ScreenShot
| Created | 2025.05.02 17:56 | Machine | s1_win7_x6403 |
| Filename | ff.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 51 detected (Malicious, score, clipbanker, Zusy, Unsafe, Vdcs, confidence, 100%, GenusC, Attribute, HighConfidence, high confidence, MalwareX, Bank, TrojanBanker, SZorKzmmKZI, Nekark, kbdiy, R002C0XE225, Real Protect, Detected, CoinMiner, Wacatac, Malex, R697518, Artemis, BScope, GdSda, Gencirc, susgen) | ||
| md5 | 323541047bc13d261035aa12a9d0016b | ||
| sha256 | 1ec7c4edc2038db0bfaea55962357a0f242a40ac6d0e406f902aed15abae170b | ||
| ssdeep | 3072:7ys2ghWbG9MRaI3d9Zb9lHol/+sfm+UR2VYlha+Ili:7ysTh6G9MHd9B9lIhe+URsBb | ||
| imphash | 881885df6ae2926705767bdea20f74c7 | ||
| impfuzzy | 24:F2Mu7nlkDoCblxBZkgwcpVtuOIfGrJ3EvvZ1XZatNRrNhFGjv2jjMP:E7nmLBucpV7OG9CZ1ktXrNhFG5 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| notice | A process attempted to delay the analysis task. |
| notice | Creates hidden or system file |
| info | Checks if process is being debugged by a debugger |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x41d000 RegOpenKeyExA
0x41d004 RegCloseKey
0x41d008 RegSetValueExW
SHELL32.dll
0x41d154 SHGetFolderPathW
KERNEL32.dll
0x41d010 InitializeCriticalSectionAndSpinCount
0x41d014 FlushFileBuffers
0x41d018 WriteConsoleW
0x41d01c GetProcAddress
0x41d020 LoadLibraryA
0x41d024 ExitProcess
0x41d028 GlobalLock
0x41d02c WriteFile
0x41d030 GlobalAlloc
0x41d034 Sleep
0x41d038 GetModuleFileNameW
0x41d03c CreateFileW
0x41d040 GlobalUnlock
0x41d044 GetLastError
0x41d048 CreateMutexA
0x41d04c IsDebuggerPresent
0x41d050 CloseHandle
0x41d054 SetFileAttributesW
0x41d058 CreateThread
0x41d05c CreateDirectoryW
0x41d060 CopyFileW
0x41d064 SetCurrentDirectoryW
0x41d068 InterlockedIncrement
0x41d06c InterlockedDecrement
0x41d070 EncodePointer
0x41d074 DecodePointer
0x41d078 EnterCriticalSection
0x41d07c LeaveCriticalSection
0x41d080 InitializeCriticalSectionEx
0x41d084 DeleteCriticalSection
0x41d088 WideCharToMultiByte
0x41d08c GetLocaleInfoEx
0x41d090 MultiByteToWideChar
0x41d094 GetStringTypeW
0x41d098 GetCommandLineW
0x41d09c HeapFree
0x41d0a0 HeapAlloc
0x41d0a4 HeapReAlloc
0x41d0a8 RaiseException
0x41d0ac RtlUnwind
0x41d0b0 GetCPInfo
0x41d0b4 IsProcessorFeaturePresent
0x41d0b8 SetLastError
0x41d0bc GetCurrentThreadId
0x41d0c0 GetModuleHandleExW
0x41d0c4 GetStdHandle
0x41d0c8 GetProcessHeap
0x41d0cc GetFileType
0x41d0d0 InitOnceExecuteOnce
0x41d0d4 GetStartupInfoW
0x41d0d8 QueryPerformanceCounter
0x41d0dc GetSystemTimeAsFileTime
0x41d0e0 GetTickCount64
0x41d0e4 GetEnvironmentStringsW
0x41d0e8 FreeEnvironmentStringsW
0x41d0ec UnhandledExceptionFilter
0x41d0f0 SetUnhandledExceptionFilter
0x41d0f4 FlsAlloc
0x41d0f8 FlsGetValue
