ScreenShot
| Created | 2025.04.26 14:29 | Machine | s1_win7_x6401 |
| Filename | upx.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 36 detected (AsyncRAT, dcrat, Artemis, Unsafe, Save, malicious, confidence, GenericKD, Attribute, HighConfidence, high confidence, GenKryptik, HIHQ, MalwareX, Misc, Vidar, b0uuiW4AZpP, zgzsv, YXFDXZ, Detected, AgentTesla, Krypt, Chgt, susgen, Behavior) | ||
| md5 | db25fd7f325f5ea6cd5c0ee5f8af8d22 | ||
| sha256 | 59d5df6b32ee3f1a30281fca62bc6fd7ceca2f561442495ba4a03a7cbeb227cd | ||
| ssdeep | 98304:wYXezmaYx/Zk3dufHPesJrrkDDuXsggQaC8gXjOXbcgJqE2VEL:wYOCZktufvLUDDKDVjOXXn2iL | ||
| imphash | 0c6d9d416fc2bbaad624e187901fdd94 | ||
| impfuzzy | 24:ROOyvHuOovZcpVWqke02tMS17Bg3JBl3eDoLouqaZMv5GMAkUx6a/wUA:kzCcpVf3tMS17BgPpX/ZG8xz/wUA | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | hide_executable_file | Hide executable file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140022000 SizeofResource
0x140022008 GetCommandLineW
0x140022010 LocalAlloc
0x140022018 LockResource
0x140022020 LoadResource
0x140022028 FindResourceW
0x140022030 WriteConsoleW
0x140022038 CreateFileW
0x140022040 HeapSize
0x140022048 GetProcessHeap
0x140022050 SetStdHandle
0x140022058 FreeEnvironmentStringsW
0x140022060 GetEnvironmentStringsW
0x140022068 GetCommandLineA
0x140022070 GetOEMCP
0x140022078 GetACP
0x140022080 EnterCriticalSection
0x140022088 LeaveCriticalSection
0x140022090 InitializeCriticalSectionEx
0x140022098 DeleteCriticalSection
0x1400220a0 EncodePointer
0x1400220a8 DecodePointer
0x1400220b0 LocalFree
0x1400220b8 MultiByteToWideChar
0x1400220c0 WideCharToMultiByte
0x1400220c8 LCMapStringEx
0x1400220d0 GetStringTypeW
0x1400220d8 GetCPInfo
0x1400220e0 GetLastError
0x1400220e8 RtlCaptureContext
0x1400220f0 RtlLookupFunctionEntry
0x1400220f8 RtlVirtualUnwind
0x140022100 UnhandledExceptionFilter
0x140022108 SetUnhandledExceptionFilter
0x140022110 GetCurrentProcess
0x140022118 TerminateProcess
0x140022120 IsProcessorFeaturePresent
0x140022128 QueryPerformanceCounter
0x140022130 GetCurrentProcessId
0x140022138 GetCurrentThreadId
0x140022140 GetSystemTimeAsFileTime
0x140022148 InitializeSListHead
0x140022150 IsDebuggerPresent
0x140022158 GetStartupInfoW
0x140022160 GetModuleHandleW
0x140022168 RtlUnwindEx
0x140022170 RtlPcToFileHeader
0x140022178 RaiseException
0x140022180 SetLastError
0x140022188 InitializeCriticalSectionAndSpinCount
0x140022190 TlsAlloc
0x140022198 TlsGetValue
0x1400221a0 TlsSetValue
0x1400221a8 TlsFree
0x1400221b0 FreeLibrary
0x1400221b8 GetProcAddress
0x1400221c0 LoadLibraryExW
0x1400221c8 GetStdHandle
0x1400221d0 WriteFile
0x1400221d8 GetModuleFileNameW
0x1400221e0 ExitProcess
0x1400221e8 GetModuleHandleExW
0x1400221f0 HeapFree
0x1400221f8 HeapAlloc
0x140022200 FlsAlloc
0x140022208 FlsGetValue
0x140022210 FlsSetValue
0x140022218 FlsFree
0x140022220 LCMapStringW
0x140022228 GetLocaleInfoW
0x140022230 IsValidLocale
0x140022238 GetUserDefaultLCID
0x140022240 EnumSystemLocalesW
0x140022248 GetFileType
0x140022250 CloseHandle
0x140022258 FlushFileBuffers
0x140022260 GetConsoleOutputCP
0x140022268 GetConsoleMode
0x140022270 ReadFile
0x140022278 GetFileSizeEx
0x140022280 SetFilePointerEx
0x140022288 ReadConsoleW
