ScreenShot
| Created | 2025.03.07 09:49 | Machine | s1_win7_x6401 |
| Filename | widsmob_denoise_win.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 54 detected (AIDetectMalware, tsd0, Ghanarava, GenericKD, Unsafe, Androm, Vzwt, malicious, confidence, 100%, high confidence, a variant of WinGo, vuuk, kvpqfp, CLASSIC, AGEN, R002C0RLP24, score, Static AI, Suspicious PE, Detected, Vigorf, ABTrojan, ZVYN, Artemis, BScope, TrojanPSW, WinGo, Chgt, Qcnw, susgen) | ||
| md5 | 43af2a37dfe23f1aa1f2a55bb3a39e68 | ||
| sha256 | f89f3f8a20f85abe1f716ceba7bd4fb409935add81f337e07f40d836601b475b | ||
| ssdeep | 196608:BgmkonYDKwqzYg+6L6V/ClhEItJV50mtoN+Myy2wOahl36p3hg:HkUzc6LMalln0mtg1W6 | ||
| imphash | 9cbefe68f395e67356e2a5d8d1b285c0 | ||
| impfuzzy | 24:UbVjhNwO+VuT2oLtXOr6kwmDruMztxdEr6tP:KwO+VAXOmGx0oP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| watch | Detects the presence of Wine emulator |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x11d1e40 WriteFile
0x11d1e44 WriteConsoleW
0x11d1e48 WaitForMultipleObjects
0x11d1e4c WaitForSingleObject
0x11d1e50 VirtualQuery
0x11d1e54 VirtualFree
0x11d1e58 VirtualAlloc
0x11d1e5c SwitchToThread
0x11d1e60 SuspendThread
0x11d1e64 SetWaitableTimer
0x11d1e68 SetUnhandledExceptionFilter
0x11d1e6c SetProcessPriorityBoost
0x11d1e70 SetEvent
0x11d1e74 SetErrorMode
0x11d1e78 SetConsoleCtrlHandler
0x11d1e7c ResumeThread
0x11d1e80 PostQueuedCompletionStatus
0x11d1e84 LoadLibraryA
0x11d1e88 LoadLibraryW
0x11d1e8c SetThreadContext
0x11d1e90 GetThreadContext
0x11d1e94 GetSystemInfo
0x11d1e98 GetSystemDirectoryA
0x11d1e9c GetStdHandle
0x11d1ea0 GetQueuedCompletionStatusEx
0x11d1ea4 GetProcessAffinityMask
0x11d1ea8 GetProcAddress
0x11d1eac GetEnvironmentStringsW
0x11d1eb0 GetConsoleMode
0x11d1eb4 FreeEnvironmentStringsW
0x11d1eb8 ExitProcess
0x11d1ebc DuplicateHandle
0x11d1ec0 CreateWaitableTimerExW
0x11d1ec4 CreateThread
0x11d1ec8 CreateIoCompletionPort
0x11d1ecc CreateFileA
0x11d1ed0 CreateEventA
0x11d1ed4 CloseHandle
0x11d1ed8 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x11d1e40 WriteFile
0x11d1e44 WriteConsoleW
0x11d1e48 WaitForMultipleObjects
0x11d1e4c WaitForSingleObject
0x11d1e50 VirtualQuery
0x11d1e54 VirtualFree
0x11d1e58 VirtualAlloc
0x11d1e5c SwitchToThread
0x11d1e60 SuspendThread
0x11d1e64 SetWaitableTimer
0x11d1e68 SetUnhandledExceptionFilter
0x11d1e6c SetProcessPriorityBoost
0x11d1e70 SetEvent
0x11d1e74 SetErrorMode
0x11d1e78 SetConsoleCtrlHandler
0x11d1e7c ResumeThread
0x11d1e80 PostQueuedCompletionStatus
0x11d1e84 LoadLibraryA
0x11d1e88 LoadLibraryW
0x11d1e8c SetThreadContext
0x11d1e90 GetThreadContext
0x11d1e94 GetSystemInfo
0x11d1e98 GetSystemDirectoryA
0x11d1e9c GetStdHandle
0x11d1ea0 GetQueuedCompletionStatusEx
0x11d1ea4 GetProcessAffinityMask
0x11d1ea8 GetProcAddress
0x11d1eac GetEnvironmentStringsW
0x11d1eb0 GetConsoleMode
0x11d1eb4 FreeEnvironmentStringsW
0x11d1eb8 ExitProcess
0x11d1ebc DuplicateHandle
0x11d1ec0 CreateWaitableTimerExW
0x11d1ec4 CreateThread
0x11d1ec8 CreateIoCompletionPort
0x11d1ecc CreateFileA
0x11d1ed0 CreateEventA
0x11d1ed4 CloseHandle
0x11d1ed8 AddVectoredExceptionHandler
EAT(Export Address Table) is none