ScreenShot
| Created | 2025.03.30 14:05 | Machine | s1_win7_x6401 |
| Filename | work1.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 54 detected (AIDetectMalware, Sliver, Malicious, score, Ghanarava, Dump, Marte, Unsafe, Save, confidence, 100%, a variant of WinGo, HackTool, BackdoorX, MalGO, CLASSIC, Tool, SBeacon, SILVER, SMYXCFWAZ, Static AI, Malicious PE, Detected, AGEN, SuspGolang, ABApplication, FGCY, R666401, WinGo, Shellcoderunner, Zwhl) | ||
| md5 | 2e9514743f83af63b13270dacd55e52b | ||
| sha256 | 591f33657fb6f7b02f60ab5214e2c724c551273a65ba39f27f6ed51a914c87ba | ||
| ssdeep | 98304:13JsrbN0beP5gcerHxCvaQvkfyueniEagV7w4kbro:dJsPKG5lerRCvmfybnZ | ||
| imphash | f0ea7b7844bbc5bfa9bb32efdcea957c | ||
| impfuzzy | 24:UbVjh9wO+VuT2oLtXOr6kwmDruMztxdEr6tP:GwO+VAXOmGx0oP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| watch | Detects the presence of Wine emulator |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1422040 WriteFile
0x1422048 WriteConsoleW
0x1422050 WaitForMultipleObjects
0x1422058 WaitForSingleObject
0x1422060 VirtualQuery
0x1422068 VirtualFree
0x1422070 VirtualAlloc
0x1422078 TlsAlloc
0x1422080 SwitchToThread
0x1422088 SuspendThread
0x1422090 SetWaitableTimer
0x1422098 SetUnhandledExceptionFilter
0x14220a0 SetProcessPriorityBoost
0x14220a8 SetEvent
0x14220b0 SetErrorMode
0x14220b8 SetConsoleCtrlHandler
0x14220c0 ResumeThread
0x14220c8 PostQueuedCompletionStatus
0x14220d0 LoadLibraryA
0x14220d8 LoadLibraryW
0x14220e0 SetThreadContext
0x14220e8 GetThreadContext
0x14220f0 GetSystemInfo
0x14220f8 GetSystemDirectoryA
0x1422100 GetStdHandle
0x1422108 GetQueuedCompletionStatusEx
0x1422110 GetProcessAffinityMask
0x1422118 GetProcAddress
0x1422120 GetEnvironmentStringsW
0x1422128 GetConsoleMode
0x1422130 FreeEnvironmentStringsW
0x1422138 ExitProcess
0x1422140 DuplicateHandle
0x1422148 CreateWaitableTimerExW
0x1422150 CreateThread
0x1422158 CreateIoCompletionPort
0x1422160 CreateFileA
0x1422168 CreateEventA
0x1422170 CloseHandle
0x1422178 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x1422040 WriteFile
0x1422048 WriteConsoleW
0x1422050 WaitForMultipleObjects
0x1422058 WaitForSingleObject
0x1422060 VirtualQuery
0x1422068 VirtualFree
0x1422070 VirtualAlloc
0x1422078 TlsAlloc
0x1422080 SwitchToThread
0x1422088 SuspendThread
0x1422090 SetWaitableTimer
0x1422098 SetUnhandledExceptionFilter
0x14220a0 SetProcessPriorityBoost
0x14220a8 SetEvent
0x14220b0 SetErrorMode
0x14220b8 SetConsoleCtrlHandler
0x14220c0 ResumeThread
0x14220c8 PostQueuedCompletionStatus
0x14220d0 LoadLibraryA
0x14220d8 LoadLibraryW
0x14220e0 SetThreadContext
0x14220e8 GetThreadContext
0x14220f0 GetSystemInfo
0x14220f8 GetSystemDirectoryA
0x1422100 GetStdHandle
0x1422108 GetQueuedCompletionStatusEx
0x1422110 GetProcessAffinityMask
0x1422118 GetProcAddress
0x1422120 GetEnvironmentStringsW
0x1422128 GetConsoleMode
0x1422130 FreeEnvironmentStringsW
0x1422138 ExitProcess
0x1422140 DuplicateHandle
0x1422148 CreateWaitableTimerExW
0x1422150 CreateThread
0x1422158 CreateIoCompletionPort
0x1422160 CreateFileA
0x1422168 CreateEventA
0x1422170 CloseHandle
0x1422178 AddVectoredExceptionHandler
EAT(Export Address Table) is none