ScreenShot
| Created | 2021.04.10 08:59 | Machine | s1_win7_x6402 |
| Filename | 5.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 50 detected (AIDetect, malware1, malicious, high confidence, Siggen12, FFAM, Unsafe, Save, TrojanPSW, Glupteba, ZexaF, GqW@aWxbmGgG, Eldorado, Attribute, HighConfidence, Kryptik, HKGC, BootkitX, Racealer, Static AI, Malicious PE, VidarStealer, ydckt, PSWTroj, kcloud, score, R395070, ai score=82, Obscure, CLOUD, UrSnif, HKEM, susgen, Genetic, confidence, 100%, Raccoon, HgIASR4A) | ||
| md5 | fe2fc5ac57804c1d150a1ef9345fdd68 | ||
| sha256 | 5d83412d701bac00051ce917c0b3849b89f6d1a045a9757b24e479bf609f8119 | ||
| ssdeep | 12288:o3Ct8ScR7jBatZ3x37XsJZzvIoflOHudgEzgX:ogAWZ7mkofEu | ||
| imphash | 584c5603159e17e81307fc57f15dc706 | ||
| impfuzzy | 48:vvXKZO8Oj7FIJ/q3Lucpnu0O17rpdx+cXtsI1z7hZcBZFE:XXKwfA/q7vnu0yrzx+cXtsI1XhZcra | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418008 SetDefaultCommConfigA
0x41800c SetThreadContext
0x418010 lstrlenA
0x418014 SetLocalTime
0x418018 GetCPInfo
0x41801c SetWaitableTimer
0x418020 LoadLibraryExW
0x418024 GetCommState
0x418028 CreateJobObjectW
0x41802c GetNamedPipeHandleStateA
0x418030 GetComputerNameW
0x418034 CallNamedPipeW
0x418038 GetProcessPriorityBoost
0x41803c GetModuleHandleW
0x418040 WriteFile
0x418044 SetProcessPriorityBoost
0x418048 _hread
0x41804c GetVersionExW
0x418050 HeapValidate
0x418054 GetBinaryTypeA
0x418058 SetSystemPowerState
0x41805c RaiseException
0x418060 GetLargestConsoleWindowSize
0x418064 GetPrivateProfileIntW
0x418068 GetStdHandle
0x41806c GetLastError
0x418070 GetCurrentDirectoryW
0x418074 GetProcAddress
0x418078 GetCommandLineW
0x41807c SetVolumeLabelW
0x418080 EnterCriticalSection
0x418084 GetLocalTime
0x418088 OpenMutexA
0x41808c LocalAlloc
0x418090 BuildCommDCBAndTimeoutsW
0x418094 GetCommMask
0x418098 AddAtomA
0x41809c WaitForMultipleObjects
0x4180a0 SetSystemTime
0x4180a4 SetEnvironmentVariableA
0x4180a8 GetOEMCP
0x4180ac CreateIoCompletionPort
0x4180b0 DebugBreakProcess
0x4180b4 CreateMutexA
0x4180b8 VirtualProtect
0x4180bc EnumDateFormatsW
0x4180c0 WriteConsoleOutputAttribute
0x4180c4 DuplicateHandle
0x4180c8 LocalSize
0x4180cc DeleteFileW
0x4180d0 TlsFree
0x4180d4 GetProfileSectionW
0x4180d8 CommConfigDialogW
0x4180dc lstrcpyA
0x4180e0 CloseHandle
0x4180e4 BeginUpdateResourceW
0x4180e8 GetSystemDefaultLangID
0x4180ec WideCharToMultiByte
0x4180f0 InterlockedIncrement
0x4180f4 InterlockedDecrement
0x4180f8 InterlockedCompareExchange
0x4180fc InterlockedExchange
0x418100 MultiByteToWideChar
0x418104 Sleep
0x418108 InitializeCriticalSection
0x41810c DeleteCriticalSection
0x418110 LeaveCriticalSection
0x418114 MoveFileA
0x418118 HeapFree
0x41811c TerminateProcess
0x418120 GetCurrentProcess
0x418124 UnhandledExceptionFilter
0x418128 SetUnhandledExceptionFilter
0x41812c IsDebuggerPresent
0x418130 ExitProcess
0x418134 GetStartupInfoW
0x418138 RtlUnwind
0x41813c LCMapStringW
0x418140 LCMapStringA
0x418144 GetStringTypeW
0x418148 SetHandleCount
0x41814c GetFileType
0x418150 GetStartupInfoA
0x418154 SetStdHandle
0x418158 GetConsoleCP
0x41815c GetConsoleMode
0x418160 HeapAlloc
0x418164 HeapCreate
0x418168 VirtualFree
0x41816c VirtualAlloc
0x418170 HeapReAlloc
0x418174 TlsGetValue
0x418178 TlsAlloc
0x41817c TlsSetValue
0x418180 SetLastError
0x418184 GetCurrentThreadId
0x418188 GetModuleFileNameA
0x41818c LoadLibraryA
0x418190 InitializeCriticalSectionAndSpinCount
0x418194 GetModuleFileNameW
0x418198 FreeEnvironmentStringsW
0x41819c GetEnvironmentStringsW
0x4181a0 QueryPerformanceCounter
0x4181a4 GetTickCount
0x4181a8 GetCurrentProcessId
0x4181ac GetSystemTimeAsFileTime
0x4181b0 GetStringTypeA
