ScreenShot
| Created | 2021.04.06 13:31 | Machine | s1_win7_x6402 |
| Filename | field.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 20 detected (AIDetect, malware1, malicious, high confidence, Artemis, Unsafe, Witch, ET#83%, RDMK, cmRtazp78f0NSWumXDB0d7a+ypY1, EMOTET, SMC5, Static AI, Malicious PE, Wacapew, score, ZexaF, AyW@aaCWJbfi, MachineLearning, Anomalous, 100%, QVM10) | ||
| md5 | f126c14aa3de11c1286fa3bcb76554ac | ||
| sha256 | 72a446a2759f169735d604ddfb82a30045d86a44987b3636fa2c97f56a06aceb | ||
| ssdeep | 12288:xtRzoCbKvLVRe7wbCr6tvMllzWgky6RjWwlX:xnkcKTVRiWCeGXzWgk9jrl | ||
| imphash | 0ce62e37d848dfd77add7c8cd736fe14 | ||
| impfuzzy | 24:lbut0DADNC5MU5vHtMS17hlJnc+pl395oH8OovbOPZGB1tv0Q9hsufN0Hj:ducHtMS175c+ppf+3oB1tv0QfsaN0Hj | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44201c CreateFileMappingNumaA
0x442020 GetBinaryType
0x442024 ReadConsoleW
0x442028 EnumSystemCodePagesA
0x44202c K32EnumPageFilesA
0x442030 IsValidLocaleName
0x442034 GetProcessHeap
0x442038 VirtualProtect
0x44203c LoadLibraryA
0x442040 GetProcAddress
0x442044 CreateFileW
0x442048 DecodePointer
0x44204c WriteConsoleW
0x442050 HeapAlloc
0x442054 HeapReAlloc
0x442058 HeapSize
0x44205c VirtualAlloc
0x442060 VirtualFree
0x442064 FindFirstFileTransactedA
0x442068 HeapFree
0x44206c SetFilePointerEx
0x442070 GetConsoleMode
0x442074 GetConsoleCP
0x442078 FlushFileBuffers
0x44207c GetStringTypeW
0x442080 GetFileType
0x442084 SetStdHandle
0x442088 UnhandledExceptionFilter
0x44208c SetUnhandledExceptionFilter
0x442090 GetCurrentProcess
0x442094 TerminateProcess
0x442098 IsProcessorFeaturePresent
0x44209c QueryPerformanceCounter
0x4420a0 GetCurrentProcessId
0x4420a4 GetCurrentThreadId
0x4420a8 GetSystemTimeAsFileTime
0x4420ac InitializeSListHead
0x4420b0 IsDebuggerPresent
0x4420b4 GetStartupInfoW
0x4420b8 GetModuleHandleW
0x4420bc RtlUnwind
0x4420c0 GetLastError
0x4420c4 SetLastError
0x4420c8 EnterCriticalSection
0x4420cc LeaveCriticalSection
0x4420d0 DeleteCriticalSection
0x4420d4 InitializeCriticalSectionAndSpinCount
0x4420d8 TlsAlloc
0x4420dc TlsGetValue
0x4420e0 TlsSetValue
0x4420e4 TlsFree
0x4420e8 FreeLibrary
0x4420ec LoadLibraryExW
0x4420f0 GetStdHandle
0x4420f4 WriteFile
0x4420f8 GetModuleFileNameW
0x4420fc MultiByteToWideChar
0x442100 WideCharToMultiByte
0x442104 ExitProcess
0x442108 GetModuleHandleExW
0x44210c GetACP
0x442110 CloseHandle
0x442114 FindClose
0x442118 FindFirstFileExW
0x44211c FindNextFileW
0x442120 IsValidCodePage
0x442124 GetOEMCP
0x442128 GetCPInfo
0x44212c GetCommandLineA
0x442130 GetCommandLineW
0x442134 GetEnvironmentStringsW
0x442138 FreeEnvironmentStringsW
0x44213c LCMapStringW
0x442140 RaiseException
USER32.dll
0x44215c CreateDialogIndirectParamW
0x442160 RegisterClassA
0x442164 LoadStringW
GDI32.dll
0x442000 SetGraphicsMode
