ScreenShot
| Created | 2025.05.02 17:56 | Machine | s1_win7_x6401 |
| Filename | dd.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 31 detected (AIDetectMalware, Lazy, Unsafe, Attribute, HighConfidence, malicious, high confidence, MalwareX, Udochka, lyKTgQA84Q, Detected, Wacatac, Artemis, Ngil, Wacapew, C9nj) | ||
| md5 | f2497f7c1f59d261fb9b24931fb09164 | ||
| sha256 | 61b08477414108ef94b073994f704f3dff7f48e6aa51d40d3ca8ecc3705bf0c5 | ||
| ssdeep | 3072:wngIpDUA5MxfSAJvoveEE0bWgR2wgULiA4Enkrus3Id4IJHvu5TszfmbQbvvx5h/:wnfElove10av9ULiBEkwmI4abvomc6 | ||
| imphash | bdcc417182aff23aa735853592246a3c | ||
| impfuzzy | 24:QDMJcpVWPrr02tdS1mBgdlJBl3eDoro3v1GM+AaZxFpOovbOPZY1:HJcpVSrftdS1mBgDpX6cZ83O1 | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x14002f000 GetUserNameA
KERNEL32.dll
0x14002f010 FindFirstFileA
0x14002f018 FindNextFileA
0x14002f020 FindClose
0x14002f028 GetFileAttributesA
0x14002f030 MultiByteToWideChar
0x14002f038 WideCharToMultiByte
0x14002f040 LCMapStringEx
0x14002f048 EnterCriticalSection
0x14002f050 LeaveCriticalSection
0x14002f058 InitializeCriticalSectionEx
0x14002f060 DeleteCriticalSection
0x14002f068 EncodePointer
0x14002f070 DecodePointer
0x14002f078 CompareStringEx
0x14002f080 GetCPInfo
0x14002f088 GetStringTypeW
0x14002f090 RtlCaptureContext
0x14002f098 RtlLookupFunctionEntry
0x14002f0a0 RtlVirtualUnwind
0x14002f0a8 UnhandledExceptionFilter
0x14002f0b0 SetUnhandledExceptionFilter
0x14002f0b8 GetCurrentProcess
0x14002f0c0 TerminateProcess
0x14002f0c8 IsProcessorFeaturePresent
0x14002f0d0 IsDebuggerPresent
0x14002f0d8 GetStartupInfoW
0x14002f0e0 GetModuleHandleW
0x14002f0e8 QueryPerformanceCounter
0x14002f0f0 GetCurrentProcessId
0x14002f0f8 GetCurrentThreadId
0x14002f100 GetSystemTimeAsFileTime
0x14002f108 InitializeSListHead
0x14002f110 SetEndOfFile
0x14002f118 RtlUnwindEx
0x14002f120 RtlPcToFileHeader
0x14002f128 RaiseException
0x14002f130 GetLastError
0x14002f138 SetLastError
0x14002f140 InitializeCriticalSectionAndSpinCount
0x14002f148 TlsAlloc
0x14002f150 TlsGetValue
0x14002f158 TlsSetValue
0x14002f160 TlsFree
0x14002f168 FreeLibrary
0x14002f170 GetProcAddress
0x14002f178 LoadLibraryExW
0x14002f180 ExitProcess
0x14002f188 GetModuleHandleExW
0x14002f190 GetModuleFileNameW
0x14002f198 GetStdHandle
0x14002f1a0 WriteFile
0x14002f1a8 GetFileSizeEx
0x14002f1b0 SetFilePointerEx
0x14002f1b8 GetFileType
0x14002f1c0 FlushFileBuffers
0x14002f1c8 GetConsoleOutputCP
0x14002f1d0 GetConsoleMode
0x14002f1d8 HeapFree
0x14002f1e0 CloseHandle
0x14002f1e8 HeapReAlloc
0x14002f1f0 HeapAlloc
0x14002f1f8 FlsAlloc
0x14002f200 FlsGetValue
0x14002f208 FlsSetValue
0x14002f210 FlsFree
0x14002f218 LCMapStringW
0x14002f220 GetLocaleInfoW
0x14002f228 IsValidLocale
0x14002f230 GetUserDefaultLCID
0x14002f238 EnumSystemLocalesW
0x14002f240 ReadFile
0x14002f248 ReadConsoleW
0x14002f250 FindFirstFileExW
0x14002f258 FindNextFileW
