ScreenShot
| Created | 2021.04.05 14:35 | Machine | s1_win7_x6402 |
| Filename | MMP2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 44 detected (AIDetect, malware1, malicious, high confidence, GenericKDZ, Crypmod, HwoCVgsA, Save, Kryptik, ZexaF, sqX@amrmA8oG, Attribute, HighConfidence, HKGH, PWSX, UrSnif, ugqep, kcloud, Ymacco, score, MalPE, R414431, ai score=100, Obscure, CLOUD, Static AI, Malicious PE, Unsafe, HKGD, GdSda, confidence, 100%) | ||
| md5 | 5c6ef834006bdc8697576a9af6cea2b6 | ||
| sha256 | 45ed95c173fd2df5f05f42c2121698db4484f032344c874e552cf1592d2a88ca | ||
| ssdeep | 3072:LcsTOLnrKgxSDuZRAn0ypQIcuN5nSeUOn2O/Xk1vkCSo6Xkx1c1eQITUXUpGaO/j:IsKPPpIQIWeU+P/KkCb6Sc1e5tGPUf6f | ||
| imphash | 1c8e2b3290de49dd010a7b2f8dc06fd6 | ||
| impfuzzy | 48:vtXKHpsjOFnKCGpLJ0SCSOCWrpdx+f5OCh6vMZJch/cBZDO:lXKJsy8Jl0rSYrzx+f5bhcMZ+h/cr6 | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (11cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
| info | win_private_profile | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x416000 SetDefaultCommConfigA
0x416004 CreateMutexW
0x416008 SetThreadContext
0x41600c lstrlenA
0x416010 SetLocalTime
0x416014 GetCPInfo
0x416018 BuildCommDCBAndTimeoutsA
0x41601c SetUnhandledExceptionFilter
0x416020 LoadLibraryExW
0x416024 GetCommState
0x416028 ReadConsoleOutputAttribute
0x41602c CreateJobObjectW
0x416030 GetNamedPipeHandleStateA
0x416034 GetProfileSectionA
0x416038 CancelWaitableTimer
0x41603c GetProcessPriorityBoost
0x416040 WriteFile
0x416044 SetProcessPriorityBoost
0x416048 GetPrivateProfileIntA
0x41604c LoadLibraryW
0x416050 _hread
0x416054 LeaveCriticalSection
0x416058 HeapValidate
0x41605c GetBinaryTypeA
0x416060 SetSystemPowerState
0x416064 FindNextVolumeMountPointW
0x416068 GetComputerNameA
0x41606c GetStdHandle
0x416070 FreeLibraryAndExitThread
0x416074 GetLastError
0x416078 GetCurrentDirectoryW
0x41607c SetLastError
0x416080 GetProcAddress
0x416084 VirtualAlloc
0x416088 SetVolumeLabelW
0x41608c OpenMutexA
0x416090 LocalAlloc
0x416094 BeginUpdateResourceA
0x416098 GetCommMask
0x41609c AddAtomA
0x4160a0 WaitForMultipleObjects
0x4160a4 SetSystemTime
0x4160a8 SetEnvironmentVariableA
0x4160ac GetOEMCP
0x4160b0 DebugBreakProcess
0x4160b4 VirtualProtect
0x4160b8 EnumDateFormatsW
0x4160bc LocalSize
0x4160c0 DeleteFileW
0x4160c4 TlsFree
0x4160c8 CommConfigDialogW
0x4160cc lstrcpyA
0x4160d0 ReadFile
0x4160d4 GetLargestConsoleWindowSize
0x4160d8 GetSystemDefaultLangID
0x4160dc WideCharToMultiByte
0x4160e0 InterlockedIncrement
0x4160e4 InterlockedDecrement
0x4160e8 InterlockedCompareExchange
0x4160ec InterlockedExchange
0x4160f0 MultiByteToWideChar
0x4160f4 Sleep
0x4160f8 InitializeCriticalSection
0x4160fc DeleteCriticalSection
0x416100 EnterCriticalSection
0x416104 HeapFree
0x416108 DeleteFileA
0x41610c TerminateProcess
0x416110 GetCurrentProcess
0x416114 UnhandledExceptionFilter
0x416118 IsDebuggerPresent
0x41611c GetModuleHandleW
0x416120 ExitProcess
0x416124 GetCommandLineA
0x416128 GetStartupInfoA
0x41612c RtlUnwind
0x416130 RaiseException
0x416134 LCMapStringW
0x416138 LCMapStringA
0x41613c GetStringTypeW
0x416140 SetStdHandle
0x416144 GetFileType
0x416148 GetConsoleCP
0x41614c GetConsoleMode
0x416150 HeapAlloc
0x416154 HeapCreate
0x416158 VirtualFree
0x41615c HeapReAlloc
0x416160 TlsGetValue
0x416164 TlsAlloc
0x416168 TlsSetValue
0x41616c GetCurrentThreadId
0x416170 GetModuleFileNameA
0x416174 LoadLibraryA
0x416178 InitializeCriticalSectionAndSpinCount
0x41617c FreeEnvironmentStringsA
0x416180 GetEnvironmentStrings
0x416184 FreeEnvironmentStringsW
0x416188 GetEnvironmentStringsW
0x41618c SetHandleCount
0x416190 QueryPerformanceCounter
