ScreenShot
| Created | 2025.03.21 10:08 | Machine | s1_win7_x6403 |
| Filename | update.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 43 detected (Convagent, Ghanarava, GenericKD, Unsafe, AGen, MalwareX, smecbt, qqun27upNoH, stabm, AgentAGen, RUSTYSTEALER, YXFCTZ, Generic Reputation PUA, Detected, ABTrojan, YKPK, Artemis, MALICIOUS, Chgt, Gencirc, susgen) | ||
| md5 | 369fb99dbae23164166f27bf37e6fef2 | ||
| sha256 | 82231216bb55678a4bc192c1f0f180121ffc0a6278dcd1d6d9db8bea784ccf6b | ||
| ssdeep | 3072:QH4u04ZWd2RwqL908aj9OrNmm0eiZU++0dFAYIzwpbsN2t86dNvPW6nnH:QHb04ZWdzqp08aj9OOeBNzwpTVuUH | ||
| imphash | 0fe08d485f9fbdde8ce74f7af370f432 | ||
| impfuzzy | 48:aL1wrXp9CFLTkviL19lNnP+ijlPBMQSLMLm:aL2rXpALTkviL19lNnmijHs | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
api-ms-win-core-synch-l1-2-0.dll
0x140029288 WakeByAddressAll
0x140029290 WaitOnAddress
0x140029298 WakeByAddressSingle
cryptprimitives.dll
0x140029390 ProcessPrng
KERNEL32.dll
0x140029000 RtlLookupFunctionEntry
0x140029008 SetUnhandledExceptionFilter
0x140029010 UnhandledExceptionFilter
0x140029018 IsDebuggerPresent
0x140029020 InitializeSListHead
0x140029028 CloseHandle
0x140029030 WaitForMultipleObjects
0x140029038 GetOverlappedResult
0x140029040 GetLastError
0x140029048 WaitForSingleObject
0x140029050 GetExitCodeProcess
0x140029058 AddVectoredExceptionHandler
0x140029060 SetThreadStackGuarantee
0x140029068 GetCurrentThread
0x140029070 HeapFree
0x140029078 HeapReAlloc
0x140029080 GetStdHandle
0x140029088 GetConsoleMode
0x140029090 MultiByteToWideChar
0x140029098 WriteConsoleW
0x1400290a0 GetModuleHandleA
0x1400290a8 GetProcAddress
0x1400290b0 SetLastError
0x1400290b8 GetModuleHandleW
0x1400290c0 FormatMessageW
0x1400290c8 lstrlenW
0x1400290d0 GetEnvironmentVariableW
0x1400290d8 CreateFileW
0x1400290e0 SetFileInformationByHandle
0x1400290e8 GetFullPathNameW
0x1400290f0 CreateDirectoryW
0x1400290f8 GetFileInformationByHandle
0x140029100 GetFileInformationByHandleEx
0x140029108 FindFirstFileW
0x140029110 FindClose
0x140029118 GetEnvironmentStringsW
0x140029120 FreeEnvironmentStringsW
0x140029128 CompareStringOrdinal
0x140029130 GetModuleFileNameW
0x140029138 GetSystemDirectoryW
0x140029140 GetWindowsDirectoryW
0x140029148 CreateProcessW
0x140029150 GetFileAttributesW
0x140029158 GetCurrentProcess
0x140029160 DuplicateHandle
0x140029168 CreateThread
0x140029170 InitializeProcThreadAttributeList
0x140029178 UpdateProcThreadAttribute
0x140029180 DeleteProcThreadAttributeList
0x140029188 GetCurrentProcessId
0x140029190 CreateNamedPipeW
0x140029198 WriteFileEx
0x1400291a0 SleepEx
0x1400291a8 ReadFileEx
0x1400291b0 CreateEventW
0x1400291b8 CancelIo
0x1400291c0 ReadFile
0x1400291c8 HeapAlloc
0x1400291d0 GetProcessHeap
0x1400291d8 GetCurrentDirectoryW
0x1400291e0 RtlCaptureContext
0x1400291e8 IsProcessorFeaturePresent
0x1400291f0 WaitForSingleObjectEx
0x1400291f8 LoadLibraryA
0x140029200 CreateMutexA
0x140029208 ReleaseMutex
0x140029210 RtlVirtualUnwind
0x140029218 WideCharToMultiByte
0x140029220 GetSystemTimeAsFileTime
0x140029228 GetCurrentThreadId
0x140029230 QueryPerformanceCounter
ntdll.dll
0x1400293a0 RtlNtStatusToDosError
0x1400293a8 NtReadFile
0x1400293b0 NtWriteFile
VCRUNTIME140.dll
0x140029240 __current_exception_context
0x140029248 memcpy
0x140029250 __CxxFrameHandler3
0x140029258 memcmp
0x140029260 memset
0x140029268 memmove
0x140029270 __C_specific_handler
0x140029278 __current_exception
api-ms-win-crt-runtime-l1-1-0.dll
0x1400292e0 _initterm
0x1400292e8 __p___argc
0x1400292f0 __p___argv
0x1400292f8 _cexit
0x140029300 _c_exit
0x140029308 _register_thread_local_exe_atexit_callback
0x140029310 _get_initial_narrow_environment
0x140029318 _initterm_e
0x140029320 _configure_narrow_argv
0x140029328 _initialize_onexit_table
0x140029330 _register_onexit_function
0x140029338 _crt_atexit
0x140029340 terminate
0x140029348 _initialize_narrow_environment
