ScreenShot
| Created | 2025.04.07 10:01 | Machine | s1_win7_x6403 |
| Filename | edge-updater.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (Redcap, Malicious, score, Ghanarava, Artemis, GenericKD, Unsafe, Vdul, confidence, 100%, Genus, Attribute, HighConfidence, Windows, IoRing, CVE-2023-2176, ExploitX, UgNWwTKzlAQ, syvqb, CVE-2020-2321, CVE202321768, R002C0PCN23, HackTool, Convagent, Detected, Malware@#3gc0cfy764mto, ABApplication, NKKF, Chgt, Gencirc, susgen) | ||
| md5 | efc7c1d297e62692b01aa19e04b003f2 | ||
| sha256 | 4470ca1e8fbf3c32e79b2e012963b9a148f4bba0e386ce425566f563a6feac06 | ||
| ssdeep | 3072:3quf5ohFrwtb6nFBN8Dd2XEtrJAZNPFuQ:3tohFrwcnFCd2XEs4Q | ||
| imphash | 4d331e861ce5ef9f1ddac1952e4ad3e5 | ||
| impfuzzy | 24:2LFGDaNNsSziJ3CF02tMX7UJnc+pl39/CuZoEOovbO+RPvRRZHu9dGMr:QPiJ3CltMX7Ec+ppQuZc3anS | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140017000 VirtualFree
0x140017008 VirtualAlloc
0x140017010 GetModuleHandleA
0x140017018 CreateEventW
0x140017020 GetLastError
0x140017028 CloseHandle
0x140017030 GetProcAddress
0x140017038 ReadFile
0x140017040 BuildIoRingReadFile
0x140017048 HeapFree
0x140017050 WriteFile
0x140017058 CreateNamedPipeW
0x140017060 CreateFileW
0x140017068 OpenProcess
0x140017070 HeapReAlloc
0x140017078 HeapAlloc
0x140017080 SubmitIoRing
0x140017088 GetCurrentProcessId
0x140017090 GetProcessHeap
0x140017098 PopIoRingCompletion
0x1400170a0 BuildIoRingWriteFile
0x1400170a8 CreateIoRing
0x1400170b0 WriteConsoleW
0x1400170b8 RtlCaptureContext
0x1400170c0 RtlLookupFunctionEntry
0x1400170c8 RtlVirtualUnwind
0x1400170d0 UnhandledExceptionFilter
0x1400170d8 SetUnhandledExceptionFilter
0x1400170e0 GetCurrentProcess
0x1400170e8 TerminateProcess
0x1400170f0 IsProcessorFeaturePresent
0x1400170f8 QueryPerformanceCounter
0x140017100 GetCurrentThreadId
0x140017108 GetSystemTimeAsFileTime
0x140017110 InitializeSListHead
0x140017118 IsDebuggerPresent
0x140017120 GetStartupInfoW
0x140017128 GetModuleHandleW
0x140017130 RtlUnwindEx
0x140017138 SetLastError
0x140017140 EnterCriticalSection
0x140017148 LeaveCriticalSection
0x140017150 DeleteCriticalSection
0x140017158 InitializeCriticalSectionAndSpinCount
0x140017160 TlsAlloc
0x140017168 TlsGetValue
0x140017170 TlsSetValue
0x140017178 TlsFree
0x140017180 FreeLibrary
0x140017188 LoadLibraryExW
0x140017190 EncodePointer
0x140017198 RaiseException
0x1400171a0 RtlPcToFileHeader
0x1400171a8 GetStdHandle
0x1400171b0 GetModuleFileNameW
0x1400171b8 ExitProcess
0x1400171c0 GetModuleHandleExW
0x1400171c8 GetCommandLineA
0x1400171d0 GetCommandLineW
0x1400171d8 FlsAlloc
0x1400171e0 FlsGetValue
0x1400171e8 FlsSetValue
0x1400171f0 FlsFree
0x1400171f8 CompareStringW
0x140017200 LCMapStringW
0x140017208 GetFileType
0x140017210 FindClose
0x140017218 FindFirstFileExW
0x140017220 FindNextFileW
0x140017228 IsValidCodePage
0x140017230 GetACP
0x140017238 GetOEMCP
