ScreenShot
| Created | 2025.04.25 13:15 | Machine | s1_win7_x6401 |
| Filename | 47Q6wZM.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetectMalware, Malicious, score, Trojanpws, Convagent, Lazy, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, MalwareX, Cryp, Lumma, oLf90cqWJJQ, fttgx, AMADEY, YXFDWZ, Krypt, Static AI, Suspicious PE, Detected, LummaC, ABApplication, DEQX, R701596, Artemis, GdSda, Gencirc, AX8PHU) | ||
| md5 | e014af7599889360b5d5d20efd5405ba | ||
| sha256 | c2e6244ea8d8a99c5ed0b51c44342a8377b34077e3b11b854cda801c8208fe66 | ||
| ssdeep | 24576:yHj+EsKp6or3s90hFKi3wpKnPJ5B+IAKi3wpKnPJ5B+IQ:yD+966uO0hFKiAcP8IAKiAcP8IQ | ||
| imphash | 73d402f8022aecbe2bf92e071d48b8fc | ||
| impfuzzy | 24:hWnWDoelQtWOovbOGMUD1uUvgkWDpZWylnjBLPxQXRKT07GyiJUT8:hWnQo5x361PMZxJjBbxQrGyJT8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140086608 AcquireSRWLockExclusive
0x140086610 CloseHandle
0x140086618 CreateFileA
0x140086620 CreateFileW
0x140086628 DecodePointer
0x140086630 DeleteCriticalSection
0x140086638 EncodePointer
0x140086640 EnterCriticalSection
0x140086648 EnumSystemLocalesW
0x140086650 ExitProcess
0x140086658 FindClose
0x140086660 FindFirstFileExW
0x140086668 FindNextFileW
0x140086670 FlsAlloc
0x140086678 FlsFree
0x140086680 FlsGetValue
0x140086688 FlsSetValue
0x140086690 FlushFileBuffers
0x140086698 FreeEnvironmentStringsW
0x1400866a0 FreeLibrary
0x1400866a8 GetACP
0x1400866b0 GetCPInfo
0x1400866b8 GetCommandLineA
0x1400866c0 GetCommandLineW
0x1400866c8 GetConsoleMode
0x1400866d0 GetConsoleOutputCP
0x1400866d8 GetCurrentProcess
0x1400866e0 GetCurrentProcessId
0x1400866e8 GetCurrentThreadId
0x1400866f0 GetEnvironmentStringsW
0x1400866f8 GetFileSize
0x140086700 GetFileSizeEx
0x140086708 GetFileType
0x140086710 GetLastError
0x140086718 GetLocaleInfoW
0x140086720 GetModuleFileNameW
0x140086728 GetModuleHandleA
0x140086730 GetModuleHandleExW
0x140086738 GetModuleHandleW
0x140086740 GetOEMCP
0x140086748 GetProcAddress
0x140086750 GetProcessHeap
0x140086758 GetStartupInfoW
0x140086760 GetStdHandle
0x140086768 GetStringTypeW
0x140086770 GetSystemTimeAsFileTime
0x140086778 GetUserDefaultLCID
0x140086780 HeapAlloc
0x140086788 HeapFree
0x140086790 HeapReAlloc
0x140086798 HeapSize
0x1400867a0 InitializeCriticalSectionAndSpinCount
0x1400867a8 InitializeCriticalSectionEx
0x1400867b0 InitializeSListHead
0x1400867b8 IsDebuggerPresent
0x1400867c0 IsProcessorFeaturePresent
0x1400867c8 IsValidCodePage
0x1400867d0 IsValidLocale
0x1400867d8 LCMapStringEx
0x1400867e0 LCMapStringW
0x1400867e8 LeaveCriticalSection
0x1400867f0 LoadLibraryExW
0x1400867f8 MultiByteToWideChar
0x140086800 QueryPerformanceCounter
0x140086808 QueryPerformanceFrequency
0x140086810 RaiseException
0x140086818 ReadConsoleW
0x140086820 ReadFile
0x140086828 ReleaseSRWLockExclusive
0x140086830 RtlCaptureContext
0x140086838 RtlLookupFunctionEntry
0x140086840 RtlPcToFileHeader
0x140086848 RtlUnwind
0x140086850 RtlUnwindEx
0x140086858 RtlVirtualUnwind
0x140086860 SetFilePointerEx
0x140086868 SetLastError
