ScreenShot
| Created | 2025.04.08 09:15 | Machine | s1_win7_x6403 |
| Filename | Nehh6wZ.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (AIDetectMalware, Lazy, Unsafe, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, HHSW, CrypterX, Lumma, Kryptik@AI, RDML, 3ggn9pKdMGWvFLSql8hHqQ, Generic ML PUA, Sabsik) | ||
| md5 | cc1988650b5fe3e0dfb8632a77b2a9ac | ||
| sha256 | d63135791ebcbead27ea97784e9076963028508ed4c26f454c24479ded5a71aa | ||
| ssdeep | 24576:BulIExtUXbaVQfcZe1MEw4nvHloxA2I1I16Qq5G:BuyExtUSwcZu7vYAjIXqG | ||
| imphash | b2c200f5e4fd63f73dca30ad3ac2c240 | ||
| impfuzzy | 24:hWs5WDCelQtzOovbOGMUD1uUvg0WDQ7UlnULPxQTRKT07GiJUc8:hW0QC5y361PoJUbxQ/GJc8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14008eea8 AcquireSRWLockExclusive
0x14008eeb0 CloseHandle
0x14008eeb8 CloseThreadpoolWork
0x14008eec0 CreateFileA
0x14008eec8 CreateFileW
0x14008eed0 CreateThreadpoolWork
0x14008eed8 DeleteCriticalSection
0x14008eee0 EncodePointer
0x14008eee8 EnterCriticalSection
0x14008eef0 ExitProcess
0x14008eef8 FindClose
0x14008ef00 FindFirstFileExW
0x14008ef08 FindNextFileW
0x14008ef10 FlsAlloc
0x14008ef18 FlsFree
0x14008ef20 FlsGetValue
0x14008ef28 FlsSetValue
0x14008ef30 FlushFileBuffers
0x14008ef38 FreeEnvironmentStringsW
0x14008ef40 FreeLibrary
0x14008ef48 FreeLibraryWhenCallbackReturns
0x14008ef50 GetACP
0x14008ef58 GetCPInfo
0x14008ef60 GetCommandLineA
0x14008ef68 GetCommandLineW
0x14008ef70 GetConsoleMode
0x14008ef78 GetConsoleOutputCP
0x14008ef80 GetCurrentProcess
0x14008ef88 GetCurrentProcessId
0x14008ef90 GetCurrentThreadId
0x14008ef98 GetEnvironmentStringsW
0x14008efa0 GetFileSize
0x14008efa8 GetFileSizeEx
0x14008efb0 GetFileType
0x14008efb8 GetLastError
0x14008efc0 GetModuleFileNameA
0x14008efc8 GetModuleFileNameW
0x14008efd0 GetModuleHandleExW
0x14008efd8 GetModuleHandleW
0x14008efe0 GetOEMCP
0x14008efe8 GetProcAddress
0x14008eff0 GetProcessHeap
0x14008eff8 GetStartupInfoW
0x14008f000 GetStdHandle
0x14008f008 GetStringTypeW
0x14008f010 GetSystemTimeAsFileTime
0x14008f018 HeapAlloc
0x14008f020 HeapFree
0x14008f028 HeapReAlloc
0x14008f030 HeapSize
0x14008f038 InitOnceBeginInitialize
0x14008f040 InitOnceComplete
0x14008f048 InitializeCriticalSectionAndSpinCount
0x14008f050 InitializeCriticalSectionEx
0x14008f058 InitializeSListHead
0x14008f060 IsDebuggerPresent
0x14008f068 IsProcessorFeaturePresent
0x14008f070 IsValidCodePage
0x14008f078 LCMapStringW
0x14008f080 LeaveCriticalSection
0x14008f088 LoadLibraryExW
0x14008f090 MultiByteToWideChar
0x14008f098 QueryPerformanceCounter
0x14008f0a0 QueryPerformanceFrequency
0x14008f0a8 RaiseException
0x14008f0b0 ReadFile
0x14008f0b8 ReleaseSRWLockExclusive
0x14008f0c0 RtlCaptureContext
0x14008f0c8 RtlLookupFunctionEntry
0x14008f0d0 RtlPcToFileHeader
0x14008f0d8 RtlUnwindEx
0x14008f0e0 RtlVirtualUnwind
0x14008f0e8 SetFilePointerEx
0x14008f0f0 SetLastError
0x14008f0f8 SetStdHandle
0x14008f100 SetUnhandledExceptionFilter
0x14008f108 Sleep
0x14008f110 SleepConditionVariableSRW
0x14008f118 SubmitThreadpoolWork
