ScreenShot
| Created | 2025.03.26 11:23 | Machine | s1_win7_x6403 |
| Filename | OkH8IPF.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 50 detected (AIDetectMalware, Malicious, score, Zusy, Unsafe, Save, confidence, 100%, Genus, high confidence, CrypterX, aqken, Kryptik, CLOUD, Lumma, Detected, GenKryptik, Wacatac, ABTrojan, UXJC, R696935, Artemis, TrojanPSW, Chgt, PE04C9V, Gencirc, susgen, HHHH, aezkj) | ||
| md5 | b38cd06513a826e8976bb39c3e855f64 | ||
| sha256 | 2e0b126dd788c027ca69b01335d4a08da28987c3c4296a3523d947da3c12cdc2 | ||
| ssdeep | 12288:Ft2BxheJBtYqmlf4feLUqJ2kAGptEVnN3Dv13BsnMipoMex+p03HGUjfsGSZcRfU:CIaJbU8CDsMixexOs7RfbXwLI95ttS | ||
| imphash | d743740f06aa0a325bb5c948f63319ce | ||
| impfuzzy | 24:UYWDCelQtWOovbOGMUD1uOvgmWDQyl3LPOTw07G5u9VJUsO:UYQC5x361PIhbONGxsO | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400b4f18 CloseHandle
0x1400b4f20 CompareStringW
0x1400b4f28 CreateFileA
0x1400b4f30 CreateFileW
0x1400b4f38 DeleteCriticalSection
0x1400b4f40 EncodePointer
0x1400b4f48 EnterCriticalSection
0x1400b4f50 ExitProcess
0x1400b4f58 FindClose
0x1400b4f60 FindFirstFileExW
0x1400b4f68 FindNextFileW
0x1400b4f70 FlsAlloc
0x1400b4f78 FlsFree
0x1400b4f80 FlsGetValue
0x1400b4f88 FlsSetValue
0x1400b4f90 FlushFileBuffers
0x1400b4f98 FreeEnvironmentStringsW
0x1400b4fa0 FreeLibrary
0x1400b4fa8 GetACP
0x1400b4fb0 GetCPInfo
0x1400b4fb8 GetCommandLineA
0x1400b4fc0 GetCommandLineW
0x1400b4fc8 GetConsoleMode
0x1400b4fd0 GetConsoleOutputCP
0x1400b4fd8 GetCurrentProcess
0x1400b4fe0 GetCurrentProcessId
0x1400b4fe8 GetCurrentThreadId
0x1400b4ff0 GetEnvironmentStringsW
0x1400b4ff8 GetFileSize
0x1400b5000 GetFileType
0x1400b5008 GetLastError
0x1400b5010 GetModuleFileNameW
0x1400b5018 GetModuleHandleExW
0x1400b5020 GetModuleHandleW
0x1400b5028 GetOEMCP
0x1400b5030 GetProcAddress
0x1400b5038 GetProcessHeap
0x1400b5040 GetStartupInfoW
0x1400b5048 GetStdHandle
0x1400b5050 GetStringTypeW
0x1400b5058 GetSystemTimeAsFileTime
0x1400b5060 HeapAlloc
0x1400b5068 HeapFree
0x1400b5070 HeapReAlloc
0x1400b5078 HeapSize
0x1400b5080 InitializeCriticalSectionAndSpinCount
0x1400b5088 InitializeSListHead
0x1400b5090 IsDebuggerPresent
0x1400b5098 IsProcessorFeaturePresent
0x1400b50a0 IsValidCodePage
0x1400b50a8 LCMapStringW
0x1400b50b0 LeaveCriticalSection
0x1400b50b8 LoadLibraryExW
0x1400b50c0 MultiByteToWideChar
0x1400b50c8 QueryPerformanceCounter
0x1400b50d0 RaiseException
0x1400b50d8 ReadFile
0x1400b50e0 RtlCaptureContext
0x1400b50e8 RtlLookupFunctionEntry
0x1400b50f0 RtlPcToFileHeader
0x1400b50f8 RtlUnwindEx
0x1400b5100 RtlVirtualUnwind