0x140086870 SetStdHandle
0x140086878 SetUnhandledExceptionFilter
0x140086880 Sleep
0x140086888 SleepConditionVariableSRW
0x140086890 TerminateProcess
0x140086898 TlsAlloc
0x1400868a0 TlsFree
0x1400868a8 TlsGetValue
0x1400868b0 TlsSetValue
0x1400868b8 UnhandledExceptionFilter
0x1400868c0 WakeAllConditionVariable
0x1400868c8 WideCharToMultiByte
0x1400868d0 WriteConsoleW
0x1400868d8 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x140086608 AcquireSRWLockExclusive
0x140086610 CloseHandle
0x140086618 CreateFileA
0x140086620 CreateFileW
0x140086628 DecodePointer
0x140086630 DeleteCriticalSection
0x140086638 EncodePointer
0x140086640 EnterCriticalSection
0x140086648 EnumSystemLocalesW
0x140086650 ExitProcess
0x140086658 FindClose
0x140086660 FindFirstFileExW
0x140086668 FindNextFileW
0x140086670 FlsAlloc
0x140086678 FlsFree
0x140086680 FlsGetValue
0x140086688 FlsSetValue
0x140086690 FlushFileBuffers
0x140086698 FreeEnvironmentStringsW
0x1400866a0 FreeLibrary
0x1400866a8 GetACP
0x1400866b0 GetCPInfo
0x1400866b8 GetCommandLineA
0x1400866c0 GetCommandLineW
0x1400866c8 GetConsoleMode
0x1400866d0 GetConsoleOutputCP
0x1400866d8 GetCurrentProcess
0x1400866e0 GetCurrentProcessId
0x1400866e8 GetCurrentThreadId
0x1400866f0 GetEnvironmentStringsW
0x1400866f8 GetFileSize
0x140086700 GetFileSizeEx
0x140086708 GetFileType
0x140086710 GetLastError
0x140086718 GetLocaleInfoW
0x140086720 GetModuleFileNameW
0x140086728 GetModuleHandleA
0x140086730 GetModuleHandleExW
0x140086738 GetModuleHandleW
0x140086740 GetOEMCP
0x140086748 GetProcAddress
0x140086750 GetProcessHeap
0x140086758 GetStartupInfoW
0x140086760 GetStdHandle
0x140086768 GetStringTypeW
0x140086770 GetSystemTimeAsFileTime
0x140086778 GetUserDefaultLCID
0x140086780 HeapAlloc
0x140086788 HeapFree
0x140086790 HeapReAlloc
0x140086798 HeapSize
0x1400867a0 InitializeCriticalSectionAndSpinCount
0x1400867a8 InitializeCriticalSectionEx
0x1400867b0 InitializeSListHead
0x1400867b8 IsDebuggerPresent
0x1400867c0 IsProcessorFeaturePresent
0x1400867c8 IsValidCodePage
0x1400867d0 IsValidLocale
0x1400867d8 LCMapStringEx
0x1400867e0 LCMapStringW
0x1400867e8 LeaveCriticalSection
0x1400867f0 LoadLibraryExW
0x1400867f8 MultiByteToWideChar
0x140086800 QueryPerformanceCounter
0x140086808 QueryPerformanceFrequency
0x140086810 RaiseException
0x140086818 ReadConsoleW
0x140086820 ReadFile
0x140086828 ReleaseSRWLockExclusive
0x140086830 RtlCaptureContext
0x140086838 RtlLookupFunctionEntry
0x140086840 RtlPcToFileHeader
0x140086848 RtlUnwind
0x140086850 RtlUnwindEx
0x140086858 RtlVirtualUnwind
0x140086860 SetFilePointerEx
0x140086868 SetLastError
0x140086870 SetStdHandle
0x140086878 SetUnhandledExceptionFilter
0x140086880 Sleep
0x140086888 SleepConditionVariableSRW
0x140086890 TerminateProcess
0x140086898 TlsAlloc
0x1400868a0 TlsFree
0x1400868a8 TlsGetValue
0x1400868b0 TlsSetValue
0x1400868b8 UnhandledExceptionFilter
0x1400868c0 WakeAllConditionVariable
0x1400868c8 WideCharToMultiByte
0x1400868d0 WriteConsoleW
0x1400868d8 WriteFile
EAT(Export Address Table) is none