ScreenShot
| Created | 2021.04.09 08:58 | Machine | s1_win7_x6402 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 34 detected (AIDetect, malware2, malicious, high confidence, HwoCdEcA, Unsafe, Save, Attribute, HighConfidence, Kryptik, HKIS, FileRepMalware, GenericKDZ, Static AI, Malicious PE, Kiosk, kcloud, Wacatac, score, Artemis, Obscure, CLOUD, HKIM, ZexaF, MqW@aeP8QBae, Genetic, confidence, 100%, susgen) | ||
| md5 | 3c541941aa60ce757626f3c7ef08ae6b | ||
| sha256 | 0bdb7a98c650426ff70b666a8a1f28b421a6135e729a70baf87a5c126fbd788a | ||
| ssdeep | 12288:uve4l6qdV21eg2IExcYDI+b1bf6JxcPKOaaJ/YGfnXLK84LI:yeA6G2sCExX5bZfcxcaaJ/v2PLI | ||
| imphash | 376fa88e139eef85f4524a21edf65c38 | ||
| impfuzzy | 48:X0pOVOE16CiWyXCDlbpW30OUhUGeU9tm0c51E:XUOky60yXuFW30JhUGeCtm0c5K | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x48d008 lstrlenA
0x48d00c TlsGetValue
0x48d010 SetLocalTime
0x48d014 BuildCommDCBAndTimeoutsA
0x48d018 CallNamedPipeA
0x48d01c SetUnhandledExceptionFilter
0x48d020 InterlockedIncrement
0x48d024 GetCommState
0x48d028 SetDefaultCommConfigW
0x48d02c ReadConsoleOutputAttribute
0x48d030 SetEnvironmentVariableW
0x48d034 CreateJobObjectW
0x48d038 WaitForSingleObject
0x48d03c CancelWaitableTimer
0x48d040 GetProcessPriorityBoost
0x48d044 LocalFlags
0x48d048 FindNextVolumeMountPointA
0x48d04c GetCommandLineA
0x48d050 GlobalAlloc
0x48d054 Sleep
0x48d058 _hread
0x48d05c SetSystemTimeAdjustment
0x48d060 DeleteVolumeMountPointW
0x48d064 SetConsoleMode
0x48d068 SetSystemPowerState
0x48d06c FileTimeToSystemTime
0x48d070 ReadFile
0x48d074 GetBinaryTypeW
0x48d078 SetThreadContext
0x48d07c GetNamedPipeHandleStateW
0x48d080 FreeLibraryAndExitThread
0x48d084 OpenMutexW
0x48d088 GetHandleInformation
0x48d08c GetLastError
0x48d090 GetProcAddress
0x48d094 VirtualAlloc
0x48d098 HeapSize
0x48d09c BeginUpdateResourceW
0x48d0a0 SetStdHandle
0x48d0a4 EnterCriticalSection
0x48d0a8 LoadLibraryA
0x48d0ac BuildCommDCBAndTimeoutsW
0x48d0b0 AddAtomW
0x48d0b4 SetCommMask
0x48d0b8 WaitForMultipleObjects
0x48d0bc GetOEMCP
0x48d0c0 DebugBreakProcess
0x48d0c4 CreateMutexA
0x48d0c8 GetCurrentDirectoryA
0x48d0cc EnumDateFormatsW
0x48d0d0 GetConsoleCursorInfo
0x48d0d4 GetSystemTime
0x48d0d8 GetProfileSectionW
0x48d0dc DeleteFileA
0x48d0e0 lstrcpyA
0x48d0e4 GetACP
0x48d0e8 FileTimeToDosDateTime
0x48d0ec HeapAlloc
0x48d0f0 TerminateProcess
0x48d0f4 GetCurrentProcess
0x48d0f8 UnhandledExceptionFilter
0x48d0fc IsDebuggerPresent
0x48d100 GetModuleHandleW
0x48d104 ExitProcess
0x48d108 GetStartupInfoA
0x48d10c RaiseException
0x48d110 RtlUnwind
0x48d114 LeaveCriticalSection
0x48d118 SetHandleCount
0x48d11c GetStdHandle
0x48d120 GetFileType
0x48d124 DeleteCriticalSection
0x48d128 WriteFile
0x48d12c WideCharToMultiByte
0x48d130 GetConsoleCP
0x48d134 GetConsoleMode
0x48d138 HeapFree
0x48d13c VirtualFree
0x48d140 HeapReAlloc
0x48d144 HeapCreate
0x48d148 GetModuleFileNameA
0x48d14c TlsAlloc
0x48d150 TlsSetValue
0x48d154 TlsFree
0x48d158 SetLastError
0x48d15c GetCurrentThreadId
0x48d160 InterlockedDecrement
0x48d164 InitializeCriticalSectionAndSpinCount
0x48d168 FreeEnvironmentStringsA
0x48d16c GetEnvironmentStrings
0x48d170 FreeEnvironmentStringsW
0x48d174 GetEnvironmentStringsW
0x48d178 QueryPerformanceCounter
0x48d17c GetTickCount
0x48d180 GetCurrentProcessId
0x48d184 GetSystemTimeAsFileTime
0x48d188 GetCPInfo
0x48d18c IsValidCodePage
0x48d190 MultiByteToWideChar
