ScreenShot
| Created | 2025.04.28 09:09 | Machine | s1_win7_x6403 |
| Filename | VisualCode.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 40 detected (VirusWinExpiro, Artemis, Unsafe, Lazy, Save, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, MalwareX, Vidar, Lumma, 4XSOvUQ4zMB, djiea, Detected, Wacatac, R701596, PE04C9Z, GenKryptik, B9nj) | ||
| md5 | 9048722b3619d93180d5b39e7fade577 | ||
| sha256 | dc411841c3a1714fba35a1535d8563869b6ec3fc1cb87a9f56d057657a546077 | ||
| ssdeep | 12288:4DWOW9ap2T07ZoCb5OlkmH5P2GMSr7CyzKQqPKqbCqu6Bhyia1k0lh3Il8fRkZEL:H8pYtCK2GWdKE00oRk+tpnCJ | ||
| imphash | 130d5621ef2323889c6e1ed2746329fe | ||
| impfuzzy | 24:hWnxWDoelQtWOovbOGMUD1uUvgkWDpZWylnjBLPxQXRKT07GyiJUTYji:hWxQo5x361PMZxJjBbxQrGyJTr | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400eb5d8 AcquireSRWLockExclusive
0x1400eb5e0 CloseHandle
0x1400eb5e8 CreateFileA
0x1400eb5f0 CreateFileW
0x1400eb5f8 CreateThread
0x1400eb600 DecodePointer
0x1400eb608 DeleteCriticalSection
0x1400eb610 EncodePointer
0x1400eb618 EnterCriticalSection
0x1400eb620 EnumSystemLocalesW
0x1400eb628 ExitProcess
0x1400eb630 FindClose
0x1400eb638 FindFirstFileExW
0x1400eb640 FindNextFileW
0x1400eb648 FlsAlloc
0x1400eb650 FlsFree
0x1400eb658 FlsGetValue
0x1400eb660 FlsSetValue
0x1400eb668 FlushFileBuffers
0x1400eb670 FreeEnvironmentStringsW
0x1400eb678 FreeLibrary
0x1400eb680 GetACP
0x1400eb688 GetCPInfo
0x1400eb690 GetCommandLineA
0x1400eb698 GetCommandLineW
0x1400eb6a0 GetConsoleMode
0x1400eb6a8 GetConsoleOutputCP
0x1400eb6b0 GetCurrentProcess
0x1400eb6b8 GetCurrentProcessId
0x1400eb6c0 GetCurrentThreadId
0x1400eb6c8 GetEnvironmentStringsW
0x1400eb6d0 GetFileSize
0x1400eb6d8 GetFileSizeEx
0x1400eb6e0 GetFileType
0x1400eb6e8 GetLastError
0x1400eb6f0 GetLocaleInfoW
0x1400eb6f8 GetModuleFileNameW
0x1400eb700 GetModuleHandleA
0x1400eb708 GetModuleHandleExW
0x1400eb710 GetModuleHandleW
0x1400eb718 GetOEMCP
0x1400eb720 GetProcAddress
0x1400eb728 GetProcessHeap
0x1400eb730 GetStartupInfoW
0x1400eb738 GetStdHandle
0x1400eb740 GetStringTypeW
0x1400eb748 GetSystemTimeAsFileTime
0x1400eb750 GetUserDefaultLCID
0x1400eb758 HeapAlloc
0x1400eb760 HeapFree
0x1400eb768 HeapReAlloc
0x1400eb770 HeapSize
0x1400eb778 InitializeCriticalSectionAndSpinCount
0x1400eb780 InitializeCriticalSectionEx
0x1400eb788 InitializeSListHead
0x1400eb790 IsDebuggerPresent
0x1400eb798 IsProcessorFeaturePresent
0x1400eb7a0 IsValidCodePage
0x1400eb7a8 IsValidLocale
0x1400eb7b0 LCMapStringEx
0x1400eb7b8 LCMapStringW
0x1400eb7c0 LeaveCriticalSection
0x1400eb7c8 LoadLibraryExW
0x1400eb7d0 MultiByteToWideChar
0x1400eb7d8 QueryPerformanceCounter
0x1400eb7e0 QueryPerformanceFrequency
0x1400eb7e8 RaiseException
0x1400eb7f0 ReadConsoleW
0x1400eb7f8 ReadFile
0x1400eb800 ReleaseSRWLockExclusive
0x1400eb808 RtlCaptureContext
0x1400eb810 RtlLookupFunctionEntry
0x1400eb818 RtlPcToFileHeader
0x1400eb820 RtlUnwind
0x1400eb828 RtlUnwindEx
0x1400eb830 RtlVirtualUnwind
0x1400eb838 SetFilePointerEx
0x1400eb840 SetLastError
0x1400eb848 SetStdHandle
0x1400eb850 SetUnhandledExceptionFilter
