ScreenShot
| Created | 2025.03.10 10:16 | Machine | s1_win7_x6403 |
| Filename | HHPgDSI.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetectMalware, Zenpak, Malicious, score, Artemis, GenericKD, Unsafe, Kryptik, Verj, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, HGWG, PWSX, fmfo, kvzxfi, 13FByKno5iN, Nekark, sbdyl, Lumma, LUMMASTEALER, YXFCCZ, moderate, Detected, Lummac, 6SI1FA, ABTrojan, FKBF, R694727, Krypt, Gencirc, susgen, HGTB, Wacatac, B9nj) | ||
| md5 | accdbd5044408c82c19c977829713e4f | ||
| sha256 | dfa2ab0714c9f234b63fd1295ce468bd247465701a90b8a9ab9eb3d6d032d258 | ||
| ssdeep | 98304:fYRhnYdlvIib45D+ZicbrZRutIvD0wi9Q1Tjr+RTO7EC5pqQ5eoQQMgX3Q6jEd8O:5H8QK2GcJL | ||
| imphash | 2b3730cda46affc8837a7df18591704a | ||
| impfuzzy | 12:jOovikJEgRCPBZGD5DoAGKR0NkvuaZwDD7QH/0o:jOovi6EUCPg5Do1LaZw3kf0o | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xb6f000 GetCommandLineA
0xb6f004 GetEnvironmentStringsW
0xb6f008 GetTempPathW
0xb6f00c GetLastError
0xb6f010 HeapAlloc
0xb6f014 HeapFree
0xb6f018 GetProcessHeap
0xb6f01c SetCriticalSectionSpinCount
0xb6f020 Sleep
0xb6f024 GetCurrentProcess
0xb6f028 ExitProcess
0xb6f02c GetSystemInfo
0xb6f030 GetVersion
0xb6f034 GetTickCount
0xb6f038 GetModuleFileNameW
0xb6f03c GetModuleHandleW
0xb6f040 GetProcAddress
0xb6f044 LoadLibraryW
0xb6f048 GlobalAlloc
0xb6f04c GlobalFree
0xb6f050 MultiByteToWideChar
0xb6f054 ConvertDefaultLocale
USER32.dll
0xb6f05c IsWindowVisible
0xb6f060 GetWindowContextHelpId
0xb6f064 MessageBoxA
0xb6f068 GetWindowLongW
0xb6f06c IsDialogMessageW
0xb6f070 RegisterClassW
EAT(Export Address Table) is none
KERNEL32.dll
0xb6f000 GetCommandLineA
0xb6f004 GetEnvironmentStringsW
0xb6f008 GetTempPathW
0xb6f00c GetLastError
0xb6f010 HeapAlloc
0xb6f014 HeapFree
0xb6f018 GetProcessHeap
0xb6f01c SetCriticalSectionSpinCount
0xb6f020 Sleep
0xb6f024 GetCurrentProcess
0xb6f028 ExitProcess
0xb6f02c GetSystemInfo
0xb6f030 GetVersion
0xb6f034 GetTickCount
0xb6f038 GetModuleFileNameW
0xb6f03c GetModuleHandleW
0xb6f040 GetProcAddress
0xb6f044 LoadLibraryW
0xb6f048 GlobalAlloc
0xb6f04c GlobalFree
0xb6f050 MultiByteToWideChar
0xb6f054 ConvertDefaultLocale
USER32.dll
0xb6f05c IsWindowVisible
0xb6f060 GetWindowContextHelpId
0xb6f064 MessageBoxA
0xb6f068 GetWindowLongW
0xb6f06c IsDialogMessageW
0xb6f070 RegisterClassW
EAT(Export Address Table) is none