ScreenShot
| Created | 2025.05.04 13:04 | Machine | s1_win7_x6403 |
| Filename | d9e75265-7911-418e-8811-8a4d68a24ddc | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 57 detected (Common, Vidar, tsNa, Malicious, score, Ghanarava, Midie, Unsafe, Save, confidence, 100%, Genus, Attribute, HighConfidence, high confidence, MalwareX, Zusy, DCRat, G6VgOTp807H, mezud, Siggen31, AMADEY, YXFDNZ, gqdg, Detected, Malware@#28f5iw1adaiz6, LummaStealer, Cerbu, ABTrojan, ECDY, R701934, Artemis, Chgt, Gencirc, susgen) | ||
| md5 | 181a374a27e9ab37a1d3307cbc007dd8 | ||
| sha256 | e82fc24297f53afd25fcb04a063e73cd49ff7e1c11e7f6b21029b608c072bd02 | ||
| ssdeep | 6144:49YEL+kufmb134ces+mpo/uDDrchrugPI83:AYTfy13/+mpo/QnOu | ||
| imphash | aa2ac8e0a800e04e9552a74a0feb58f2 | ||
| impfuzzy | 24:X+xQBKAWnjDYc+WZF02tVrBgdlJBl39ro6rOovbO39RFZMvNjzGMAkEZHu9F9+i4:OxQ/WnQc+eltVrBgDpZu3rFZGb9oKC | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | This executable has a PDB path |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | PowerShell | PowerShell script | scripts |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14003b040 CreateFileW
0x14003b048 WriteConsoleW
0x14003b050 GetConsoleWindow
0x14003b058 Sleep
0x14003b060 GetModuleFileNameW
0x14003b068 CreateDirectoryW
0x14003b070 HeapSize
0x14003b078 SetStdHandle
0x14003b080 MultiByteToWideChar
0x14003b088 QueryPerformanceCounter
0x14003b090 QueryPerformanceFrequency
0x14003b098 GetStringTypeW
0x14003b0a0 WideCharToMultiByte
0x14003b0a8 GetCurrentThreadId
0x14003b0b0 ReleaseSRWLockExclusive
0x14003b0b8 AcquireSRWLockExclusive
0x14003b0c0 TryAcquireSRWLockExclusive
0x14003b0c8 CloseHandle
0x14003b0d0 InitializeCriticalSectionEx
0x14003b0d8 GetSystemTimeAsFileTime
0x14003b0e0 GetModuleHandleW
0x14003b0e8 GetProcAddress
0x14003b0f0 EnterCriticalSection
0x14003b0f8 LeaveCriticalSection
0x14003b100 DeleteCriticalSection
0x14003b108 EncodePointer
0x14003b110 DecodePointer
0x14003b118 LCMapStringEx
0x14003b120 WakeAllConditionVariable
0x14003b128 GetCPInfo
0x14003b130 RtlCaptureContext
0x14003b138 RtlLookupFunctionEntry
0x14003b140 RtlVirtualUnwind
0x14003b148 UnhandledExceptionFilter
0x14003b150 SetUnhandledExceptionFilter
0x14003b158 GetCurrentProcess
0x14003b160 TerminateProcess
0x14003b168 IsProcessorFeaturePresent
0x14003b170 IsDebuggerPresent
0x14003b178 GetStartupInfoW
0x14003b180 GetCurrentProcessId
0x14003b188 InitializeSListHead
0x14003b190 RtlUnwindEx
0x14003b198 RtlPcToFileHeader
0x14003b1a0 RaiseException
0x14003b1a8 GetLastError
0x14003b1b0 SetLastError
0x14003b1b8 InitializeCriticalSectionAndSpinCount
0x14003b1c0 TlsAlloc
0x14003b1c8 TlsGetValue
0x14003b1d0 TlsSetValue
0x14003b1d8 TlsFree
0x14003b1e0 FreeLibrary
0x14003b1e8 LoadLibraryExW
0x14003b1f0 ExitProcess
0x14003b1f8 GetModuleHandleExW
0x14003b200 CreateThread
0x14003b208 ExitThread
0x14003b210 FreeLibraryAndExitThread
0x14003b218 GetStdHandle
0x14003b220 WriteFile
0x14003b228 GetCommandLineA
0x14003b230 GetCommandLineW
0x14003b238 HeapAlloc
0x14003b240 HeapFree
0x14003b248 FlsAlloc
0x14003b250 FlsGetValue
0x14003b258 FlsSetValue
0x14003b260 FlsFree
0x14003b268 CompareStringW
0x14003b270 LCMapStringW
0x14003b278 GetLocaleInfoW
0x14003b280 IsValidLocale
0x14003b288 GetUserDefaultLCID
0x14003b290 EnumSystemLocalesW
0x14003b298 GetFileType
0x14003b2a0 WaitForSingleObject
0x14003b2a8 GetExitCodeProcess
0x14003b2b0 CreateProcessW
0x14003b2b8 GetFileAttributesExW
0x14003b2c0 FlushFileBuffers
0x14003b2c8 GetConsoleOutputCP
0x14003b2d0 GetConsoleMode
0x14003b2d8 ReadFile
0x14003b2e0 GetFileSizeEx
0x14003b2e8 SetFilePointerEx
0x14003b2f0 ReadConsoleW
0x14003b2f8 HeapReAlloc
0x14003b300 FindClose
0x14003b308 FindFirstFileExW
