ScreenShot
| Created | 2025.03.30 14:11 | Machine | s1_win7_x6401 |
| Filename | Nics.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (Common, Malicious, score, Ghanarava, Ulise, Unsafe, Kryptik, Vhq0, confidence, Attribute, HighConfidence, high confidence, GenKryptik, HGXD, MalwareX, Kryptik@AI, RDML, 0vWl0i4qg8cdkw3ixbquqA, poscc, Generic Reputation PUA, Static AI, Suspicious PE, Detected, GrayWare, Wacapew, Wacatac, ABTrojan, ILMK, R693966, Artemis, Krypt, Chgt, R002H09CH25, Gencirc, susgen, C9nj) | ||
| md5 | a6b7337617ff7607da1d66ed775827de | ||
| sha256 | 4c59b953bd1cc7a365992118be30b3083b99a9676ff7b7ecefce643c2d654f24 | ||
| ssdeep | 49152:3GYMgyhGj3dqx5ptdUWvJ4+FgOMrdxRrQuxuMvAX865fWDZ4:ehtvKxd4SW | ||
| imphash | b74cdd23bf9bfae464c48edb51b7775b | ||
| impfuzzy | 96:vlknb6/Ynpazabrtia/WYHJbc+cstjUHW/9:vM3gWE6WFHW | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
dwmapi.dll
0x140117528 DwmExtendFrameIntoClientArea
d3d11.dll
0x140117508 D3D11CreateDeviceAndSwapChain
d3dx11_43.dll
0x140117518 D3DX11CreateShaderResourceViewFromMemory
ntdll.dll
0x140117538 RtlVirtualUnwind
0x140117540 RtlLookupFunctionEntry
0x140117548 RtlCaptureContext
0x140117550 RtlUnwindEx
0x140117558 RtlPcToFileHeader
0x140117560 RtlUnwind
WINHTTP.dll
0x1401174c0 WinHttpQueryDataAvailable
0x1401174c8 WinHttpReceiveResponse
0x1401174d0 WinHttpOpen
0x1401174d8 WinHttpReadData
0x1401174e0 WinHttpOpenRequest
0x1401174e8 WinHttpCloseHandle
0x1401174f0 WinHttpSendRequest
0x1401174f8 WinHttpConnect
KERNEL32.dll
0x140117058 GlobalFree
0x140117060 GlobalLock
0x140117068 WideCharToMultiByte
0x140117070 GlobalUnlock
0x140117078 GetLocaleInfoA
0x140117080 LoadLibraryA
0x140117088 QueryPerformanceFrequency
0x140117090 GetProcAddress
0x140117098 FreeLibrary
0x1401170a0 QueryPerformanceCounter
0x1401170a8 GetTickCount64
0x1401170b0 ExitProcess
0x1401170b8 GetModuleHandleW
0x1401170c0 WriteProcessMemory
0x1401170c8 OpenProcess
0x1401170d0 CloseHandle
0x1401170d8 ReadProcessMemory
0x1401170e0 GetStartupInfoW
0x1401170e8 GetCommandLineW
0x1401170f0 GetCurrentProcess
0x1401170f8 GetLastError
0x140117100 VirtualProtect
0x140117108 FlushFileBuffers
0x140117110 FlsSetValue
0x140117118 FlsGetValue
0x140117120 FlsAlloc
0x140117128 GlobalAlloc
0x140117130 WriteConsoleW
0x140117138 OutputDebugStringW
0x140117140 GetFileType
0x140117148 WriteFile
0x140117150 GetStdHandle
0x140117158 ReadFile
0x140117160 GetSystemInfo
0x140117168 HeapValidate
0x140117170 HeapSize
0x140117178 HeapAlloc
0x140117180 FreeLibraryAndExitThread
0x140117188 ExitThread
0x140117190 CreateThread
0x140117198 GetModuleHandleExW
0x1401171a0 GetModuleFileNameW
0x1401171a8 LoadLibraryExW
0x1401171b0 TlsFree
0x1401171b8 TlsSetValue
0x1401171c0 TlsGetValue
0x1401171c8 TlsAlloc
0x1401171d0 InitializeCriticalSectionAndSpinCount
0x1401171d8 SetLastError
0x1401171e0 MultiByteToWideChar
0x1401171e8 LCMapStringW
0x1401171f0 GetLocaleInfoW
0x1401171f8 IsValidLocale
0x140117200 GetConsoleOutputCP
0x140117208 SetStdHandle
0x140117210 GetConsoleMode
0x140117218 HeapFree
0x140117220 HeapReAlloc
0x140117228 HeapQueryInformation
0x140117230 SetEndOfFile
0x140117238 GetProcessHeap
0x140117240 ReadConsoleW
0x140117248 GetUserDefaultLCID
0x140117250 EnumSystemLocalesW
0x140117258 GetFileSizeEx
0x140117260 SetFilePointerEx
0x140117268 FlsFree
0x140117270 FormatMessageA
0x140117278 FreeEnvironmentStringsW
0x140117280 GetEnvironmentStringsW
0x140117288 GetCommandLineA
0x140117290 GetOEMCP
0x140117298 GetACP
0x1401172a0 GetCurrentThreadId
