ScreenShot
| Created | 2025.04.01 13:38 | Machine | s1_win7_x6403_us |
| Filename | 513c6eefa2a3097a951ee0deac651116fd9b14578df1397a6d5ecb75a9e19b1f.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 53 detected (AIDetectMalware, Malicious, score, GenericmlPMF, S32885736, Lockbit, Babar, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, HWOU, CrypterX, Tofsee, Stealerc, kkmvem, SmokeLoader, CLASSIC, MulDrop9, Real Protect, high, Krypt, Static AI, Malicious PE, Detected, Eldorado, PWSX, R638491, TrojanPSW, Lumma, GdSda, Obfuscated, Giv2fQqujIc, susgen, HKBB, Injuke) | ||
| md5 | 97f1d67a63a4f7ff810c8c4d06911814 | ||
| sha256 | 513c6eefa2a3097a951ee0deac651116fd9b14578df1397a6d5ecb75a9e19b1f | ||
| ssdeep | 49152:iFEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEP:i | ||
| imphash | 1bfb9e30602d999465ce79b11a35f99e | ||
| impfuzzy | 24:jkPJIojHKdwpXQykjwvEgpv2DkoOovrU5lEcfL7/J3IjHRzT4AJ:DdOQyqSFnncmecf5CcAJ | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40b000 PulseEvent
0x40b004 HeapCompact
0x40b008 GetConsoleAliasExesLengthA
0x40b00c WriteConsoleOutputCharacterA
0x40b010 HeapAlloc
0x40b014 CreateJobObjectW
0x40b018 HeapFree
0x40b01c WaitForSingleObject
0x40b020 CreateHardLinkA
0x40b024 GlobalAlloc
0x40b028 WideCharToMultiByte
0x40b02c GetLocaleInfoW
0x40b030 DnsHostnameToComputerNameW
0x40b034 GetFileAttributesW
0x40b038 GetModuleFileNameW
0x40b03c FindNextVolumeMountPointW
0x40b040 InterlockedExchange
0x40b044 GetStdHandle
0x40b048 FreeLibraryAndExitThread
0x40b04c GetLastError
0x40b050 GetConsoleDisplayMode
0x40b054 BuildCommDCBW
0x40b058 GetNumaHighestNodeNumber
0x40b05c GetAtomNameA
0x40b060 LoadLibraryA
0x40b064 UnhandledExceptionFilter
0x40b068 GetFileType
0x40b06c FindAtomA
0x40b070 ConvertDefaultLocale
0x40b074 VirtualProtect
0x40b078 GetCurrentDirectoryA
0x40b07c ScrollConsoleScreenBufferA
0x40b080 FileTimeToLocalFileTime
0x40b084 HeapReAlloc
0x40b088 GetProcAddress
0x40b08c GetModuleHandleW
0x40b090 ExitProcess
0x40b094 DecodePointer
0x40b098 GetCommandLineA
0x40b09c HeapSetInformation
0x40b0a0 GetStartupInfoW
0x40b0a4 TerminateProcess
0x40b0a8 GetCurrentProcess
0x40b0ac SetUnhandledExceptionFilter
0x40b0b0 IsDebuggerPresent
0x40b0b4 EncodePointer
0x40b0b8 HeapCreate
0x40b0bc InitializeCriticalSectionAndSpinCount
0x40b0c0 DeleteCriticalSection
0x40b0c4 LeaveCriticalSection
0x40b0c8 EnterCriticalSection
0x40b0cc LoadLibraryW
0x40b0d0 TlsAlloc
0x40b0d4 TlsGetValue
0x40b0d8 TlsSetValue
0x40b0dc TlsFree
0x40b0e0 InterlockedIncrement
0x40b0e4 SetLastError
0x40b0e8 GetCurrentThreadId
0x40b0ec InterlockedDecrement
0x40b0f0 WriteFile
0x40b0f4 GetModuleFileNameA
0x40b0f8 FreeEnvironmentStringsW