0x14003b310 FindNextFileW
0x14003b318 IsValidCodePage
0x14003b320 GetACP
0x14003b328 GetOEMCP
0x14003b330 GetEnvironmentStringsW
0x14003b338 FreeEnvironmentStringsW
0x14003b340 SetEnvironmentVariableW
0x14003b348 GetProcessHeap
0x14003b350 RtlUnwind
USER32.dll
0x14003b370 ShowWindow
ADVAPI32.dll
0x14003b000 RegCloseKey
0x14003b008 AllocateAndInitializeSid
0x14003b010 RegSetValueExW
0x14003b018 FreeSid
0x14003b020 CheckTokenMembership
0x14003b028 RegOpenKeyExW
0x14003b030 GetUserNameW
SHELL32.dll
0x14003b360 ShellExecuteW
EAT(Export Address Table) is none
KERNEL32.dll
0x14003b040 CreateFileW
0x14003b048 WriteConsoleW
0x14003b050 GetConsoleWindow
0x14003b058 Sleep
0x14003b060 GetModuleFileNameW
0x14003b068 CreateDirectoryW
0x14003b070 HeapSize
0x14003b078 SetStdHandle
0x14003b080 MultiByteToWideChar
0x14003b088 QueryPerformanceCounter
0x14003b090 QueryPerformanceFrequency
0x14003b098 GetStringTypeW
0x14003b0a0 WideCharToMultiByte
0x14003b0a8 GetCurrentThreadId
0x14003b0b0 ReleaseSRWLockExclusive
0x14003b0b8 AcquireSRWLockExclusive
0x14003b0c0 TryAcquireSRWLockExclusive
0x14003b0c8 CloseHandle
0x14003b0d0 InitializeCriticalSectionEx
0x14003b0d8 GetSystemTimeAsFileTime
0x14003b0e0 GetModuleHandleW
0x14003b0e8 GetProcAddress
0x14003b0f0 EnterCriticalSection
0x14003b0f8 LeaveCriticalSection
0x14003b100 DeleteCriticalSection
0x14003b108 EncodePointer
0x14003b110 DecodePointer
0x14003b118 LCMapStringEx
0x14003b120 WakeAllConditionVariable
0x14003b128 GetCPInfo
0x14003b130 RtlCaptureContext
0x14003b138 RtlLookupFunctionEntry
0x14003b140 RtlVirtualUnwind
0x14003b148 UnhandledExceptionFilter
0x14003b150 SetUnhandledExceptionFilter
0x14003b158 GetCurrentProcess
0x14003b160 TerminateProcess
0x14003b168 IsProcessorFeaturePresent
0x14003b170 IsDebuggerPresent
0x14003b178 GetStartupInfoW
0x14003b180 GetCurrentProcessId
0x14003b188 InitializeSListHead
0x14003b190 RtlUnwindEx
0x14003b198 RtlPcToFileHeader
0x14003b1a0 RaiseException
0x14003b1a8 GetLastError
0x14003b1b0 SetLastError
0x14003b1b8 InitializeCriticalSectionAndSpinCount
0x14003b1c0 TlsAlloc
0x14003b1c8 TlsGetValue
0x14003b1d0 TlsSetValue
0x14003b1d8 TlsFree
0x14003b1e0 FreeLibrary
0x14003b1e8 LoadLibraryExW
0x14003b1f0 ExitProcess
0x14003b1f8 GetModuleHandleExW
0x14003b200 CreateThread
0x14003b208 ExitThread
0x14003b210 FreeLibraryAndExitThread
0x14003b218 GetStdHandle
0x14003b220 WriteFile
0x14003b228 GetCommandLineA
0x14003b230 GetCommandLineW
0x14003b238 HeapAlloc
0x14003b240 HeapFree
0x14003b248 FlsAlloc
0x14003b250 FlsGetValue
0x14003b258 FlsSetValue
0x14003b260 FlsFree
0x14003b268 CompareStringW
0x14003b270 LCMapStringW
0x14003b278 GetLocaleInfoW
0x14003b280 IsValidLocale
0x14003b288 GetUserDefaultLCID
0x14003b290 EnumSystemLocalesW
0x14003b298 GetFileType
0x14003b2a0 WaitForSingleObject
0x14003b2a8 GetExitCodeProcess
0x14003b2b0 CreateProcessW
0x14003b2b8 GetFileAttributesExW
0x14003b2c0 FlushFileBuffers
0x14003b2c8 GetConsoleOutputCP
0x14003b2d0 GetConsoleMode
0x14003b2d8 ReadFile
0x14003b2e0 GetFileSizeEx
0x14003b2e8 SetFilePointerEx
0x14003b2f0 ReadConsoleW
0x14003b2f8 HeapReAlloc
0x14003b300 FindClose
0x14003b308 FindFirstFileExW
0x14003b310 FindNextFileW
0x14003b318 IsValidCodePage
0x14003b320 GetACP
0x14003b328 GetOEMCP
0x14003b330 GetEnvironmentStringsW
0x14003b338 FreeEnvironmentStringsW
0x14003b340 SetEnvironmentVariableW
0x14003b348 GetProcessHeap
0x14003b350 RtlUnwind
USER32.dll
0x14003b370 ShowWindow
ADVAPI32.dll
0x14003b000 RegCloseKey
0x14003b008 AllocateAndInitializeSid
0x14003b010 RegSetValueExW
0x14003b018 FreeSid
0x14003b020 CheckTokenMembership
0x14003b028 RegOpenKeyExW
0x14003b030 GetUserNameW
SHELL32.dll
0x14003b360 ShellExecuteW
EAT(Export Address Table) is none