ScreenShot
| Created | 2025.03.08 12:46 | Machine | s1_win7_x6403 |
| Filename | 2qv26zF.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 17 detected (AIDetectMalware, Artemis, Unsafe, Save, malicious, confidence, 100%, Attribute, HighConfidence, FileRepMalware, Misc, AMADEY, YXFCHZ, Sonbokli) | ||
| md5 | 903eb4bcb7f7479a651a0813e69ffad9 | ||
| sha256 | ca418ccff111b4ce22e4d4c67669ecb8fa3e03d6113d6ff21f3e580bbc994c0d | ||
| ssdeep | 12288:Gg4sLVk2xowPof5wfQyMRgiKXiMLX2jU3ced0RfZUZhSocM6R4C+eN1v4lGb:k6xow4NyMR3ALX2jrfZ1o23+S | ||
| imphash | 3715030a9a5996c3efc589f0b8d67ffe | ||
| impfuzzy | 48:yVSyHrGOAN8ZgY0teS1JIc+pNa2tBRr7KCNcE:iHrGJ+z0teS1JIc+pN7L7zaE | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140011020 SetLastError
0x140011028 GetCommandLineW
0x140011030 GetCurrentProcess
0x140011038 GetConsoleOutputCP
0x140011040 GetThreadErrorMode
0x140011048 GetModuleHandleExW
0x140011050 GetShortPathNameW
0x140011058 DeviceIoControl
0x140011060 VirtualAlloc
0x140011068 GetModuleFileNameW
0x140011070 GetConsoleCP
0x140011078 GetThreadLocale
0x140011080 SetErrorMode
0x140011088 GetEnvironmentVariableW
0x140011090 lstrlenA
0x140011098 LocalAlloc
0x1400110a0 GetSystemDefaultLangID
0x1400110a8 Sleep
0x1400110b0 GetTickCount64
0x1400110b8 GetLastError
0x1400110c0 GetMaximumProcessorGroupCount
0x1400110c8 GetLogicalDrives
0x1400110d0 lstrcatW
0x1400110d8 TlsAlloc
0x1400110e0 LockResource
0x1400110e8 GlobalAlloc
0x1400110f0 CloseHandle
0x1400110f8 CreateThreadpoolCleanupGroup
0x140011100 FreeConsole
0x140011108 LoadResource
0x140011110 FindResourceW
0x140011118 SwitchToThread
0x140011120 IsThreadAFiber
0x140011128 LocalFree
0x140011130 SetFileApisToOEM
0x140011138 ExitProcess
0x140011140 lstrcpyW
0x140011148 IsDebuggerPresent
0x140011150 WriteConsoleW
0x140011158 CreateFileW
0x140011160 SetFilePointerEx
0x140011168 GetConsoleAliasExesLengthW
0x140011170 SizeofResource
0x140011178 GetUserDefaultLCID
0x140011180 AreFileApisANSI
0x140011188 GetConsoleMode
0x140011190 FlushFileBuffers
0x140011198 HeapReAlloc
0x1400111a0 HeapSize
0x1400111a8 RtlCaptureContext
0x1400111b0 RtlLookupFunctionEntry
0x1400111b8 RtlVirtualUnwind
0x1400111c0 UnhandledExceptionFilter
0x1400111c8 SetUnhandledExceptionFilter
0x1400111d0 TerminateProcess
0x1400111d8 IsProcessorFeaturePresent
0x1400111e0 QueryPerformanceCounter
0x1400111e8 GetCurrentProcessId
0x1400111f0 GetCurrentThreadId
0x1400111f8 GetSystemTimeAsFileTime
0x140011200 InitializeSListHead
0x140011208 GetStartupInfoW
0x140011210 GetModuleHandleW
0x140011218 RtlUnwindEx
0x140011220 EnterCriticalSection
0x140011228 LeaveCriticalSection
0x140011230 DeleteCriticalSection
0x140011238 InitializeCriticalSectionAndSpinCount
0x140011240 TlsGetValue
0x140011248 TlsSetValue
0x140011250 TlsFree
0x140011258 FreeLibrary
0x140011260 GetProcAddress
0x140011268 LoadLibraryExW
0x140011270 GetStdHandle
0x140011278 WriteFile
0x140011280 HeapFree
0x140011288 HeapAlloc
0x140011290 FindClose
0x140011298 FindFirstFileExW
0x1400112a0 FindNextFileW
0x1400112a8 IsValidCodePage
0x1400112b0 GetACP
0x1400112b8 GetOEMCP
0x1400112c0 GetCPInfo
0x1400112c8 GetCommandLineA
0x1400112d0 MultiByteToWideChar
0x1400112d8 WideCharToMultiByte
0x1400112e0 GetEnvironmentStringsW
0x1400112e8 FreeEnvironmentStringsW
0x1400112f0 SetStdHandle
0x1400112f8 GetFileType
0x140011300 GetStringTypeW
0x140011308 LCMapStringW
0x140011310 GetProcessHeap
0x140011318 RaiseException
