ScreenShot
| Created | 2025.05.04 13:09 | Machine | s1_win7_x6403 |
| Filename | c7499e41-0a58-4589-a6f7-c5f82d04abc3 | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 41 detected (Gomal, Ghanarava, Artemis, GenericKD, Unsafe, Attribute, HighConfidence, a variant of WinGo, MalwareX, Misc, bojd, piijz, AMADEY, YXFDJZ, Detected, Malware@#3ama6vz6kd9ee, Egairtigado, ABApplication, AQKB, Wacatac, MALICIOUS, WinGo, Chgt, Kqil, susgen) | ||
| md5 | 8577579101b3c5418eb2613dbaf51b9f | ||
| sha256 | 4b1b19d1fc6290260ab1a09999fcb1bb0911c91bf576125cff43da01c3b45b80 | ||
| ssdeep | 196608:NWA5RV7plITg4wUs4MQ7/iam7WVjvfcHiNCy:NWq7pOTNf76am7WKi9 | ||
| imphash | d42595b695fc008ef2c56aabd8efd68e | ||
| impfuzzy | 24:ibVjh9wOuuTkkboVaXOr6kwmDgUPMztxdEr6Ul:AwOuUjXOmokx0nl | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0xb6b680 WriteFile
0xb6b688 WriteConsoleW
0xb6b690 WerSetFlags
0xb6b698 WerGetFlags
0xb6b6a0 WaitForMultipleObjects
0xb6b6a8 WaitForSingleObject
0xb6b6b0 VirtualQuery
0xb6b6b8 VirtualFree
0xb6b6c0 VirtualAlloc
0xb6b6c8 TlsAlloc
0xb6b6d0 SwitchToThread
0xb6b6d8 SuspendThread
0xb6b6e0 SetWaitableTimer
0xb6b6e8 SetProcessPriorityBoost
0xb6b6f0 SetEvent
0xb6b6f8 SetErrorMode
0xb6b700 SetConsoleCtrlHandler
0xb6b708 RtlVirtualUnwind
0xb6b710 RtlLookupFunctionEntry
0xb6b718 ResumeThread
0xb6b720 RaiseFailFastException
0xb6b728 PostQueuedCompletionStatus
0xb6b730 LoadLibraryW
0xb6b738 LoadLibraryExW
0xb6b740 SetThreadContext
0xb6b748 GetThreadContext
0xb6b750 GetSystemInfo
0xb6b758 GetSystemDirectoryA
0xb6b760 GetStdHandle
0xb6b768 GetQueuedCompletionStatusEx
0xb6b770 GetProcessAffinityMask
0xb6b778 GetProcAddress
0xb6b780 GetErrorMode
0xb6b788 GetEnvironmentStringsW
0xb6b790 GetCurrentThreadId
0xb6b798 GetConsoleMode
0xb6b7a0 FreeEnvironmentStringsW
0xb6b7a8 ExitProcess
0xb6b7b0 DuplicateHandle
0xb6b7b8 CreateWaitableTimerExW
0xb6b7c0 CreateThread
0xb6b7c8 CreateIoCompletionPort
0xb6b7d0 CreateEventA
0xb6b7d8 CloseHandle
0xb6b7e0 AddVectoredExceptionHandler
0xb6b7e8 AddVectoredContinueHandler
EAT(Export Address Table) is none
kernel32.dll
0xb6b680 WriteFile
0xb6b688 WriteConsoleW
0xb6b690 WerSetFlags
0xb6b698 WerGetFlags
0xb6b6a0 WaitForMultipleObjects
0xb6b6a8 WaitForSingleObject
0xb6b6b0 VirtualQuery
0xb6b6b8 VirtualFree
0xb6b6c0 VirtualAlloc
0xb6b6c8 TlsAlloc
0xb6b6d0 SwitchToThread
0xb6b6d8 SuspendThread
0xb6b6e0 SetWaitableTimer
0xb6b6e8 SetProcessPriorityBoost
0xb6b6f0 SetEvent
0xb6b6f8 SetErrorMode
0xb6b700 SetConsoleCtrlHandler
0xb6b708 RtlVirtualUnwind
0xb6b710 RtlLookupFunctionEntry
0xb6b718 ResumeThread
0xb6b720 RaiseFailFastException
0xb6b728 PostQueuedCompletionStatus
0xb6b730 LoadLibraryW
0xb6b738 LoadLibraryExW
0xb6b740 SetThreadContext
0xb6b748 GetThreadContext
0xb6b750 GetSystemInfo
0xb6b758 GetSystemDirectoryA
0xb6b760 GetStdHandle
0xb6b768 GetQueuedCompletionStatusEx
0xb6b770 GetProcessAffinityMask
0xb6b778 GetProcAddress
0xb6b780 GetErrorMode
0xb6b788 GetEnvironmentStringsW
0xb6b790 GetCurrentThreadId
0xb6b798 GetConsoleMode
0xb6b7a0 FreeEnvironmentStringsW
0xb6b7a8 ExitProcess
0xb6b7b0 DuplicateHandle
0xb6b7b8 CreateWaitableTimerExW
0xb6b7c0 CreateThread
0xb6b7c8 CreateIoCompletionPort
0xb6b7d0 CreateEventA
0xb6b7d8 CloseHandle
0xb6b7e0 AddVectoredExceptionHandler
0xb6b7e8 AddVectoredContinueHandler
EAT(Export Address Table) is none