0x48d194 SetFilePointer
0x48d198 WriteConsoleA
0x48d19c GetConsoleOutputCP
0x48d1a0 WriteConsoleW
0x48d1a4 GetLocaleInfoA
0x48d1a8 FlushFileBuffers
0x48d1ac LCMapStringA
0x48d1b0 LCMapStringW
0x48d1b4 GetStringTypeA
0x48d1b8 GetStringTypeW
0x48d1bc CreateFileA
0x48d1c0 CloseHandle
USER32.dll
0x48d1c8 GetAncestor
ADVAPI32.dll
0x48d000 IsTextUnicode
EAT(Export Address Table) Library
0x48c5c0 _lifan@8
KERNEL32.dll
0x48d008 lstrlenA
0x48d00c TlsGetValue
0x48d010 SetLocalTime
0x48d014 BuildCommDCBAndTimeoutsA
0x48d018 CallNamedPipeA
0x48d01c SetUnhandledExceptionFilter
0x48d020 InterlockedIncrement
0x48d024 GetCommState
0x48d028 SetDefaultCommConfigW
0x48d02c ReadConsoleOutputAttribute
0x48d030 SetEnvironmentVariableW
0x48d034 CreateJobObjectW
0x48d038 WaitForSingleObject
0x48d03c CancelWaitableTimer
0x48d040 GetProcessPriorityBoost
0x48d044 LocalFlags
0x48d048 FindNextVolumeMountPointA
0x48d04c GetCommandLineA
0x48d050 GlobalAlloc
0x48d054 Sleep
0x48d058 _hread
0x48d05c SetSystemTimeAdjustment
0x48d060 DeleteVolumeMountPointW
0x48d064 SetConsoleMode
0x48d068 SetSystemPowerState
0x48d06c FileTimeToSystemTime
0x48d070 ReadFile
0x48d074 GetBinaryTypeW
0x48d078 SetThreadContext
0x48d07c GetNamedPipeHandleStateW
0x48d080 FreeLibraryAndExitThread
0x48d084 OpenMutexW
0x48d088 GetHandleInformation
0x48d08c GetLastError
0x48d090 GetProcAddress
0x48d094 VirtualAlloc
0x48d098 HeapSize
0x48d09c BeginUpdateResourceW
0x48d0a0 SetStdHandle
0x48d0a4 EnterCriticalSection
0x48d0a8 LoadLibraryA
0x48d0ac BuildCommDCBAndTimeoutsW
0x48d0b0 AddAtomW
0x48d0b4 SetCommMask
0x48d0b8 WaitForMultipleObjects
0x48d0bc GetOEMCP
0x48d0c0 DebugBreakProcess
0x48d0c4 CreateMutexA
0x48d0c8 GetCurrentDirectoryA
0x48d0cc EnumDateFormatsW
0x48d0d0 GetConsoleCursorInfo
0x48d0d4 GetSystemTime
0x48d0d8 GetProfileSectionW
0x48d0dc DeleteFileA
0x48d0e0 lstrcpyA
0x48d0e4 GetACP
0x48d0e8 FileTimeToDosDateTime
0x48d0ec HeapAlloc
0x48d0f0 TerminateProcess
0x48d0f4 GetCurrentProcess
0x48d0f8 UnhandledExceptionFilter
0x48d0fc IsDebuggerPresent
0x48d100 GetModuleHandleW
0x48d104 ExitProcess
0x48d108 GetStartupInfoA
0x48d10c RaiseException
0x48d110 RtlUnwind
0x48d114 LeaveCriticalSection
0x48d118 SetHandleCount
0x48d11c GetStdHandle
0x48d120 GetFileType
0x48d124 DeleteCriticalSection
0x48d128 WriteFile
0x48d12c WideCharToMultiByte
0x48d130 GetConsoleCP
0x48d134 GetConsoleMode
0x48d138 HeapFree
0x48d13c VirtualFree
0x48d140 HeapReAlloc
0x48d144 HeapCreate
0x48d148 GetModuleFileNameA
0x48d14c TlsAlloc
0x48d150 TlsSetValue
0x48d154 TlsFree
0x48d158 SetLastError
0x48d15c GetCurrentThreadId
0x48d160 InterlockedDecrement
0x48d164 InitializeCriticalSectionAndSpinCount
0x48d168 FreeEnvironmentStringsA
0x48d16c GetEnvironmentStrings
0x48d170 FreeEnvironmentStringsW
0x48d174 GetEnvironmentStringsW
0x48d178 QueryPerformanceCounter
0x48d17c GetTickCount
0x48d180 GetCurrentProcessId
0x48d184 GetSystemTimeAsFileTime
0x48d188 GetCPInfo
0x48d18c IsValidCodePage
0x48d190 MultiByteToWideChar
0x48d194 SetFilePointer
0x48d198 WriteConsoleA
0x48d19c GetConsoleOutputCP
0x48d1a0 WriteConsoleW
0x48d1a4 GetLocaleInfoA
0x48d1a8 FlushFileBuffers
0x48d1ac LCMapStringA
0x48d1b0 LCMapStringW
0x48d1b4 GetStringTypeA
0x48d1b8 GetStringTypeW
0x48d1bc CreateFileA
0x48d1c0 CloseHandle
USER32.dll
0x48d1c8 GetAncestor
ADVAPI32.dll
0x48d000 IsTextUnicode
EAT(Export Address Table) Library
0x48c5c0 _lifan@8