0x41d0fc FlsSetValue
0x41d100 FlsFree
0x41d104 GetCurrentProcess
0x41d108 TerminateProcess
0x41d10c GetModuleHandleW
0x41d110 HeapSize
0x41d114 GetACP
0x41d118 IsValidCodePage
0x41d11c GetOEMCP
0x41d120 CompareStringEx
0x41d124 GetUserDefaultLocaleName
0x41d128 LCMapStringEx
0x41d12c IsValidLocaleName
0x41d130 EnumSystemLocalesEx
0x41d134 LoadLibraryExW
0x41d138 OutputDebugStringW
0x41d13c LoadLibraryW
0x41d140 GetConsoleCP
0x41d144 GetConsoleMode
0x41d148 SetFilePointerEx
0x41d14c SetStdHandle
EAT(Export Address Table) is none
ADVAPI32.dll
0x41d000 RegOpenKeyExA
0x41d004 RegCloseKey
0x41d008 RegSetValueExW
SHELL32.dll
0x41d154 SHGetFolderPathW
KERNEL32.dll
0x41d010 InitializeCriticalSectionAndSpinCount
0x41d014 FlushFileBuffers
0x41d018 WriteConsoleW
0x41d01c GetProcAddress
0x41d020 LoadLibraryA
0x41d024 ExitProcess
0x41d028 GlobalLock
0x41d02c WriteFile
0x41d030 GlobalAlloc
0x41d034 Sleep
0x41d038 GetModuleFileNameW
0x41d03c CreateFileW
0x41d040 GlobalUnlock
0x41d044 GetLastError
0x41d048 CreateMutexA
0x41d04c IsDebuggerPresent
0x41d050 CloseHandle
0x41d054 SetFileAttributesW
0x41d058 CreateThread
0x41d05c CreateDirectoryW
0x41d060 CopyFileW
0x41d064 SetCurrentDirectoryW
0x41d068 InterlockedIncrement
0x41d06c InterlockedDecrement
0x41d070 EncodePointer
0x41d074 DecodePointer
0x41d078 EnterCriticalSection
0x41d07c LeaveCriticalSection
0x41d080 InitializeCriticalSectionEx
0x41d084 DeleteCriticalSection
0x41d088 WideCharToMultiByte
0x41d08c GetLocaleInfoEx
0x41d090 MultiByteToWideChar
0x41d094 GetStringTypeW
0x41d098 GetCommandLineW
0x41d09c HeapFree
0x41d0a0 HeapAlloc
0x41d0a4 HeapReAlloc
0x41d0a8 RaiseException
0x41d0ac RtlUnwind
0x41d0b0 GetCPInfo
0x41d0b4 IsProcessorFeaturePresent
0x41d0b8 SetLastError
0x41d0bc GetCurrentThreadId
0x41d0c0 GetModuleHandleExW
0x41d0c4 GetStdHandle
0x41d0c8 GetProcessHeap
0x41d0cc GetFileType
0x41d0d0 InitOnceExecuteOnce
0x41d0d4 GetStartupInfoW
0x41d0d8 QueryPerformanceCounter
0x41d0dc GetSystemTimeAsFileTime
0x41d0e0 GetTickCount64
0x41d0e4 GetEnvironmentStringsW
0x41d0e8 FreeEnvironmentStringsW
0x41d0ec UnhandledExceptionFilter
0x41d0f0 SetUnhandledExceptionFilter
0x41d0f4 FlsAlloc
0x41d0f8 FlsGetValue
0x41d0fc FlsSetValue
0x41d100 FlsFree
0x41d104 GetCurrentProcess
0x41d108 TerminateProcess
0x41d10c GetModuleHandleW
0x41d110 HeapSize
0x41d114 GetACP
0x41d118 IsValidCodePage
0x41d11c GetOEMCP
0x41d120 CompareStringEx
0x41d124 GetUserDefaultLocaleName
0x41d128 LCMapStringEx
0x41d12c IsValidLocaleName
0x41d130 EnumSystemLocalesEx
0x41d134 LoadLibraryExW
0x41d138 OutputDebugStringW
0x41d13c LoadLibraryW
0x41d140 GetConsoleCP
0x41d144 GetConsoleMode
0x41d148 SetFilePointerEx
0x41d14c SetStdHandle
EAT(Export Address Table) is none