0x416194 GetTickCount
0x416198 GetCurrentProcessId
0x41619c GetSystemTimeAsFileTime
0x4161a0 GetStringTypeA
0x4161a4 HeapSize
0x4161a8 GetACP
0x4161ac IsValidCodePage
0x4161b0 GetUserDefaultLCID
0x4161b4 GetLocaleInfoA
0x4161b8 EnumSystemLocalesA
0x4161bc IsValidLocale
0x4161c0 WriteConsoleA
0x4161c4 GetConsoleOutputCP
0x4161c8 WriteConsoleW
0x4161cc SetFilePointer
0x4161d0 GetLocaleInfoW
0x4161d4 CreateFileA
0x4161d8 CloseHandle
0x4161dc FlushFileBuffers
USER32.dll
0x4161e4 GetAncestor
EAT(Export Address Table) is none
KERNEL32.dll
0x416000 SetDefaultCommConfigA
0x416004 CreateMutexW
0x416008 SetThreadContext
0x41600c lstrlenA
0x416010 SetLocalTime
0x416014 GetCPInfo
0x416018 BuildCommDCBAndTimeoutsA
0x41601c SetUnhandledExceptionFilter
0x416020 LoadLibraryExW
0x416024 GetCommState
0x416028 ReadConsoleOutputAttribute
0x41602c CreateJobObjectW
0x416030 GetNamedPipeHandleStateA
0x416034 GetProfileSectionA
0x416038 CancelWaitableTimer
0x41603c GetProcessPriorityBoost
0x416040 WriteFile
0x416044 SetProcessPriorityBoost
0x416048 GetPrivateProfileIntA
0x41604c LoadLibraryW
0x416050 _hread
0x416054 LeaveCriticalSection
0x416058 HeapValidate
0x41605c GetBinaryTypeA
0x416060 SetSystemPowerState
0x416064 FindNextVolumeMountPointW
0x416068 GetComputerNameA
0x41606c GetStdHandle
0x416070 FreeLibraryAndExitThread
0x416074 GetLastError
0x416078 GetCurrentDirectoryW
0x41607c SetLastError
0x416080 GetProcAddress
0x416084 VirtualAlloc
0x416088 SetVolumeLabelW
0x41608c OpenMutexA
0x416090 LocalAlloc
0x416094 BeginUpdateResourceA
0x416098 GetCommMask
0x41609c AddAtomA
0x4160a0 WaitForMultipleObjects
0x4160a4 SetSystemTime
0x4160a8 SetEnvironmentVariableA
0x4160ac GetOEMCP
0x4160b0 DebugBreakProcess
0x4160b4 VirtualProtect
0x4160b8 EnumDateFormatsW
0x4160bc LocalSize
0x4160c0 DeleteFileW
0x4160c4 TlsFree
0x4160c8 CommConfigDialogW
0x4160cc lstrcpyA
0x4160d0 ReadFile
0x4160d4 GetLargestConsoleWindowSize
0x4160d8 GetSystemDefaultLangID
0x4160dc WideCharToMultiByte
0x4160e0 InterlockedIncrement
0x4160e4 InterlockedDecrement
0x4160e8 InterlockedCompareExchange
0x4160ec InterlockedExchange
0x4160f0 MultiByteToWideChar
0x4160f4 Sleep
0x4160f8 InitializeCriticalSection
0x4160fc DeleteCriticalSection
0x416100 EnterCriticalSection
0x416104 HeapFree
0x416108 DeleteFileA
0x41610c TerminateProcess
0x416110 GetCurrentProcess
0x416114 UnhandledExceptionFilter
0x416118 IsDebuggerPresent
0x41611c GetModuleHandleW
0x416120 ExitProcess
0x416124 GetCommandLineA
0x416128 GetStartupInfoA
0x41612c RtlUnwind
0x416130 RaiseException
0x416134 LCMapStringW
0x416138 LCMapStringA
0x41613c GetStringTypeW
0x416140 SetStdHandle
0x416144 GetFileType
0x416148 GetConsoleCP
0x41614c GetConsoleMode
0x416150 HeapAlloc
0x416154 HeapCreate
0x416158 VirtualFree
0x41615c HeapReAlloc
0x416160 TlsGetValue
0x416164 TlsAlloc
0x416168 TlsSetValue
0x41616c GetCurrentThreadId
0x416170 GetModuleFileNameA
0x416174 LoadLibraryA
0x416178 InitializeCriticalSectionAndSpinCount
0x41617c FreeEnvironmentStringsA
0x416180 GetEnvironmentStrings
0x416184 FreeEnvironmentStringsW
0x416188 GetEnvironmentStringsW
0x41618c SetHandleCount
0x416190 QueryPerformanceCounter
0x416194 GetTickCount
0x416198 GetCurrentProcessId
0x41619c GetSystemTimeAsFileTime
0x4161a0 GetStringTypeA
0x4161a4 HeapSize
0x4161a8 GetACP
0x4161ac IsValidCodePage
0x4161b0 GetUserDefaultLCID
0x4161b4 GetLocaleInfoA
0x4161b8 EnumSystemLocalesA
0x4161bc IsValidLocale
0x4161c0 WriteConsoleA
0x4161c4 GetConsoleOutputCP
0x4161c8 WriteConsoleW
0x4161cc SetFilePointer
0x4161d0 GetLocaleInfoW
0x4161d4 CreateFileA
0x4161d8 CloseHandle
0x4161dc FlushFileBuffers
USER32.dll
0x4161e4 GetAncestor
EAT(Export Address Table) is none