ScreenShot
| Created | 2025.05.04 13:00 | Machine | s1_win7_x6401 |
| Filename | b8c97f27-6a38-42ce-8655-fb96a3efd9f3 | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 60 detected (AIDetectMalware, Lumma, Malicious, score, Ghanarava, Midie, Unsafe, Save, confidence, 100%, GenusT, EUOA, Attribute, HighConfidence, high confidence, Kryptik, MalwareX, Cryp, Tedy, TrojanPSW, ShellCodeLoader, CLASSIC, gfkes, AMADEY, YXFDNZ, high, Krypt, Static AI, Suspicious PE, Detected, Malware@#wvyuqcs4hkq6, LummaC, ABTrojan, GPPO, Lazy, Artemis, GdSda, PE04C9Z, Y4yTE8TdR6Q, susgen, AP8PHU) | ||
| md5 | e4af4fa65df7f861b671ca22bab64b45 | ||
| sha256 | 3a85bdd8b7e6a8c4c148ede1282bd637425f26c362c2458b31f0ed268499f6c3 | ||
| ssdeep | 24576:Q4HgiyW6cRe30ZD/K/GCbSTdinsxX0zk/Hrha:QDVUM1uSSTdisxkQHrha | ||
| imphash | 3a5649d16d788396ce56dd8cdabd426f | ||
| impfuzzy | 24:hWs5WDCelQtzOovbOGMUG91uUvg0WDQ7UlnULPOTRKT07GiJUF6u:hW0QC5y3Z1PoJUbO/GJF6u | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400a90c8 AcquireSRWLockExclusive
0x1400a90d0 CloseHandle
0x1400a90d8 CloseThreadpoolWork
0x1400a90e0 CreateFileA
0x1400a90e8 CreateFileW
0x1400a90f0 CreateThreadpoolWork
0x1400a90f8 DeleteCriticalSection
0x1400a9100 EncodePointer
0x1400a9108 EnterCriticalSection
0x1400a9110 ExitProcess
0x1400a9118 FindClose
0x1400a9120 FindFirstFileExW
0x1400a9128 FindNextFileW
0x1400a9130 FlsAlloc
0x1400a9138 FlsFree
0x1400a9140 FlsGetValue
0x1400a9148 FlsSetValue
0x1400a9150 FlushFileBuffers
0x1400a9158 FreeEnvironmentStringsW
0x1400a9160 FreeLibrary
0x1400a9168 FreeLibraryWhenCallbackReturns
0x1400a9170 GetACP
0x1400a9178 GetCPInfo
0x1400a9180 GetCommandLineA
0x1400a9188 GetCommandLineW
0x1400a9190 GetConsoleMode
0x1400a9198 GetConsoleOutputCP
0x1400a91a0 GetConsoleWindow
0x1400a91a8 GetCurrentProcess
0x1400a91b0 GetCurrentProcessId
0x1400a91b8 GetCurrentThreadId
0x1400a91c0 GetEnvironmentStringsW
0x1400a91c8 GetFileSize
0x1400a91d0 GetFileSizeEx
0x1400a91d8 GetFileType
0x1400a91e0 GetLastError
0x1400a91e8 GetModuleFileNameA
0x1400a91f0 GetModuleFileNameW
0x1400a91f8 GetModuleHandleExW
0x1400a9200 GetModuleHandleW
0x1400a9208 GetOEMCP
0x1400a9210 GetProcAddress
0x1400a9218 GetProcessHeap
0x1400a9220 GetStartupInfoW
0x1400a9228 GetStdHandle
0x1400a9230 GetStringTypeW
0x1400a9238 GetSystemTimeAsFileTime
0x1400a9240 HeapAlloc
0x1400a9248 HeapFree
0x1400a9250 HeapReAlloc
0x1400a9258 HeapSize
0x1400a9260 InitOnceBeginInitialize
0x1400a9268 InitOnceComplete
0x1400a9270 InitializeCriticalSectionAndSpinCount
0x1400a9278 InitializeCriticalSectionEx
0x1400a9280 InitializeSListHead
0x1400a9288 IsDebuggerPresent
0x1400a9290 IsProcessorFeaturePresent
0x1400a9298 IsValidCodePage
0x1400a92a0 LCMapStringW
0x1400a92a8 LeaveCriticalSection
0x1400a92b0 LoadLibraryExW
0x1400a92b8 MultiByteToWideChar
0x1400a92c0 QueryPerformanceCounter
0x1400a92c8 RaiseException
0x1400a92d0 ReadFile
0x1400a92d8 ReleaseSRWLockExclusive
0x1400a92e0 RtlCaptureContext
0x1400a92e8 RtlLookupFunctionEntry
0x1400a92f0 RtlPcToFileHeader
0x1400a92f8 RtlUnwindEx
0x1400a9300 RtlVirtualUnwind
0x1400a9308 SetFilePointerEx
0x1400a9310 SetLastError
0x1400a9318 SetStdHandle