0x14002f260 IsValidCodePage
0x14002f268 GetACP
0x14002f270 GetOEMCP
0x14002f278 GetCommandLineA
0x14002f280 GetCommandLineW
0x14002f288 GetEnvironmentStringsW
0x14002f290 FreeEnvironmentStringsW
0x14002f298 GetProcessHeap
0x14002f2a0 SetStdHandle
0x14002f2a8 CreateFileW
0x14002f2b0 HeapSize
0x14002f2b8 WriteConsoleW
0x14002f2c0 RtlUnwind
EAT(Export Address Table) is none
ADVAPI32.dll
0x14002f000 GetUserNameA
KERNEL32.dll
0x14002f010 FindFirstFileA
0x14002f018 FindNextFileA
0x14002f020 FindClose
0x14002f028 GetFileAttributesA
0x14002f030 MultiByteToWideChar
0x14002f038 WideCharToMultiByte
0x14002f040 LCMapStringEx
0x14002f048 EnterCriticalSection
0x14002f050 LeaveCriticalSection
0x14002f058 InitializeCriticalSectionEx
0x14002f060 DeleteCriticalSection
0x14002f068 EncodePointer
0x14002f070 DecodePointer
0x14002f078 CompareStringEx
0x14002f080 GetCPInfo
0x14002f088 GetStringTypeW
0x14002f090 RtlCaptureContext
0x14002f098 RtlLookupFunctionEntry
0x14002f0a0 RtlVirtualUnwind
0x14002f0a8 UnhandledExceptionFilter
0x14002f0b0 SetUnhandledExceptionFilter
0x14002f0b8 GetCurrentProcess
0x14002f0c0 TerminateProcess
0x14002f0c8 IsProcessorFeaturePresent
0x14002f0d0 IsDebuggerPresent
0x14002f0d8 GetStartupInfoW
0x14002f0e0 GetModuleHandleW
0x14002f0e8 QueryPerformanceCounter
0x14002f0f0 GetCurrentProcessId
0x14002f0f8 GetCurrentThreadId
0x14002f100 GetSystemTimeAsFileTime
0x14002f108 InitializeSListHead
0x14002f110 SetEndOfFile
0x14002f118 RtlUnwindEx
0x14002f120 RtlPcToFileHeader
0x14002f128 RaiseException
0x14002f130 GetLastError
0x14002f138 SetLastError
0x14002f140 InitializeCriticalSectionAndSpinCount
0x14002f148 TlsAlloc
0x14002f150 TlsGetValue
0x14002f158 TlsSetValue
0x14002f160 TlsFree
0x14002f168 FreeLibrary
0x14002f170 GetProcAddress
0x14002f178 LoadLibraryExW
0x14002f180 ExitProcess
0x14002f188 GetModuleHandleExW
0x14002f190 GetModuleFileNameW
0x14002f198 GetStdHandle
0x14002f1a0 WriteFile
0x14002f1a8 GetFileSizeEx
0x14002f1b0 SetFilePointerEx
0x14002f1b8 GetFileType
0x14002f1c0 FlushFileBuffers
0x14002f1c8 GetConsoleOutputCP
0x14002f1d0 GetConsoleMode
0x14002f1d8 HeapFree
0x14002f1e0 CloseHandle
0x14002f1e8 HeapReAlloc
0x14002f1f0 HeapAlloc
0x14002f1f8 FlsAlloc
0x14002f200 FlsGetValue
0x14002f208 FlsSetValue
0x14002f210 FlsFree
0x14002f218 LCMapStringW
0x14002f220 GetLocaleInfoW
0x14002f228 IsValidLocale
0x14002f230 GetUserDefaultLCID
0x14002f238 EnumSystemLocalesW
0x14002f240 ReadFile
0x14002f248 ReadConsoleW
0x14002f250 FindFirstFileExW
0x14002f258 FindNextFileW
0x14002f260 IsValidCodePage
0x14002f268 GetACP
0x14002f270 GetOEMCP
0x14002f278 GetCommandLineA
0x14002f280 GetCommandLineW
0x14002f288 GetEnvironmentStringsW
0x14002f290 FreeEnvironmentStringsW
0x14002f298 GetProcessHeap
0x14002f2a0 SetStdHandle
0x14002f2a8 CreateFileW
0x14002f2b0 HeapSize
0x14002f2b8 WriteConsoleW
0x14002f2c0 RtlUnwind
EAT(Export Address Table) is none