ScreenShot
| Created | 2025.04.28 09:14 | Machine | s1_win7_x6401 |
| Filename | client.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 54 detected (AIDetectMalware, Malicious, score, Ghanarava, Unsafe, Save, confidence, Genus, high confidence, GenKryptik, HAWI, Kryptik, CLOUD, wnvzv, Havoc, Static AI, Suspicious PE, Detected, XOREncoded, Etset, ABApplication, FMAG, Artemis, Reverseshell, Chgt, R002H09D125, Gencirc, susgen) | ||
| md5 | acbde00860cedeafa0aaf1c643e5da34 | ||
| sha256 | bc61c830ae2cc7faa375185646f70ea601ca3cd014b6ec514483c18bf3233022 | ||
| ssdeep | 6144:hz/cn7HxEIHcPUToEUUw0ZEO1xaD0bgIJYk4JxLRJcWmz/tiTwC:hzUn7RErUToXG1x5ALRJcWuUTwC | ||
| imphash | b48016c8d5075c1f1566cbaa73055aa8 | ||
| impfuzzy | 24:8fjcDI+kLyJd5BlMblRf5XGfqKZ8dd1Tomvlxcqx0CZy:8fL+k0JslJJGfqA8dd1T1vkqSz | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| notice | A process created a hidden window |
| notice | Creates a suspicious process |
| info | Command line console output was observed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140045228 DeleteCriticalSection
0x140045230 EnterCriticalSection
0x140045238 GetLastError
0x140045240 GetProcAddress
0x140045248 InitializeCriticalSection
0x140045250 IsDBCSLeadByteEx
0x140045258 LeaveCriticalSection
0x140045260 LoadLibraryA
0x140045268 MultiByteToWideChar
0x140045270 SetLastError
0x140045278 SetUnhandledExceptionFilter
0x140045280 Sleep
0x140045288 TlsAlloc
0x140045290 TlsGetValue
0x140045298 TlsSetValue
0x1400452a0 VirtualAlloc
0x1400452a8 VirtualFree
0x1400452b0 VirtualProtect
0x1400452b8 VirtualQuery
0x1400452c0 WideCharToMultiByte
msvcrt.dll
0x1400452d0 __C_specific_handler
0x1400452d8 ___lc_codepage_func
0x1400452e0 ___mb_cur_max_func
0x1400452e8 __getmainargs
0x1400452f0 __initenv
0x1400452f8 __iob_func
0x140045300 __set_app_type
0x140045308 __setusermatherr
0x140045310 _amsg_exit
0x140045318 _cexit
0x140045320 _commode
0x140045328 _errno
0x140045330 _fileno
0x140045338 _fmode
0x140045340 _initterm
0x140045348 _lock
0x140045350 _onexit
0x140045358 _setmode
0x140045360 _unlock
0x140045368 abort
0x140045370 calloc
0x140045378 exit
0x140045380 fflush
0x140045388 fprintf
0x140045390 fputc
0x140045398 free
0x1400453a0 fwrite
0x1400453a8 localeconv
0x1400453b0 malloc
0x1400453b8 memcmp
0x1400453c0 memcpy
0x1400453c8 memset
0x1400453d0 realloc
0x1400453d8 signal
0x1400453e0 strerror
0x1400453e8 strlen
0x1400453f0 strncmp
0x1400453f8 vfprintf
0x140045400 wcslen
EAT(Export Address Table) is none
KERNEL32.dll
0x140045228 DeleteCriticalSection
0x140045230 EnterCriticalSection
0x140045238 GetLastError
0x140045240 GetProcAddress
0x140045248 InitializeCriticalSection
0x140045250 IsDBCSLeadByteEx
0x140045258 LeaveCriticalSection
0x140045260 LoadLibraryA
0x140045268 MultiByteToWideChar
0x140045270 SetLastError
0x140045278 SetUnhandledExceptionFilter
0x140045280 Sleep
0x140045288 TlsAlloc
0x140045290 TlsGetValue
0x140045298 TlsSetValue
0x1400452a0 VirtualAlloc
0x1400452a8 VirtualFree
0x1400452b0 VirtualProtect
0x1400452b8 VirtualQuery
0x1400452c0 WideCharToMultiByte
msvcrt.dll
0x1400452d0 __C_specific_handler
0x1400452d8 ___lc_codepage_func
0x1400452e0 ___mb_cur_max_func
0x1400452e8 __getmainargs
0x1400452f0 __initenv
0x1400452f8 __iob_func
0x140045300 __set_app_type
0x140045308 __setusermatherr
0x140045310 _amsg_exit
0x140045318 _cexit
0x140045320 _commode
0x140045328 _errno
0x140045330 _fileno
0x140045338 _fmode
0x140045340 _initterm
0x140045348 _lock
0x140045350 _onexit
0x140045358 _setmode
0x140045360 _unlock
0x140045368 abort
0x140045370 calloc
0x140045378 exit
0x140045380 fflush
0x140045388 fprintf
0x140045390 fputc
0x140045398 free
0x1400453a0 fwrite
0x1400453a8 localeconv
0x1400453b0 malloc
0x1400453b8 memcmp
0x1400453c0 memcpy
0x1400453c8 memset
0x1400453d0 realloc
0x1400453d8 signal
0x1400453e0 strerror
0x1400453e8 strlen
0x1400453f0 strncmp
0x1400453f8 vfprintf
0x140045400 wcslen
EAT(Export Address Table) is none