ScreenShot
| Created | 2025.03.26 11:13 | Machine | s1_win7_x6403 |
| Filename | 01.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 39 detected (AIDetectMalware, GenericKDS, Unsafe, GenericS, GenKryptik, AGen, Malicious, MalwareX, score, SelfDel, iwdt, Convagent, CLOUD, bnycd, AMADEY, YXFCYZ, Detected, ABTrojan, QEKU, Artemis, Chgt) | ||
| md5 | fd8a441c0c1f1f468aac1698c9518943 | ||
| sha256 | 2ffc4357ff4a4be72a3961540de2c659579e6b41c845166aeba9f910779e34b9 | ||
| ssdeep | 49152:gVXMllT7gBYKSEaBTNB8aSmhhhcylwiZ7gJKTSTb:L7gBYKS7BJrf7gJKTSX | ||
| imphash | c963e6c673dcf8e8a8db4beb194beaf6 | ||
| impfuzzy | 48:ntMjgO39LnM1bpXHRfP0cJOh0lJGV7koqtD:ntIgEZn6bpXHRfP0cJOh0lJGJRqtD | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x6044c0 AddVectoredExceptionHandler
0x6044c8 CancelIo
0x6044d0 CloseHandle
0x6044d8 CompareStringOrdinal
0x6044e0 CreateDirectoryW
0x6044e8 CreateEventW
0x6044f0 CreateFileMappingA
0x6044f8 CreateFileW
0x604500 CreateNamedPipeW
0x604508 CreateProcessW
0x604510 CreateThread
0x604518 CreateToolhelp32Snapshot
0x604520 DeleteFileW
0x604528 DuplicateHandle
0x604530 FindClose
0x604538 FindFirstFileExW
0x604540 FormatMessageW
0x604548 FreeEnvironmentStringsW
0x604550 GetConsoleMode
0x604558 GetConsoleOutputCP
0x604560 GetCurrentDirectoryW
0x604568 GetCurrentProcess
0x604570 GetCurrentProcessId
0x604578 GetCurrentThread
0x604580 GetEnvironmentStringsW
0x604588 GetEnvironmentVariableW
0x604590 GetExitCodeProcess
0x604598 GetFileAttributesA
0x6045a0 GetFileAttributesW
0x6045a8 GetFileInformationByHandle
0x6045b0 GetFileInformationByHandleEx
0x6045b8 GetFullPathNameW
0x6045c0 GetLastError
0x6045c8 GetModuleFileNameW
0x6045d0 GetModuleHandleA
0x6045d8 GetModuleHandleW
0x6045e0 GetOverlappedResult
0x6045e8 GetProcAddress
0x6045f0 GetProcessHeap
0x6045f8 GetStartupInfoA
0x604600 GetStdHandle
0x604608 GetSystemDirectoryW
0x604610 GetWindowsDirectoryW
0x604618 HeapAlloc
0x604620 HeapFree
0x604628 HeapReAlloc
0x604630 InitOnceBeginInitialize
0x604638 InitOnceComplete
0x604640 MapViewOfFile
0x604648 Module32FirstW
0x604650 Module32NextW
0x604658 MultiByteToWideChar
0x604660 ReadFile
0x604668 ReadFileEx
0x604670 RtlCaptureContext
0x604678 RtlLookupFunctionEntry
0x604680 RtlVirtualUnwind
0x604688 SetFileAttributesA
0x604690 SetFileInformationByHandle
0x604698 SetLastError
0x6046a0 SetThreadStackGuarantee
0x6046a8 SetUnhandledExceptionFilter
0x6046b0 Sleep
0x6046b8 SleepEx
0x6046c0 TlsAlloc
0x6046c8 TlsFree
0x6046d0 TlsGetValue
0x6046d8 TlsSetValue
0x6046e0 UnmapViewOfFile
0x6046e8 WaitForMultipleObjects
0x6046f0 WaitForSingleObject
0x6046f8 WriteConsoleW
0x604700 WriteFileEx
SHELL32.dll
0x604710 ShellExecuteA
api-ms-win-core-synch-l1-2-0.dll
0x604720 WaitOnAddress
0x604728 WakeByAddressAll
0x604730 WakeByAddressSingle
cryptprimitives.dll
0x604740 ProcessPrng
KERNEL32.dll
0x604750 DeleteCriticalSection
0x604758 EnterCriticalSection
0x604760 GetCurrentThreadId
0x604768 GetSystemTimeAsFileTime
0x604770 GetTickCount
0x604778 InitializeCriticalSection
0x604780 LeaveCriticalSection
0x604788 QueryPerformanceCounter
0x604790 RaiseException
0x604798 RtlAddFunctionTable
0x6047a0 RtlUnwindEx
0x6047a8 TerminateProcess
0x6047b0 UnhandledExceptionFilter
0x6047b8 VirtualProtect
0x6047c0 VirtualQuery
0x6047c8 __C_specific_handler
msvcrt.dll
0x6047d8 __getmainargs
0x6047e0 __initenv
0x6047e8 __iob_func
0x6047f0 __lconv_init
0x6047f8 __set_app_type
0x604800 __setusermatherr
0x604808 _acmdln
0x604810 _amsg_exit
0x604818 _cexit
0x604820 _fmode
0x604828 _fpreset
0x604830 _initterm