0x1401172a8 ReleaseSRWLockExclusive
0x1401172b0 AcquireSRWLockExclusive
0x1401172b8 TryAcquireSRWLockExclusive
0x1401172c0 SleepConditionVariableSRW
0x1401172c8 Sleep
0x1401172d0 LocalFree
0x1401172d8 RaiseException
0x1401172e0 GetLocaleInfoEx
0x1401172e8 CreateFileW
0x1401172f0 FindClose
0x1401172f8 FindFirstFileW
0x140117300 FindFirstFileExW
0x140117308 FindNextFileW
0x140117310 GetFileAttributesExW
0x140117318 AreFileApisANSI
0x140117320 GetFileInformationByHandleEx
0x140117328 InitializeCriticalSectionEx
0x140117330 GetSystemTimeAsFileTime
0x140117338 EnterCriticalSection
0x140117340 LeaveCriticalSection
0x140117348 DeleteCriticalSection
0x140117350 WakeAllConditionVariable
0x140117358 EncodePointer
0x140117360 DecodePointer
0x140117368 LCMapStringEx
0x140117370 GetStringTypeW
0x140117378 GetCPInfo
0x140117380 UnhandledExceptionFilter
0x140117388 SetUnhandledExceptionFilter
0x140117390 TerminateProcess
0x140117398 IsProcessorFeaturePresent
0x1401173a0 IsDebuggerPresent
0x1401173a8 GetCurrentProcessId
0x1401173b0 InitializeSListHead
0x1401173b8 IsValidCodePage
USER32.dll
0x1401173c8 DefWindowProcW
0x1401173d0 CreateWindowExW
0x1401173d8 MapWindowPoints
0x1401173e0 MoveWindow
0x1401173e8 SetWindowLongPtrW
0x1401173f0 GetKeyState
0x1401173f8 GetMessageExtraInfo
0x140117400 ScreenToClient
0x140117408 GetCapture
0x140117410 ClientToScreen
0x140117418 TrackMouseEvent
0x140117420 GetKeyboardLayout
0x140117428 GetForegroundWindow
0x140117430 LoadCursorW
0x140117438 SetCapture
0x140117440 SetCursor
0x140117448 GetClientRect
0x140117450 IsWindowUnicode
0x140117458 ReleaseCapture
0x140117460 SetCursorPos
0x140117468 GetCursorPos
0x140117470 OpenClipboard
0x140117478 CloseClipboard
0x140117480 EmptyClipboard
0x140117488 GetClipboardData
0x140117490 SetClipboardData
0x140117498 GetAsyncKeyState
0x1401174a0 DispatchMessageW
0x1401174a8 PeekMessageW
0x1401174b0 TranslateMessage
ADVAPI32.dll
0x140117000 OpenProcessToken
0x140117008 GetTokenInformation
0x140117010 RegQueryValueExW
IMM32.dll
0x140117030 ImmSetCandidateWindow
0x140117038 ImmSetCompositionWindow
0x140117040 ImmReleaseContext
0x140117048 ImmGetContext
D3DCOMPILER_43.dll
0x140117020 D3DCompile
EAT(Export Address Table) is none
dwmapi.dll
0x140117528 DwmExtendFrameIntoClientArea
d3d11.dll
0x140117508 D3D11CreateDeviceAndSwapChain
d3dx11_43.dll
0x140117518 D3DX11CreateShaderResourceViewFromMemory
ntdll.dll
0x140117538 RtlVirtualUnwind
0x140117540 RtlLookupFunctionEntry
0x140117548 RtlCaptureContext
0x140117550 RtlUnwindEx
0x140117558 RtlPcToFileHeader
0x140117560 RtlUnwind
WINHTTP.dll
0x1401174c0 WinHttpQueryDataAvailable
0x1401174c8 WinHttpReceiveResponse
0x1401174d0 WinHttpOpen
0x1401174d8 WinHttpReadData
0x1401174e0 WinHttpOpenRequest
0x1401174e8 WinHttpCloseHandle
0x1401174f0 WinHttpSendRequest
0x1401174f8 WinHttpConnect
KERNEL32.dll
0x140117058 GlobalFree
0x140117060 GlobalLock
0x140117068 WideCharToMultiByte
0x140117070 GlobalUnlock
0x140117078 GetLocaleInfoA
0x140117080 LoadLibraryA
0x140117088 QueryPerformanceFrequency
0x140117090 GetProcAddress
0x140117098 FreeLibrary
0x1401170a0 QueryPerformanceCounter
0x1401170a8 GetTickCount64
0x1401170b0 ExitProcess
0x1401170b8 GetModuleHandleW
0x1401170c0 WriteProcessMemory
0x1401170c8 OpenProcess
0x1401170d0 CloseHandle
0x1401170d8 ReadProcessMemory
0x1401170e0 GetStartupInfoW
0x1401170e8 GetCommandLineW
0x1401170f0 GetCurrentProcess
0x1401170f8 GetLastError
0x140117100 VirtualProtect
0x140117108 FlushFileBuffers
0x140117110 FlsSetValue
0x140117118 FlsGetValue
