ScreenShot
| Created | 2021.04.09 17:05 | Machine | s1_win7_x6402 |
| Filename | bakamla0001.png | ||
| Type | PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 49 detected (AIDetect, malware2, malicious, high confidence, CVE-2021-1647, Emotet, Hacktool, score, CVE-2020-2116, CVE20211647, ikvpes, CLOUD, Malware@#2vx1v4ao2mflm, MULDROP, GenericRXNN, Static AI, Suspicious PE, Redcap, lqnli, ai score=83, Unsafe, GdSda, Hwml, confidence, 100%, HgIASOUA) | ||
| md5 | 9e734e717cf11f1917493be4cfc0e0b2 | ||
| sha256 | cc938b99d339e06fd412b0afa2b031d6586e76c92e185f2018d3e16e71876d7f | ||
| ssdeep | 3072:jDSCcWRMyEWr4SaXM+Ckpj3WxHW3BXegZ73H5LC:HPho93Wx23Jk | ||
| imphash | 84245f630674d6573306664292458cd5 | ||
| impfuzzy | 6:omRquAcfA2inYKoF21BzUARBo0DDKb6DL7cnCUpLUNKcnCUpLWp5iPEcn:omRqu6gkPoXb6rcXlQbXlWkPXn | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | IsConsole | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x4840bc RegCreateKeyExW
0x4840c0 RegSetValueExW
KERNEL32.dll
0x4840c8 CloseHandle
0x4840cc CreateEventW
0x4840d0 CreateFileA
0x4840d4 CreateFileW
0x4840d8 CreateProcessA
0x4840dc CreateThread
0x4840e0 GetCurrentThread
0x4840e4 ResumeThread
0x4840e8 SuspendThread
0x4840ec VirtualAlloc
0x4840f0 WaitForMultipleObjects
0x4840f4 WriteFile
ntdll.dll
0x4840fc RtlUnwind
0x484100 memset
api-ms-win-core-errorhandling-l1-1-1.dll
0x484108 RaiseException
0x48410c SetUnhandledExceptionFilter
EAT(Export Address Table) is none
ADVAPI32.dll
0x4840bc RegCreateKeyExW
0x4840c0 RegSetValueExW
KERNEL32.dll
0x4840c8 CloseHandle
0x4840cc CreateEventW
0x4840d0 CreateFileA
0x4840d4 CreateFileW
0x4840d8 CreateProcessA
0x4840dc CreateThread
0x4840e0 GetCurrentThread
0x4840e4 ResumeThread
0x4840e8 SuspendThread
0x4840ec VirtualAlloc
0x4840f0 WaitForMultipleObjects
0x4840f4 WriteFile
ntdll.dll
0x4840fc RtlUnwind
0x484100 memset
api-ms-win-core-errorhandling-l1-1-1.dll
0x484108 RaiseException
0x48410c SetUnhandledExceptionFilter
EAT(Export Address Table) is none