ScreenShot
| Created | 2025.05.06 21:37 | Machine | s1_win7_x6401 |
| Filename | msP2PiF.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 40 detected (AIDetectMalware, Ghanarava, Expiro, Lazy, Unsafe, Save, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, HIJW, MalwareX, Cryp, DInvoke, Lumma, uvQnZKLKhyR, Static AI, Suspicious PE, Lummastealer, Detected, GrayWare, Wacapew, AmsiBypass, Eldorado, Kryptik, R703486, Artemis, FakeMS, Outbreak, PE04C9Z) | ||
| md5 | 43252e3bc32a5de6103eab14d7e9dc56 | ||
| sha256 | 2e6bcea6204c452c51828b3c6e1a483902e5044d706921314124fbe634cf1be9 | ||
| ssdeep | 196608:7b4yszWWGI+TunyHXlYuS8VTq74yszWWGI+TunyHXlYuS8VTq:vkCI2uOyuS8Zq7kCI2uOyuS8Zq | ||
| imphash | 3e2a6ecfffc5d43a7565ef87874e92c4 | ||
| impfuzzy | 24:hWnkWDCQlQtyOovbOGMUD1ulvgDWDQyl3LPxQTRKT07GiJUlYjz:hWkQC3l3612lhbxQ/GJlC | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14004e168 AcquireSRWLockExclusive
0x14004e170 CloseHandle
0x14004e178 CreateFileA
0x14004e180 CreateFileW
0x14004e188 CreateThread
0x14004e190 DeleteCriticalSection
0x14004e198 EncodePointer
0x14004e1a0 EnterCriticalSection
0x14004e1a8 ExitProcess
0x14004e1b0 ExitThread
0x14004e1b8 FindClose
0x14004e1c0 FindFirstFileExW
0x14004e1c8 FindNextFileW
0x14004e1d0 FlsAlloc
0x14004e1d8 FlsFree
0x14004e1e0 FlsGetValue
0x14004e1e8 FlsSetValue
0x14004e1f0 FlushFileBuffers
0x14004e1f8 FreeEnvironmentStringsW
0x14004e200 FreeLibrary
0x14004e208 FreeLibraryAndExitThread
0x14004e210 GetACP
0x14004e218 GetCPInfo
0x14004e220 GetCommandLineA
0x14004e228 GetCommandLineW
0x14004e230 GetConsoleMode
0x14004e238 GetConsoleOutputCP
0x14004e240 GetCurrentProcess
0x14004e248 GetCurrentProcessId
0x14004e250 GetCurrentThreadId
0x14004e258 GetEnvironmentStringsW
0x14004e260 GetExitCodeThread
0x14004e268 GetFileSize
0x14004e270 GetFileSizeEx
0x14004e278 GetFileType
0x14004e280 GetLastError
0x14004e288 GetModuleFileNameW
0x14004e290 GetModuleHandleA
0x14004e298 GetModuleHandleExW
0x14004e2a0 GetModuleHandleW
0x14004e2a8 GetOEMCP
0x14004e2b0 GetProcAddress
0x14004e2b8 GetProcessHeap
0x14004e2c0 GetStartupInfoW
0x14004e2c8 GetStdHandle
0x14004e2d0 GetStringTypeW
0x14004e2d8 GetSystemTimeAsFileTime
0x14004e2e0 HeapAlloc
0x14004e2e8 HeapFree
0x14004e2f0 HeapReAlloc
0x14004e2f8 HeapSize
0x14004e300 InitializeCriticalSectionAndSpinCount
0x14004e308 InitializeSListHead
0x14004e310 IsDebuggerPresent
0x14004e318 IsProcessorFeaturePresent
0x14004e320 IsValidCodePage
0x14004e328 LCMapStringW
0x14004e330 LeaveCriticalSection
0x14004e338 LoadLibraryExW
0x14004e340 MultiByteToWideChar
0x14004e348 QueryPerformanceCounter
0x14004e350 QueryPerformanceFrequency
0x14004e358 RaiseException
0x14004e360 ReadFile
0x14004e368 ReleaseSRWLockExclusive
0x14004e370 RtlCaptureContext
0x14004e378 RtlLookupFunctionEntry
0x14004e380 RtlPcToFileHeader
0x14004e388 RtlUnwindEx
0x14004e390 RtlVirtualUnwind
0x14004e398 SetFilePointerEx
0x14004e3a0 SetLastError
0x14004e3a8 SetStdHandle
