ScreenShot
| Created | 2021.04.08 09:42 | Machine | s1_win7_x6401 |
| Filename | rtr3.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 12 detected (malicious, high confidence, FileRepMalware, Casdet, score, Artemis, confidence) | ||
| md5 | a062400119a4a2b81e8465cd91c145d7 | ||
| sha256 | 9b9205550f31c76834606c67544248988a494fb06a4218cbbf76020fcd94801c | ||
| ssdeep | 6144:QZBr8euM6zhH39suCQWv+cbEPhJQC0lGHmV:Yl8euM6z99s5Q0y3B | ||
| imphash | 7bc28ce48ba6a176bfe82b3495ba75dd | ||
| impfuzzy | 24:fC1q5MUmc02tMS17mlJnc+pl3eDo5oX8OovbOPZiv7BwGWzxbBi/QhhAZjGTLyVC:actMS17kc+ppVk3a7BwJzr9vAZjGTEtk | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 12 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140020030 HeapFree
0x140020038 HeapSize
0x140020040 CreateTapePartition
0x140020048 Sleep
0x140020050 InterlockedFlushSList
0x140020058 CreateFileMappingW
0x140020060 LoadLibraryA
0x140020068 VirtualProtect
0x140020070 WriteConsoleW
0x140020078 CreateFileW
0x140020080 HeapReAlloc
0x140020088 SetFilePointerEx
0x140020090 GetConsoleMode
0x140020098 GetConsoleCP
0x1400200a0 FlushFileBuffers
0x1400200a8 LCMapStringW
0x1400200b0 GetProcessHeap
0x1400200b8 HeapAlloc
0x1400200c0 VirtualAlloc
0x1400200c8 VirtualFree
0x1400200d0 CloseHandle
0x1400200d8 RtlCaptureContext
0x1400200e0 RtlLookupFunctionEntry
0x1400200e8 RtlVirtualUnwind
0x1400200f0 UnhandledExceptionFilter
0x1400200f8 SetUnhandledExceptionFilter
0x140020100 GetCurrentProcess
0x140020108 TerminateProcess
0x140020110 IsProcessorFeaturePresent
0x140020118 QueryPerformanceCounter
0x140020120 GetCurrentProcessId
0x140020128 GetCurrentThreadId
0x140020130 GetSystemTimeAsFileTime
0x140020138 InitializeSListHead
0x140020140 IsDebuggerPresent
0x140020148 GetStartupInfoW
0x140020150 GetModuleHandleW
0x140020158 RtlUnwindEx
0x140020160 GetLastError
0x140020168 SetLastError
0x140020170 EnterCriticalSection
0x140020178 LeaveCriticalSection
0x140020180 DeleteCriticalSection
0x140020188 InitializeCriticalSectionAndSpinCount
0x140020190 TlsAlloc
0x140020198 TlsGetValue
0x1400201a0 TlsSetValue
0x1400201a8 TlsFree
0x1400201b0 FreeLibrary
0x1400201b8 GetProcAddress
0x1400201c0 LoadLibraryExW
0x1400201c8 GetStdHandle
0x1400201d0 WriteFile
0x1400201d8 GetModuleFileNameW
0x1400201e0 MultiByteToWideChar
0x1400201e8 WideCharToMultiByte
0x1400201f0 ExitProcess
0x1400201f8 GetModuleHandleExW
0x140020200 GetACP
0x140020208 FindClose
0x140020210 FindFirstFileExW
0x140020218 FindNextFileW
0x140020220 IsValidCodePage
0x140020228 GetOEMCP
0x140020230 GetCPInfo
0x140020238 GetCommandLineA
0x140020240 GetCommandLineW
0x140020248 GetEnvironmentStringsW
0x140020250 FreeEnvironmentStringsW
0x140020258 SetStdHandle
0x140020260 GetFileType
0x140020268 GetStringTypeW
0x140020270 RaiseException
USER32.dll
0x140020290 FillRect
0x140020298 InternalGetWindowText
0x1400202a0 SendIMEMessageExA
0x1400202a8 EnumChildWindows
0x1400202b0 SetActiveWindow
0x1400202b8 SetPropW
ole32.dll
0x1400202c8 FmtIdToPropStgName
0x1400202d0 NdrProxyForwardingFunction30
