ScreenShot
| Created | 2021.04.10 09:02 | Machine | s1_win7_x6402 |
| Filename | intercom.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 8d44e457615fb663b2106c8fb2da9247 | ||
| sha256 | 2ed2e0e67b8dffa8ba88339f3e8537d0d6fba94f8bb0f54252994a9c0e22f842 | ||
| ssdeep | 98304:lhPj0MzQcVYzRpFj/YvpOuiqwU+qZQ4jY3LkTxms2xR7ablcO+:lhF/YzRj8vpXinU+IKoxmdUlcO | ||
| imphash | a843fe8744788134449689fa920b6016 | ||
| impfuzzy | 48:vtXt2PpaOGOFvCZ04Er1pn1OCthKeU9Im0cC1O:lXtwDZA1cnn1bthKeCIm0cCo | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x9ce000 SetDefaultCommConfigA
0x9ce004 CreateMutexW
0x9ce008 SetThreadContext
0x9ce00c OpenFile
0x9ce010 SetFilePointer
0x9ce014 lstrlenA
0x9ce018 TlsGetValue
0x9ce01c SetLocalTime
0x9ce020 DebugActiveProcessStop
0x9ce024 BuildCommDCBAndTimeoutsA
0x9ce028 CallNamedPipeA
0x9ce02c SetWaitableTimer
0x9ce030 InterlockedIncrement
0x9ce034 GetCommState
0x9ce038 ReadConsoleOutputAttribute
0x9ce03c CreateJobObjectW
0x9ce040 GetNamedPipeHandleStateA
0x9ce044 WaitForSingleObject
0x9ce048 GetProcessPriorityBoost
0x9ce04c LocalFlags
0x9ce050 VirtualFree
0x9ce054 FindNextVolumeMountPointA
0x9ce058 EnumTimeFormatsW
0x9ce05c GetCommandLineA
0x9ce060 SetProcessPriorityBoost
0x9ce064 LoadLibraryW
0x9ce068 Sleep
0x9ce06c _hread
0x9ce070 GetSystemPowerStatus
0x9ce074 SetSystemTimeAdjustment
0x9ce078 DeleteVolumeMountPointW
0x9ce07c SetConsoleMode
0x9ce080 FileTimeToSystemTime
0x9ce084 ReadFile
0x9ce088 GetBinaryTypeW
0x9ce08c GetACP
0x9ce090 RaiseException
0x9ce094 GetLargestConsoleWindowSize
0x9ce098 FreeLibraryAndExitThread
0x9ce09c OpenMutexW
0x9ce0a0 GetHandleInformation
0x9ce0a4 GetLastError
0x9ce0a8 GetProcAddress
0x9ce0ac HeapSize
0x9ce0b0 BeginUpdateResourceW
0x9ce0b4 SetStdHandle
0x9ce0b8 EnterCriticalSection
0x9ce0bc LocalAlloc
0x9ce0c0 BuildCommDCBAndTimeoutsW
0x9ce0c4 AddAtomW
0x9ce0c8 SetCommMask
0x9ce0cc WaitForMultipleObjects
0x9ce0d0 GetCurrentDirectoryA
0x9ce0d4 GetSystemTime
0x9ce0d8 lstrcpyA
0x9ce0dc HeapAlloc
0x9ce0e0 DeleteFileA
0x9ce0e4 TerminateProcess
0x9ce0e8 GetCurrentProcess
0x9ce0ec UnhandledExceptionFilter
0x9ce0f0 SetUnhandledExceptionFilter
0x9ce0f4 IsDebuggerPresent
0x9ce0f8 GetModuleHandleW
0x9ce0fc ExitProcess
0x9ce100 GetStartupInfoA
0x9ce104 RtlUnwind
0x9ce108 LeaveCriticalSection
0x9ce10c SetHandleCount
0x9ce110 GetStdHandle
0x9ce114 GetFileType
0x9ce118 DeleteCriticalSection
0x9ce11c WriteFile
0x9ce120 WideCharToMultiByte
0x9ce124 GetConsoleCP
0x9ce128 GetConsoleMode
0x9ce12c HeapFree
0x9ce130 VirtualAlloc
0x9ce134 HeapReAlloc
0x9ce138 HeapCreate
0x9ce13c GetModuleFileNameA
0x9ce140 TlsAlloc
0x9ce144 TlsSetValue
0x9ce148 TlsFree
0x9ce14c SetLastError
0x9ce150 GetCurrentThreadId
0x9ce154 InterlockedDecrement
0x9ce158 LoadLibraryA
0x9ce15c InitializeCriticalSectionAndSpinCount
0x9ce160 FreeEnvironmentStringsA
0x9ce164 GetEnvironmentStrings
0x9ce168 FreeEnvironmentStringsW
0x9ce16c GetEnvironmentStringsW
0x9ce170 QueryPerformanceCounter
0x9ce174 GetTickCount
0x9ce178 GetCurrentProcessId
0x9ce17c GetSystemTimeAsFileTime
0x9ce180 GetCPInfo
0x9ce184 GetOEMCP
0x9ce188 IsValidCodePage
0x9ce18c MultiByteToWideChar
0x9ce190 WriteConsoleA
0x9ce194 GetConsoleOutputCP
0x9ce198 WriteConsoleW