0x140117120 FlsAlloc
0x140117128 GlobalAlloc
0x140117130 WriteConsoleW
0x140117138 OutputDebugStringW
0x140117140 GetFileType
0x140117148 WriteFile
0x140117150 GetStdHandle
0x140117158 ReadFile
0x140117160 GetSystemInfo
0x140117168 HeapValidate
0x140117170 HeapSize
0x140117178 HeapAlloc
0x140117180 FreeLibraryAndExitThread
0x140117188 ExitThread
0x140117190 CreateThread
0x140117198 GetModuleHandleExW
0x1401171a0 GetModuleFileNameW
0x1401171a8 LoadLibraryExW
0x1401171b0 TlsFree
0x1401171b8 TlsSetValue
0x1401171c0 TlsGetValue
0x1401171c8 TlsAlloc
0x1401171d0 InitializeCriticalSectionAndSpinCount
0x1401171d8 SetLastError
0x1401171e0 MultiByteToWideChar
0x1401171e8 LCMapStringW
0x1401171f0 GetLocaleInfoW
0x1401171f8 IsValidLocale
0x140117200 GetConsoleOutputCP
0x140117208 SetStdHandle
0x140117210 GetConsoleMode
0x140117218 HeapFree
0x140117220 HeapReAlloc
0x140117228 HeapQueryInformation
0x140117230 SetEndOfFile
0x140117238 GetProcessHeap
0x140117240 ReadConsoleW
0x140117248 GetUserDefaultLCID
0x140117250 EnumSystemLocalesW
0x140117258 GetFileSizeEx
0x140117260 SetFilePointerEx
0x140117268 FlsFree
0x140117270 FormatMessageA
0x140117278 FreeEnvironmentStringsW
0x140117280 GetEnvironmentStringsW
0x140117288 GetCommandLineA
0x140117290 GetOEMCP
0x140117298 GetACP
0x1401172a0 GetCurrentThreadId
0x1401172a8 ReleaseSRWLockExclusive
0x1401172b0 AcquireSRWLockExclusive
0x1401172b8 TryAcquireSRWLockExclusive
0x1401172c0 SleepConditionVariableSRW
0x1401172c8 Sleep
0x1401172d0 LocalFree
0x1401172d8 RaiseException
0x1401172e0 GetLocaleInfoEx
0x1401172e8 CreateFileW
0x1401172f0 FindClose
0x1401172f8 FindFirstFileW
0x140117300 FindFirstFileExW
0x140117308 FindNextFileW
0x140117310 GetFileAttributesExW
0x140117318 AreFileApisANSI
0x140117320 GetFileInformationByHandleEx
0x140117328 InitializeCriticalSectionEx
0x140117330 GetSystemTimeAsFileTime
0x140117338 EnterCriticalSection
0x140117340 LeaveCriticalSection
0x140117348 DeleteCriticalSection
0x140117350 WakeAllConditionVariable
0x140117358 EncodePointer
0x140117360 DecodePointer
0x140117368 LCMapStringEx
0x140117370 GetStringTypeW
0x140117378 GetCPInfo
0x140117380 UnhandledExceptionFilter
0x140117388 SetUnhandledExceptionFilter
0x140117390 TerminateProcess
0x140117398 IsProcessorFeaturePresent
0x1401173a0 IsDebuggerPresent
0x1401173a8 GetCurrentProcessId
0x1401173b0 InitializeSListHead
0x1401173b8 IsValidCodePage
USER32.dll
0x1401173c8 DefWindowProcW
0x1401173d0 CreateWindowExW
0x1401173d8 MapWindowPoints
0x1401173e0 MoveWindow
0x1401173e8 SetWindowLongPtrW
0x1401173f0 GetKeyState
0x1401173f8 GetMessageExtraInfo
0x140117400 ScreenToClient
0x140117408 GetCapture
0x140117410 ClientToScreen
0x140117418 TrackMouseEvent
0x140117420 GetKeyboardLayout
0x140117428 GetForegroundWindow
0x140117430 LoadCursorW
0x140117438 SetCapture
0x140117440 SetCursor
0x140117448 GetClientRect
0x140117450 IsWindowUnicode
0x140117458 ReleaseCapture
0x140117460 SetCursorPos
0x140117468 GetCursorPos
0x140117470 OpenClipboard
0x140117478 CloseClipboard
0x140117480 EmptyClipboard
0x140117488 GetClipboardData
0x140117490 SetClipboardData
0x140117498 GetAsyncKeyState
0x1401174a0 DispatchMessageW
0x1401174a8 PeekMessageW
0x1401174b0 TranslateMessage
ADVAPI32.dll
0x140117000 OpenProcessToken
0x140117008 GetTokenInformation
0x140117010 RegQueryValueExW
IMM32.dll
0x140117030 ImmSetCandidateWindow
0x140117038 ImmSetCompositionWindow
0x140117040 ImmReleaseContext
0x140117048 ImmGetContext
D3DCOMPILER_43.dll
0x140117020 D3DCompile
EAT(Export Address Table) is none