ScreenShot
| Created | 2025.04.07 10:41 | Machine | s1_win7_x6401 |
| Filename | s9471.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 35 detected (AIDetectMalware, Lumma, Trickbot, Unsafe, Save, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, CrypterX, score, DcRat, OfHhlSV0GZG, Static AI, Suspicious PE, Detected, Wacatac, ABTrojan, UQBE, Artemis, Chgt, PE04C9V, susgen, Wacapew, C9nj) | ||
| md5 | f258ba9ca646b9749d7f22a3dfdc77d2 | ||
| sha256 | fcc3edcd526b0c746998d72af8ce9cc29b0bd801f767078cc472f93d57eee9ef | ||
| ssdeep | 24576:AwUXFRm7/J2sC0atSlUUQx287txxQ2FWdlpyDd:Aw6I8MgSlfSXtxxx2sDd | ||
| imphash | 8beb5ca1ff83475ee16fa1a921765aab | ||
| impfuzzy | 24:aWDCelQtWOovbOGMUD1uUvg0WDQyl3LPOTw07GiJUsO:aQC5x361PihbONGJsO | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140032ad8 CloseHandle
0x140032ae0 CreateFileA
0x140032ae8 CreateFileW
0x140032af0 DeleteCriticalSection
0x140032af8 EncodePointer
0x140032b00 EnterCriticalSection
0x140032b08 ExitProcess
0x140032b10 FindClose
0x140032b18 FindFirstFileExW
0x140032b20 FindNextFileW
0x140032b28 FlsAlloc
0x140032b30 FlsFree
0x140032b38 FlsGetValue
0x140032b40 FlsSetValue
0x140032b48 FlushFileBuffers
0x140032b50 FreeEnvironmentStringsW
0x140032b58 FreeLibrary
0x140032b60 GetACP
0x140032b68 GetCPInfo
0x140032b70 GetCommandLineA
0x140032b78 GetCommandLineW
0x140032b80 GetConsoleMode
0x140032b88 GetConsoleOutputCP
0x140032b90 GetCurrentProcess
0x140032b98 GetCurrentProcessId
0x140032ba0 GetCurrentThreadId
0x140032ba8 GetEnvironmentStringsW
0x140032bb0 GetFileSize
0x140032bb8 GetFileSizeEx
0x140032bc0 GetFileType
0x140032bc8 GetLastError
0x140032bd0 GetModuleFileNameA
0x140032bd8 GetModuleFileNameW
0x140032be0 GetModuleHandleExW
0x140032be8 GetModuleHandleW
0x140032bf0 GetOEMCP
0x140032bf8 GetProcAddress
0x140032c00 GetProcessHeap
0x140032c08 GetStartupInfoW
0x140032c10 GetStdHandle
0x140032c18 GetStringTypeW
0x140032c20 GetSystemTimeAsFileTime
0x140032c28 HeapAlloc
0x140032c30 HeapFree
0x140032c38 HeapReAlloc
0x140032c40 HeapSize
0x140032c48 InitializeCriticalSectionAndSpinCount
0x140032c50 InitializeSListHead
0x140032c58 IsDebuggerPresent
0x140032c60 IsProcessorFeaturePresent
0x140032c68 IsValidCodePage
0x140032c70 LCMapStringW
0x140032c78 LeaveCriticalSection
0x140032c80 LoadLibraryExW
0x140032c88 MultiByteToWideChar
0x140032c90 QueryPerformanceCounter
0x140032c98 RaiseException
0x140032ca0 ReadFile
0x140032ca8 RtlCaptureContext
0x140032cb0 RtlLookupFunctionEntry
0x140032cb8 RtlPcToFileHeader
0x140032cc0 RtlUnwindEx
0x140032cc8 RtlVirtualUnwind
0x140032cd0 SetFilePointerEx
0x140032cd8 SetLastError
0x140032ce0 SetStdHandle
0x140032ce8 SetUnhandledExceptionFilter
0x140032cf0 TerminateProcess
0x140032cf8 TlsAlloc
0x140032d00 TlsFree
0x140032d08 TlsGetValue
0x140032d10 TlsSetValue
0x140032d18 UnhandledExceptionFilter
0x140032d20 WideCharToMultiByte
0x140032d28 WriteConsoleW
0x140032d30 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x140032ad8 CloseHandle
0x140032ae0 CreateFileA
0x140032ae8 CreateFileW
0x140032af0 DeleteCriticalSection
0x140032af8 EncodePointer
0x140032b00 EnterCriticalSection
0x140032b08 ExitProcess
0x140032b10 FindClose
0x140032b18 FindFirstFileExW
0x140032b20 FindNextFileW
0x140032b28 FlsAlloc
0x140032b30 FlsFree
0x140032b38 FlsGetValue
0x140032b40 FlsSetValue
0x140032b48 FlushFileBuffers
0x140032b50 FreeEnvironmentStringsW
0x140032b58 FreeLibrary
0x140032b60 GetACP
0x140032b68 GetCPInfo
0x140032b70 GetCommandLineA
0x140032b78 GetCommandLineW
0x140032b80 GetConsoleMode
0x140032b88 GetConsoleOutputCP
0x140032b90 GetCurrentProcess
0x140032b98 GetCurrentProcessId
0x140032ba0 GetCurrentThreadId
0x140032ba8 GetEnvironmentStringsW
0x140032bb0 GetFileSize
0x140032bb8 GetFileSizeEx
0x140032bc0 GetFileType
0x140032bc8 GetLastError
0x140032bd0 GetModuleFileNameA
0x140032bd8 GetModuleFileNameW
0x140032be0 GetModuleHandleExW
0x140032be8 GetModuleHandleW
0x140032bf0 GetOEMCP
0x140032bf8 GetProcAddress
0x140032c00 GetProcessHeap
0x140032c08 GetStartupInfoW
0x140032c10 GetStdHandle
0x140032c18 GetStringTypeW
0x140032c20 GetSystemTimeAsFileTime
0x140032c28 HeapAlloc
0x140032c30 HeapFree
0x140032c38 HeapReAlloc
0x140032c40 HeapSize
0x140032c48 InitializeCriticalSectionAndSpinCount
0x140032c50 InitializeSListHead
0x140032c58 IsDebuggerPresent
0x140032c60 IsProcessorFeaturePresent
0x140032c68 IsValidCodePage
0x140032c70 LCMapStringW
0x140032c78 LeaveCriticalSection
0x140032c80 LoadLibraryExW
0x140032c88 MultiByteToWideChar
0x140032c90 QueryPerformanceCounter
0x140032c98 RaiseException
0x140032ca0 ReadFile
0x140032ca8 RtlCaptureContext
0x140032cb0 RtlLookupFunctionEntry
0x140032cb8 RtlPcToFileHeader
0x140032cc0 RtlUnwindEx
0x140032cc8 RtlVirtualUnwind
0x140032cd0 SetFilePointerEx
0x140032cd8 SetLastError
0x140032ce0 SetStdHandle
0x140032ce8 SetUnhandledExceptionFilter
0x140032cf0 TerminateProcess
0x140032cf8 TlsAlloc
0x140032d00 TlsFree
0x140032d08 TlsGetValue
0x140032d10 TlsSetValue
0x140032d18 UnhandledExceptionFilter
0x140032d20 WideCharToMultiByte
0x140032d28 WriteConsoleW
0x140032d30 WriteFile
EAT(Export Address Table) is none