ScreenShot
| Created | 2025.04.07 10:01 | Machine | s1_win7_x6401 |
| Filename | HashDrop.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 54 detected (AIDetectMalware, malicious, high confidence, score, Ghanarava, Artemis, @x0@aW, u74li, Unsafe, GenericKD, Save, confidence, 100%, GenHeur, Kryptik, HYUP, tkcrqv, ShellCodeLoader, CLASSIC, pmwza, Siggen31, high, Static AI, Malicious PE, Detected, GrayWare, Wacapew, LummaC, ABApplication, AZKL, Sabsik, BScope, Stealc, Chgt, PE04C9V, Gencirc, susgen, PossibleThreat, FMC2XJC) | ||
| md5 | 524faa5c0e252d6edebacc31ec488d31 | ||
| sha256 | ab8d42ebe660e813c943cacc78d23b80f9ba88392ff32fc3ae07fabaaeb13647 | ||
| ssdeep | 98304:z8oKhObimn6gZvA8nqOdZbWGPTyj7UHvzjZ2ejcdVgSRXWxepmm0uHq1VNae10l5:z8rsFRZ4mqOTKGbGw7j4hdKKXnl0uHqY | ||
| imphash | 1b088a03e230d1f75f7d6f7f538ea8ea | ||
| impfuzzy | 24:p7TUHwj2k3zrzizDBtFkEkwkgx/oWT8v9R25K8zBMIX1/mu3:p7N9Drz09tFkEk/glorR2Uwd/d3 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x471bb0 CloseHandle
0x471bb4 CopyFileW
0x471bb8 CreateFileW
0x471bbc ExitProcess
0x471bc0 GetCurrentProcess
0x471bc4 GetLastError
0x471bc8 GetLocalTime
0x471bcc GetModuleFileNameW
0x471bd0 GetSystemInfo
0x471bd4 GetTempPathW
0x471bd8 GetTickCount
0x471bdc GlobalMemoryStatusEx
0x471be0 LocalAlloc
0x471be4 LocalFree
0x471be8 ReadFile
0x471bec SetFilePointer
0x471bf0 Sleep
0x471bf4 VirtualAlloc
0x471bf8 VirtualFree
0x471bfc WriteFile
0x471c00 lstrcatW
0x471c04 lstrlenW
USER32.dll
0x471c0c FindWindowW
0x471c10 GetCursorPos
0x471c14 GetDesktopWindow
0x471c18 GetForegroundWindow
0x471c1c GetKeyState
0x471c20 GetSysColor
0x471c24 GetSystemMetrics
0x471c28 GetWindowLongW
0x471c2c GetWindowTextW
0x471c30 MessageBoxW
0x471c34 SendMessageW
0x471c38 SetWindowLongW
0x471c3c wsprintfW
ADVAPI32.dll
0x471c44 CryptAcquireContextW
0x471c48 CryptDestroyKey
0x471c4c CryptGenKey
0x471c50 CryptReleaseContext
0x471c54 GetSidSubAuthority
0x471c58 GetSidSubAuthorityCount
0x471c5c GetTokenInformation
0x471c60 GetUserNameW
0x471c64 OpenProcessToken
0x471c68 RegCloseKey
0x471c6c RegOpenKeyExW
0x471c70 RegOpenKeyW
0x471c74 RegQueryValueExW
0x471c78 RegSetValueExW
EAT(Export Address Table) is none
KERNEL32.dll
0x471bb0 CloseHandle
0x471bb4 CopyFileW
0x471bb8 CreateFileW
0x471bbc ExitProcess
0x471bc0 GetCurrentProcess
0x471bc4 GetLastError
0x471bc8 GetLocalTime
0x471bcc GetModuleFileNameW
0x471bd0 GetSystemInfo
0x471bd4 GetTempPathW
0x471bd8 GetTickCount
0x471bdc GlobalMemoryStatusEx
0x471be0 LocalAlloc
0x471be4 LocalFree
0x471be8 ReadFile
0x471bec SetFilePointer
0x471bf0 Sleep
0x471bf4 VirtualAlloc
0x471bf8 VirtualFree
0x471bfc WriteFile
0x471c00 lstrcatW
0x471c04 lstrlenW
USER32.dll
0x471c0c FindWindowW
0x471c10 GetCursorPos
0x471c14 GetDesktopWindow
0x471c18 GetForegroundWindow
0x471c1c GetKeyState
0x471c20 GetSysColor
0x471c24 GetSystemMetrics
0x471c28 GetWindowLongW
0x471c2c GetWindowTextW
0x471c30 MessageBoxW
0x471c34 SendMessageW
0x471c38 SetWindowLongW
0x471c3c wsprintfW
ADVAPI32.dll
0x471c44 CryptAcquireContextW
0x471c48 CryptDestroyKey
0x471c4c CryptGenKey
0x471c50 CryptReleaseContext
0x471c54 GetSidSubAuthority
0x471c58 GetSidSubAuthorityCount
0x471c5c GetTokenInformation
0x471c60 GetUserNameW
0x471c64 OpenProcessToken
0x471c68 RegCloseKey
0x471c6c RegOpenKeyExW
0x471c70 RegOpenKeyW
0x471c74 RegQueryValueExW
0x471c78 RegSetValueExW
EAT(Export Address Table) is none