ScreenShot
| Created | 2025.03.08 12:03 | Machine | s1_win7_x6403 |
| Filename | WindowsAutHost.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 47 detected (AIDetectMalware, VMProtect, Malicious, score, Kryptik, Unsafe, confidence, GenericKD, Attribute, HighConfidence, high confidence, MalwareX, xbwwas, Kryptik@AI, RDML, LaJg31nfqkILRMDXdmGX1Q, AGEN, BankBot, Real Protect, Static AI, Suspicious PE, Detected, Reflo, Rozena, D7VA60, ABTrojan, EONJ, R693121, Artemis, Chgt, Ljgl, susgen) | ||
| md5 | dcde423f70ce1bcb0b6cc519c15d7ab6 | ||
| sha256 | 1536725757d5e68235153460c05c97071b990640a60c5ff8d7b07493ddafd480 | ||
| ssdeep | 393216:2Ayz8C1FNmzwk5mwFRgxTv8LZBs9z4Fz6zsZ8U5:2NICoL5ngp8LO4R64ZN5 | ||
| imphash | 7f830c1be2775636f0aaf6ee74829bf2 | ||
| impfuzzy | 96:FzJG2RqybQfNcVC1AXJ4Zcp+AjxtvuGzvVq:S2cOZ4pgc | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | ROMCOM_RAT | Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x140c0f000 __C_specific_handler
0x140c0f008 __getmainargs
0x140c0f010 __initenv
0x140c0f018 __iob_func
0x140c0f020 __set_app_type
0x140c0f028 __setusermatherr
0x140c0f030 _amsg_exit
0x140c0f038 _cexit
0x140c0f040 _commode
0x140c0f048 _fmode
0x140c0f050 _initterm
0x140c0f058 _onexit
0x140c0f060 _time64
0x140c0f068 _wcsicmp
0x140c0f070 _wcsnicmp
0x140c0f078 abort
0x140c0f080 calloc
0x140c0f088 exit
0x140c0f090 fprintf
0x140c0f098 free
0x140c0f0a0 fwrite
0x140c0f0a8 malloc
0x140c0f0b0 memcpy
0x140c0f0b8 memset
0x140c0f0c0 rand
0x140c0f0c8 signal
0x140c0f0d0 srand
0x140c0f0d8 strcat
0x140c0f0e0 strcpy
0x140c0f0e8 strlen
0x140c0f0f0 strncmp
0x140c0f0f8 strstr
0x140c0f100 vfprintf
0x140c0f108 wcscat
0x140c0f110 wcscpy
0x140c0f118 wcslen
0x140c0f120 wcsncmp
0x140c0f128 wcsstr
KERNEL32.dll
0x140c0f138 DeleteCriticalSection
0x140c0f140 EnterCriticalSection
0x140c0f148 GetLastError
0x140c0f150 InitializeCriticalSection
0x140c0f158 LeaveCriticalSection
0x140c0f160 SetUnhandledExceptionFilter
0x140c0f168 Sleep
0x140c0f170 TlsGetValue
0x140c0f178 VirtualProtect
0x140c0f180 VirtualQuery
KERNEL32.dll
0x140c0f190 GetSystemTimeAsFileTime
0x140c0f198 CreateEventA
0x140c0f1a0 GetModuleHandleA
0x140c0f1a8 TerminateProcess
0x140c0f1b0 GetCurrentProcess
0x140c0f1b8 CreateToolhelp32Snapshot
0x140c0f1c0 Thread32First
0x140c0f1c8 GetCurrentProcessId
0x140c0f1d0 GetCurrentThreadId
0x140c0f1d8 OpenThread
0x140c0f1e0 Thread32Next
0x140c0f1e8 CloseHandle
0x140c0f1f0 SuspendThread
0x140c0f1f8 ResumeThread
0x140c0f200 WriteProcessMemory
0x140c0f208 GetSystemInfo
0x140c0f210 VirtualAlloc
0x140c0f218 VirtualProtect
0x140c0f220 VirtualFree
0x140c0f228 GetProcessAffinityMask
0x140c0f230 SetProcessAffinityMask
0x140c0f238 GetCurrentThread
0x140c0f240 SetThreadAffinityMask
0x140c0f248 Sleep
0x140c0f250 LoadLibraryA
0x140c0f258 FreeLibrary
0x140c0f260 GetTickCount
0x140c0f268 SystemTimeToFileTime
0x140c0f270 FileTimeToSystemTime
0x140c0f278 GlobalFree
0x140c0f280 HeapAlloc
0x140c0f288 HeapFree
0x140c0f290 GetProcAddress
0x140c0f298 ExitProcess
0x140c0f2a0 EnterCriticalSection
0x140c0f2a8 LeaveCriticalSection
0x140c0f2b0 InitializeCriticalSection
0x140c0f2b8 DeleteCriticalSection
