ScreenShot
| Created | 2025.03.26 13:38 | Machine | s1_win7_x6403 |
| Filename | ChromeUpdate.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 57 detected (AIDetectMalware, Convagent, Malicious, score, Ghanarava, Virut, Unsafe, Whisperer, Save, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, CoinMiner, AgentAGen, jtoyvp, OnrqKPld52N, AGEN, Siggen19, Static AI, Suspicious PE, Detected, Tedy, R534030, Artemis, PE04C9V, Gencirc, 7xHSNAhVZ6I, susgen, AGENMM, Miner) | ||
| md5 | 4eb8488f870003161cde6198c3c1d4cd | ||
| sha256 | 4a7cfb0896f3030a20c14a17c9978c78b7318131c8b973fae1133debb5c5f91a | ||
| ssdeep | 49152:a2Z9/OUtwHBnvUNJ1gcT8dmkzs4c4ZjuhTODJ1q7/h5vC:acLwhncCPXc4aTw1Uv | ||
| imphash | df9a7bc1c6c6cd97d04c3762fdde6719 | ||
| impfuzzy | 24:Dfjz+kQYJd1j9Mblif5XGTqqXZPFkomtcqcCZJF:DfH+kXHslEJGTqqJdk1uqcAF | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140232244 CreateSemaphoreW
0x14023224c DeleteCriticalSection
0x140232254 EnterCriticalSection
0x14023225c GetLastError
0x140232264 GetModuleFileNameW
0x14023226c GetStartupInfoW
0x140232274 InitializeCriticalSection
0x14023227c IsDBCSLeadByteEx
0x140232284 LeaveCriticalSection
0x14023228c MultiByteToWideChar
0x140232294 ReleaseSemaphore
0x14023229c SetLastError
0x1402322a4 SetUnhandledExceptionFilter
0x1402322ac Sleep
0x1402322b4 TlsAlloc
0x1402322bc TlsFree
0x1402322c4 TlsGetValue
0x1402322cc TlsSetValue
0x1402322d4 VirtualProtect
0x1402322dc VirtualQuery
0x1402322e4 WaitForSingleObject
msvcrt.dll
0x1402322f4 __C_specific_handler
0x1402322fc ___lc_codepage_func
0x140232304 ___mb_cur_max_func
0x14023230c __iob_func
0x140232314 __set_app_type
0x14023231c __setusermatherr
0x140232324 __wgetmainargs
0x14023232c __winitenv
0x140232334 _amsg_exit
0x14023233c _assert
0x140232344 _cexit
0x14023234c _commode
0x140232354 _errno
0x14023235c _fmode
0x140232364 _initterm
0x14023236c _onexit
0x140232374 _wcmdln
0x14023237c _wcsicmp
0x140232384 _wgetenv
0x14023238c abort
0x140232394 calloc
0x14023239c exit
0x1402323a4 fprintf
0x1402323ac fputwc
0x1402323b4 free
0x1402323bc fwprintf
0x1402323c4 fwrite
0x1402323cc localeconv
0x1402323d4 malloc
0x1402323dc memcpy
0x1402323e4 memset
0x1402323ec realloc
0x1402323f4 signal
0x1402323fc strerror
0x140232404 strlen
0x14023240c strncmp
0x140232414 vfprintf
0x14023241c wcscat
0x140232424 wcscpy
0x14023242c wcslen
0x140232434 wcsncmp
0x14023243c wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x140232244 CreateSemaphoreW
0x14023224c DeleteCriticalSection
0x140232254 EnterCriticalSection
0x14023225c GetLastError
0x140232264 GetModuleFileNameW
0x14023226c GetStartupInfoW
0x140232274 InitializeCriticalSection
0x14023227c IsDBCSLeadByteEx
0x140232284 LeaveCriticalSection
0x14023228c MultiByteToWideChar
0x140232294 ReleaseSemaphore
0x14023229c SetLastError
0x1402322a4 SetUnhandledExceptionFilter
0x1402322ac Sleep
0x1402322b4 TlsAlloc
0x1402322bc TlsFree
0x1402322c4 TlsGetValue
0x1402322cc TlsSetValue
0x1402322d4 VirtualProtect
0x1402322dc VirtualQuery
0x1402322e4 WaitForSingleObject
msvcrt.dll
0x1402322f4 __C_specific_handler
0x1402322fc ___lc_codepage_func
0x140232304 ___mb_cur_max_func
0x14023230c __iob_func
0x140232314 __set_app_type
0x14023231c __setusermatherr
0x140232324 __wgetmainargs
0x14023232c __winitenv
0x140232334 _amsg_exit
0x14023233c _assert
0x140232344 _cexit
0x14023234c _commode
0x140232354 _errno
0x14023235c _fmode
0x140232364 _initterm
0x14023236c _onexit
0x140232374 _wcmdln
0x14023237c _wcsicmp
0x140232384 _wgetenv
0x14023238c abort
0x140232394 calloc
0x14023239c exit
0x1402323a4 fprintf
0x1402323ac fputwc
0x1402323b4 free
0x1402323bc fwprintf
0x1402323c4 fwrite
0x1402323cc localeconv
0x1402323d4 malloc
0x1402323dc memcpy
0x1402323e4 memset
0x1402323ec realloc
0x1402323f4 signal
0x1402323fc strerror
0x140232404 strlen
0x14023240c strncmp
0x140232414 vfprintf
0x14023241c wcscat
0x140232424 wcscpy
0x14023242c wcslen
0x140232434 wcsncmp
0x14023243c wcsstr
EAT(Export Address Table) is none