0x14004e3b0 SetUnhandledExceptionFilter
0x14004e3b8 Sleep
0x14004e3c0 TerminateProcess
0x14004e3c8 TlsAlloc
0x14004e3d0 TlsFree
0x14004e3d8 TlsGetValue
0x14004e3e0 TlsSetValue
0x14004e3e8 TryAcquireSRWLockExclusive
0x14004e3f0 UnhandledExceptionFilter
0x14004e3f8 WaitForSingleObjectEx
0x14004e400 WakeAllConditionVariable
0x14004e408 WideCharToMultiByte
0x14004e410 WriteConsoleW
0x14004e418 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x14004e168 AcquireSRWLockExclusive
0x14004e170 CloseHandle
0x14004e178 CreateFileA
0x14004e180 CreateFileW
0x14004e188 CreateThread
0x14004e190 DeleteCriticalSection
0x14004e198 EncodePointer
0x14004e1a0 EnterCriticalSection
0x14004e1a8 ExitProcess
0x14004e1b0 ExitThread
0x14004e1b8 FindClose
0x14004e1c0 FindFirstFileExW
0x14004e1c8 FindNextFileW
0x14004e1d0 FlsAlloc
0x14004e1d8 FlsFree
0x14004e1e0 FlsGetValue
0x14004e1e8 FlsSetValue
0x14004e1f0 FlushFileBuffers
0x14004e1f8 FreeEnvironmentStringsW
0x14004e200 FreeLibrary
0x14004e208 FreeLibraryAndExitThread
0x14004e210 GetACP
0x14004e218 GetCPInfo
0x14004e220 GetCommandLineA
0x14004e228 GetCommandLineW
0x14004e230 GetConsoleMode
0x14004e238 GetConsoleOutputCP
0x14004e240 GetCurrentProcess
0x14004e248 GetCurrentProcessId
0x14004e250 GetCurrentThreadId
0x14004e258 GetEnvironmentStringsW
0x14004e260 GetExitCodeThread
0x14004e268 GetFileSize
0x14004e270 GetFileSizeEx
0x14004e278 GetFileType
0x14004e280 GetLastError
0x14004e288 GetModuleFileNameW
0x14004e290 GetModuleHandleA
0x14004e298 GetModuleHandleExW
0x14004e2a0 GetModuleHandleW
0x14004e2a8 GetOEMCP
0x14004e2b0 GetProcAddress
0x14004e2b8 GetProcessHeap
0x14004e2c0 GetStartupInfoW
0x14004e2c8 GetStdHandle
0x14004e2d0 GetStringTypeW
0x14004e2d8 GetSystemTimeAsFileTime
0x14004e2e0 HeapAlloc
0x14004e2e8 HeapFree
0x14004e2f0 HeapReAlloc
0x14004e2f8 HeapSize
0x14004e300 InitializeCriticalSectionAndSpinCount
0x14004e308 InitializeSListHead
0x14004e310 IsDebuggerPresent
0x14004e318 IsProcessorFeaturePresent
0x14004e320 IsValidCodePage
0x14004e328 LCMapStringW
0x14004e330 LeaveCriticalSection
0x14004e338 LoadLibraryExW
0x14004e340 MultiByteToWideChar
0x14004e348 QueryPerformanceCounter
0x14004e350 QueryPerformanceFrequency
0x14004e358 RaiseException
0x14004e360 ReadFile
0x14004e368 ReleaseSRWLockExclusive
0x14004e370 RtlCaptureContext
0x14004e378 RtlLookupFunctionEntry
0x14004e380 RtlPcToFileHeader
0x14004e388 RtlUnwindEx
0x14004e390 RtlVirtualUnwind
0x14004e398 SetFilePointerEx
0x14004e3a0 SetLastError
0x14004e3a8 SetStdHandle
0x14004e3b0 SetUnhandledExceptionFilter
0x14004e3b8 Sleep
0x14004e3c0 TerminateProcess
0x14004e3c8 TlsAlloc
0x14004e3d0 TlsFree
0x14004e3d8 TlsGetValue
0x14004e3e0 TlsSetValue
0x14004e3e8 TryAcquireSRWLockExclusive
0x14004e3f0 UnhandledExceptionFilter
0x14004e3f8 WaitForSingleObjectEx
0x14004e400 WakeAllConditionVariable
0x14004e408 WideCharToMultiByte
0x14004e410 WriteConsoleW
0x14004e418 WriteFile
EAT(Export Address Table) is none