0x40b0fc GetEnvironmentStringsW
0x40b100 SetHandleCount
0x40b104 QueryPerformanceCounter
0x40b108 GetTickCount
0x40b10c GetCurrentProcessId
0x40b110 GetSystemTimeAsFileTime
0x40b114 Sleep
0x40b118 GetCPInfo
0x40b11c GetACP
0x40b120 GetOEMCP
0x40b124 IsValidCodePage
0x40b128 HeapSize
0x40b12c RtlUnwind
0x40b130 IsProcessorFeaturePresent
0x40b134 LCMapStringW
0x40b138 MultiByteToWideChar
0x40b13c GetStringTypeW
0x40b140 RaiseException
EAT(Export Address Table) is none
KERNEL32.dll
0x40b000 PulseEvent
0x40b004 HeapCompact
0x40b008 GetConsoleAliasExesLengthA
0x40b00c WriteConsoleOutputCharacterA
0x40b010 HeapAlloc
0x40b014 CreateJobObjectW
0x40b018 HeapFree
0x40b01c WaitForSingleObject
0x40b020 CreateHardLinkA
0x40b024 GlobalAlloc
0x40b028 WideCharToMultiByte
0x40b02c GetLocaleInfoW
0x40b030 DnsHostnameToComputerNameW
0x40b034 GetFileAttributesW
0x40b038 GetModuleFileNameW
0x40b03c FindNextVolumeMountPointW
0x40b040 InterlockedExchange
0x40b044 GetStdHandle
0x40b048 FreeLibraryAndExitThread
0x40b04c GetLastError
0x40b050 GetConsoleDisplayMode
0x40b054 BuildCommDCBW
0x40b058 GetNumaHighestNodeNumber
0x40b05c GetAtomNameA
0x40b060 LoadLibraryA
0x40b064 UnhandledExceptionFilter
0x40b068 GetFileType
0x40b06c FindAtomA
0x40b070 ConvertDefaultLocale
0x40b074 VirtualProtect
0x40b078 GetCurrentDirectoryA
0x40b07c ScrollConsoleScreenBufferA
0x40b080 FileTimeToLocalFileTime
0x40b084 HeapReAlloc
0x40b088 GetProcAddress
0x40b08c GetModuleHandleW
0x40b090 ExitProcess
0x40b094 DecodePointer
0x40b098 GetCommandLineA
0x40b09c HeapSetInformation
0x40b0a0 GetStartupInfoW
0x40b0a4 TerminateProcess
0x40b0a8 GetCurrentProcess
0x40b0ac SetUnhandledExceptionFilter
0x40b0b0 IsDebuggerPresent
0x40b0b4 EncodePointer
0x40b0b8 HeapCreate
0x40b0bc InitializeCriticalSectionAndSpinCount
0x40b0c0 DeleteCriticalSection
0x40b0c4 LeaveCriticalSection
0x40b0c8 EnterCriticalSection
0x40b0cc LoadLibraryW
0x40b0d0 TlsAlloc
0x40b0d4 TlsGetValue
0x40b0d8 TlsSetValue
0x40b0dc TlsFree
0x40b0e0 InterlockedIncrement
0x40b0e4 SetLastError
0x40b0e8 GetCurrentThreadId
0x40b0ec InterlockedDecrement
0x40b0f0 WriteFile
0x40b0f4 GetModuleFileNameA
0x40b0f8 FreeEnvironmentStringsW
0x40b0fc GetEnvironmentStringsW
0x40b100 SetHandleCount
0x40b104 QueryPerformanceCounter
0x40b108 GetTickCount
0x40b10c GetCurrentProcessId
0x40b110 GetSystemTimeAsFileTime
0x40b114 Sleep
0x40b118 GetCPInfo
0x40b11c GetACP
0x40b120 GetOEMCP
0x40b124 IsValidCodePage
0x40b128 HeapSize
0x40b12c RtlUnwind
0x40b130 IsProcessorFeaturePresent
0x40b134 LCMapStringW
0x40b138 MultiByteToWideChar
0x40b13c GetStringTypeW
0x40b140 RaiseException
EAT(Export Address Table) is none