ScreenShot
| Created | 2025.03.07 18:21 | Machine | s1_win7_x6401 |
| Filename | 9hUDDVk.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 37 detected (Malicious, score, Ghanarava, Artemis, Unsafe, confidence, high confidence, Kryptik, HYUA, CrypterX, bZTaiU55tHM, Nekark, hettb, AMADEY, YXFCFZ, moderate, genkryptik, Static AI, Suspicious PE, Detected, Wacatac, GI5O7G, ABTrojan, XQAF, PWSX, R694548, Outbreak, Wmhl, HGWG) | ||
| md5 | 87fc5821b29f5cdef4d118e71c764501 | ||
| sha256 | 1be77012b7c721e4d4027f214bad43253c1f0116c6b2a4364685d8d69120e2aa | ||
| ssdeep | 98304:lLoJoGHhBU37lVCPk8wbdLNV5ZYuLNV5ZY:lLoJpBU37lVCfYdLH5PLH5 | ||
| imphash | 4c949bece784d757329c70b20520186b | ||
| impfuzzy | 12:jOovfJEgRCZZGD5DoAGwkvuaZwDD7QH/0o:jOovREUCfg5DowLaZw3kf0o | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xa88000 GetCommandLineA
0xa88004 GetTempPathW
0xa88008 GetLastError
0xa8800c HeapAlloc
0xa88010 HeapFree
0xa88014 GetProcessHeap
0xa88018 SetCriticalSectionSpinCount
0xa8801c Sleep
0xa88020 ExitProcess
0xa88024 GetSystemInfo
0xa88028 GetVersion
0xa8802c GetTickCount
0xa88030 GetModuleFileNameW
0xa88034 GetModuleHandleW
0xa88038 GetProcAddress
0xa8803c LoadLibraryW
0xa88040 MultiByteToWideChar
0xa88044 ConvertDefaultLocale
USER32.dll
0xa8804c IsWindowVisible
0xa88050 GetWindowContextHelpId
0xa88054 MessageBoxA
0xa88058 GetWindowLongW
0xa8805c IsDialogMessageW
0xa88060 RegisterClassW
EAT(Export Address Table) is none
KERNEL32.dll
0xa88000 GetCommandLineA
0xa88004 GetTempPathW
0xa88008 GetLastError
0xa8800c HeapAlloc
0xa88010 HeapFree
0xa88014 GetProcessHeap
0xa88018 SetCriticalSectionSpinCount
0xa8801c Sleep
0xa88020 ExitProcess
0xa88024 GetSystemInfo
0xa88028 GetVersion
0xa8802c GetTickCount
0xa88030 GetModuleFileNameW
0xa88034 GetModuleHandleW
0xa88038 GetProcAddress
0xa8803c LoadLibraryW
0xa88040 MultiByteToWideChar
0xa88044 ConvertDefaultLocale
USER32.dll
0xa8804c IsWindowVisible
0xa88050 GetWindowContextHelpId
0xa88054 MessageBoxA
0xa88058 GetWindowLongW
0xa8805c IsDialogMessageW
0xa88060 RegisterClassW
EAT(Export Address Table) is none