ScreenShot
| Created | 2025.03.26 11:19 | Machine | s1_win7_x6403 |
| Filename | tK0oYx3.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 51 detected (AIDetectMalware, InjectorNetT, Malicious, score, Ghanarava, Midie, Unsafe, Kryptik, Vp5p, confidence, 100%, Genus, high confidence, CrypterX, GenKryptik, CLOUD, gpyoa, Detected, Wacatac, ABTrojan, GKHD, Zusy, R696935, Artemis, TrojanPSW, Lumma, Chgt, PE04C9V, Gencirc, susgen, HHHH) | ||
| md5 | e3f8c373ee1990eecfc3a762e7f3bc3b | ||
| sha256 | 41b06a71f35f168f8772eb1d2cf420ebcd0afe2259728fd92d5fe4d0ea99ca6a | ||
| ssdeep | 12288:v+78guA7BSXlY7CvfHVgYRur7LHADkNGcqv9R/lQ46qP1wAmorhHc5u1jSZcRfQm:gKFsMoLq9wY/j7RfbXwLI95etSrt | ||
| imphash | d743740f06aa0a325bb5c948f63319ce | ||
| impfuzzy | 24:UYWDCelQtWOovbOGMUD1uOvgmWDQyl3LPOTw07G5u9VJUsO:UYQC5x361PIhbONGxsO | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400c4f18 CloseHandle
0x1400c4f20 CompareStringW
0x1400c4f28 CreateFileA
0x1400c4f30 CreateFileW
0x1400c4f38 DeleteCriticalSection
0x1400c4f40 EncodePointer
0x1400c4f48 EnterCriticalSection
0x1400c4f50 ExitProcess
0x1400c4f58 FindClose
0x1400c4f60 FindFirstFileExW
0x1400c4f68 FindNextFileW
0x1400c4f70 FlsAlloc
0x1400c4f78 FlsFree
0x1400c4f80 FlsGetValue
0x1400c4f88 FlsSetValue
0x1400c4f90 FlushFileBuffers
0x1400c4f98 FreeEnvironmentStringsW
0x1400c4fa0 FreeLibrary
0x1400c4fa8 GetACP
0x1400c4fb0 GetCPInfo
0x1400c4fb8 GetCommandLineA
0x1400c4fc0 GetCommandLineW
0x1400c4fc8 GetConsoleMode
0x1400c4fd0 GetConsoleOutputCP
0x1400c4fd8 GetCurrentProcess
0x1400c4fe0 GetCurrentProcessId
0x1400c4fe8 GetCurrentThreadId
0x1400c4ff0 GetEnvironmentStringsW
0x1400c4ff8 GetFileSize
0x1400c5000 GetFileType
0x1400c5008 GetLastError
0x1400c5010 GetModuleFileNameW
0x1400c5018 GetModuleHandleExW
0x1400c5020 GetModuleHandleW
0x1400c5028 GetOEMCP
0x1400c5030 GetProcAddress
0x1400c5038 GetProcessHeap
0x1400c5040 GetStartupInfoW
0x1400c5048 GetStdHandle
0x1400c5050 GetStringTypeW
0x1400c5058 GetSystemTimeAsFileTime
0x1400c5060 HeapAlloc
0x1400c5068 HeapFree
0x1400c5070 HeapReAlloc
0x1400c5078 HeapSize
0x1400c5080 InitializeCriticalSectionAndSpinCount
0x1400c5088 InitializeSListHead
0x1400c5090 IsDebuggerPresent
0x1400c5098 IsProcessorFeaturePresent
0x1400c50a0 IsValidCodePage
0x1400c50a8 LCMapStringW
0x1400c50b0 LeaveCriticalSection
0x1400c50b8 LoadLibraryExW
0x1400c50c0 MultiByteToWideChar
0x1400c50c8 QueryPerformanceCounter
0x1400c50d0 RaiseException
0x1400c50d8 ReadFile
0x1400c50e0 RtlCaptureContext
0x1400c50e8 RtlLookupFunctionEntry
0x1400c50f0 RtlPcToFileHeader
0x1400c50f8 RtlUnwindEx
0x1400c5100 RtlVirtualUnwind
