ScreenShot
| Created | 2025.03.30 14:29 | Machine | s1_win7_x6403 |
| Filename | web.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 37 detected (Disco, Ghanarava, Artemis, GenericKD, Unsafe, malicious, confidence, MalwareX, CLOUD, Detected, GrayWare, Wacapew, ABTrojan, CTWQ, Chgt, PE04C9V, Gencirc, susgen, PossibleThreat) | ||
| md5 | 616c8dd2596e74ef01b7caf741ac02d7 | ||
| sha256 | 2deda9cdea0c460f1dc527d386c36b79186cfc3880381c7f16568bbdf6970d4e | ||
| ssdeep | 384:0LgFZztzEwICwzB9MA2n/yIPueCfB84q11M8l+aoypdNqaY3bWRuZoijtBKYkOlX:xbAg3nrC8l+KP8aY3D65lNHkO3Lk5 | ||
| imphash | 2acc85ed2babd33763d3fdef1028401e | ||
| impfuzzy | 48:WtMS1NQ/TOwAnNI1M6EbaEsNJONa9Cj0qXGNJBMLSQMA:WtMS1iKwANI1JEbaEsNJONa9CjvGRQ | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140005000 GetModuleFileNameA
0x140005008 GetComputerNameA
0x140005010 RtlLookupFunctionEntry
0x140005018 RtlVirtualUnwind
0x140005020 UnhandledExceptionFilter
0x140005028 SetUnhandledExceptionFilter
0x140005030 GetCurrentProcess
0x140005038 TerminateProcess
0x140005040 IsProcessorFeaturePresent
0x140005048 QueryPerformanceCounter
0x140005050 GetCurrentProcessId
0x140005058 GetCurrentThreadId
0x140005060 GetSystemTimeAsFileTime
0x140005068 InitializeSListHead
0x140005070 IsDebuggerPresent
0x140005078 GetModuleHandleW
0x140005080 RtlCaptureContext
MSVCP140.dll
0x140005090 ?good@ios_base@std@@QEBA_NXZ
0x140005098 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400050a0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400050a8 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400050b0 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400050b8 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400050c0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400050c8 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400050d0 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400050d8 ?uncaught_exception@std@@YA_NXZ
0x1400050e0 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400050e8 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400050f0 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400050f8 ?_Xlength_error@std@@YAXPEBD@Z
WINHTTP.dll
0x140005178 WinHttpConnect
0x140005180 WinHttpCloseHandle
0x140005188 WinHttpOpenRequest
0x140005190 WinHttpReceiveResponse
0x140005198 WinHttpOpen
0x1400051a0 WinHttpSendRequest
VCRUNTIME140_1.dll
0x140005168 __CxxFrameHandler4
VCRUNTIME140.dll
0x140005108 __current_exception_context
0x140005110 __C_specific_handler
0x140005118 _CxxThrowException
0x140005120 memset
0x140005128 memcpy
0x140005130 memcmp
0x140005138 __std_exception_copy
0x140005140 __std_exception_destroy
0x140005148 __current_exception
0x140005150 __std_terminate
0x140005158 memmove
api-ms-win-crt-utility-l1-1-0.dll
0x1400052d0 rand
0x1400052d8 srand
api-ms-win-crt-filesystem-l1-1-0.dll
0x1400051b0 rename
api-ms-win-crt-time-l1-1-0.dll
0x1400052c0 _time64
api-ms-win-crt-runtime-l1-1-0.dll
0x140005208 __p___argc
0x140005210 _initialize_onexit_table
0x140005218 _register_onexit_function
0x140005220 _cexit
0x140005228 _exit
0x140005230 exit
0x140005238 _initterm_e
0x140005240 _initterm
0x140005248 _c_exit
0x140005250 __p___argv
0x140005258 _get_initial_narrow_environment
0x140005260 _crt_atexit
0x140005268 _initialize_narrow_environment
0x140005270 _invalid_parameter_noinfo_noreturn
0x140005278 _configure_narrow_argv
0x140005280 _register_thread_local_exe_atexit_callback
0x140005288 _set_app_type
0x140005290 _seh_filter_exe
0x140005298 terminate