0x140c0f2c0 MultiByteToWideChar
0x140c0f2c8 GetModuleHandleW
0x140c0f2d0 LoadResource
0x140c0f2d8 FindResourceExW
0x140c0f2e0 FindResourceExA
0x140c0f2e8 WideCharToMultiByte
0x140c0f2f0 GetThreadLocale
0x140c0f2f8 GetUserDefaultLCID
0x140c0f300 GetSystemDefaultLCID
0x140c0f308 EnumResourceNamesA
0x140c0f310 EnumResourceNamesW
0x140c0f318 EnumResourceLanguagesA
0x140c0f320 EnumResourceLanguagesW
0x140c0f328 EnumResourceTypesA
0x140c0f330 EnumResourceTypesW
0x140c0f338 CreateFileW
0x140c0f340 LoadLibraryW
0x140c0f348 GetLastError
0x140c0f350 FlushFileBuffers
0x140c0f358 FlsSetValue
0x140c0f360 GetCommandLineA
0x140c0f368 GetCPInfo
0x140c0f370 GetACP
0x140c0f378 GetOEMCP
0x140c0f380 IsValidCodePage
0x140c0f388 EncodePointer
0x140c0f390 DecodePointer
0x140c0f398 FlsGetValue
0x140c0f3a0 FlsFree
0x140c0f3a8 SetLastError
0x140c0f3b0 FlsAlloc
0x140c0f3b8 UnhandledExceptionFilter
0x140c0f3c0 SetUnhandledExceptionFilter
0x140c0f3c8 IsDebuggerPresent
0x140c0f3d0 RtlVirtualUnwind
0x140c0f3d8 RtlLookupFunctionEntry
0x140c0f3e0 RtlCaptureContext
0x140c0f3e8 RaiseException
0x140c0f3f0 RtlPcToFileHeader
0x140c0f3f8 RtlUnwindEx
0x140c0f400 LCMapStringA
0x140c0f408 LCMapStringW
0x140c0f410 SetHandleCount
0x140c0f418 GetStdHandle
0x140c0f420 GetFileType
0x140c0f428 GetStartupInfoA
0x140c0f430 GetModuleFileNameA
0x140c0f438 FreeEnvironmentStringsA
0x140c0f440 GetEnvironmentStrings
0x140c0f448 FreeEnvironmentStringsW
0x140c0f450 GetEnvironmentStringsW
0x140c0f458 HeapSetInformation
0x140c0f460 HeapCreate
0x140c0f468 HeapDestroy
0x140c0f470 QueryPerformanceCounter
0x140c0f478 GetStringTypeA
0x140c0f480 GetStringTypeW
0x140c0f488 GetLocaleInfoA
0x140c0f490 HeapSize
0x140c0f498 WriteFile
0x140c0f4a0 SetFilePointer
0x140c0f4a8 GetConsoleCP
0x140c0f4b0 GetConsoleMode
0x140c0f4b8 HeapReAlloc
0x140c0f4c0 InitializeCriticalSectionAndSpinCount
0x140c0f4c8 SetStdHandle
0x140c0f4d0 WriteConsoleA
0x140c0f4d8 GetConsoleOutputCP
0x140c0f4e0 WriteConsoleW
0x140c0f4e8 CreateFileA
EAT(Export Address Table) is none
msvcrt.dll
0x140c0f000 __C_specific_handler
0x140c0f008 __getmainargs
0x140c0f010 __initenv
0x140c0f018 __iob_func
0x140c0f020 __set_app_type
0x140c0f028 __setusermatherr
0x140c0f030 _amsg_exit
0x140c0f038 _cexit
0x140c0f040 _commode
0x140c0f048 _fmode
0x140c0f050 _initterm
0x140c0f058 _onexit
0x140c0f060 _time64
0x140c0f068 _wcsicmp
0x140c0f070 _wcsnicmp
0x140c0f078 abort
0x140c0f080 calloc
0x140c0f088 exit
0x140c0f090 fprintf
0x140c0f098 free
0x140c0f0a0 fwrite
0x140c0f0a8 malloc
0x140c0f0b0 memcpy
0x140c0f0b8 memset
0x140c0f0c0 rand
0x140c0f0c8 signal
0x140c0f0d0 srand
0x140c0f0d8 strcat
0x140c0f0e0 strcpy
0x140c0f0e8 strlen
0x140c0f0f0 strncmp
0x140c0f0f8 strstr
0x140c0f100 vfprintf
0x140c0f108 wcscat
0x140c0f110 wcscpy
0x140c0f118 wcslen
0x140c0f120 wcsncmp
0x140c0f128 wcsstr
KERNEL32.dll
0x140c0f138 DeleteCriticalSection
0x140c0f140 EnterCriticalSection
0x140c0f148 GetLastError
0x140c0f150 InitializeCriticalSection
0x140c0f158 LeaveCriticalSection
0x140c0f160 SetUnhandledExceptionFilter
0x140c0f168 Sleep
0x140c0f170 TlsGetValue
0x140c0f178 VirtualProtect
0x140c0f180 VirtualQuery
