ScreenShot
| Created | 2025.04.04 09:58 | Machine | s1_win7_x6403 |
| Filename | v1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 50 detected (AIDetectMalware, Fsysna, Malicious, score, Artemis, Lazy, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, moderate confidence, AHGU, MalwareX, CLOUD, zcthx, DarkCrystal, high, Static AI, Malicious PE, Detected, GrayWare, Wacapew, Wacatac, ABApplication, GSJC, BScope, Chgt, PE04C9V, Gencirc, susgen, PossibleThreat, C9nj) | ||
| md5 | 5b61fae91f37fdfd32ff77482ae052de | ||
| sha256 | 08bd79b8333434a9f742c9e686f1586712bc5c16b306b029b1bb35d6ac06a41e | ||
| ssdeep | 49152:8BtYGfDXn9BbTm1Sgc33QkkUWr4ysJtWFcMESQw1jetufbP49GDt7AXQ2sFC5fmn:KYYVJQklcRMKje+A9Yt8A2sSm82 | ||
| imphash | 7834776e1264ca97747afdbb59e43246 | ||
| impfuzzy | 24:ziucpVWjstMS1JMdlJBl3eDoxHvJ9GZYGMACpOovbOPZpP:eucpVwstMS1JMDphyZ/3jP | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| watch | Detects VMWare through the in instruction feature |
| notice | A process created a hidden window |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Performs some HTTP requests |
| notice | Resolves a suspicious Top Level Domain (TLD) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x425000 SetErrorMode
0x425004 Sleep
0x425008 GetTempPathA
0x42500c CloseHandle
0x425010 ExitProcess
0x425014 CreateProcessA
0x425018 GetTempFileNameA
0x42501c IsDebuggerPresent
0x425020 WriteConsoleW
0x425024 HeapSize
0x425028 CreateFileW
0x42502c GetProcessHeap
0x425030 SetStdHandle
0x425034 EnterCriticalSection
0x425038 LeaveCriticalSection
0x42503c InitializeCriticalSectionEx
0x425040 DeleteCriticalSection
0x425044 EncodePointer
0x425048 DecodePointer
0x42504c MultiByteToWideChar
0x425050 WideCharToMultiByte
0x425054 LCMapStringEx
0x425058 GetStringTypeW
0x42505c GetCPInfo
0x425060 UnhandledExceptionFilter
0x425064 SetUnhandledExceptionFilter
0x425068 GetCurrentProcess
0x42506c TerminateProcess
0x425070 IsProcessorFeaturePresent
0x425074 QueryPerformanceCounter
0x425078 GetCurrentProcessId
0x42507c GetCurrentThreadId
0x425080 GetSystemTimeAsFileTime
0x425084 InitializeSListHead
0x425088 GetStartupInfoW
0x42508c GetModuleHandleW
0x425090 RtlUnwind
0x425094 RaiseException
0x425098 GetLastError
0x42509c SetLastError
0x4250a0 InitializeCriticalSectionAndSpinCount
0x4250a4 TlsAlloc
0x4250a8 TlsGetValue
0x4250ac TlsSetValue
0x4250b0 TlsFree
0x4250b4 FreeLibrary
0x4250b8 GetProcAddress
0x4250bc LoadLibraryExW
0x4250c0 GetStdHandle
0x4250c4 WriteFile
0x4250c8 GetModuleFileNameW
0x4250cc GetModuleHandleExW
0x4250d0 GetFileSizeEx
0x4250d4 SetFilePointerEx
0x4250d8 GetFileType
0x4250dc HeapAlloc
0x4250e0 HeapFree
0x4250e4 FlsAlloc
0x4250e8 FlsGetValue
0x4250ec FlsSetValue
0x4250f0 FlsFree
0x4250f4 VirtualProtect
0x4250f8 LCMapStringW
0x4250fc GetLocaleInfoW
0x425100 IsValidLocale
