaveCriticalSection
0x14000f0b8 DeleteCriticalSection
0x14000f0c0 InitializeCriticalSectionAndSpinCount
0x14000f0c8 TlsAlloc
0x14000f0d0 TlsGetValue
0x14000f0d8 TlsSetValue
0x14000f0e0 TlsFree
0x14000f0e8 FreeLibrary
0x14000f0f0 GetProcAddress
0x14000f0f8 LoadLibraryExW
0x14000f100 EncodePointer
0x14000f108 RaiseException
0x14000f110 RtlPcToFileHeader
0x14000f118 GetStdHandle
0x14000f120 WriteFile
0x14000f128 GetModuleFileNameW
0x14000f130 ExitProcess
0x14000f138 GetModuleHandleExW
0x14000f140 HeapAlloc
0x14000f148 HeapFree
0x14000f150 FindFirstFileExW
0x14000f158 FindNextFileW
0x14000f160 IsValidCodePage
0x14000f168 GetACP
0x14000f170 GetOEMCP
0x14000f178 GetCPInfo
0x14000f180 GetCommandLineA
0x14000f188 GetCommandLineW
0x14000f190 MultiByteToWideChar
0x14000f198 WideCharToMultiByte
0x14000f1a0 GetEnvironmentStringsW
0x14000f1a8 FreeEnvironmentStringsW
0x14000f1b0 SetStdHandle
0x14000f1b8 GetFileType
0x14000f1c0 GetStringTypeW
0x14000f1c8 FlsAlloc
0x14000f1d0 FlsGetValue
0x14000f1d8 FlsSetValue
0x14000f1e0 FlsFree
0x14000f1e8 LCMapStringW
0x14000f1f0 GetProcessHeap
0x14000f1f8 HeapSize
0x14000f200 HeapReAlloc
0x14000f208 FlushFileBuffers
0x14000f210 GetConsoleOutputCP
0x14000f218 GetConsoleMode
0x14000f220 SetFilePointerEx
0x14000f228 CreateFileW
0x14000f230 CloseHandle
EAT(Export Address Table) is none