api-ms-win-crt-heap-l1-1-0.dll
0x1400051c0 free
0x1400051c8 malloc
0x1400051d0 _callnewh
0x1400051d8 _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
0x1400051f8 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x1400052a8 __p__commode
0x1400052b0 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1400051e8 _configthreadlocale
EAT(Export Address Table) is none
KERNEL32.dll
0x140005000 GetModuleFileNameA
0x140005008 GetComputerNameA
0x140005010 RtlLookupFunctionEntry
0x140005018 RtlVirtualUnwind
0x140005020 UnhandledExceptionFilter
0x140005028 SetUnhandledExceptionFilter
0x140005030 GetCurrentProcess
0x140005038 TerminateProcess
0x140005040 IsProcessorFeaturePresent
0x140005048 QueryPerformanceCounter
0x140005050 GetCurrentProcessId
0x140005058 GetCurrentThreadId
0x140005060 GetSystemTimeAsFileTime
0x140005068 InitializeSListHead
0x140005070 IsDebuggerPresent
0x140005078 GetModuleHandleW
0x140005080 RtlCaptureContext
MSVCP140.dll
0x140005090 ?good@ios_base@std@@QEBA_NXZ
0x140005098 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400050a0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400050a8 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400050b0 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400050b8 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400050c0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400050c8 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400050d0 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400050d8 ?uncaught_exception@std@@YA_NXZ
0x1400050e0 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400050e8 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400050f0 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400050f8 ?_Xlength_error@std@@YAXPEBD@Z
WINHTTP.dll
0x140005178 WinHttpConnect
0x140005180 WinHttpCloseHandle
0x140005188 WinHttpOpenRequest
0x140005190 WinHttpReceiveResponse
0x140005198 WinHttpOpen
0x1400051a0 WinHttpSendRequest
VCRUNTIME140_1.dll
0x140005168 __CxxFrameHandler4
VCRUNTIME140.dll
0x140005108 __current_exception_context
0x140005110 __C_specific_handler
0x140005118 _CxxThrowException
0x140005120 memset
0x140005128 memcpy
0x140005130 memcmp
0x140005138 __std_exception_copy
0x140005140 __std_exception_destroy
0x140005148 __current_exception
0x140005150 __std_terminate
0x140005158 memmove
api-ms-win-crt-utility-l1-1-0.dll
0x1400052d0 rand
0x1400052d8 srand
api-ms-win-crt-filesystem-l1-1-0.dll
0x1400051b0 rename
api-ms-win-crt-time-l1-1-0.dll
0x1400052c0 _time64
api-ms-win-crt-runtime-l1-1-0.dll
0x140005208 __p___argc
0x140005210 _initialize_onexit_table
0x140005218 _register_onexit_function
0x140005220 _cexit
0x140005228 _exit
0x140005230 exit
0x140005238 _initterm_e
0x140005240 _initterm
0x140005248 _c_exit
0x140005250 __p___argv
0x140005258 _get_initial_narrow_environment
0x140005260 _crt_atexit
0x140005268 _initialize_narrow_environment
0x140005270 _invalid_parameter_noinfo_noreturn
0x140005278 _configure_narrow_argv
0x140005280 _register_thread_local_exe_atexit_callback
0x140005288 _set_app_type
0x140005290 _seh_filter_exe
0x140005298 terminate
api-ms-win-crt-heap-l1-1-0.dll
0x1400051c0 free
0x1400051c8 malloc
0x1400051d0 _callnewh
0x1400051d8 _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
0x1400051f8 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x1400052a8 __p__commode
0x1400052b0 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1400051e8 _configthreadlocale
EAT(Export Address Table) is none