0x425104 GetUserDefaultLCID
0x425108 EnumSystemLocalesW
0x42510c FlushFileBuffers
0x425110 GetConsoleOutputCP
0x425114 GetConsoleMode
0x425118 ReadFile
0x42511c ReadConsoleW
0x425120 HeapReAlloc
0x425124 FindClose
0x425128 FindFirstFileExW
0x42512c FindNextFileW
0x425130 IsValidCodePage
0x425134 GetACP
0x425138 GetOEMCP
0x42513c GetCommandLineA
0x425140 GetCommandLineW
0x425144 GetEnvironmentStringsW
0x425148 FreeEnvironmentStringsW
0x42514c SetEndOfFile
WININET.dll
0x425154 InternetOpenW
0x425158 InternetOpenUrlA
0x42515c InternetCloseHandle
0x425160 InternetReadFile
EAT(Export Address Table) is none
KERNEL32.dll
0x425000 SetErrorMode
0x425004 Sleep
0x425008 GetTempPathA
0x42500c CloseHandle
0x425010 ExitProcess
0x425014 CreateProcessA
0x425018 GetTempFileNameA
0x42501c IsDebuggerPresent
0x425020 WriteConsoleW
0x425024 HeapSize
0x425028 CreateFileW
0x42502c GetProcessHeap
0x425030 SetStdHandle
0x425034 EnterCriticalSection
0x425038 LeaveCriticalSection
0x42503c InitializeCriticalSectionEx
0x425040 DeleteCriticalSection
0x425044 EncodePointer
0x425048 DecodePointer
0x42504c MultiByteToWideChar
0x425050 WideCharToMultiByte
0x425054 LCMapStringEx
0x425058 GetStringTypeW
0x42505c GetCPInfo
0x425060 UnhandledExceptionFilter
0x425064 SetUnhandledExceptionFilter
0x425068 GetCurrentProcess
0x42506c TerminateProcess
0x425070 IsProcessorFeaturePresent
0x425074 QueryPerformanceCounter
0x425078 GetCurrentProcessId
0x42507c GetCurrentThreadId
0x425080 GetSystemTimeAsFileTime
0x425084 InitializeSListHead
0x425088 GetStartupInfoW
0x42508c GetModuleHandleW
0x425090 RtlUnwind
0x425094 RaiseException
0x425098 GetLastError
0x42509c SetLastError
0x4250a0 InitializeCriticalSectionAndSpinCount
0x4250a4 TlsAlloc
0x4250a8 TlsGetValue
0x4250ac TlsSetValue
0x4250b0 TlsFree
0x4250b4 FreeLibrary
0x4250b8 GetProcAddress
0x4250bc LoadLibraryExW
0x4250c0 GetStdHandle
0x4250c4 WriteFile
0x4250c8 GetModuleFileNameW
0x4250cc GetModuleHandleExW
0x4250d0 GetFileSizeEx
0x4250d4 SetFilePointerEx
0x4250d8 GetFileType
0x4250dc HeapAlloc
0x4250e0 HeapFree
0x4250e4 FlsAlloc
0x4250e8 FlsGetValue
0x4250ec FlsSetValue
0x4250f0 FlsFree
0x4250f4 VirtualProtect
0x4250f8 LCMapStringW
0x4250fc GetLocaleInfoW
0x425100 IsValidLocale
0x425104 GetUserDefaultLCID
0x425108 EnumSystemLocalesW
0x42510c FlushFileBuffers
0x425110 GetConsoleOutputCP
0x425114 GetConsoleMode
0x425118 ReadFile
0x42511c ReadConsoleW
0x425120 HeapReAlloc
0x425124 FindClose
0x425128 FindFirstFileExW
0x42512c FindNextFileW
0x425130 IsValidCodePage
0x425134 GetACP
0x425138 GetOEMCP
0x42513c GetCommandLineA
0x425140 GetCommandLineW
0x425144 GetEnvironmentStringsW
0x425148 FreeEnvironmentStringsW
0x42514c SetEndOfFile
WININET.dll
0x425154 InternetOpenW
0x425158 InternetOpenUrlA
0x42515c InternetCloseHandle
0x425160 InternetReadFile
EAT(Export Address Table) is none