ScreenShot
| Created | 2025.04.10 01:45 | Machine | s1_win7_x6401 |
| Filename | CarZ.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 7 detected (AIDetectMalware, Malicious, score, Unsafe, confidence, BScope, Sabsik) | ||
| md5 | 33a2df57afcf0e90607ab3a604ab6939 | ||
| sha256 | a4bb293acebb8e22484f1f2142d5cc025e96042402af0e7e21888363395d4e29 | ||
| ssdeep | 12288:XE3vjg9hzSj/VVbVESEqTgaoUzqlfhFdMLm3s+Evz8fFG0YgTH3Fw5:ULgzSRVmStDoUzqlr0Z/z8F8 | ||
| imphash | 8c7f4a7418b02d2ef3577c0cd01f2c3b | ||
| impfuzzy | 48:nYMO5/c8EV6YkhvZQoJ6CEpCLRK4/1nBS5Ewt8tfjfLDlDuQCvASeKiTG+30aGw0:nYM6/c8EV6fhhQoJj2oRjxaDw0 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x474068 CreateFileA
0x47406c CloseHandle
0x474070 CreateThread
0x474074 DuplicateHandle
0x474078 GetCurrentProcess
0x47407c MulDiv
0x474080 WideCharToMultiByte
0x474084 MultiByteToWideChar
0x474088 GetProcessHeap
0x47408c ReadFile
0x474090 WriteFile
0x474094 IsProcessorFeaturePresent
0x474098 GetVersionExA
0x47409c LoadLibraryA
0x4740a0 GetProcAddress
0x4740a4 GetLastError
0x4740a8 GetFileSize
0x4740ac MapViewOfFile
0x4740b0 CreateFileMappingA
0x4740b4 CreateFileW
0x4740b8 UnmapViewOfFile
0x4740bc HeapFree
0x4740c0 RtlUnwind
0x4740c4 RaiseException
0x4740c8 GetStartupInfoA
0x4740cc GetCommandLineA
0x4740d0 GetSystemTimeAsFileTime
0x4740d4 QueryPerformanceFrequency
0x4740d8 HeapAlloc
0x4740dc TerminateProcess
0x4740e0 HeapReAlloc
0x4740e4 HeapSize
0x4740e8 EnterCriticalSection
0x4740ec LeaveCriticalSection
0x4740f0 TlsFree
0x4740f4 SetLastError
0x4740f8 GetCurrentThreadId
0x4740fc TlsSetValue
0x474100 TlsGetValue
0x474104 TlsAlloc
0x474108 DeleteCriticalSection
0x47410c SetUnhandledExceptionFilter
0x474110 GetStdHandle
0x474114 GetModuleFileNameA
0x474118 UnhandledExceptionFilter
0x47411c FreeEnvironmentStringsA
0x474120 GetEnvironmentStrings
0x474124 FreeEnvironmentStringsW
0x474128 GetEnvironmentStringsW
0x47412c SetHandleCount
0x474130 GetFileType
0x474134 HeapDestroy
0x474138 HeapCreate
0x47413c VirtualFree
0x474140 GetTickCount
0x474144 GetCurrentProcessId
0x474148 VirtualAlloc
0x47414c IsBadWritePtr
0x474150 SetFilePointer
0x474154 GetCPInfo
0x474158 GetUserDefaultLCID
0x47415c GetLocaleInfoA
0x474160 EnumSystemLocalesA
0x474164 IsValidLocale
0x474168 IsValidCodePage
0x47416c GetStringTypeA
0x474170 GetStringTypeW
0x474174 SetStdHandle
0x474178 FlushFileBuffers
0x47417c VirtualProtect
0x474180 GetSystemInfo
0x474184 VirtualQuery
0x474188 InitializeCriticalSection
0x47418c IsBadReadPtr
0x474190 IsBadCodePtr
0x474194 GetACP
0x474198 GetOEMCP
0x47419c GetTimeZoneInformation
0x4741a0 SetEndOfFile
0x4741a4 LCMapStringA
0x4741a8 LCMapStringW
0x4741ac GetLocaleInfoW
0x4741b0 CompareStringA
0x4741b4 CompareStringW
0x4741b8 SetEnvironmentVariableA
0x4741bc QueryPerformanceCounter
0x4741c0 GetModuleHandleA
0x4741c4 ExitProcess
0x4741c8 Sleep
0x4741cc GetFileAttributesA
USER32.dll
0x4741d4 LoadCursorA
0x4741d8 DefWindowProcA
0x4741dc PostQuitMessage
0x4741e0 EndPaint
0x4741e4 BeginPaint
0x4741e8 SetWindowLongA
0x4741ec GetWindowLongA
0x4741f0 ClipCursor
0x4741f4 SetCursorPos
0x4741f8 GetWindowRect
0x4741fc GetCursorPos
0x474200 CreateWindowExA
0x474204 GetActiveWindow
0x474208 MessageBoxA
0x47420c InvalidateRect
0x474210 UpdateWindow
0x474214 SetFocus
0x474218 ShowCursor
0x47421c LoadIconA
0x474220 ShowWindow
0x474224 MoveWindow
0x474228 DispatchMessageA
0x47422c TranslateMessage
0x474230 PeekMessageA
0x474234 GetMessageA
0x474238 RegisterClassA
ADVAPI32.dll
0x474000 RegOpenKeyA
0x474004 RegQueryValueExA
0x474008 RegCreateKeyExA
0x47400c RegSetValueExA
0x474010 RegCloseKey
d3d8.dll
0x47424c Direct3DCreate8
DINPUT8.dll
0x474018 DirectInput8Create
WINMM.dll
0x474240 mciSendCommandA
0x474244 timeGetTime
DSOUND.dll
0x474020 None
GDI32.dll
0x474028 SetBkColor
0x47402c SetTextAlign
