ScreenShot
| Created | 2025.04.26 02:10 | Machine | s1_win7_x6402 |
| Filename | gothenticate.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | fea612d1a3e7ad3a6c2de20978c8331a | ||
| sha256 | ff97637cca8df1937ea583a12ce292953ce198a139408e2c77a217d32c5000d5 | ||
| ssdeep | 49152:G0MH+Xp8joiQOpOd3tKNwniQjS7U2Cymiy5h5ERcsKVnoqls6OOJSmZK:x8Lwd3tUQjS7gEuoqyIR | ||
| imphash | d42595b695fc008ef2c56aabd8efd68e | ||
| impfuzzy | 24:ibVjh9wOuuTkkboVaXOr6kwmDgUPMztxdEr6Ul:AwOuUjXOmokx0nl | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x8f3100 WriteFile
0x8f3108 WriteConsoleW
0x8f3110 WerSetFlags
0x8f3118 WerGetFlags
0x8f3120 WaitForMultipleObjects
0x8f3128 WaitForSingleObject
0x8f3130 VirtualQuery
0x8f3138 VirtualFree
0x8f3140 VirtualAlloc
0x8f3148 TlsAlloc
0x8f3150 SwitchToThread
0x8f3158 SuspendThread
0x8f3160 SetWaitableTimer
0x8f3168 SetProcessPriorityBoost
0x8f3170 SetEvent
0x8f3178 SetErrorMode
0x8f3180 SetConsoleCtrlHandler
0x8f3188 RtlVirtualUnwind
0x8f3190 RtlLookupFunctionEntry
0x8f3198 ResumeThread
0x8f31a0 RaiseFailFastException
0x8f31a8 PostQueuedCompletionStatus
0x8f31b0 LoadLibraryW
0x8f31b8 LoadLibraryExW
0x8f31c0 SetThreadContext
0x8f31c8 GetThreadContext
0x8f31d0 GetSystemInfo
0x8f31d8 GetSystemDirectoryA
0x8f31e0 GetStdHandle
0x8f31e8 GetQueuedCompletionStatusEx
0x8f31f0 GetProcessAffinityMask
0x8f31f8 GetProcAddress
0x8f3200 GetErrorMode
0x8f3208 GetEnvironmentStringsW
0x8f3210 GetCurrentThreadId
0x8f3218 GetConsoleMode
0x8f3220 FreeEnvironmentStringsW
0x8f3228 ExitProcess
0x8f3230 DuplicateHandle
0x8f3238 CreateWaitableTimerExW
0x8f3240 CreateThread
0x8f3248 CreateIoCompletionPort
0x8f3250 CreateEventA
0x8f3258 CloseHandle
0x8f3260 AddVectoredExceptionHandler
0x8f3268 AddVectoredContinueHandler
EAT(Export Address Table) is none
kernel32.dll
0x8f3100 WriteFile
0x8f3108 WriteConsoleW
0x8f3110 WerSetFlags
0x8f3118 WerGetFlags
0x8f3120 WaitForMultipleObjects
0x8f3128 WaitForSingleObject
0x8f3130 VirtualQuery
0x8f3138 VirtualFree
0x8f3140 VirtualAlloc
0x8f3148 TlsAlloc
0x8f3150 SwitchToThread
0x8f3158 SuspendThread
0x8f3160 SetWaitableTimer
0x8f3168 SetProcessPriorityBoost
0x8f3170 SetEvent
0x8f3178 SetErrorMode
0x8f3180 SetConsoleCtrlHandler
0x8f3188 RtlVirtualUnwind
0x8f3190 RtlLookupFunctionEntry
0x8f3198 ResumeThread
0x8f31a0 RaiseFailFastException
0x8f31a8 PostQueuedCompletionStatus
0x8f31b0 LoadLibraryW
0x8f31b8 LoadLibraryExW
0x8f31c0 SetThreadContext
0x8f31c8 GetThreadContext
0x8f31d0 GetSystemInfo
0x8f31d8 GetSystemDirectoryA
0x8f31e0 GetStdHandle
0x8f31e8 GetQueuedCompletionStatusEx
0x8f31f0 GetProcessAffinityMask
0x8f31f8 GetProcAddress
0x8f3200 GetErrorMode
0x8f3208 GetEnvironmentStringsW
0x8f3210 GetCurrentThreadId
0x8f3218 GetConsoleMode
0x8f3220 FreeEnvironmentStringsW
0x8f3228 ExitProcess
0x8f3230 DuplicateHandle
0x8f3238 CreateWaitableTimerExW
0x8f3240 CreateThread
0x8f3248 CreateIoCompletionPort
0x8f3250 CreateEventA
0x8f3258 CloseHandle
0x8f3260 AddVectoredExceptionHandler
0x8f3268 AddVectoredContinueHandler
EAT(Export Address Table) is none