USER32.dll
0x140011358 GetPropW
0x140011360 GetDesktopWindow
WINSPOOL.DRV
0x140011370 GetPrinterDataA
ADVAPI32.dll
0x140011000 OpenProcessToken
0x140011008 GetTokenInformation
0x140011010 GetSidSubAuthority
SHELL32.dll
0x140011328 ShellExecuteExW
0x140011330 ShellExecuteW
0x140011338 None
SHLWAPI.dll
0x140011348 StrStrA
EAT(Export Address Table) is none
KERNEL32.dll
0x140011020 SetLastError
0x140011028 GetCommandLineW
0x140011030 GetCurrentProcess
0x140011038 GetConsoleOutputCP
0x140011040 GetThreadErrorMode
0x140011048 GetModuleHandleExW
0x140011050 GetShortPathNameW
0x140011058 DeviceIoControl
0x140011060 VirtualAlloc
0x140011068 GetModuleFileNameW
0x140011070 GetConsoleCP
0x140011078 GetThreadLocale
0x140011080 SetErrorMode
0x140011088 GetEnvironmentVariableW
0x140011090 lstrlenA
0x140011098 LocalAlloc
0x1400110a0 GetSystemDefaultLangID
0x1400110a8 Sleep
0x1400110b0 GetTickCount64
0x1400110b8 GetLastError
0x1400110c0 GetMaximumProcessorGroupCount
0x1400110c8 GetLogicalDrives
0x1400110d0 lstrcatW
0x1400110d8 TlsAlloc
0x1400110e0 LockResource
0x1400110e8 GlobalAlloc
0x1400110f0 CloseHandle
0x1400110f8 CreateThreadpoolCleanupGroup
0x140011100 FreeConsole
0x140011108 LoadResource
0x140011110 FindResourceW
0x140011118 SwitchToThread
0x140011120 IsThreadAFiber
0x140011128 LocalFree
0x140011130 SetFileApisToOEM
0x140011138 ExitProcess
0x140011140 lstrcpyW
0x140011148 IsDebuggerPresent
0x140011150 WriteConsoleW
0x140011158 CreateFileW
0x140011160 SetFilePointerEx
0x140011168 GetConsoleAliasExesLengthW
0x140011170 SizeofResource
0x140011178 GetUserDefaultLCID
0x140011180 AreFileApisANSI
0x140011188 GetConsoleMode
0x140011190 FlushFileBuffers
0x140011198 HeapReAlloc
0x1400111a0 HeapSize
0x1400111a8 RtlCaptureContext
0x1400111b0 RtlLookupFunctionEntry
0x1400111b8 RtlVirtualUnwind
0x1400111c0 UnhandledExceptionFilter
0x1400111c8 SetUnhandledExceptionFilter
0x1400111d0 TerminateProcess
0x1400111d8 IsProcessorFeaturePresent
0x1400111e0 QueryPerformanceCounter
0x1400111e8 GetCurrentProcessId
0x1400111f0 GetCurrentThreadId
0x1400111f8 GetSystemTimeAsFileTime
0x140011200 InitializeSListHead
0x140011208 GetStartupInfoW
0x140011210 GetModuleHandleW
0x140011218 RtlUnwindEx
0x140011220 EnterCriticalSection
0x140011228 LeaveCriticalSection
0x140011230 DeleteCriticalSection
0x140011238 InitializeCriticalSectionAndSpinCount
0x140011240 TlsGetValue
0x140011248 TlsSetValue
0x140011250 TlsFree
0x140011258 FreeLibrary
0x140011260 GetProcAddress
0x140011268 LoadLibraryExW
0x140011270 GetStdHandle
0x140011278 WriteFile
0x140011280 HeapFree
0x140011288 HeapAlloc
0x140011290 FindClose
0x140011298 FindFirstFileExW
0x1400112a0 FindNextFileW
0x1400112a8 IsValidCodePage
0x1400112b0 GetACP
0x1400112b8 GetOEMCP
0x1400112c0 GetCPInfo
0x1400112c8 GetCommandLineA
0x1400112d0 MultiByteToWideChar
0x1400112d8 WideCharToMultiByte
0x1400112e0 GetEnvironmentStringsW
0x1400112e8 FreeEnvironmentStringsW
0x1400112f0 SetStdHandle
0x1400112f8 GetFileType
0x140011300 GetStringTypeW
0x140011308 LCMapStringW
0x140011310 GetProcessHeap
0x140011318 RaiseException
USER32.dll
0x140011358 GetPropW
0x140011360 GetDesktopWindow
WINSPOOL.DRV
0x140011370 GetPrinterDataA
ADVAPI32.dll
0x140011000 OpenProcessToken
0x140011008 GetTokenInformation
0x140011010 GetSidSubAuthority
SHELL32.dll
0x140011328 ShellExecuteExW
0x140011330 ShellExecuteW
0x140011338 None
SHLWAPI.dll
0x140011348 StrStrA
EAT(Export Address Table) is none