ScreenShot
| Created | 2025.05.03 16:47 | Machine | s1_win7_x6401 |
| Filename | fV8FBMo.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (Malicious, score, trojanpws, lumma, Midie, Unsafe, Vb74, confidence, Attribute, HighConfidence, high confidence, MalwareX, Zusy, smehks, iz8Ybn2nrCG, Nekark, rcezp, AMADEY, YXFEBZ, Detected, Phonzy, Egairtigado, ABTrojan, ZOZJ, R702902, Artemis, Outbreak, Chgt, Oader, Edhl, susgen, Sonbokli, A9uj) | ||
| md5 | e486514c59693500ac16578e8f41c267 | ||
| sha256 | 0f19f2867c4bf94646b3410baa29092856f29e3851d144cd4e18b0475f53d017 | ||
| ssdeep | 6144:yIPiTodq23+vUwqVs9jiFZbLHLifOXaiWEXsNjmcohdfts:YwqxvUnsIZbLHGIBsN9oh | ||
| imphash | 261b2bf5d3e981c1d4ef0b71f10a899a | ||
| impfuzzy | 24:+FxQBKAWnjDYc+WZF02tVrBgdlJBl39ro6rOovbO39RFZMvNjzGMAkEZHu9F9Dh:AxQ/WnQc+eltVrBgDpZu3rFZGb9l | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | The process powershell.exe wrote an executable file to disk |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | This executable has a PDB path |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | PowerShell | PowerShell script | scripts |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140043028 HeapSize
0x140043030 GetConsoleWindow
0x140043038 Sleep
0x140043040 GetModuleFileNameW
0x140043048 CreateFileW
0x140043050 WriteConsoleW
0x140043058 CreateDirectoryW
0x140043060 SetStdHandle
0x140043068 MultiByteToWideChar
0x140043070 QueryPerformanceCounter
0x140043078 QueryPerformanceFrequency
0x140043080 GetStringTypeW
0x140043088 WideCharToMultiByte
0x140043090 GetCurrentThreadId
0x140043098 ReleaseSRWLockExclusive
0x1400430a0 AcquireSRWLockExclusive
0x1400430a8 TryAcquireSRWLockExclusive
0x1400430b0 CloseHandle
0x1400430b8 InitializeCriticalSectionEx
0x1400430c0 GetSystemTimeAsFileTime
0x1400430c8 GetModuleHandleW
0x1400430d0 GetProcAddress
0x1400430d8 EnterCriticalSection
0x1400430e0 LeaveCriticalSection
0x1400430e8 DeleteCriticalSection
0x1400430f0 EncodePointer
0x1400430f8 DecodePointer
0x140043100 LCMapStringEx
0x140043108 WakeAllConditionVariable
0x140043110 GetCPInfo
0x140043118 RtlCaptureContext
0x140043120 RtlLookupFunctionEntry
0x140043128 RtlVirtualUnwind
0x140043130 UnhandledExceptionFilter
0x140043138 SetUnhandledExceptionFilter
0x140043140 GetCurrentProcess
0x140043148 TerminateProcess
0x140043150 IsProcessorFeaturePresent
0x140043158 IsDebuggerPresent
0x140043160 GetStartupInfoW
0x140043168 GetCurrentProcessId
0x140043170 InitializeSListHead
0x140043178 RtlUnwindEx
0x140043180 RtlPcToFileHeader
0x140043188 RaiseException
0x140043190 GetLastError
0x140043198 SetLastError
0x1400431a0 InitializeCriticalSectionAndSpinCount
0x1400431a8 TlsAlloc
0x1400431b0 TlsGetValue
0x1400431b8 TlsSetValue
0x1400431c0 TlsFree
0x1400431c8 FreeLibrary
0x1400431d0 LoadLibraryExW
0x1400431d8 ExitProcess
0x1400431e0 GetModuleHandleExW
0x1400431e8 CreateThread
0x1400431f0 ExitThread
0x1400431f8 FreeLibraryAndExitThread
0x140043200 GetStdHandle
0x140043208 WriteFile
0x140043210 GetCommandLineA
0x140043218 GetCommandLineW
0x140043220 HeapAlloc
0x140043228 HeapFree
0x140043230 FlsAlloc
0x140043238 FlsGetValue
0x140043240 FlsSetValue
0x140043248 FlsFree
0x140043250 CompareStringW
0x140043258 LCMapStringW
0x140043260 GetLocaleInfoW
0x140043268 IsValidLocale
0x140043270 GetUserDefaultLCID
0x140043278 EnumSystemLocalesW
0x140043280 GetFileType
0x140043288 WaitForSingleObject
0x140043290 GetExitCodeProcess
0x140043298 CreateProcessW
0x1400432a0 GetFileAttributesExW
0x1400432a8 FlushFileBuffers
0x1400432b0 GetConsoleOutputCP
0x1400432b8 GetConsoleMode
0x1400432c0 ReadFile
0x1400432c8 GetFileSizeEx
0x1400432d0 SetFilePointerEx
