ScreenShot
| Created | 2021.04.01 11:27 | Machine | s1_win7_x6401 |
| Filename | index.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 23 detected (AIDetect, malware2, malicious, high confidence, GenericRXAA, Save, ZexaE, lqW@a46CD0nG, Attribute, HighConfidence, Convagent, UrSnif, Wacatac, score, Unsafe, ET#89%, RDMK, cmRtazqp9DW+tUTFuErg2rKiSl+d, Static AI, Malicious PE, confidence, QVM10) | ||
| md5 | 3dad2115d11934feab14efcccf10eb6f | ||
| sha256 | 168eada700bc85528f3405b7f4c72c9d565cc28d90e40b05d429c59a2625dd8c | ||
| ssdeep | 3072:nJh9qxgcuOxAsZWL/MLt48jauhDeVB/7Gp7ZX82i:r9iUOCIL28UkptXO | ||
| imphash | bf00cd32fb07f9ece1c23ad1ece9b809 | ||
| impfuzzy | 48:vvXKZO+jOF7FIJU4ucpnuSO1Dzrpdx+cXsIMZz7hZcBZFE:XXKw+yuhvnuSizrzx+cXsIMZXhZcra | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418008 SetDefaultCommConfigA
0x41800c SetThreadContext
0x418010 lstrlenA
0x418014 SetLocalTime
0x418018 GetCPInfo
0x41801c SetWaitableTimer
0x418020 SetUnhandledExceptionFilter
0x418024 LoadLibraryExW
0x418028 GetCommState
0x41802c ReadConsoleOutputAttribute
0x418030 CreateJobObjectW
0x418034 GetNamedPipeHandleStateA
0x418038 GetComputerNameW
0x41803c CallNamedPipeW
0x418040 GetProcessPriorityBoost
0x418044 GetModuleHandleW
0x418048 WriteFile
0x41804c SetProcessPriorityBoost
0x418050 _hread
0x418054 GetVersionExW
0x418058 HeapValidate
0x41805c GetBinaryTypeA
0x418060 SetSystemPowerState
0x418064 GetLargestConsoleWindowSize
0x418068 GetPrivateProfileIntW
0x41806c GetStdHandle
0x418070 GetHandleInformation
0x418074 GetLastError
0x418078 GetCommandLineW
0x41807c GetProcAddress
0x418080 BeginUpdateResourceW
0x418084 SetVolumeLabelW
0x418088 EnterCriticalSection
0x41808c GetLocalTime
0x418090 OpenMutexA
0x418094 LocalAlloc
0x418098 BuildCommDCBAndTimeoutsW
0x41809c GetCommMask
0x4180a0 AddAtomA
0x4180a4 WaitForMultipleObjects
0x4180a8 SetSystemTime
0x4180ac SetEnvironmentVariableA
0x4180b0 GetOEMCP
0x4180b4 CreateIoCompletionPort
0x4180b8 DebugBreakProcess
0x4180bc CreateMutexA
0x4180c0 VirtualProtect
0x4180c4 EnumDateFormatsW
0x4180c8 LocalSize
0x4180cc DeleteFileW
0x4180d0 TlsFree
0x4180d4 GetProfileSectionW
0x4180d8 CommConfigDialogW
0x4180dc lstrcpyA
0x4180e0 CloseHandle
0x4180e4 GetCurrentDirectoryW
0x4180e8 GetSystemDefaultLangID
0x4180ec WideCharToMultiByte
0x4180f0 InterlockedIncrement
0x4180f4 InterlockedDecrement
0x4180f8 InterlockedCompareExchange
0x4180fc InterlockedExchange
0x418100 MultiByteToWideChar
0x418104 Sleep
0x418108 InitializeCriticalSection
0x41810c DeleteCriticalSection
0x418110 LeaveCriticalSection
0x418114 MoveFileA
0x418118 HeapFree
0x41811c TerminateProcess
0x418120 GetCurrentProcess
0x418124 UnhandledExceptionFilter
0x418128 IsDebuggerPresent
0x41812c ExitProcess
0x418130 GetStartupInfoW
0x418134 RtlUnwind
0x418138 RaiseException
0x41813c LCMapStringW
0x418140 LCMapStringA
0x418144 GetStringTypeW
0x418148 SetHandleCount
0x41814c GetFileType
0x418150 GetStartupInfoA
0x418154 SetStdHandle
0x418158 GetConsoleCP
0x41815c GetConsoleMode
0x418160 HeapAlloc
0x418164 HeapCreate
0x418168 VirtualFree
0x41816c VirtualAlloc
0x418170 HeapReAlloc
0x418174 TlsGetValue
0x418178 TlsAlloc
0x41817c TlsSetValue
0x418180 SetLastError
0x418184 GetCurrentThreadId
0x418188 GetModuleFileNameA
0x41818c LoadLibraryA
0x418190 InitializeCriticalSectionAndSpinCount
0x418194 GetModuleFileNameW
0x418198 FreeEnvironmentStringsW
0x41819c GetEnvironmentStringsW
0x4181a0 QueryPerformanceCounter
0x4181a4 GetTickCount
0x4181a8 GetCurrentProcessId
0x4181ac GetSystemTimeAsFileTime
0x4181b0 GetStringTypeA
0x4181b4 HeapSize
0x4181b8 GetACP
0x4181bc IsValidCodePage