0x442004 RealizePalette
0x442008 CreateColorSpaceW
0x44200c SetTextColor
0x442010 D3DKMTNetDispQueryMiracastDisplayDeviceStatus
0x442014 gdiPlaySpoolStream
SHELL32.dll
0x442148 None
0x44214c SHInvokePrinterCommandW
0x442150 None
0x442154 SHCreateItemFromIDList
ole32.dll
0x44216c HMONITOR_UserSize
0x442170 OleCreateLinkFromData
0x442174 OleInitialize
0x442178 CoTestCancel
EAT(Export Address Table) Library
KERNEL32.dll
0x44201c CreateFileMappingNumaA
0x442020 GetBinaryType
0x442024 ReadConsoleW
0x442028 EnumSystemCodePagesA
0x44202c K32EnumPageFilesA
0x442030 IsValidLocaleName
0x442034 GetProcessHeap
0x442038 VirtualProtect
0x44203c LoadLibraryA
0x442040 GetProcAddress
0x442044 CreateFileW
0x442048 DecodePointer
0x44204c WriteConsoleW
0x442050 HeapAlloc
0x442054 HeapReAlloc
0x442058 HeapSize
0x44205c VirtualAlloc
0x442060 VirtualFree
0x442064 FindFirstFileTransactedA
0x442068 HeapFree
0x44206c SetFilePointerEx
0x442070 GetConsoleMode
0x442074 GetConsoleCP
0x442078 FlushFileBuffers
0x44207c GetStringTypeW
0x442080 GetFileType
0x442084 SetStdHandle
0x442088 UnhandledExceptionFilter
0x44208c SetUnhandledExceptionFilter
0x442090 GetCurrentProcess
0x442094 TerminateProcess
0x442098 IsProcessorFeaturePresent
0x44209c QueryPerformanceCounter
0x4420a0 GetCurrentProcessId
0x4420a4 GetCurrentThreadId
0x4420a8 GetSystemTimeAsFileTime
0x4420ac InitializeSListHead
0x4420b0 IsDebuggerPresent
0x4420b4 GetStartupInfoW
0x4420b8 GetModuleHandleW
0x4420bc RtlUnwind
0x4420c0 GetLastError
0x4420c4 SetLastError
0x4420c8 EnterCriticalSection
0x4420cc LeaveCriticalSection
0x4420d0 DeleteCriticalSection
0x4420d4 InitializeCriticalSectionAndSpinCount
0x4420d8 TlsAlloc
0x4420dc TlsGetValue
0x4420e0 TlsSetValue
0x4420e4 TlsFree
0x4420e8 FreeLibrary
0x4420ec LoadLibraryExW
0x4420f0 GetStdHandle
0x4420f4 WriteFile
0x4420f8 GetModuleFileNameW
0x4420fc MultiByteToWideChar
0x442100 WideCharToMultiByte
0x442104 ExitProcess
0x442108 GetModuleHandleExW
0x44210c GetACP
0x442110 CloseHandle
0x442114 FindClose
0x442118 FindFirstFileExW
0x44211c FindNextFileW
0x442120 IsValidCodePage
0x442124 GetOEMCP
0x442128 GetCPInfo
0x44212c GetCommandLineA
0x442130 GetCommandLineW
0x442134 GetEnvironmentStringsW
0x442138 FreeEnvironmentStringsW
0x44213c LCMapStringW
0x442140 RaiseException
USER32.dll
0x44215c CreateDialogIndirectParamW
0x442160 RegisterClassA
0x442164 LoadStringW
GDI32.dll
0x442000 SetGraphicsMode
0x442004 RealizePalette
0x442008 CreateColorSpaceW
0x44200c SetTextColor
0x442010 D3DKMTNetDispQueryMiracastDisplayDeviceStatus
0x442014 gdiPlaySpoolStream
SHELL32.dll
0x442148 None
0x44214c SHInvokePrinterCommandW
0x442150 None
0x442154 SHCreateItemFromIDList
ole32.dll
0x44216c HMONITOR_UserSize
0x442170 OleCreateLinkFromData
0x442174 OleInitialize
0x442178 CoTestCancel
EAT(Export Address Table) Library