KERNEL32.dll
0x140c0f190 GetSystemTimeAsFileTime
0x140c0f198 CreateEventA
0x140c0f1a0 GetModuleHandleA
0x140c0f1a8 TerminateProcess
0x140c0f1b0 GetCurrentProcess
0x140c0f1b8 CreateToolhelp32Snapshot
0x140c0f1c0 Thread32First
0x140c0f1c8 GetCurrentProcessId
0x140c0f1d0 GetCurrentThreadId
0x140c0f1d8 OpenThread
0x140c0f1e0 Thread32Next
0x140c0f1e8 CloseHandle
0x140c0f1f0 SuspendThread
0x140c0f1f8 ResumeThread
0x140c0f200 WriteProcessMemory
0x140c0f208 GetSystemInfo
0x140c0f210 VirtualAlloc
0x140c0f218 VirtualProtect
0x140c0f220 VirtualFree
0x140c0f228 GetProcessAffinityMask
0x140c0f230 SetProcessAffinityMask
0x140c0f238 GetCurrentThread
0x140c0f240 SetThreadAffinityMask
0x140c0f248 Sleep
0x140c0f250 LoadLibraryA
0x140c0f258 FreeLibrary
0x140c0f260 GetTickCount
0x140c0f268 SystemTimeToFileTime
0x140c0f270 FileTimeToSystemTime
0x140c0f278 GlobalFree
0x140c0f280 HeapAlloc
0x140c0f288 HeapFree
0x140c0f290 GetProcAddress
0x140c0f298 ExitProcess
0x140c0f2a0 EnterCriticalSection
0x140c0f2a8 LeaveCriticalSection
0x140c0f2b0 InitializeCriticalSection
0x140c0f2b8 DeleteCriticalSection
0x140c0f2c0 MultiByteToWideChar
0x140c0f2c8 GetModuleHandleW
0x140c0f2d0 LoadResource
0x140c0f2d8 FindResourceExW
0x140c0f2e0 FindResourceExA
0x140c0f2e8 WideCharToMultiByte
0x140c0f2f0 GetThreadLocale
0x140c0f2f8 GetUserDefaultLCID
0x140c0f300 GetSystemDefaultLCID
0x140c0f308 EnumResourceNamesA
0x140c0f310 EnumResourceNamesW
0x140c0f318 EnumResourceLanguagesA
0x140c0f320 EnumResourceLanguagesW
0x140c0f328 EnumResourceTypesA
0x140c0f330 EnumResourceTypesW
0x140c0f338 CreateFileW
0x140c0f340 LoadLibraryW
0x140c0f348 GetLastError
0x140c0f350 FlushFileBuffers
0x140c0f358 FlsSetValue
0x140c0f360 GetCommandLineA
0x140c0f368 GetCPInfo
0x140c0f370 GetACP
0x140c0f378 GetOEMCP
0x140c0f380 IsValidCodePage
0x140c0f388 EncodePointer
0x140c0f390 DecodePointer
0x140c0f398 FlsGetValue
0x140c0f3a0 FlsFree
0x140c0f3a8 SetLastError
0x140c0f3b0 FlsAlloc
0x140c0f3b8 UnhandledExceptionFilter
0x140c0f3c0 SetUnhandledExceptionFilter
0x140c0f3c8 IsDebuggerPresent
0x140c0f3d0 RtlVirtualUnwind
0x140c0f3d8 RtlLookupFunctionEntry
0x140c0f3e0 RtlCaptureContext
0x140c0f3e8 RaiseException
0x140c0f3f0 RtlPcToFileHeader
0x140c0f3f8 RtlUnwindEx
0x140c0f400 LCMapStringA
0x140c0f408 LCMapStringW
0x140c0f410 SetHandleCount
0x140c0f418 GetStdHandle
0x140c0f420 GetFileType
0x140c0f428 GetStartupInfoA
0x140c0f430 GetModuleFileNameA
0x140c0f438 FreeEnvironmentStringsA
0x140c0f440 GetEnvironmentStrings
0x140c0f448 FreeEnvironmentStringsW
0x140c0f450 GetEnvironmentStringsW
0x140c0f458 HeapSetInformation
0x140c0f460 HeapCreate
0x140c0f468 HeapDestroy
0x140c0f470 QueryPerformanceCounter
0x140c0f478 GetStringTypeA
0x140c0f480 GetStringTypeW
0x140c0f488 GetLocaleInfoA
0x140c0f490 HeapSize
0x140c0f498 WriteFile
0x140c0f4a0 SetFilePointer
0x140c0f4a8 GetConsoleCP
0x140c0f4b0 GetConsoleMode
0x140c0f4b8 HeapReAlloc
0x140c0f4c0 InitializeCriticalSectionAndSpinCount
0x140c0f4c8 SetStdHandle
0x140c0f4d0 WriteConsoleA
0x140c0f4d8 GetConsoleOutputCP
0x140c0f4e0 WriteConsoleW
0x140c0f4e8 CreateFileA
EAT(Export Address Table) is none