0x140017240 GetCPInfo
0x140017248 MultiByteToWideChar
0x140017250 WideCharToMultiByte
0x140017258 GetEnvironmentStringsW
0x140017260 FreeEnvironmentStringsW
0x140017268 SetEnvironmentVariableW
0x140017270 SetStdHandle
0x140017278 GetStringTypeW
0x140017280 FlushFileBuffers
0x140017288 GetConsoleOutputCP
0x140017290 GetConsoleMode
0x140017298 GetFileSizeEx
0x1400172a0 SetFilePointerEx
0x1400172a8 HeapSize
EAT(Export Address Table) is none
KERNEL32.dll
0x140017000 VirtualFree
0x140017008 VirtualAlloc
0x140017010 GetModuleHandleA
0x140017018 CreateEventW
0x140017020 GetLastError
0x140017028 CloseHandle
0x140017030 GetProcAddress
0x140017038 ReadFile
0x140017040 BuildIoRingReadFile
0x140017048 HeapFree
0x140017050 WriteFile
0x140017058 CreateNamedPipeW
0x140017060 CreateFileW
0x140017068 OpenProcess
0x140017070 HeapReAlloc
0x140017078 HeapAlloc
0x140017080 SubmitIoRing
0x140017088 GetCurrentProcessId
0x140017090 GetProcessHeap
0x140017098 PopIoRingCompletion
0x1400170a0 BuildIoRingWriteFile
0x1400170a8 CreateIoRing
0x1400170b0 WriteConsoleW
0x1400170b8 RtlCaptureContext
0x1400170c0 RtlLookupFunctionEntry
0x1400170c8 RtlVirtualUnwind
0x1400170d0 UnhandledExceptionFilter
0x1400170d8 SetUnhandledExceptionFilter
0x1400170e0 GetCurrentProcess
0x1400170e8 TerminateProcess
0x1400170f0 IsProcessorFeaturePresent
0x1400170f8 QueryPerformanceCounter
0x140017100 GetCurrentThreadId
0x140017108 GetSystemTimeAsFileTime
0x140017110 InitializeSListHead
0x140017118 IsDebuggerPresent
0x140017120 GetStartupInfoW
0x140017128 GetModuleHandleW
0x140017130 RtlUnwindEx
0x140017138 SetLastError
0x140017140 EnterCriticalSection
0x140017148 LeaveCriticalSection
0x140017150 DeleteCriticalSection
0x140017158 InitializeCriticalSectionAndSpinCount
0x140017160 TlsAlloc
0x140017168 TlsGetValue
0x140017170 TlsSetValue
0x140017178 TlsFree
0x140017180 FreeLibrary
0x140017188 LoadLibraryExW
0x140017190 EncodePointer
0x140017198 RaiseException
0x1400171a0 RtlPcToFileHeader
0x1400171a8 GetStdHandle
0x1400171b0 GetModuleFileNameW
0x1400171b8 ExitProcess
0x1400171c0 GetModuleHandleExW
0x1400171c8 GetCommandLineA
0x1400171d0 GetCommandLineW
0x1400171d8 FlsAlloc
0x1400171e0 FlsGetValue
0x1400171e8 FlsSetValue
0x1400171f0 FlsFree
0x1400171f8 CompareStringW
0x140017200 LCMapStringW
0x140017208 GetFileType
0x140017210 FindClose
0x140017218 FindFirstFileExW
0x140017220 FindNextFileW
0x140017228 IsValidCodePage
0x140017230 GetACP
0x140017238 GetOEMCP
0x140017240 GetCPInfo
0x140017248 MultiByteToWideChar
0x140017250 WideCharToMultiByte
0x140017258 GetEnvironmentStringsW
0x140017260 FreeEnvironmentStringsW
0x140017268 SetEnvironmentVariableW
0x140017270 SetStdHandle
0x140017278 GetStringTypeW
0x140017280 FlushFileBuffers
0x140017288 GetConsoleOutputCP
0x140017290 GetConsoleMode
0x140017298 GetFileSizeEx
0x1400172a0 SetFilePointerEx
0x1400172a8 HeapSize
EAT(Export Address Table) is none