0x1400202d8 OleCreatePropertyFrameIndirectExt
0x1400202e0 OleCreateFromFile
0x1400202e8 ObjectStublessClient19
0x1400202f0 WriteClassStg
GDI32.dll
0x140020000 GetRgnBox
0x140020008 D3DKMTCreateOutputDupl
0x140020010 D3DKMTGetSharedResourceAdapterLuid
0x140020018 GetRegionData
0x140020020 GetMetaFileBitsEx
SHELL32.dll
0x140020280 None
EAT(Export Address Table) Library
KERNEL32.dll
0x140020030 HeapFree
0x140020038 HeapSize
0x140020040 CreateTapePartition
0x140020048 Sleep
0x140020050 InterlockedFlushSList
0x140020058 CreateFileMappingW
0x140020060 LoadLibraryA
0x140020068 VirtualProtect
0x140020070 WriteConsoleW
0x140020078 CreateFileW
0x140020080 HeapReAlloc
0x140020088 SetFilePointerEx
0x140020090 GetConsoleMode
0x140020098 GetConsoleCP
0x1400200a0 FlushFileBuffers
0x1400200a8 LCMapStringW
0x1400200b0 GetProcessHeap
0x1400200b8 HeapAlloc
0x1400200c0 VirtualAlloc
0x1400200c8 VirtualFree
0x1400200d0 CloseHandle
0x1400200d8 RtlCaptureContext
0x1400200e0 RtlLookupFunctionEntry
0x1400200e8 RtlVirtualUnwind
0x1400200f0 UnhandledExceptionFilter
0x1400200f8 SetUnhandledExceptionFilter
0x140020100 GetCurrentProcess
0x140020108 TerminateProcess
0x140020110 IsProcessorFeaturePresent
0x140020118 QueryPerformanceCounter
0x140020120 GetCurrentProcessId
0x140020128 GetCurrentThreadId
0x140020130 GetSystemTimeAsFileTime
0x140020138 InitializeSListHead
0x140020140 IsDebuggerPresent
0x140020148 GetStartupInfoW
0x140020150 GetModuleHandleW
0x140020158 RtlUnwindEx
0x140020160 GetLastError
0x140020168 SetLastError
0x140020170 EnterCriticalSection
0x140020178 LeaveCriticalSection
0x140020180 DeleteCriticalSection
0x140020188 InitializeCriticalSectionAndSpinCount
0x140020190 TlsAlloc
0x140020198 TlsGetValue
0x1400201a0 TlsSetValue
0x1400201a8 TlsFree
0x1400201b0 FreeLibrary
0x1400201b8 GetProcAddress
0x1400201c0 LoadLibraryExW
0x1400201c8 GetStdHandle
0x1400201d0 WriteFile
0x1400201d8 GetModuleFileNameW
0x1400201e0 MultiByteToWideChar
0x1400201e8 WideCharToMultiByte
0x1400201f0 ExitProcess
0x1400201f8 GetModuleHandleExW
0x140020200 GetACP
0x140020208 FindClose
0x140020210 FindFirstFileExW
0x140020218 FindNextFileW
0x140020220 IsValidCodePage
0x140020228 GetOEMCP
0x140020230 GetCPInfo
0x140020238 GetCommandLineA
0x140020240 GetCommandLineW
0x140020248 GetEnvironmentStringsW
0x140020250 FreeEnvironmentStringsW
0x140020258 SetStdHandle
0x140020260 GetFileType
0x140020268 GetStringTypeW
0x140020270 RaiseException
USER32.dll
0x140020290 FillRect
0x140020298 InternalGetWindowText
0x1400202a0 SendIMEMessageExA
0x1400202a8 EnumChildWindows
0x1400202b0 SetActiveWindow
0x1400202b8 SetPropW
ole32.dll
0x1400202c8 FmtIdToPropStgName
0x1400202d0 NdrProxyForwardingFunction30
0x1400202d8 OleCreatePropertyFrameIndirectExt
0x1400202e0 OleCreateFromFile
0x1400202e8 ObjectStublessClient19
0x1400202f0 WriteClassStg
GDI32.dll
0x140020000 GetRgnBox
0x140020008 D3DKMTCreateOutputDupl
0x140020010 D3DKMTGetSharedResourceAdapterLuid
0x140020018 GetRegionData
0x140020020 GetMetaFileBitsEx
SHELL32.dll
0x140020280 None
EAT(Export Address Table) Library