0x1400c5108 SetEnvironmentVariableW
0x1400c5110 SetFilePointerEx
0x1400c5118 SetLastError
0x1400c5120 SetStdHandle
0x1400c5128 SetUnhandledExceptionFilter
0x1400c5130 TerminateProcess
0x1400c5138 TlsAlloc
0x1400c5140 TlsFree
0x1400c5148 TlsGetValue
0x1400c5150 TlsSetValue
0x1400c5158 UnhandledExceptionFilter
0x1400c5160 WideCharToMultiByte
0x1400c5168 WriteConsoleW
0x1400c5170 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x1400c4f18 CloseHandle
0x1400c4f20 CompareStringW
0x1400c4f28 CreateFileA
0x1400c4f30 CreateFileW
0x1400c4f38 DeleteCriticalSection
0x1400c4f40 EncodePointer
0x1400c4f48 EnterCriticalSection
0x1400c4f50 ExitProcess
0x1400c4f58 FindClose
0x1400c4f60 FindFirstFileExW
0x1400c4f68 FindNextFileW
0x1400c4f70 FlsAlloc
0x1400c4f78 FlsFree
0x1400c4f80 FlsGetValue
0x1400c4f88 FlsSetValue
0x1400c4f90 FlushFileBuffers
0x1400c4f98 FreeEnvironmentStringsW
0x1400c4fa0 FreeLibrary
0x1400c4fa8 GetACP
0x1400c4fb0 GetCPInfo
0x1400c4fb8 GetCommandLineA
0x1400c4fc0 GetCommandLineW
0x1400c4fc8 GetConsoleMode
0x1400c4fd0 GetConsoleOutputCP
0x1400c4fd8 GetCurrentProcess
0x1400c4fe0 GetCurrentProcessId
0x1400c4fe8 GetCurrentThreadId
0x1400c4ff0 GetEnvironmentStringsW
0x1400c4ff8 GetFileSize
0x1400c5000 GetFileType
0x1400c5008 GetLastError
0x1400c5010 GetModuleFileNameW
0x1400c5018 GetModuleHandleExW
0x1400c5020 GetModuleHandleW
0x1400c5028 GetOEMCP
0x1400c5030 GetProcAddress
0x1400c5038 GetProcessHeap
0x1400c5040 GetStartupInfoW
0x1400c5048 GetStdHandle
0x1400c5050 GetStringTypeW
0x1400c5058 GetSystemTimeAsFileTime
0x1400c5060 HeapAlloc
0x1400c5068 HeapFree
0x1400c5070 HeapReAlloc
0x1400c5078 HeapSize
0x1400c5080 InitializeCriticalSectionAndSpinCount
0x1400c5088 InitializeSListHead
0x1400c5090 IsDebuggerPresent
0x1400c5098 IsProcessorFeaturePresent
0x1400c50a0 IsValidCodePage
0x1400c50a8 LCMapStringW
0x1400c50b0 LeaveCriticalSection
0x1400c50b8 LoadLibraryExW
0x1400c50c0 MultiByteToWideChar
0x1400c50c8 QueryPerformanceCounter
0x1400c50d0 RaiseException
0x1400c50d8 ReadFile
0x1400c50e0 RtlCaptureContext
0x1400c50e8 RtlLookupFunctionEntry
0x1400c50f0 RtlPcToFileHeader
0x1400c50f8 RtlUnwindEx
0x1400c5100 RtlVirtualUnwind
0x1400c5108 SetEnvironmentVariableW
0x1400c5110 SetFilePointerEx
0x1400c5118 SetLastError
0x1400c5120 SetStdHandle
0x1400c5128 SetUnhandledExceptionFilter
0x1400c5130 TerminateProcess
0x1400c5138 TlsAlloc
0x1400c5140 TlsFree
0x1400c5148 TlsGetValue
0x1400c5150 TlsSetValue
0x1400c5158 UnhandledExceptionFilter
0x1400c5160 WideCharToMultiByte
0x1400c5168 WriteConsoleW
0x1400c5170 WriteFile
EAT(Export Address Table) is none