0x474030 GetTextExtentPoint32A
0x474034 ExtTextOutA
0x474038 CreateDIBSection
0x47403c SetMapMode
0x474040 CreateFontA
0x474044 DeleteObject
0x474048 CreateCompatibleDC
0x47404c GetStockObject
0x474050 CreateICA
0x474054 GetDeviceCaps
0x474058 SelectObject
0x47405c SetTextColor
0x474060 DeleteDC
EAT(Export Address Table) is none
KERNEL32.dll
0x474068 CreateFileA
0x47406c CloseHandle
0x474070 CreateThread
0x474074 DuplicateHandle
0x474078 GetCurrentProcess
0x47407c MulDiv
0x474080 WideCharToMultiByte
0x474084 MultiByteToWideChar
0x474088 GetProcessHeap
0x47408c ReadFile
0x474090 WriteFile
0x474094 IsProcessorFeaturePresent
0x474098 GetVersionExA
0x47409c LoadLibraryA
0x4740a0 GetProcAddress
0x4740a4 GetLastError
0x4740a8 GetFileSize
0x4740ac MapViewOfFile
0x4740b0 CreateFileMappingA
0x4740b4 CreateFileW
0x4740b8 UnmapViewOfFile
0x4740bc HeapFree
0x4740c0 RtlUnwind
0x4740c4 RaiseException
0x4740c8 GetStartupInfoA
0x4740cc GetCommandLineA
0x4740d0 GetSystemTimeAsFileTime
0x4740d4 QueryPerformanceFrequency
0x4740d8 HeapAlloc
0x4740dc TerminateProcess
0x4740e0 HeapReAlloc
0x4740e4 HeapSize
0x4740e8 EnterCriticalSection
0x4740ec LeaveCriticalSection
0x4740f0 TlsFree
0x4740f4 SetLastError
0x4740f8 GetCurrentThreadId
0x4740fc TlsSetValue
0x474100 TlsGetValue
0x474104 TlsAlloc
0x474108 DeleteCriticalSection
0x47410c SetUnhandledExceptionFilter
0x474110 GetStdHandle
0x474114 GetModuleFileNameA
0x474118 UnhandledExceptionFilter
0x47411c FreeEnvironmentStringsA
0x474120 GetEnvironmentStrings
0x474124 FreeEnvironmentStringsW
0x474128 GetEnvironmentStringsW
0x47412c SetHandleCount
0x474130 GetFileType
0x474134 HeapDestroy
0x474138 HeapCreate
0x47413c VirtualFree
0x474140 GetTickCount
0x474144 GetCurrentProcessId
0x474148 VirtualAlloc
0x47414c IsBadWritePtr
0x474150 SetFilePointer
0x474154 GetCPInfo
0x474158 GetUserDefaultLCID
0x47415c GetLocaleInfoA
0x474160 EnumSystemLocalesA
0x474164 IsValidLocale
0x474168 IsValidCodePage
0x47416c GetStringTypeA
0x474170 GetStringTypeW
0x474174 SetStdHandle
0x474178 FlushFileBuffers
0x47417c VirtualProtect
0x474180 GetSystemInfo
0x474184 VirtualQuery
0x474188 InitializeCriticalSection
0x47418c IsBadReadPtr
0x474190 IsBadCodePtr
0x474194 GetACP
0x474198 GetOEMCP
0x47419c GetTimeZoneInformation
0x4741a0 SetEndOfFile
0x4741a4 LCMapStringA
0x4741a8 LCMapStringW
0x4741ac GetLocaleInfoW
0x4741b0 CompareStringA
0x4741b4 CompareStringW
0x4741b8 SetEnvironmentVariableA
0x4741bc QueryPerformanceCounter
0x4741c0 GetModuleHandleA
0x4741c4 ExitProcess
0x4741c8 Sleep
0x4741cc GetFileAttributesA
USER32.dll
0x4741d4 LoadCursorA
0x4741d8 DefWindowProcA
0x4741dc PostQuitMessage
0x4741e0 EndPaint
0x4741e4 BeginPaint
0x4741e8 SetWindowLongA
0x4741ec GetWindowLongA
0x4741f0 ClipCursor
0x4741f4 SetCursorPos
0x4741f8 GetWindowRect
0x4741fc GetCursorPos
0x474200 CreateWindowExA
0x474204 GetActiveWindow
0x474208 MessageBoxA
0x47420c InvalidateRect
0x474210 UpdateWindow
0x474214 SetFocus
0x474218 ShowCursor
0x47421c LoadIconA
0x474220 ShowWindow
0x474224 MoveWindow
0x474228 DispatchMessageA
0x47422c TranslateMessage
0x474230 PeekMessageA
0x474234 GetMessageA
0x474238 RegisterClassA
ADVAPI32.dll
0x474000 RegOpenKeyA
0x474004 RegQueryValueExA
0x474008 RegCreateKeyExA
0x47400c RegSetValueExA
0x474010 RegCloseKey
d3d8.dll
0x47424c Direct3DCreate8
DINPUT8.dll
0x474018 DirectInput8Create
WINMM.dll
0x474240 mciSendCommandA
0x474244 timeGetTime
DSOUND.dll
0x474020 None
GDI32.dll
0x474028 SetBkColor
0x47402c SetTextAlign
0x474030 GetTextExtentPoint32A
0x474034 ExtTextOutA
0x474038 CreateDIBSection
0x47403c SetMapMode
0x474040 CreateFontA
0x474044 DeleteObject
0x474048 CreateCompatibleDC
0x47404c GetStockObject
0x474050 CreateICA
0x474054 GetDeviceCaps
0x474058 SelectObject
0x47405c SetTextColor
0x474060 DeleteDC
EAT(Export Address Table) is none