ScreenShot
| Created | 2025.04.09 09:30 | Machine | s1_win7_x6402 |
| Filename | Sewi.exe.0021aed8_00123400.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 40 detected (AIDetectMalware, Malicious, score, Lazy, Unsafe, Save, confidence, Genus, Attribute, HighConfidence, high confidence, Convagent, ShellCodeLoader, CLASSIC, Generic ML PUA, Detected, GenKryptik, LummaStealer, Zusy, R696935, GdSda, PE04C9V, susgen) | ||
| md5 | b7200b147304d0bc49cf8385434791c6 | ||
| sha256 | 826271169b58d653c83ac729eff2eb976f55ccfd806b336744ca29d2cd85cc89 | ||
| ssdeep | 24576:CEhUTi8SQayuIEN8uEQgGlsNFygsnEfzK4fDa4Vkp:YglOFEEfzK2Daia | ||
| imphash | d743740f06aa0a325bb5c948f63319ce | ||
| impfuzzy | 24:UYWDCelQtWOovbOGMUD1uOvgmWDQyl3LPOTw07G5u9VJUsO:UYQC5x361PIhbONGxsO | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400c7f18 CloseHandle
0x1400c7f20 CompareStringW
0x1400c7f28 CreateFileA
0x1400c7f30 CreateFileW
0x1400c7f38 DeleteCriticalSection
0x1400c7f40 EncodePointer
0x1400c7f48 EnterCriticalSection
0x1400c7f50 ExitProcess
0x1400c7f58 FindClose
0x1400c7f60 FindFirstFileExW
0x1400c7f68 FindNextFileW
0x1400c7f70 FlsAlloc
0x1400c7f78 FlsFree
0x1400c7f80 FlsGetValue
0x1400c7f88 FlsSetValue
0x1400c7f90 FlushFileBuffers
0x1400c7f98 FreeEnvironmentStringsW
0x1400c7fa0 FreeLibrary
0x1400c7fa8 GetACP
0x1400c7fb0 GetCPInfo
0x1400c7fb8 GetCommandLineA
0x1400c7fc0 GetCommandLineW
0x1400c7fc8 GetConsoleMode
0x1400c7fd0 GetConsoleOutputCP
0x1400c7fd8 GetCurrentProcess
0x1400c7fe0 GetCurrentProcessId
0x1400c7fe8 GetCurrentThreadId
0x1400c7ff0 GetEnvironmentStringsW
0x1400c7ff8 GetFileSize
0x1400c8000 GetFileType
0x1400c8008 GetLastError
0x1400c8010 GetModuleFileNameW
0x1400c8018 GetModuleHandleExW
0x1400c8020 GetModuleHandleW
0x1400c8028 GetOEMCP
0x1400c8030 GetProcAddress
0x1400c8038 GetProcessHeap
0x1400c8040 GetStartupInfoW
0x1400c8048 GetStdHandle
0x1400c8050 GetStringTypeW
0x1400c8058 GetSystemTimeAsFileTime
0x1400c8060 HeapAlloc
0x1400c8068 HeapFree
0x1400c8070 HeapReAlloc
0x1400c8078 HeapSize
0x1400c8080 InitializeCriticalSectionAndSpinCount
0x1400c8088 InitializeSListHead
0x1400c8090 IsDebuggerPresent
0x1400c8098 IsProcessorFeaturePresent
0x1400c80a0 IsValidCodePage
0x1400c80a8 LCMapStringW
0x1400c80b0 LeaveCriticalSection
0x1400c80b8 LoadLibraryExW
0x1400c80c0 MultiByteToWideChar
0x1400c80c8 QueryPerformanceCounter
0x1400c80d0 RaiseException
0x1400c80d8 ReadFile
0x1400c80e0 RtlCaptureContext
0x1400c80e8 RtlLookupFunctionEntry
0x1400c80f0 RtlPcToFileHeader
0x1400c80f8 RtlUnwindEx
0x1400c8100 RtlVirtualUnwind
0x1400c8108 SetEnvironmentVariableW
