ScreenShot
| Created | 2025.04.13 15:17 | Machine | s1_win7_x6403 |
| Filename | Presentation | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 19 detected (Unsafe, Vrqp, malicious, confidence, Attribute, HighConfidence, high confidence, Lumma, CLOUD, DwnLd, Detected, LummaStealer, Artemis, Outbreak, PWSL) | ||
| md5 | 060068e1f94bbf90ea34a85523efb355 | ||
| sha256 | 3dca1ca4131535a30d10ed6c8ceb737860f7d34caf86a54ce08aa4161f8a9efd | ||
| ssdeep | 384:wCFGSjBEkWUcWpCFGSjBEkWUcWECFGSjBEkWUcWAPUvQYHfHnPvcDXHDOp87WdqD:ZJECiJECnJECTJEC1qJEC | ||
| imphash | 611805a7c3221ebb521e87bf9182d982 | ||
| impfuzzy | 12:jgXRjMI9WgHGBv3wXJtBYZ8vhCPXJP5u4Gv5hGXGXR4UV2LsJq/ALfcKrt:jgXBMI90vAju8vg150vCXGOITqILcKp | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x404000 GetConsoleOutputCP
0x404004 GetStdHandle
0x404008 WriteFile
0x40400c SetThreadUILanguage
0x404010 GetConsoleMode
0x404014 FormatMessageW
0x404018 HeapSetInformation
0x40401c WriteConsoleW
0x404020 LocalFree
0x404024 WideCharToMultiByte
0x404028 GetFileType
0x40402c GetCurrentProcess
0x404030 UnhandledExceptionFilter
0x404034 GetTickCount
0x404038 GetSystemTimeAsFileTime
0x40403c GetCurrentThreadId
0x404040 GetCurrentProcessId
0x404044 QueryPerformanceCounter
0x404048 GetModuleHandleW
0x40404c SetUnhandledExceptionFilter
0x404050 Sleep
0x404054 TerminateProcess
msvcrt.dll
0x40405c __wgetmainargs
0x404060 __set_app_type
0x404064 __p__commode
0x404068 _exit
0x40406c _cexit
0x404070 __p__fmode
0x404074 __setusermatherr
0x404078 _initterm
0x40407c ?terminate@@YAXXZ
0x404080 _controlfp
0x404084 _except_handler4_common
0x404088 _amsg_exit
0x40408c _XcptFilter
0x404090 malloc
0x404094 _wcsnicmp
0x404098 free
0x40409c _wsystem
0x4040a0 wcscat_s
0x4040a4 wcscpy_s
0x4040a8 _ultow
0x4040ac setlocale
0x4040b0 exit
EAT(Export Address Table) is none
KERNEL32.dll
0x404000 GetConsoleOutputCP
0x404004 GetStdHandle
0x404008 WriteFile
0x40400c SetThreadUILanguage
0x404010 GetConsoleMode
0x404014 FormatMessageW
0x404018 HeapSetInformation
0x40401c WriteConsoleW
0x404020 LocalFree
0x404024 WideCharToMultiByte
0x404028 GetFileType
0x40402c GetCurrentProcess
0x404030 UnhandledExceptionFilter
0x404034 GetTickCount
0x404038 GetSystemTimeAsFileTime
0x40403c GetCurrentThreadId
0x404040 GetCurrentProcessId
0x404044 QueryPerformanceCounter
0x404048 GetModuleHandleW
0x40404c SetUnhandledExceptionFilter
0x404050 Sleep
0x404054 TerminateProcess
msvcrt.dll
0x40405c __wgetmainargs
0x404060 __set_app_type
0x404064 __p__commode
0x404068 _exit
0x40406c _cexit
0x404070 __p__fmode
0x404074 __setusermatherr
0x404078 _initterm
0x40407c ?terminate@@YAXXZ
0x404080 _controlfp
0x404084 _except_handler4_common
0x404088 _amsg_exit
0x40408c _XcptFilter
0x404090 malloc
0x404094 _wcsnicmp
0x404098 free
0x40409c _wsystem
0x4040a0 wcscat_s
0x4040a4 wcscpy_s
0x4040a8 _ultow
0x4040ac setlocale
0x4040b0 exit
EAT(Export Address Table) is none