ScreenShot
| Created | 2025.04.07 10:06 | Machine | s1_win7_x6403 |
| Filename | 9sWdA2p.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 49 detected (AIDetectMalware, Malicious, score, GenericKD, Unsafe, Save, confidence, GenHeur, MalPbs, gen2, high confidence, GenKryptik, HHYM, DropperX, suWzIcHGsuD, Kryptik, sysxy, AMADEY, YXFDEZ, moderate, Generic Reputation PUA, Static AI, Malicious PE, Detected, GrayWare, Wacapew, Sabsik, ABApplication, BCEX, Artemis, Krypt, HHUD, Wacatac, B9nj) | ||
| md5 | 5adca22ead4505f76b50a154b584df03 | ||
| sha256 | aa7105a237dc64c8eb179f18d54641e5d7b9ab7da7bf71709a0d773f20154778 | ||
| ssdeep | 24576:iexCeFnJ0FrEWGTS1Ew2D7pyLMD6OGuiaTJNjISWOSs9:iexpFJxWGDwC7pyI9JdISP | ||
| imphash | 4f1342a4b5f473a33cad1e0fbbb5c40c | ||
| impfuzzy | 12:oZG8uIX1N0C8FheQ+kkES/mlArvzBZzNXD9gc3:YVFOFFkQ+kkES/KArzBxNXD9g4 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x48bc18 ExitProcess
0x48bc1c GetLogicalProcessorInformation
0x48bc20 GetNativeSystemInfo
0x48bc24 GetProcessHeap
0x48bc28 GetSystemInfo
0x48bc2c GetSystemTimes
0x48bc30 GetThreadPriorityBoost
0x48bc34 GetTickCount
0x48bc38 GlobalMemoryStatusEx
0x48bc3c HeapAlloc
0x48bc40 HeapValidate
0x48bc44 IsDebuggerPresent
0x48bc48 QueryPerformanceCounter
0x48bc4c Sleep
0x48bc50 lstrcmpiW
USER32.dll
0x48bc58 AnimateWindow
0x48bc5c CreateWindowExW
0x48bc60 DefWindowProcW
0x48bc64 GetDesktopWindow
0x48bc68 GetMessageTime
0x48bc6c GetWindowRgnBox
0x48bc70 LoadImageW
0x48bc74 SetLayeredWindowAttributes
0x48bc78 SetWindowFeedbackSetting
EAT(Export Address Table) Library
0x401000 ?DecoyAPICalls@@YAXXZ
KERNEL32.dll
0x48bc18 ExitProcess
0x48bc1c GetLogicalProcessorInformation
0x48bc20 GetNativeSystemInfo
0x48bc24 GetProcessHeap
0x48bc28 GetSystemInfo
0x48bc2c GetSystemTimes
0x48bc30 GetThreadPriorityBoost
0x48bc34 GetTickCount
0x48bc38 GlobalMemoryStatusEx
0x48bc3c HeapAlloc
0x48bc40 HeapValidate
0x48bc44 IsDebuggerPresent
0x48bc48 QueryPerformanceCounter
0x48bc4c Sleep
0x48bc50 lstrcmpiW
USER32.dll
0x48bc58 AnimateWindow
0x48bc5c CreateWindowExW
0x48bc60 DefWindowProcW
0x48bc64 GetDesktopWindow
0x48bc68 GetMessageTime
0x48bc6c GetWindowRgnBox
0x48bc70 LoadImageW
0x48bc74 SetLayeredWindowAttributes
0x48bc78 SetWindowFeedbackSetting
EAT(Export Address Table) Library
0x401000 ?DecoyAPICalls@@YAXXZ