0x1400c8110 SetFilePointerEx
0x1400c8118 SetLastError
0x1400c8120 SetStdHandle
0x1400c8128 SetUnhandledExceptionFilter
0x1400c8130 TerminateProcess
0x1400c8138 TlsAlloc
0x1400c8140 TlsFree
0x1400c8148 TlsGetValue
0x1400c8150 TlsSetValue
0x1400c8158 UnhandledExceptionFilter
0x1400c8160 WideCharToMultiByte
0x1400c8168 WriteConsoleW
0x1400c8170 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x1400c7f18 CloseHandle
0x1400c7f20 CompareStringW
0x1400c7f28 CreateFileA
0x1400c7f30 CreateFileW
0x1400c7f38 DeleteCriticalSection
0x1400c7f40 EncodePointer
0x1400c7f48 EnterCriticalSection
0x1400c7f50 ExitProcess
0x1400c7f58 FindClose
0x1400c7f60 FindFirstFileExW
0x1400c7f68 FindNextFileW
0x1400c7f70 FlsAlloc
0x1400c7f78 FlsFree
0x1400c7f80 FlsGetValue
0x1400c7f88 FlsSetValue
0x1400c7f90 FlushFileBuffers
0x1400c7f98 FreeEnvironmentStringsW
0x1400c7fa0 FreeLibrary
0x1400c7fa8 GetACP
0x1400c7fb0 GetCPInfo
0x1400c7fb8 GetCommandLineA
0x1400c7fc0 GetCommandLineW
0x1400c7fc8 GetConsoleMode
0x1400c7fd0 GetConsoleOutputCP
0x1400c7fd8 GetCurrentProcess
0x1400c7fe0 GetCurrentProcessId
0x1400c7fe8 GetCurrentThreadId
0x1400c7ff0 GetEnvironmentStringsW
0x1400c7ff8 GetFileSize
0x1400c8000 GetFileType
0x1400c8008 GetLastError
0x1400c8010 GetModuleFileNameW
0x1400c8018 GetModuleHandleExW
0x1400c8020 GetModuleHandleW
0x1400c8028 GetOEMCP
0x1400c8030 GetProcAddress
0x1400c8038 GetProcessHeap
0x1400c8040 GetStartupInfoW
0x1400c8048 GetStdHandle
0x1400c8050 GetStringTypeW
0x1400c8058 GetSystemTimeAsFileTime
0x1400c8060 HeapAlloc
0x1400c8068 HeapFree
0x1400c8070 HeapReAlloc
0x1400c8078 HeapSize
0x1400c8080 InitializeCriticalSectionAndSpinCount
0x1400c8088 InitializeSListHead
0x1400c8090 IsDebuggerPresent
0x1400c8098 IsProcessorFeaturePresent
0x1400c80a0 IsValidCodePage
0x1400c80a8 LCMapStringW
0x1400c80b0 LeaveCriticalSection
0x1400c80b8 LoadLibraryExW
0x1400c80c0 MultiByteToWideChar
0x1400c80c8 QueryPerformanceCounter
0x1400c80d0 RaiseException
0x1400c80d8 ReadFile
0x1400c80e0 RtlCaptureContext
0x1400c80e8 RtlLookupFunctionEntry
0x1400c80f0 RtlPcToFileHeader
0x1400c80f8 RtlUnwindEx
0x1400c8100 RtlVirtualUnwind
0x1400c8108 SetEnvironmentVariableW
0x1400c8110 SetFilePointerEx
0x1400c8118 SetLastError
0x1400c8120 SetStdHandle
0x1400c8128 SetUnhandledExceptionFilter
0x1400c8130 TerminateProcess
0x1400c8138 TlsAlloc
0x1400c8140 TlsFree
0x1400c8148 TlsGetValue
0x1400c8150 TlsSetValue
0x1400c8158 UnhandledExceptionFilter
0x1400c8160 WideCharToMultiByte
0x1400c8168 WriteConsoleW
0x1400c8170 WriteFile
EAT(Export Address Table) is none