0x1400eb858 Sleep
0x1400eb860 SleepConditionVariableSRW
0x1400eb868 TerminateProcess
0x1400eb870 TlsAlloc
0x1400eb878 TlsFree
0x1400eb880 TlsGetValue
0x1400eb888 TlsSetValue
0x1400eb890 UnhandledExceptionFilter
0x1400eb898 WaitForSingleObject
0x1400eb8a0 WakeAllConditionVariable
0x1400eb8a8 WideCharToMultiByte
0x1400eb8b0 WriteConsoleW
0x1400eb8b8 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x1400eb5d8 AcquireSRWLockExclusive
0x1400eb5e0 CloseHandle
0x1400eb5e8 CreateFileA
0x1400eb5f0 CreateFileW
0x1400eb5f8 CreateThread
0x1400eb600 DecodePointer
0x1400eb608 DeleteCriticalSection
0x1400eb610 EncodePointer
0x1400eb618 EnterCriticalSection
0x1400eb620 EnumSystemLocalesW
0x1400eb628 ExitProcess
0x1400eb630 FindClose
0x1400eb638 FindFirstFileExW
0x1400eb640 FindNextFileW
0x1400eb648 FlsAlloc
0x1400eb650 FlsFree
0x1400eb658 FlsGetValue
0x1400eb660 FlsSetValue
0x1400eb668 FlushFileBuffers
0x1400eb670 FreeEnvironmentStringsW
0x1400eb678 FreeLibrary
0x1400eb680 GetACP
0x1400eb688 GetCPInfo
0x1400eb690 GetCommandLineA
0x1400eb698 GetCommandLineW
0x1400eb6a0 GetConsoleMode
0x1400eb6a8 GetConsoleOutputCP
0x1400eb6b0 GetCurrentProcess
0x1400eb6b8 GetCurrentProcessId
0x1400eb6c0 GetCurrentThreadId
0x1400eb6c8 GetEnvironmentStringsW
0x1400eb6d0 GetFileSize
0x1400eb6d8 GetFileSizeEx
0x1400eb6e0 GetFileType
0x1400eb6e8 GetLastError
0x1400eb6f0 GetLocaleInfoW
0x1400eb6f8 GetModuleFileNameW
0x1400eb700 GetModuleHandleA
0x1400eb708 GetModuleHandleExW
0x1400eb710 GetModuleHandleW
0x1400eb718 GetOEMCP
0x1400eb720 GetProcAddress
0x1400eb728 GetProcessHeap
0x1400eb730 GetStartupInfoW
0x1400eb738 GetStdHandle
0x1400eb740 GetStringTypeW
0x1400eb748 GetSystemTimeAsFileTime
0x1400eb750 GetUserDefaultLCID
0x1400eb758 HeapAlloc
0x1400eb760 HeapFree
0x1400eb768 HeapReAlloc
0x1400eb770 HeapSize
0x1400eb778 InitializeCriticalSectionAndSpinCount
0x1400eb780 InitializeCriticalSectionEx
0x1400eb788 InitializeSListHead
0x1400eb790 IsDebuggerPresent
0x1400eb798 IsProcessorFeaturePresent
0x1400eb7a0 IsValidCodePage
0x1400eb7a8 IsValidLocale
0x1400eb7b0 LCMapStringEx
0x1400eb7b8 LCMapStringW
0x1400eb7c0 LeaveCriticalSection
0x1400eb7c8 LoadLibraryExW
0x1400eb7d0 MultiByteToWideChar
0x1400eb7d8 QueryPerformanceCounter
0x1400eb7e0 QueryPerformanceFrequency
0x1400eb7e8 RaiseException
0x1400eb7f0 ReadConsoleW
0x1400eb7f8 ReadFile
0x1400eb800 ReleaseSRWLockExclusive
0x1400eb808 RtlCaptureContext
0x1400eb810 RtlLookupFunctionEntry
0x1400eb818 RtlPcToFileHeader
0x1400eb820 RtlUnwind
0x1400eb828 RtlUnwindEx
0x1400eb830 RtlVirtualUnwind
0x1400eb838 SetFilePointerEx
0x1400eb840 SetLastError
0x1400eb848 SetStdHandle
0x1400eb850 SetUnhandledExceptionFilter
0x1400eb858 Sleep
0x1400eb860 SleepConditionVariableSRW
0x1400eb868 TerminateProcess
0x1400eb870 TlsAlloc
0x1400eb878 TlsFree
0x1400eb880 TlsGetValue
0x1400eb888 TlsSetValue
0x1400eb890 UnhandledExceptionFilter
0x1400eb898 WaitForSingleObject
0x1400eb8a0 WakeAllConditionVariable
0x1400eb8a8 WideCharToMultiByte
0x1400eb8b0 WriteConsoleW
0x1400eb8b8 WriteFile
EAT(Export Address Table) is none