ScreenShot
| Created | 2025.04.28 09:24 | Machine | s1_win7_x6403 |
| Filename | Men.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 44 detected (AIDetectMalware, Malicious, score, Artemis, Unsafe, confidence, GenericKD, high confidence, a variant of WinGo, Kryptik, GoInj, CLOUD, Redcap, szxic, Inject5, LUMMASTEALER, YXFD1Z, Cometer, Detected, Wacatac, XRP0XG, ABApplication, DUCE, Rozena, Chgt, FalseSign, Cnhl) | ||
| md5 | dcee0a6be229f2a1df71c0ca1cf86df6 | ||
| sha256 | 487420dd26047e44f53acd3d3a80ed51d798fa6426ea7d065e7296f6b36692ff | ||
| ssdeep | 24576:FJZWN8ek3jM3HIwlzI2ZG1RSQ3ac1irL8bujtYgidK1XNm:W8ekTM3H7lz7OSQ3a+fgidK1XY | ||
| imphash | 4035d2883e01d64f3e7a9dccb1d63af5 | ||
| impfuzzy | 24:UbVjhN5O+VuT2oLtXOr6kwmDruMztxdEr6UP:K5O+VAXOmGx0nP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| danger | Executed a process and injected code into it |
| watch | Detects the presence of Wine emulator |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x5aa020 WriteFile
0x5aa028 WriteConsoleW
0x5aa030 WaitForMultipleObjects
0x5aa038 WaitForSingleObject
0x5aa040 VirtualQuery
0x5aa048 VirtualFree
0x5aa050 VirtualAlloc
0x5aa058 SwitchToThread
0x5aa060 SuspendThread
0x5aa068 Sleep
0x5aa070 SetWaitableTimer
0x5aa078 SetUnhandledExceptionFilter
0x5aa080 SetProcessPriorityBoost
0x5aa088 SetEvent
0x5aa090 SetErrorMode
0x5aa098 SetConsoleCtrlHandler
0x5aa0a0 ResumeThread
0x5aa0a8 PostQueuedCompletionStatus
0x5aa0b0 LoadLibraryA
0x5aa0b8 LoadLibraryW
0x5aa0c0 SetThreadContext
0x5aa0c8 GetThreadContext
0x5aa0d0 GetSystemInfo
0x5aa0d8 GetSystemDirectoryA
0x5aa0e0 GetStdHandle
0x5aa0e8 GetQueuedCompletionStatusEx
0x5aa0f0 GetProcessAffinityMask
0x5aa0f8 GetProcAddress
0x5aa100 GetEnvironmentStringsW
0x5aa108 GetConsoleMode
0x5aa110 FreeEnvironmentStringsW
0x5aa118 ExitProcess
0x5aa120 DuplicateHandle
0x5aa128 CreateWaitableTimerExW
0x5aa130 CreateThread
0x5aa138 CreateIoCompletionPort
0x5aa140 CreateEventA
0x5aa148 CloseHandle
0x5aa150 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x5aa020 WriteFile
0x5aa028 WriteConsoleW
0x5aa030 WaitForMultipleObjects
0x5aa038 WaitForSingleObject
0x5aa040 VirtualQuery
0x5aa048 VirtualFree
0x5aa050 VirtualAlloc
0x5aa058 SwitchToThread
0x5aa060 SuspendThread
0x5aa068 Sleep
0x5aa070 SetWaitableTimer
0x5aa078 SetUnhandledExceptionFilter
0x5aa080 SetProcessPriorityBoost
0x5aa088 SetEvent
0x5aa090 SetErrorMode
0x5aa098 SetConsoleCtrlHandler
0x5aa0a0 ResumeThread
0x5aa0a8 PostQueuedCompletionStatus
0x5aa0b0 LoadLibraryA
0x5aa0b8 LoadLibraryW
0x5aa0c0 SetThreadContext
0x5aa0c8 GetThreadContext
0x5aa0d0 GetSystemInfo
0x5aa0d8 GetSystemDirectoryA
0x5aa0e0 GetStdHandle
0x5aa0e8 GetQueuedCompletionStatusEx
0x5aa0f0 GetProcessAffinityMask
0x5aa0f8 GetProcAddress
0x5aa100 GetEnvironmentStringsW
0x5aa108 GetConsoleMode
0x5aa110 FreeEnvironmentStringsW
0x5aa118 ExitProcess
0x5aa120 DuplicateHandle
0x5aa128 CreateWaitableTimerExW
0x5aa130 CreateThread
0x5aa138 CreateIoCompletionPort
0x5aa140 CreateEventA
0x5aa148 CloseHandle
0x5aa150 AddVectoredExceptionHandler
EAT(Export Address Table) is none