ScreenShot
| Created | 2025.04.26 14:33 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 35 detected (AIDetectMalware, Lazy, Unsafe, Save, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, HING, MalwareX, Cryp, Zusy, Convagent, szn6mGmGidC, Krypt, Static AI, Suspicious PE, Detected, Caynamer, Wacapew, PE04C9Z) | ||
| md5 | 64911e99a76c2d6ef6925d1500323903 | ||
| sha256 | 714e9be09c6a9a397a88e8b2cee5fed08ad5c4cec1de41789d68fd2886d77c2f | ||
| ssdeep | 24576:BkdmeVduOtjIn69eY50cma/yjk1AeVduOtjIn69eY50cma/yjk1:BIm0VIOf50cxJA0VIOf50cxJ | ||
| imphash | d6937b39d566e5795f3eb7422ac303be | ||
| impfuzzy | 24:aWDCelQtWOovbOGMUD1uUvgDWDQyl3LPxQTw07GiJUHO:aQC5x361PlhbxQNGJHO | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140043b90 CloseHandle
0x140043b98 CreateFileA
0x140043ba0 CreateFileW
0x140043ba8 DeleteCriticalSection
0x140043bb0 EncodePointer
0x140043bb8 EnterCriticalSection
0x140043bc0 ExitProcess
0x140043bc8 FindClose
0x140043bd0 FindFirstFileExW
0x140043bd8 FindNextFileW
0x140043be0 FlsAlloc
0x140043be8 FlsFree
0x140043bf0 FlsGetValue
0x140043bf8 FlsSetValue
0x140043c00 FlushFileBuffers
0x140043c08 FreeEnvironmentStringsW
0x140043c10 FreeLibrary
0x140043c18 GetACP
0x140043c20 GetCPInfo
0x140043c28 GetCommandLineA
0x140043c30 GetCommandLineW
0x140043c38 GetConsoleMode
0x140043c40 GetConsoleOutputCP
0x140043c48 GetCurrentProcess
0x140043c50 GetCurrentProcessId
0x140043c58 GetCurrentThreadId
0x140043c60 GetEnvironmentStringsW
0x140043c68 GetFileSize
0x140043c70 GetFileSizeEx
0x140043c78 GetFileType
0x140043c80 GetLastError
0x140043c88 GetModuleFileNameW
0x140043c90 GetModuleHandleA
0x140043c98 GetModuleHandleExW
0x140043ca0 GetModuleHandleW
0x140043ca8 GetOEMCP
0x140043cb0 GetProcAddress
0x140043cb8 GetProcessHeap
0x140043cc0 GetStartupInfoW
0x140043cc8 GetStdHandle
0x140043cd0 GetStringTypeW
0x140043cd8 GetSystemTimeAsFileTime
0x140043ce0 HeapAlloc
0x140043ce8 HeapFree
0x140043cf0 HeapReAlloc
0x140043cf8 HeapSize
0x140043d00 InitializeCriticalSectionAndSpinCount
0x140043d08 InitializeSListHead
0x140043d10 IsDebuggerPresent
0x140043d18 IsProcessorFeaturePresent
0x140043d20 IsValidCodePage
0x140043d28 LCMapStringW
0x140043d30 LeaveCriticalSection
0x140043d38 LoadLibraryExW
0x140043d40 MultiByteToWideChar
0x140043d48 QueryPerformanceCounter
0x140043d50 QueryPerformanceFrequency
0x140043d58 RaiseException
0x140043d60 ReadFile
0x140043d68 RtlCaptureContext
0x140043d70 RtlLookupFunctionEntry
0x140043d78 RtlPcToFileHeader
0x140043d80 RtlUnwindEx
0x140043d88 RtlVirtualUnwind
0x140043d90 SetFilePointerEx
0x140043d98 SetLastError
0x140043da0 SetStdHandle
0x140043da8 SetUnhandledExceptionFilter
0x140043db0 Sleep
0x140043db8 TerminateProcess
0x140043dc0 TlsAlloc
0x140043dc8 TlsFree
0x140043dd0 TlsGetValue
0x140043dd8 TlsSetValue
0x140043de0 UnhandledExceptionFilter
0x140043de8 WideCharToMultiByte
0x140043df0 WriteConsoleW
0x140043df8 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x140043b90 CloseHandle
0x140043b98 CreateFileA
0x140043ba0 CreateFileW
0x140043ba8 DeleteCriticalSection
0x140043bb0 EncodePointer
0x140043bb8 EnterCriticalSection
0x140043bc0 ExitProcess
0x140043bc8 FindClose
0x140043bd0 FindFirstFileExW
0x140043bd8 FindNextFileW
0x140043be0 FlsAlloc
0x140043be8 FlsFree
0x140043bf0 FlsGetValue
0x140043bf8 FlsSetValue
0x140043c00 FlushFileBuffers
0x140043c08 FreeEnvironmentStringsW
0x140043c10 FreeLibrary
0x140043c18 GetACP
0x140043c20 GetCPInfo
0x140043c28 GetCommandLineA
0x140043c30 GetCommandLineW
0x140043c38 GetConsoleMode
0x140043c40 GetConsoleOutputCP
0x140043c48 GetCurrentProcess
0x140043c50 GetCurrentProcessId
0x140043c58 GetCurrentThreadId
0x140043c60 GetEnvironmentStringsW
0x140043c68 GetFileSize
0x140043c70 GetFileSizeEx
0x140043c78 GetFileType
0x140043c80 GetLastError
0x140043c88 GetModuleFileNameW
0x140043c90 GetModuleHandleA
0x140043c98 GetModuleHandleExW
0x140043ca0 GetModuleHandleW
0x140043ca8 GetOEMCP
0x140043cb0 GetProcAddress
0x140043cb8 GetProcessHeap
0x140043cc0 GetStartupInfoW
0x140043cc8 GetStdHandle
0x140043cd0 GetStringTypeW
0x140043cd8 GetSystemTimeAsFileTime
0x140043ce0 HeapAlloc
0x140043ce8 HeapFree
0x140043cf0 HeapReAlloc
0x140043cf8 HeapSize
0x140043d00 InitializeCriticalSectionAndSpinCount
0x140043d08 InitializeSListHead
0x140043d10 IsDebuggerPresent
0x140043d18 IsProcessorFeaturePresent
0x140043d20 IsValidCodePage
0x140043d28 LCMapStringW
0x140043d30 LeaveCriticalSection
0x140043d38 LoadLibraryExW
0x140043d40 MultiByteToWideChar
0x140043d48 QueryPerformanceCounter
0x140043d50 QueryPerformanceFrequency
0x140043d58 RaiseException
0x140043d60 ReadFile
0x140043d68 RtlCaptureContext
0x140043d70 RtlLookupFunctionEntry
0x140043d78 RtlPcToFileHeader
0x140043d80 RtlUnwindEx
0x140043d88 RtlVirtualUnwind
0x140043d90 SetFilePointerEx
0x140043d98 SetLastError
0x140043da0 SetStdHandle
0x140043da8 SetUnhandledExceptionFilter
0x140043db0 Sleep
0x140043db8 TerminateProcess
0x140043dc0 TlsAlloc
0x140043dc8 TlsFree
0x140043dd0 TlsGetValue
0x140043dd8 TlsSetValue
0x140043de0 UnhandledExceptionFilter
0x140043de8 WideCharToMultiByte
0x140043df0 WriteConsoleW
0x140043df8 WriteFile
EAT(Export Address Table) is none