0x140022290 HeapReAlloc
0x140022298 FindClose
0x1400222a0 FindFirstFileExW
0x1400222a8 FindNextFileW
0x1400222b0 IsValidCodePage
0x1400222b8 RtlUnwind
SHELL32.dll
0x140022300 CommandLineToArgvW
OLEAUT32.dll
0x1400222c8 SysAllocString
0x1400222d0 SafeArrayPutElement
0x1400222d8 SafeArrayCreate
0x1400222e0 SafeArrayAccessData
0x1400222e8 SafeArrayUnaccessData
0x1400222f0 GetErrorInfo
mscoree.dll
0x140022310 CLRCreateInstance
EAT(Export Address Table) is none
KERNEL32.dll
0x140022000 SizeofResource
0x140022008 GetCommandLineW
0x140022010 LocalAlloc
0x140022018 LockResource
0x140022020 LoadResource
0x140022028 FindResourceW
0x140022030 WriteConsoleW
0x140022038 CreateFileW
0x140022040 HeapSize
0x140022048 GetProcessHeap
0x140022050 SetStdHandle
0x140022058 FreeEnvironmentStringsW
0x140022060 GetEnvironmentStringsW
0x140022068 GetCommandLineA
0x140022070 GetOEMCP
0x140022078 GetACP
0x140022080 EnterCriticalSection
0x140022088 LeaveCriticalSection
0x140022090 InitializeCriticalSectionEx
0x140022098 DeleteCriticalSection
0x1400220a0 EncodePointer
0x1400220a8 DecodePointer
0x1400220b0 LocalFree
0x1400220b8 MultiByteToWideChar
0x1400220c0 WideCharToMultiByte
0x1400220c8 LCMapStringEx
0x1400220d0 GetStringTypeW
0x1400220d8 GetCPInfo
0x1400220e0 GetLastError
0x1400220e8 RtlCaptureContext
0x1400220f0 RtlLookupFunctionEntry
0x1400220f8 RtlVirtualUnwind
0x140022100 UnhandledExceptionFilter
0x140022108 SetUnhandledExceptionFilter
0x140022110 GetCurrentProcess
0x140022118 TerminateProcess
0x140022120 IsProcessorFeaturePresent
0x140022128 QueryPerformanceCounter
0x140022130 GetCurrentProcessId
0x140022138 GetCurrentThreadId
0x140022140 GetSystemTimeAsFileTime
0x140022148 InitializeSListHead
0x140022150 IsDebuggerPresent
0x140022158 GetStartupInfoW
0x140022160 GetModuleHandleW
0x140022168 RtlUnwindEx
0x140022170 RtlPcToFileHeader
0x140022178 RaiseException
0x140022180 SetLastError
0x140022188 InitializeCriticalSectionAndSpinCount
0x140022190 TlsAlloc
0x140022198 TlsGetValue
0x1400221a0 TlsSetValue
0x1400221a8 TlsFree
0x1400221b0 FreeLibrary
0x1400221b8 GetProcAddress
0x1400221c0 LoadLibraryExW
0x1400221c8 GetStdHandle
0x1400221d0 WriteFile
0x1400221d8 GetModuleFileNameW
0x1400221e0 ExitProcess
0x1400221e8 GetModuleHandleExW
0x1400221f0 HeapFree
0x1400221f8 HeapAlloc
0x140022200 FlsAlloc
0x140022208 FlsGetValue
0x140022210 FlsSetValue
0x140022218 FlsFree
0x140022220 LCMapStringW
0x140022228 GetLocaleInfoW
0x140022230 IsValidLocale
0x140022238 GetUserDefaultLCID
0x140022240 EnumSystemLocalesW
0x140022248 GetFileType
0x140022250 CloseHandle
0x140022258 FlushFileBuffers
0x140022260 GetConsoleOutputCP
0x140022268 GetConsoleMode
0x140022270 ReadFile
0x140022278 GetFileSizeEx
0x140022280 SetFilePointerEx
0x140022288 ReadConsoleW
0x140022290 HeapReAlloc
0x140022298 FindClose
0x1400222a0 FindFirstFileExW
0x1400222a8 FindNextFileW
0x1400222b0 IsValidCodePage
0x1400222b8 RtlUnwind
SHELL32.dll
0x140022300 CommandLineToArgvW
OLEAUT32.dll
0x1400222c8 SysAllocString
0x1400222d0 SafeArrayPutElement
0x1400222d8 SafeArrayCreate
0x1400222e0 SafeArrayAccessData
0x1400222e8 SafeArrayUnaccessData
0x1400222f0 GetErrorInfo
mscoree.dll
0x140022310 CLRCreateInstance
EAT(Export Address Table) is none