0x1400432d8 ReadConsoleW
0x1400432e0 HeapReAlloc
0x1400432e8 FindClose
0x1400432f0 FindFirstFileExW
0x1400432f8 FindNextFileW
0x140043300 IsValidCodePage
0x140043308 GetACP
0x140043310 GetOEMCP
0x140043318 GetEnvironmentStringsW
0x140043320 FreeEnvironmentStringsW
0x140043328 SetEnvironmentVariableW
0x140043330 GetProcessHeap
0x140043338 RtlUnwind
USER32.dll
0x140043358 ShowWindow
ADVAPI32.dll
0x140043000 FreeSid
0x140043008 CheckTokenMembership
0x140043010 GetUserNameW
0x140043018 AllocateAndInitializeSid
SHELL32.dll
0x140043348 ShellExecuteW
EAT(Export Address Table) is none
KERNEL32.dll
0x140043028 HeapSize
0x140043030 GetConsoleWindow
0x140043038 Sleep
0x140043040 GetModuleFileNameW
0x140043048 CreateFileW
0x140043050 WriteConsoleW
0x140043058 CreateDirectoryW
0x140043060 SetStdHandle
0x140043068 MultiByteToWideChar
0x140043070 QueryPerformanceCounter
0x140043078 QueryPerformanceFrequency
0x140043080 GetStringTypeW
0x140043088 WideCharToMultiByte
0x140043090 GetCurrentThreadId
0x140043098 ReleaseSRWLockExclusive
0x1400430a0 AcquireSRWLockExclusive
0x1400430a8 TryAcquireSRWLockExclusive
0x1400430b0 CloseHandle
0x1400430b8 InitializeCriticalSectionEx
0x1400430c0 GetSystemTimeAsFileTime
0x1400430c8 GetModuleHandleW
0x1400430d0 GetProcAddress
0x1400430d8 EnterCriticalSection
0x1400430e0 LeaveCriticalSection
0x1400430e8 DeleteCriticalSection
0x1400430f0 EncodePointer
0x1400430f8 DecodePointer
0x140043100 LCMapStringEx
0x140043108 WakeAllConditionVariable
0x140043110 GetCPInfo
0x140043118 RtlCaptureContext
0x140043120 RtlLookupFunctionEntry
0x140043128 RtlVirtualUnwind
0x140043130 UnhandledExceptionFilter
0x140043138 SetUnhandledExceptionFilter
0x140043140 GetCurrentProcess
0x140043148 TerminateProcess
0x140043150 IsProcessorFeaturePresent
0x140043158 IsDebuggerPresent
0x140043160 GetStartupInfoW
0x140043168 GetCurrentProcessId
0x140043170 InitializeSListHead
0x140043178 RtlUnwindEx
0x140043180 RtlPcToFileHeader
0x140043188 RaiseException
0x140043190 GetLastError
0x140043198 SetLastError
0x1400431a0 InitializeCriticalSectionAndSpinCount
0x1400431a8 TlsAlloc
0x1400431b0 TlsGetValue
0x1400431b8 TlsSetValue
0x1400431c0 TlsFree
0x1400431c8 FreeLibrary
0x1400431d0 LoadLibraryExW
0x1400431d8 ExitProcess
0x1400431e0 GetModuleHandleExW
0x1400431e8 CreateThread
0x1400431f0 ExitThread
0x1400431f8 FreeLibraryAndExitThread
0x140043200 GetStdHandle
0x140043208 WriteFile
0x140043210 GetCommandLineA
0x140043218 GetCommandLineW
0x140043220 HeapAlloc
0x140043228 HeapFree
0x140043230 FlsAlloc
0x140043238 FlsGetValue
0x140043240 FlsSetValue
0x140043248 FlsFree
0x140043250 CompareStringW
0x140043258 LCMapStringW
0x140043260 GetLocaleInfoW
0x140043268 IsValidLocale
0x140043270 GetUserDefaultLCID
0x140043278 EnumSystemLocalesW
0x140043280 GetFileType
0x140043288 WaitForSingleObject
0x140043290 GetExitCodeProcess
0x140043298 CreateProcessW
0x1400432a0 GetFileAttributesExW
0x1400432a8 FlushFileBuffers
0x1400432b0 GetConsoleOutputCP
0x1400432b8 GetConsoleMode
0x1400432c0 ReadFile
0x1400432c8 GetFileSizeEx
0x1400432d0 SetFilePointerEx
0x1400432d8 ReadConsoleW
0x1400432e0 HeapReAlloc
0x1400432e8 FindClose
0x1400432f0 FindFirstFileExW
0x1400432f8 FindNextFileW
0x140043300 IsValidCodePage
0x140043308 GetACP
0x140043310 GetOEMCP
0x140043318 GetEnvironmentStringsW
0x140043320 FreeEnvironmentStringsW
0x140043328 SetEnvironmentVariableW
0x140043330 GetProcessHeap
0x140043338 RtlUnwind
USER32.dll
0x140043358 ShowWindow
ADVAPI32.dll
0x140043000 FreeSid
0x140043008 CheckTokenMembership
0x140043010 GetUserNameW
0x140043018 AllocateAndInitializeSid
SHELL32.dll
0x140043348 ShellExecuteW
EAT(Export Address Table) is none