0x1400b5108 SetEnvironmentVariableW
0x1400b5110 SetFilePointerEx
0x1400b5118 SetLastError
0x1400b5120 SetStdHandle
0x1400b5128 SetUnhandledExceptionFilter
0x1400b5130 TerminateProcess
0x1400b5138 TlsAlloc
0x1400b5140 TlsFree
0x1400b5148 TlsGetValue
0x1400b5150 TlsSetValue
0x1400b5158 UnhandledExceptionFilter
0x1400b5160 WideCharToMultiByte
0x1400b5168 WriteConsoleW
0x1400b5170 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x1400b4f18 CloseHandle
0x1400b4f20 CompareStringW
0x1400b4f28 CreateFileA
0x1400b4f30 CreateFileW
0x1400b4f38 DeleteCriticalSection
0x1400b4f40 EncodePointer
0x1400b4f48 EnterCriticalSection
0x1400b4f50 ExitProcess
0x1400b4f58 FindClose
0x1400b4f60 FindFirstFileExW
0x1400b4f68 FindNextFileW
0x1400b4f70 FlsAlloc
0x1400b4f78 FlsFree
0x1400b4f80 FlsGetValue
0x1400b4f88 FlsSetValue
0x1400b4f90 FlushFileBuffers
0x1400b4f98 FreeEnvironmentStringsW
0x1400b4fa0 FreeLibrary
0x1400b4fa8 GetACP
0x1400b4fb0 GetCPInfo
0x1400b4fb8 GetCommandLineA
0x1400b4fc0 GetCommandLineW
0x1400b4fc8 GetConsoleMode
0x1400b4fd0 GetConsoleOutputCP
0x1400b4fd8 GetCurrentProcess
0x1400b4fe0 GetCurrentProcessId
0x1400b4fe8 GetCurrentThreadId
0x1400b4ff0 GetEnvironmentStringsW
0x1400b4ff8 GetFileSize
0x1400b5000 GetFileType
0x1400b5008 GetLastError
0x1400b5010 GetModuleFileNameW
0x1400b5018 GetModuleHandleExW
0x1400b5020 GetModuleHandleW
0x1400b5028 GetOEMCP
0x1400b5030 GetProcAddress
0x1400b5038 GetProcessHeap
0x1400b5040 GetStartupInfoW
0x1400b5048 GetStdHandle
0x1400b5050 GetStringTypeW
0x1400b5058 GetSystemTimeAsFileTime
0x1400b5060 HeapAlloc
0x1400b5068 HeapFree
0x1400b5070 HeapReAlloc
0x1400b5078 HeapSize
0x1400b5080 InitializeCriticalSectionAndSpinCount
0x1400b5088 InitializeSListHead
0x1400b5090 IsDebuggerPresent
0x1400b5098 IsProcessorFeaturePresent
0x1400b50a0 IsValidCodePage
0x1400b50a8 LCMapStringW
0x1400b50b0 LeaveCriticalSection
0x1400b50b8 LoadLibraryExW
0x1400b50c0 MultiByteToWideChar
0x1400b50c8 QueryPerformanceCounter
0x1400b50d0 RaiseException
0x1400b50d8 ReadFile
0x1400b50e0 RtlCaptureContext
0x1400b50e8 RtlLookupFunctionEntry
0x1400b50f0 RtlPcToFileHeader
0x1400b50f8 RtlUnwindEx
0x1400b5100 RtlVirtualUnwind
0x1400b5108 SetEnvironmentVariableW
0x1400b5110 SetFilePointerEx
0x1400b5118 SetLastError
0x1400b5120 SetStdHandle
0x1400b5128 SetUnhandledExceptionFilter
0x1400b5130 TerminateProcess
0x1400b5138 TlsAlloc
0x1400b5140 TlsFree
0x1400b5148 TlsGetValue
0x1400b5150 TlsSetValue
0x1400b5158 UnhandledExceptionFilter
0x1400b5160 WideCharToMultiByte
0x1400b5168 WriteConsoleW
0x1400b5170 WriteFile
EAT(Export Address Table) is none