ScreenShot
| Created | 2025.05.04 12:53 | Machine | s1_win7_x6403 |
| Filename | 5afe4f55-3d33-485a-a988-c907a1833384 | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (tsNZ, Zusy, Unsafe, Save, malicious, confidence, 100%, GenusT, EVTO, Attribute, HighConfidence, high confidence, MalwareX, score, DCRat, kwurrn, G6VgOTp807H, Nekark, ntpkl, Siggen31, AMADEY, YXFDNZ, gqdh, Detected, Convagent, Malware@#21ply9g7ho70c, LummaStealer, ABApplication, MMZM, R701314, Artemis, GdSda, Gencirc, OzB5rdsgqUs, susgen) | ||
| md5 | 98e9c5d144a56f8c6f4c1dde7a5b3d1e | ||
| sha256 | 936afe44531e08524efa9d8886b709aaa851eadea3d295189a4628f2d6bb0d6d | ||
| ssdeep | 6144:qhTZ8heoxl135RPVw2e96lJGf83dZ7Kax1nOg:qh9XO1pRP26lJGkt | ||
| imphash | aa2ac8e0a800e04e9552a74a0feb58f2 | ||
| impfuzzy | 24:X+xQBKAWnjDYc+WZF02tVrBgdlJBl39ro6rOovbO39RFZMvNjzGMAkEZHu9F9+i4:OxQ/WnQc+eltVrBgDpZu3rFZGb9oKC | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | This executable has a PDB path |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | PowerShell | PowerShell script | scripts |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14003d040 CreateFileW
0x14003d048 WriteConsoleW
0x14003d050 GetConsoleWindow
0x14003d058 Sleep
0x14003d060 GetModuleFileNameW
0x14003d068 CreateDirectoryW
0x14003d070 HeapSize
0x14003d078 SetStdHandle
0x14003d080 MultiByteToWideChar
0x14003d088 QueryPerformanceCounter
0x14003d090 QueryPerformanceFrequency
0x14003d098 GetStringTypeW
0x14003d0a0 WideCharToMultiByte
0x14003d0a8 GetCurrentThreadId
0x14003d0b0 ReleaseSRWLockExclusive
0x14003d0b8 AcquireSRWLockExclusive
0x14003d0c0 TryAcquireSRWLockExclusive
0x14003d0c8 CloseHandle
0x14003d0d0 InitializeCriticalSectionEx
0x14003d0d8 GetSystemTimeAsFileTime
0x14003d0e0 GetModuleHandleW
0x14003d0e8 GetProcAddress
0x14003d0f0 EnterCriticalSection
0x14003d0f8 LeaveCriticalSection
0x14003d100 DeleteCriticalSection
0x14003d108 EncodePointer
0x14003d110 DecodePointer
0x14003d118 LCMapStringEx
0x14003d120 WakeAllConditionVariable
0x14003d128 GetCPInfo
0x14003d130 RtlCaptureContext
0x14003d138 RtlLookupFunctionEntry
0x14003d140 RtlVirtualUnwind
0x14003d148 UnhandledExceptionFilter
0x14003d150 SetUnhandledExceptionFilter
0x14003d158 GetCurrentProcess
0x14003d160 TerminateProcess
0x14003d168 IsProcessorFeaturePresent
0x14003d170 IsDebuggerPresent
0x14003d178 GetStartupInfoW
0x14003d180 GetCurrentProcessId
0x14003d188 InitializeSListHead
0x14003d190 RtlUnwindEx
0x14003d198 RtlPcToFileHeader
0x14003d1a0 RaiseException
0x14003d1a8 GetLastError
0x14003d1b0 SetLastError
0x14003d1b8 InitializeCriticalSectionAndSpinCount
0x14003d1c0 TlsAlloc
0x14003d1c8 TlsGetValue
0x14003d1d0 TlsSetValue
0x14003d1d8 TlsFree
0x14003d1e0 FreeLibrary
0x14003d1e8 LoadLibraryExW
0x14003d1f0 ExitProcess
0x14003d1f8 GetModuleHandleExW
0x14003d200 CreateThread
0x14003d208 ExitThread
0x14003d210 FreeLibraryAndExitThread
0x14003d218 GetStdHandle
0x14003d220 WriteFile
0x14003d228 GetCommandLineA
0x14003d230 GetCommandLineW
0x14003d238 HeapAlloc
0x14003d240 HeapFree
0x14003d248 FlsAlloc
0x14003d250 FlsGetValue
0x14003d258 FlsSetValue
0x14003d260 FlsFree
0x14003d268 CompareStringW
0x14003d270 LCMapStringW
0x14003d278 GetLocaleInfoW
0x14003d280 IsValidLocale
0x14003d288 GetUserDefaultLCID
0x14003d290 EnumSystemLocalesW
0x14003d298 GetFileType
0x14003d2a0 WaitForSingleObject
0x14003d2a8 GetExitCodeProcess
0x14003d2b0 CreateProcessW
0x14003d2b8 GetFileAttributesExW
0x14003d2c0 FlushFileBuffers
0x14003d2c8 GetConsoleOutputCP
0x14003d2d0 GetConsoleMode
0x14003d2d8 ReadFile
0x14003d2e0 GetFileSizeEx
0x14003d2e8 SetFilePointerEx
0x14003d2f0 ReadConsoleW
0x14003d2f8 HeapReAlloc
0x14003d300 FindClose
0x14003d308 FindFirstFileExW