0x1400a9320 SetUnhandledExceptionFilter
0x1400a9328 SleepConditionVariableSRW
0x1400a9330 SubmitThreadpoolWork
0x1400a9338 TerminateProcess
0x1400a9340 TlsAlloc
0x1400a9348 TlsFree
0x1400a9350 TlsGetValue
0x1400a9358 TlsSetValue
0x1400a9360 TryAcquireSRWLockExclusive
0x1400a9368 UnhandledExceptionFilter
0x1400a9370 WakeAllConditionVariable
0x1400a9378 WideCharToMultiByte
0x1400a9380 WriteConsoleW
0x1400a9388 WriteFile
USER32.dll
0x1400a9398 GetWindowDC
EAT(Export Address Table) is none
KERNEL32.dll
0x1400a90c8 AcquireSRWLockExclusive
0x1400a90d0 CloseHandle
0x1400a90d8 CloseThreadpoolWork
0x1400a90e0 CreateFileA
0x1400a90e8 CreateFileW
0x1400a90f0 CreateThreadpoolWork
0x1400a90f8 DeleteCriticalSection
0x1400a9100 EncodePointer
0x1400a9108 EnterCriticalSection
0x1400a9110 ExitProcess
0x1400a9118 FindClose
0x1400a9120 FindFirstFileExW
0x1400a9128 FindNextFileW
0x1400a9130 FlsAlloc
0x1400a9138 FlsFree
0x1400a9140 FlsGetValue
0x1400a9148 FlsSetValue
0x1400a9150 FlushFileBuffers
0x1400a9158 FreeEnvironmentStringsW
0x1400a9160 FreeLibrary
0x1400a9168 FreeLibraryWhenCallbackReturns
0x1400a9170 GetACP
0x1400a9178 GetCPInfo
0x1400a9180 GetCommandLineA
0x1400a9188 GetCommandLineW
0x1400a9190 GetConsoleMode
0x1400a9198 GetConsoleOutputCP
0x1400a91a0 GetConsoleWindow
0x1400a91a8 GetCurrentProcess
0x1400a91b0 GetCurrentProcessId
0x1400a91b8 GetCurrentThreadId
0x1400a91c0 GetEnvironmentStringsW
0x1400a91c8 GetFileSize
0x1400a91d0 GetFileSizeEx
0x1400a91d8 GetFileType
0x1400a91e0 GetLastError
0x1400a91e8 GetModuleFileNameA
0x1400a91f0 GetModuleFileNameW
0x1400a91f8 GetModuleHandleExW
0x1400a9200 GetModuleHandleW
0x1400a9208 GetOEMCP
0x1400a9210 GetProcAddress
0x1400a9218 GetProcessHeap
0x1400a9220 GetStartupInfoW
0x1400a9228 GetStdHandle
0x1400a9230 GetStringTypeW
0x1400a9238 GetSystemTimeAsFileTime
0x1400a9240 HeapAlloc
0x1400a9248 HeapFree
0x1400a9250 HeapReAlloc
0x1400a9258 HeapSize
0x1400a9260 InitOnceBeginInitialize
0x1400a9268 InitOnceComplete
0x1400a9270 InitializeCriticalSectionAndSpinCount
0x1400a9278 InitializeCriticalSectionEx
0x1400a9280 InitializeSListHead
0x1400a9288 IsDebuggerPresent
0x1400a9290 IsProcessorFeaturePresent
0x1400a9298 IsValidCodePage
0x1400a92a0 LCMapStringW
0x1400a92a8 LeaveCriticalSection
0x1400a92b0 LoadLibraryExW
0x1400a92b8 MultiByteToWideChar
0x1400a92c0 QueryPerformanceCounter
0x1400a92c8 RaiseException
0x1400a92d0 ReadFile
0x1400a92d8 ReleaseSRWLockExclusive
0x1400a92e0 RtlCaptureContext
0x1400a92e8 RtlLookupFunctionEntry
0x1400a92f0 RtlPcToFileHeader
0x1400a92f8 RtlUnwindEx
0x1400a9300 RtlVirtualUnwind
0x1400a9308 SetFilePointerEx
0x1400a9310 SetLastError
0x1400a9318 SetStdHandle
0x1400a9320 SetUnhandledExceptionFilter
0x1400a9328 SleepConditionVariableSRW
0x1400a9330 SubmitThreadpoolWork
0x1400a9338 TerminateProcess
0x1400a9340 TlsAlloc
0x1400a9348 TlsFree
0x1400a9350 TlsGetValue
0x1400a9358 TlsSetValue
0x1400a9360 TryAcquireSRWLockExclusive
0x1400a9368 UnhandledExceptionFilter
0x1400a9370 WakeAllConditionVariable
0x1400a9378 WideCharToMultiByte
0x1400a9380 WriteConsoleW
0x1400a9388 WriteFile
USER32.dll
0x1400a9398 GetWindowDC
EAT(Export Address Table) is none