0x9ce19c GetLocaleInfoA
0x9ce1a0 FlushFileBuffers
0x9ce1a4 LCMapStringA
0x9ce1a8 LCMapStringW
0x9ce1ac GetStringTypeA
0x9ce1b0 GetStringTypeW
0x9ce1b4 CreateFileA
0x9ce1b8 CloseHandle
USER32.dll
0x9ce1c0 GetAncestor
EAT(Export Address Table) Library
0x9ccda0 _lifan@8
KERNEL32.dll
0x9ce000 SetDefaultCommConfigA
0x9ce004 CreateMutexW
0x9ce008 SetThreadContext
0x9ce00c OpenFile
0x9ce010 SetFilePointer
0x9ce014 lstrlenA
0x9ce018 TlsGetValue
0x9ce01c SetLocalTime
0x9ce020 DebugActiveProcessStop
0x9ce024 BuildCommDCBAndTimeoutsA
0x9ce028 CallNamedPipeA
0x9ce02c SetWaitableTimer
0x9ce030 InterlockedIncrement
0x9ce034 GetCommState
0x9ce038 ReadConsoleOutputAttribute
0x9ce03c CreateJobObjectW
0x9ce040 GetNamedPipeHandleStateA
0x9ce044 WaitForSingleObject
0x9ce048 GetProcessPriorityBoost
0x9ce04c LocalFlags
0x9ce050 VirtualFree
0x9ce054 FindNextVolumeMountPointA
0x9ce058 EnumTimeFormatsW
0x9ce05c GetCommandLineA
0x9ce060 SetProcessPriorityBoost
0x9ce064 LoadLibraryW
0x9ce068 Sleep
0x9ce06c _hread
0x9ce070 GetSystemPowerStatus
0x9ce074 SetSystemTimeAdjustment
0x9ce078 DeleteVolumeMountPointW
0x9ce07c SetConsoleMode
0x9ce080 FileTimeToSystemTime
0x9ce084 ReadFile
0x9ce088 GetBinaryTypeW
0x9ce08c GetACP
0x9ce090 RaiseException
0x9ce094 GetLargestConsoleWindowSize
0x9ce098 FreeLibraryAndExitThread
0x9ce09c OpenMutexW
0x9ce0a0 GetHandleInformation
0x9ce0a4 GetLastError
0x9ce0a8 GetProcAddress
0x9ce0ac HeapSize
0x9ce0b0 BeginUpdateResourceW
0x9ce0b4 SetStdHandle
0x9ce0b8 EnterCriticalSection
0x9ce0bc LocalAlloc
0x9ce0c0 BuildCommDCBAndTimeoutsW
0x9ce0c4 AddAtomW
0x9ce0c8 SetCommMask
0x9ce0cc WaitForMultipleObjects
0x9ce0d0 GetCurrentDirectoryA
0x9ce0d4 GetSystemTime
0x9ce0d8 lstrcpyA
0x9ce0dc HeapAlloc
0x9ce0e0 DeleteFileA
0x9ce0e4 TerminateProcess
0x9ce0e8 GetCurrentProcess
0x9ce0ec UnhandledExceptionFilter
0x9ce0f0 SetUnhandledExceptionFilter
0x9ce0f4 IsDebuggerPresent
0x9ce0f8 GetModuleHandleW
0x9ce0fc ExitProcess
0x9ce100 GetStartupInfoA
0x9ce104 RtlUnwind
0x9ce108 LeaveCriticalSection
0x9ce10c SetHandleCount
0x9ce110 GetStdHandle
0x9ce114 GetFileType
0x9ce118 DeleteCriticalSection
0x9ce11c WriteFile
0x9ce120 WideCharToMultiByte
0x9ce124 GetConsoleCP
0x9ce128 GetConsoleMode
0x9ce12c HeapFree
0x9ce130 VirtualAlloc
0x9ce134 HeapReAlloc
0x9ce138 HeapCreate
0x9ce13c GetModuleFileNameA
0x9ce140 TlsAlloc
0x9ce144 TlsSetValue
0x9ce148 TlsFree
0x9ce14c SetLastError
0x9ce150 GetCurrentThreadId
0x9ce154 InterlockedDecrement
0x9ce158 LoadLibraryA
0x9ce15c InitializeCriticalSectionAndSpinCount
0x9ce160 FreeEnvironmentStringsA
0x9ce164 GetEnvironmentStrings
0x9ce168 FreeEnvironmentStringsW
0x9ce16c GetEnvironmentStringsW
0x9ce170 QueryPerformanceCounter
0x9ce174 GetTickCount
0x9ce178 GetCurrentProcessId
0x9ce17c GetSystemTimeAsFileTime
0x9ce180 GetCPInfo
0x9ce184 GetOEMCP
0x9ce188 IsValidCodePage
0x9ce18c MultiByteToWideChar
0x9ce190 WriteConsoleA
0x9ce194 GetConsoleOutputCP
0x9ce198 WriteConsoleW
0x9ce19c GetLocaleInfoA
0x9ce1a0 FlushFileBuffers
0x9ce1a4 LCMapStringA
0x9ce1a8 LCMapStringW
0x9ce1ac GetStringTypeA
0x9ce1b0 GetStringTypeW
0x9ce1b4 CreateFileA
0x9ce1b8 CloseHandle
USER32.dll
0x9ce1c0 GetAncestor
EAT(Export Address Table) Library
0x9ccda0 _lifan@8