0x604838 _onexit
0x604840 abort
0x604848 calloc
0x604850 exit
0x604858 fprintf
0x604860 free
0x604868 fwrite
0x604870 malloc
0x604878 memcmp
0x604880 memcpy
0x604888 memmove
0x604890 memset
0x604898 signal
0x6048a0 strlen
0x6048a8 strncmp
0x6048b0 vfprintf
ntdll.dll
0x6048c0 NtReadFile
0x6048c8 NtWriteFile
0x6048d0 RtlNtStatusToDosError
EAT(Export Address Table) is none
KERNEL32.dll
0x6044c0 AddVectoredExceptionHandler
0x6044c8 CancelIo
0x6044d0 CloseHandle
0x6044d8 CompareStringOrdinal
0x6044e0 CreateDirectoryW
0x6044e8 CreateEventW
0x6044f0 CreateFileMappingA
0x6044f8 CreateFileW
0x604500 CreateNamedPipeW
0x604508 CreateProcessW
0x604510 CreateThread
0x604518 CreateToolhelp32Snapshot
0x604520 DeleteFileW
0x604528 DuplicateHandle
0x604530 FindClose
0x604538 FindFirstFileExW
0x604540 FormatMessageW
0x604548 FreeEnvironmentStringsW
0x604550 GetConsoleMode
0x604558 GetConsoleOutputCP
0x604560 GetCurrentDirectoryW
0x604568 GetCurrentProcess
0x604570 GetCurrentProcessId
0x604578 GetCurrentThread
0x604580 GetEnvironmentStringsW
0x604588 GetEnvironmentVariableW
0x604590 GetExitCodeProcess
0x604598 GetFileAttributesA
0x6045a0 GetFileAttributesW
0x6045a8 GetFileInformationByHandle
0x6045b0 GetFileInformationByHandleEx
0x6045b8 GetFullPathNameW
0x6045c0 GetLastError
0x6045c8 GetModuleFileNameW
0x6045d0 GetModuleHandleA
0x6045d8 GetModuleHandleW
0x6045e0 GetOverlappedResult
0x6045e8 GetProcAddress
0x6045f0 GetProcessHeap
0x6045f8 GetStartupInfoA
0x604600 GetStdHandle
0x604608 GetSystemDirectoryW
0x604610 GetWindowsDirectoryW
0x604618 HeapAlloc
0x604620 HeapFree
0x604628 HeapReAlloc
0x604630 InitOnceBeginInitialize
0x604638 InitOnceComplete
0x604640 MapViewOfFile
0x604648 Module32FirstW
0x604650 Module32NextW
0x604658 MultiByteToWideChar
0x604660 ReadFile
0x604668 ReadFileEx
0x604670 RtlCaptureContext
0x604678 RtlLookupFunctionEntry
0x604680 RtlVirtualUnwind
0x604688 SetFileAttributesA
0x604690 SetFileInformationByHandle
0x604698 SetLastError
0x6046a0 SetThreadStackGuarantee
0x6046a8 SetUnhandledExceptionFilter
0x6046b0 Sleep
0x6046b8 SleepEx
0x6046c0 TlsAlloc
0x6046c8 TlsFree
0x6046d0 TlsGetValue
0x6046d8 TlsSetValue
0x6046e0 UnmapViewOfFile
0x6046e8 WaitForMultipleObjects
0x6046f0 WaitForSingleObject
0x6046f8 WriteConsoleW
0x604700 WriteFileEx
SHELL32.dll
0x604710 ShellExecuteA
api-ms-win-core-synch-l1-2-0.dll
0x604720 WaitOnAddress
0x604728 WakeByAddressAll
0x604730 WakeByAddressSingle
cryptprimitives.dll
0x604740 ProcessPrng
KERNEL32.dll
0x604750 DeleteCriticalSection
0x604758 EnterCriticalSection
0x604760 GetCurrentThreadId
0x604768 GetSystemTimeAsFileTime
0x604770 GetTickCount
0x604778 InitializeCriticalSection
0x604780 LeaveCriticalSection
0x604788 QueryPerformanceCounter
0x604790 RaiseException
0x604798 RtlAddFunctionTable
0x6047a0 RtlUnwindEx
0x6047a8 TerminateProcess
0x6047b0 UnhandledExceptionFilter
0x6047b8 VirtualProtect
0x6047c0 VirtualQuery
0x6047c8 __C_specific_handler
msvcrt.dll
0x6047d8 __getmainargs
0x6047e0 __initenv
0x6047e8 __iob_func
0x6047f0 __lconv_init
0x6047f8 __set_app_type
0x604800 __setusermatherr
0x604808 _acmdln
0x604810 _amsg_exit
0x604818 _cexit
0x604820 _fmode
0x604828 _fpreset
0x604830 _initterm
0x604838 _onexit
0x604840 abort
0x604848 calloc
0x604850 exit
0x604858 fprintf
0x604860 free
0x604868 fwrite
0x604870 malloc
0x604878 memcmp
0x604880 memcpy
0x604888 memmove
0x604890 memset
0x604898 signal
0x6048a0 strlen
0x6048a8 strncmp
0x6048b0 vfprintf
ntdll.dll
0x6048c0 NtReadFile
0x6048c8 NtWriteFile
0x6048d0 RtlNtStatusToDosError
EAT(Export Address Table) is none