0x4181c0 GetUserDefaultLCID
0x4181c4 GetLocaleInfoA
0x4181c8 EnumSystemLocalesA
0x4181cc IsValidLocale
0x4181d0 WriteConsoleA
0x4181d4 GetConsoleOutputCP
0x4181d8 WriteConsoleW
0x4181dc SetFilePointer
0x4181e0 GetLocaleInfoW
0x4181e4 FlushFileBuffers
0x4181e8 ReadFile
0x4181ec CreateFileA
USER32.dll
0x4181f4 GetAncestor
ADVAPI32.dll
0x418000 IsTextUnicode
EAT(Export Address Table) is none
KERNEL32.dll
0x418008 SetDefaultCommConfigA
0x41800c SetThreadContext
0x418010 lstrlenA
0x418014 SetLocalTime
0x418018 GetCPInfo
0x41801c SetWaitableTimer
0x418020 SetUnhandledExceptionFilter
0x418024 LoadLibraryExW
0x418028 GetCommState
0x41802c ReadConsoleOutputAttribute
0x418030 CreateJobObjectW
0x418034 GetNamedPipeHandleStateA
0x418038 GetComputerNameW
0x41803c CallNamedPipeW
0x418040 GetProcessPriorityBoost
0x418044 GetModuleHandleW
0x418048 WriteFile
0x41804c SetProcessPriorityBoost
0x418050 _hread
0x418054 GetVersionExW
0x418058 HeapValidate
0x41805c GetBinaryTypeA
0x418060 SetSystemPowerState
0x418064 GetLargestConsoleWindowSize
0x418068 GetPrivateProfileIntW
0x41806c GetStdHandle
0x418070 GetHandleInformation
0x418074 GetLastError
0x418078 GetCommandLineW
0x41807c GetProcAddress
0x418080 BeginUpdateResourceW
0x418084 SetVolumeLabelW
0x418088 EnterCriticalSection
0x41808c GetLocalTime
0x418090 OpenMutexA
0x418094 LocalAlloc
0x418098 BuildCommDCBAndTimeoutsW
0x41809c GetCommMask
0x4180a0 AddAtomA
0x4180a4 WaitForMultipleObjects
0x4180a8 SetSystemTime
0x4180ac SetEnvironmentVariableA
0x4180b0 GetOEMCP
0x4180b4 CreateIoCompletionPort
0x4180b8 DebugBreakProcess
0x4180bc CreateMutexA
0x4180c0 VirtualProtect
0x4180c4 EnumDateFormatsW
0x4180c8 LocalSize
0x4180cc DeleteFileW
0x4180d0 TlsFree
0x4180d4 GetProfileSectionW
0x4180d8 CommConfigDialogW
0x4180dc lstrcpyA
0x4180e0 CloseHandle
0x4180e4 GetCurrentDirectoryW
0x4180e8 GetSystemDefaultLangID
0x4180ec WideCharToMultiByte
0x4180f0 InterlockedIncrement
0x4180f4 InterlockedDecrement
0x4180f8 InterlockedCompareExchange
0x4180fc InterlockedExchange
0x418100 MultiByteToWideChar
0x418104 Sleep
0x418108 InitializeCriticalSection
0x41810c DeleteCriticalSection
0x418110 LeaveCriticalSection
0x418114 MoveFileA
0x418118 HeapFree
0x41811c TerminateProcess
0x418120 GetCurrentProcess
0x418124 UnhandledExceptionFilter
0x418128 IsDebuggerPresent
0x41812c ExitProcess
0x418130 GetStartupInfoW
0x418134 RtlUnwind
0x418138 RaiseException
0x41813c LCMapStringW
0x418140 LCMapStringA
0x418144 GetStringTypeW
0x418148 SetHandleCount
0x41814c GetFileType
0x418150 GetStartupInfoA
0x418154 SetStdHandle
0x418158 GetConsoleCP
0x41815c GetConsoleMode
0x418160 HeapAlloc
0x418164 HeapCreate
0x418168 VirtualFree
0x41816c VirtualAlloc
0x418170 HeapReAlloc
0x418174 TlsGetValue
0x418178 TlsAlloc
0x41817c TlsSetValue
0x418180 SetLastError
0x418184 GetCurrentThreadId
0x418188 GetModuleFileNameA
0x41818c LoadLibraryA
0x418190 InitializeCriticalSectionAndSpinCount
0x418194 GetModuleFileNameW
0x418198 FreeEnvironmentStringsW
0x41819c GetEnvironmentStringsW
0x4181a0 QueryPerformanceCounter
0x4181a4 GetTickCount
0x4181a8 GetCurrentProcessId
0x4181ac GetSystemTimeAsFileTime
0x4181b0 GetStringTypeA
0x4181b4 HeapSize
0x4181b8 GetACP
0x4181bc IsValidCodePage
0x4181c0 GetUserDefaultLCID
0x4181c4 GetLocaleInfoA
0x4181c8 EnumSystemLocalesA
0x4181cc IsValidLocale
0x4181d0 WriteConsoleA
0x4181d4 GetConsoleOutputCP
0x4181d8 WriteConsoleW
0x4181dc SetFilePointer
0x4181e0 GetLocaleInfoW
0x4181e4 FlushFileBuffers
0x4181e8 ReadFile
0x4181ec CreateFileA
USER32.dll
0x4181f4 GetAncestor
ADVAPI32.dll
0x418000 IsTextUnicode
EAT(Export Address Table) is none