0x140029350 _set_app_type
0x140029358 exit
0x140029360 _seh_filter_exe
0x140029368 _exit
api-ms-win-crt-math-l1-1-0.dll
0x1400292d0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140029378 _set_fmode
0x140029380 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1400292c0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1400292a8 _set_new_mode
0x1400292b0 free
EAT(Export Address Table) is none
api-ms-win-core-synch-l1-2-0.dll
0x140029288 WakeByAddressAll
0x140029290 WaitOnAddress
0x140029298 WakeByAddressSingle
cryptprimitives.dll
0x140029390 ProcessPrng
KERNEL32.dll
0x140029000 RtlLookupFunctionEntry
0x140029008 SetUnhandledExceptionFilter
0x140029010 UnhandledExceptionFilter
0x140029018 IsDebuggerPresent
0x140029020 InitializeSListHead
0x140029028 CloseHandle
0x140029030 WaitForMultipleObjects
0x140029038 GetOverlappedResult
0x140029040 GetLastError
0x140029048 WaitForSingleObject
0x140029050 GetExitCodeProcess
0x140029058 AddVectoredExceptionHandler
0x140029060 SetThreadStackGuarantee
0x140029068 GetCurrentThread
0x140029070 HeapFree
0x140029078 HeapReAlloc
0x140029080 GetStdHandle
0x140029088 GetConsoleMode
0x140029090 MultiByteToWideChar
0x140029098 WriteConsoleW
0x1400290a0 GetModuleHandleA
0x1400290a8 GetProcAddress
0x1400290b0 SetLastError
0x1400290b8 GetModuleHandleW
0x1400290c0 FormatMessageW
0x1400290c8 lstrlenW
0x1400290d0 GetEnvironmentVariableW
0x1400290d8 CreateFileW
0x1400290e0 SetFileInformationByHandle
0x1400290e8 GetFullPathNameW
0x1400290f0 CreateDirectoryW
0x1400290f8 GetFileInformationByHandle
0x140029100 GetFileInformationByHandleEx
0x140029108 FindFirstFileW
0x140029110 FindClose
0x140029118 GetEnvironmentStringsW
0x140029120 FreeEnvironmentStringsW
0x140029128 CompareStringOrdinal
0x140029130 GetModuleFileNameW
0x140029138 GetSystemDirectoryW
0x140029140 GetWindowsDirectoryW
0x140029148 CreateProcessW
0x140029150 GetFileAttributesW
0x140029158 GetCurrentProcess
0x140029160 DuplicateHandle
0x140029168 CreateThread
0x140029170 InitializeProcThreadAttributeList
0x140029178 UpdateProcThreadAttribute
0x140029180 DeleteProcThreadAttributeList
0x140029188 GetCurrentProcessId
0x140029190 CreateNamedPipeW
0x140029198 WriteFileEx
0x1400291a0 SleepEx
0x1400291a8 ReadFileEx
0x1400291b0 CreateEventW
0x1400291b8 CancelIo
0x1400291c0 ReadFile
0x1400291c8 HeapAlloc
0x1400291d0 GetProcessHeap
0x1400291d8 GetCurrentDirectoryW
0x1400291e0 RtlCaptureContext
0x1400291e8 IsProcessorFeaturePresent
0x1400291f0 WaitForSingleObjectEx
0x1400291f8 LoadLibraryA
0x140029200 CreateMutexA
0x140029208 ReleaseMutex
0x140029210 RtlVirtualUnwind
0x140029218 WideCharToMultiByte
0x140029220 GetSystemTimeAsFileTime
0x140029228 GetCurrentThreadId
0x140029230 QueryPerformanceCounter
ntdll.dll
0x1400293a0 RtlNtStatusToDosError
0x1400293a8 NtReadFile
0x1400293b0 NtWriteFile
VCRUNTIME140.dll
0x140029240 __current_exception_context
0x140029248 memcpy
0x140029250 __CxxFrameHandler3
0x140029258 memcmp
0x140029260 memset
0x140029268 memmove
0x140029270 __C_specific_handler
0x140029278 __current_exception
api-ms-win-crt-runtime-l1-1-0.dll
0x1400292e0 _initterm
0x1400292e8 __p___argc
0x1400292f0 __p___argv
0x1400292f8 _cexit
0x140029300 _c_exit
0x140029308 _register_thread_local_exe_atexit_callback
0x140029310 _get_initial_narrow_environment
0x140029318 _initterm_e
0x140029320 _configure_narrow_argv
0x140029328 _initialize_onexit_table
0x140029330 _register_onexit_function
0x140029338 _crt_atexit
0x140029340 terminate
0x140029348 _initialize_narrow_environment
0x140029350 _set_app_type
0x140029358 exit
0x140029360 _seh_filter_exe
0x140029368 _exit
api-ms-win-crt-math-l1-1-0.dll
0x1400292d0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140029378 _set_fmode
0x140029380 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1400292c0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1400292a8 _set_new_mode
0x1400292b0 free
EAT(Export Address Table) is none