ScreenShot
| Created | 2025.03.16 09:26 | Machine | s1_win7_x6401 |
| Filename | 9JFiKVm.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 37 detected (AIDetectMalware, DInvoke, Ghanarava, Unsafe, GenericKD, malicious, confidence, 100%, high confidence, DropperX, Kryptik, uwjBmdR2kNT, Detected, Convagent, Wacatac, ABTrojan, WLPC, Sonbokli, R695729, Artemis, AntiAnalysis, PE04C9V, susgen, GenKryptik, HHGJ, Chgt) | ||
| md5 | 25f00b7c2ff3ae44d849863c1e47b096 | ||
| sha256 | 0a7602edc5309eb0683609f1e54bc11052e046b2b3f61f64397526fa935d7c6d | ||
| ssdeep | 12288:7AJ0SiRi56OkEAmD5ZPfrzp+5ifMNVbVciqzSsEO:U0S496z8o6bciPst | ||
| imphash | c20b211897fc2b6d9fa32b006a00ef15 | ||
| impfuzzy | 24:k02tMS1GBgdlJeDc+pl3eDoMmoEOovbOuMrv2FRZHu9YRjx:stMS1GBgic+ppHc3xat | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140014000 GetModuleFileNameA
0x140014008 GetModuleHandleW
0x140014010 WriteConsoleW
0x140014018 RtlCaptureContext
0x140014020 RtlLookupFunctionEntry
0x140014028 RtlVirtualUnwind
0x140014030 UnhandledExceptionFilter
0x140014038 SetUnhandledExceptionFilter
0x140014040 GetCurrentProcess
0x140014048 TerminateProcess
0x140014050 IsProcessorFeaturePresent
0x140014058 QueryPerformanceCounter
0x140014060 GetCurrentProcessId
0x140014068 GetCurrentThreadId
0x140014070 GetSystemTimeAsFileTime
0x140014078 InitializeSListHead
0x140014080 IsDebuggerPresent
0x140014088 GetStartupInfoW
0x140014090 RtlUnwindEx
0x140014098 RtlPcToFileHeader
0x1400140a0 RaiseException
0x1400140a8 GetLastError
0x1400140b0 SetLastError
0x1400140b8 EncodePointer
0x1400140c0 EnterCriticalSection
0x1400140c8 LeaveCriticalSection
0x1400140d0 DeleteCriticalSection
0x1400140d8 InitializeCriticalSectionAndSpinCount
0x1400140e0 TlsAlloc
0x1400140e8 TlsGetValue
0x1400140f0 TlsSetValue
0x1400140f8 TlsFree
0x140014100 FreeLibrary
0x140014108 GetProcAddress
0x140014110 LoadLibraryExW
0x140014118 ReadFile
0x140014120 GetStdHandle
0x140014128 WriteFile
0x140014130 GetModuleFileNameW
0x140014138 ExitProcess
0x140014140 GetModuleHandleExW
0x140014148 GetCommandLineA
0x140014150 GetCommandLineW
0x140014158 SetFilePointerEx
0x140014160 GetConsoleMode
0x140014168 ReadConsoleW
0x140014170 GetFileType
0x140014178 HeapFree
0x140014180 CloseHandle
0x140014188 HeapAlloc
0x140014190 FindClose
0x140014198 FindFirstFileExW
0x1400141a0 FindNextFileW
0x1400141a8 IsValidCodePage
0x1400141b0 GetACP
0x1400141b8 GetOEMCP
0x1400141c0 GetCPInfo
0x1400141c8 MultiByteToWideChar
0x1400141d0 WideCharToMultiByte
0x1400141d8 GetEnvironmentStringsW
0x1400141e0 FreeEnvironmentStringsW
0x1400141e8 SetEnvironmentVariableW
0x1400141f0 SetStdHandle
0x1400141f8 GetStringTypeW
0x140014200 FlsAlloc
0x140014208 FlsGetValue
0x140014210 FlsSetValue
0x140014218 FlsFree
0x140014220 CompareStringW
0x140014228 LCMapStringW
0x140014230 GetProcessHeap
0x140014238 CreateFileW
0x140014240 FlushFileBuffers
0x140014248 GetConsoleOutputCP
0x140014250 HeapSize
0x140014258 HeapReAlloc
0x140014260 SetEndOfFile
EAT(Export Address Table) is none
KERNEL32.dll
0x140014000 GetModuleFileNameA
0x140014008 GetModuleHandleW
0x140014010 WriteConsoleW
0x140014018 RtlCaptureContext
0x140014020 RtlLookupFunctionEntry
0x140014028 RtlVirtualUnwind
0x140014030 UnhandledExceptionFilter
0x140014038 SetUnhandledExceptionFilter
0x140014040 GetCurrentProcess
0x140014048 TerminateProcess
0x140014050 IsProcessorFeaturePresent
0x140014058 QueryPerformanceCounter
0x140014060 GetCurrentProcessId
0x140014068 GetCurrentThreadId
0x140014070 GetSystemTimeAsFileTime
0x140014078 InitializeSListHead
0x140014080 IsDebuggerPresent
0x140014088 GetStartupInfoW
0x140014090 RtlUnwindEx
0x140014098 RtlPcToFileHeader
0x1400140a0 RaiseException
0x1400140a8 GetLastError
0x1400140b0 SetLastError
0x1400140b8 EncodePointer
0x1400140c0 EnterCriticalSection
0x1400140c8 LeaveCriticalSection
0x1400140d0 DeleteCriticalSection
0x1400140d8 InitializeCriticalSectionAndSpinCount
0x1400140e0 TlsAlloc
0x1400140e8 TlsGetValue
0x1400140f0 TlsSetValue
0x1400140f8 TlsFree
0x140014100 FreeLibrary
0x140014108 GetProcAddress
0x140014110 LoadLibraryExW
0x140014118 ReadFile
0x140014120 GetStdHandle
0x140014128 WriteFile
0x140014130 GetModuleFileNameW
0x140014138 ExitProcess
0x140014140 GetModuleHandleExW
0x140014148 GetCommandLineA
0x140014150 GetCommandLineW
0x140014158 SetFilePointerEx
0x140014160 GetConsoleMode
0x140014168 ReadConsoleW
0x140014170 GetFileType
0x140014178 HeapFree
0x140014180 CloseHandle
0x140014188 HeapAlloc
0x140014190 FindClose
0x140014198 FindFirstFileExW
0x1400141a0 FindNextFileW
0x1400141a8 IsValidCodePage
0x1400141b0 GetACP
0x1400141b8 GetOEMCP
0x1400141c0 GetCPInfo
0x1400141c8 MultiByteToWideChar
0x1400141d0 WideCharToMultiByte
0x1400141d8 GetEnvironmentStringsW
0x1400141e0 FreeEnvironmentStringsW
0x1400141e8 SetEnvironmentVariableW
0x1400141f0 SetStdHandle
0x1400141f8 GetStringTypeW
0x140014200 FlsAlloc
0x140014208 FlsGetValue
0x140014210 FlsSetValue
0x140014218 FlsFree
0x140014220 CompareStringW
0x140014228 LCMapStringW
0x140014230 GetProcessHeap
0x140014238 CreateFileW
0x140014240 FlushFileBuffers
0x140014248 GetConsoleOutputCP
0x140014250 HeapSize
0x140014258 HeapReAlloc
0x140014260 SetEndOfFile
EAT(Export Address Table) is none