0x14008f120 TerminateProcess
0x14008f128 TlsAlloc
0x14008f130 TlsFree
0x14008f138 TlsGetValue
0x14008f140 TlsSetValue
0x14008f148 TryAcquireSRWLockExclusive
0x14008f150 UnhandledExceptionFilter
0x14008f158 WakeAllConditionVariable
0x14008f160 WideCharToMultiByte
0x14008f168 WriteConsoleW
0x14008f170 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x14008eea8 AcquireSRWLockExclusive
0x14008eeb0 CloseHandle
0x14008eeb8 CloseThreadpoolWork
0x14008eec0 CreateFileA
0x14008eec8 CreateFileW
0x14008eed0 CreateThreadpoolWork
0x14008eed8 DeleteCriticalSection
0x14008eee0 EncodePointer
0x14008eee8 EnterCriticalSection
0x14008eef0 ExitProcess
0x14008eef8 FindClose
0x14008ef00 FindFirstFileExW
0x14008ef08 FindNextFileW
0x14008ef10 FlsAlloc
0x14008ef18 FlsFree
0x14008ef20 FlsGetValue
0x14008ef28 FlsSetValue
0x14008ef30 FlushFileBuffers
0x14008ef38 FreeEnvironmentStringsW
0x14008ef40 FreeLibrary
0x14008ef48 FreeLibraryWhenCallbackReturns
0x14008ef50 GetACP
0x14008ef58 GetCPInfo
0x14008ef60 GetCommandLineA
0x14008ef68 GetCommandLineW
0x14008ef70 GetConsoleMode
0x14008ef78 GetConsoleOutputCP
0x14008ef80 GetCurrentProcess
0x14008ef88 GetCurrentProcessId
0x14008ef90 GetCurrentThreadId
0x14008ef98 GetEnvironmentStringsW
0x14008efa0 GetFileSize
0x14008efa8 GetFileSizeEx
0x14008efb0 GetFileType
0x14008efb8 GetLastError
0x14008efc0 GetModuleFileNameA
0x14008efc8 GetModuleFileNameW
0x14008efd0 GetModuleHandleExW
0x14008efd8 GetModuleHandleW
0x14008efe0 GetOEMCP
0x14008efe8 GetProcAddress
0x14008eff0 GetProcessHeap
0x14008eff8 GetStartupInfoW
0x14008f000 GetStdHandle
0x14008f008 GetStringTypeW
0x14008f010 GetSystemTimeAsFileTime
0x14008f018 HeapAlloc
0x14008f020 HeapFree
0x14008f028 HeapReAlloc
0x14008f030 HeapSize
0x14008f038 InitOnceBeginInitialize
0x14008f040 InitOnceComplete
0x14008f048 InitializeCriticalSectionAndSpinCount
0x14008f050 InitializeCriticalSectionEx
0x14008f058 InitializeSListHead
0x14008f060 IsDebuggerPresent
0x14008f068 IsProcessorFeaturePresent
0x14008f070 IsValidCodePage
0x14008f078 LCMapStringW
0x14008f080 LeaveCriticalSection
0x14008f088 LoadLibraryExW
0x14008f090 MultiByteToWideChar
0x14008f098 QueryPerformanceCounter
0x14008f0a0 QueryPerformanceFrequency
0x14008f0a8 RaiseException
0x14008f0b0 ReadFile
0x14008f0b8 ReleaseSRWLockExclusive
0x14008f0c0 RtlCaptureContext
0x14008f0c8 RtlLookupFunctionEntry
0x14008f0d0 RtlPcToFileHeader
0x14008f0d8 RtlUnwindEx
0x14008f0e0 RtlVirtualUnwind
0x14008f0e8 SetFilePointerEx
0x14008f0f0 SetLastError
0x14008f0f8 SetStdHandle
0x14008f100 SetUnhandledExceptionFilter
0x14008f108 Sleep
0x14008f110 SleepConditionVariableSRW
0x14008f118 SubmitThreadpoolWork
0x14008f120 TerminateProcess
0x14008f128 TlsAlloc
0x14008f130 TlsFree
0x14008f138 TlsGetValue
0x14008f140 TlsSetValue
0x14008f148 TryAcquireSRWLockExclusive
0x14008f150 UnhandledExceptionFilter
0x14008f158 WakeAllConditionVariable
0x14008f160 WideCharToMultiByte
0x14008f168 WriteConsoleW
0x14008f170 WriteFile
EAT(Export Address Table) is none