0x4181b4 HeapSize
0x4181b8 GetACP
0x4181bc IsValidCodePage
0x4181c0 GetUserDefaultLCID
0x4181c4 GetLocaleInfoA
0x4181c8 EnumSystemLocalesA
0x4181cc IsValidLocale
0x4181d0 WriteConsoleA
0x4181d4 GetConsoleOutputCP
0x4181d8 WriteConsoleW
0x4181dc SetFilePointer
0x4181e0 GetLocaleInfoW
0x4181e4 FlushFileBuffers
0x4181e8 ReadFile
0x4181ec CreateFileA
USER32.dll
0x4181f4 GetAncestor
ADVAPI32.dll
0x418000 IsTextUnicode
EAT(Export Address Table) is none
KERNEL32.dll
0x418008 SetDefaultCommConfigA
0x41800c SetThreadContext
0x418010 lstrlenA
0x418014 SetLocalTime
0x418018 GetCPInfo
0x41801c SetWaitableTimer
0x418020 LoadLibraryExW
0x418024 GetCommState
0x418028 CreateJobObjectW
0x41802c GetNamedPipeHandleStateA
0x418030 GetComputerNameW
0x418034 CallNamedPipeW
0x418038 GetProcessPriorityBoost
0x41803c GetModuleHandleW
0x418040 WriteFile
0x418044 SetProcessPriorityBoost
0x418048 _hread
0x41804c GetVersionExW
0x418050 HeapValidate
0x418054 GetBinaryTypeA
0x418058 SetSystemPowerState
0x41805c RaiseException
0x418060 GetLargestConsoleWindowSize
0x418064 GetPrivateProfileIntW
0x418068 GetStdHandle
0x41806c GetLastError
0x418070 GetCurrentDirectoryW
0x418074 GetProcAddress
0x418078 GetCommandLineW
0x41807c SetVolumeLabelW
0x418080 EnterCriticalSection
0x418084 GetLocalTime
0x418088 OpenMutexA
0x41808c LocalAlloc
0x418090 BuildCommDCBAndTimeoutsW
0x418094 GetCommMask
0x418098 AddAtomA
0x41809c WaitForMultipleObjects
0x4180a0 SetSystemTime
0x4180a4 SetEnvironmentVariableA
0x4180a8 GetOEMCP
0x4180ac CreateIoCompletionPort
0x4180b0 DebugBreakProcess
0x4180b4 CreateMutexA
0x4180b8 VirtualProtect
0x4180bc EnumDateFormatsW
0x4180c0 WriteConsoleOutputAttribute
0x4180c4 DuplicateHandle
0x4180c8 LocalSize
0x4180cc DeleteFileW
0x4180d0 TlsFree
0x4180d4 GetProfileSectionW
0x4180d8 CommConfigDialogW
0x4180dc lstrcpyA
0x4180e0 CloseHandle
0x4180e4 BeginUpdateResourceW
0x4180e8 GetSystemDefaultLangID
0x4180ec WideCharToMultiByte
0x4180f0 InterlockedIncrement
0x4180f4 InterlockedDecrement
0x4180f8 InterlockedCompareExchange
0x4180fc InterlockedExchange
0x418100 MultiByteToWideChar
0x418104 Sleep
0x418108 InitializeCriticalSection
0x41810c DeleteCriticalSection
0x418110 LeaveCriticalSection
0x418114 MoveFileA
0x418118 HeapFree
0x41811c TerminateProcess
0x418120 GetCurrentProcess
0x418124 UnhandledExceptionFilter
0x418128 SetUnhandledExceptionFilter
0x41812c IsDebuggerPresent
0x418130 ExitProcess
0x418134 GetStartupInfoW
0x418138 RtlUnwind
0x41813c LCMapStringW
0x418140 LCMapStringA
0x418144 GetStringTypeW
0x418148 SetHandleCount
0x41814c GetFileType
0x418150 GetStartupInfoA
0x418154 SetStdHandle
0x418158 GetConsoleCP
0x41815c GetConsoleMode
0x418160 HeapAlloc
0x418164 HeapCreate
0x418168 VirtualFree
0x41816c VirtualAlloc
0x418170 HeapReAlloc
0x418174 TlsGetValue
0x418178 TlsAlloc
0x41817c TlsSetValue
0x418180 SetLastError
0x418184 GetCurrentThreadId
0x418188 GetModuleFileNameA
0x41818c LoadLibraryA
0x418190 InitializeCriticalSectionAndSpinCount
0x418194 GetModuleFileNameW
0x418198 FreeEnvironmentStringsW
0x41819c GetEnvironmentStringsW
0x4181a0 QueryPerformanceCounter
0x4181a4 GetTickCount
0x4181a8 GetCurrentProcessId
0x4181ac GetSystemTimeAsFileTime
0x4181b0 GetStringTypeA
0x4181b4 HeapSize
0x4181b8 GetACP
0x4181bc IsValidCodePage
0x4181c0 GetUserDefaultLCID
0x4181c4 GetLocaleInfoA
0x4181c8 EnumSystemLocalesA
0x4181cc IsValidLocale
0x4181d0 WriteConsoleA
0x4181d4 GetConsoleOutputCP
0x4181d8 WriteConsoleW
0x4181dc SetFilePointer
0x4181e0 GetLocaleInfoW
0x4181e4 FlushFileBuffers
0x4181e8 ReadFile
0x4181ec CreateFileA
USER32.dll
0x4181f4 GetAncestor
ADVAPI32.dll
0x418000 IsTextUnicode
EAT(Export Address Table) is none