0x14003d310 FindNextFileW
0x14003d318 IsValidCodePage
0x14003d320 GetACP
0x14003d328 GetOEMCP
0x14003d330 GetEnvironmentStringsW
0x14003d338 FreeEnvironmentStringsW
0x14003d340 SetEnvironmentVariableW
0x14003d348 GetProcessHeap
0x14003d350 RtlUnwind
USER32.dll
0x14003d370 ShowWindow
ADVAPI32.dll
0x14003d000 RegCloseKey
0x14003d008 AllocateAndInitializeSid
0x14003d010 RegSetValueExW
0x14003d018 FreeSid
0x14003d020 CheckTokenMembership
0x14003d028 RegOpenKeyExW
0x14003d030 GetUserNameW
SHELL32.dll
0x14003d360 ShellExecuteW
EAT(Export Address Table) is none
KERNEL32.dll
0x14003d040 CreateFileW
0x14003d048 WriteConsoleW
0x14003d050 GetConsoleWindow
0x14003d058 Sleep
0x14003d060 GetModuleFileNameW
0x14003d068 CreateDirectoryW
0x14003d070 HeapSize
0x14003d078 SetStdHandle
0x14003d080 MultiByteToWideChar
0x14003d088 QueryPerformanceCounter
0x14003d090 QueryPerformanceFrequency
0x14003d098 GetStringTypeW
0x14003d0a0 WideCharToMultiByte
0x14003d0a8 GetCurrentThreadId
0x14003d0b0 ReleaseSRWLockExclusive
0x14003d0b8 AcquireSRWLockExclusive
0x14003d0c0 TryAcquireSRWLockExclusive
0x14003d0c8 CloseHandle
0x14003d0d0 InitializeCriticalSectionEx
0x14003d0d8 GetSystemTimeAsFileTime
0x14003d0e0 GetModuleHandleW
0x14003d0e8 GetProcAddress
0x14003d0f0 EnterCriticalSection
0x14003d0f8 LeaveCriticalSection
0x14003d100 DeleteCriticalSection
0x14003d108 EncodePointer
0x14003d110 DecodePointer
0x14003d118 LCMapStringEx
0x14003d120 WakeAllConditionVariable
0x14003d128 GetCPInfo
0x14003d130 RtlCaptureContext
0x14003d138 RtlLookupFunctionEntry
0x14003d140 RtlVirtualUnwind
0x14003d148 UnhandledExceptionFilter
0x14003d150 SetUnhandledExceptionFilter
0x14003d158 GetCurrentProcess
0x14003d160 TerminateProcess
0x14003d168 IsProcessorFeaturePresent
0x14003d170 IsDebuggerPresent
0x14003d178 GetStartupInfoW
0x14003d180 GetCurrentProcessId
0x14003d188 InitializeSListHead
0x14003d190 RtlUnwindEx
0x14003d198 RtlPcToFileHeader
0x14003d1a0 RaiseException
0x14003d1a8 GetLastError
0x14003d1b0 SetLastError
0x14003d1b8 InitializeCriticalSectionAndSpinCount
0x14003d1c0 TlsAlloc
0x14003d1c8 TlsGetValue
0x14003d1d0 TlsSetValue
0x14003d1d8 TlsFree
0x14003d1e0 FreeLibrary
0x14003d1e8 LoadLibraryExW
0x14003d1f0 ExitProcess
0x14003d1f8 GetModuleHandleExW
0x14003d200 CreateThread
0x14003d208 ExitThread
0x14003d210 FreeLibraryAndExitThread
0x14003d218 GetStdHandle
0x14003d220 WriteFile
0x14003d228 GetCommandLineA
0x14003d230 GetCommandLineW
0x14003d238 HeapAlloc
0x14003d240 HeapFree
0x14003d248 FlsAlloc
0x14003d250 FlsGetValue
0x14003d258 FlsSetValue
0x14003d260 FlsFree
0x14003d268 CompareStringW
0x14003d270 LCMapStringW
0x14003d278 GetLocaleInfoW
0x14003d280 IsValidLocale
0x14003d288 GetUserDefaultLCID
0x14003d290 EnumSystemLocalesW
0x14003d298 GetFileType
0x14003d2a0 WaitForSingleObject
0x14003d2a8 GetExitCodeProcess
0x14003d2b0 CreateProcessW
0x14003d2b8 GetFileAttributesExW
0x14003d2c0 FlushFileBuffers
0x14003d2c8 GetConsoleOutputCP
0x14003d2d0 GetConsoleMode
0x14003d2d8 ReadFile
0x14003d2e0 GetFileSizeEx
0x14003d2e8 SetFilePointerEx
0x14003d2f0 ReadConsoleW
0x14003d2f8 HeapReAlloc
0x14003d300 FindClose
0x14003d308 FindFirstFileExW
0x14003d310 FindNextFileW
0x14003d318 IsValidCodePage
0x14003d320 GetACP
0x14003d328 GetOEMCP
0x14003d330 GetEnvironmentStringsW
0x14003d338 FreeEnvironmentStringsW
0x14003d340 SetEnvironmentVariableW
0x14003d348 GetProcessHeap
0x14003d350 RtlUnwind
USER32.dll
0x14003d370 ShowWindow
ADVAPI32.dll
0x14003d000 RegCloseKey
0x14003d008 AllocateAndInitializeSid
0x14003d010 RegSetValueExW
0x14003d018 FreeSid
0x14003d020 CheckTokenMembership
0x14003d028 RegOpenKeyExW
0x14003d030 GetUserNameW
SHELL32.dll
0x14003d360 ShellExecuteW
EAT(Export Address Table) is none