Report - dubi.exe

Generic Malware
ScreenShot
Created 2021.04.10 09:25 Machine s1_win7_x6401
Filename dubi.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
6
Behavior Score
2.2
ZERO API file : malware
VT API (file) 30 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, GenKryptik, FDVZ, score, Stop, DropperX, Raas, Auto, Mokes, Ranumbot, BScope, Wacatac, Kryptik, CLOUD, Static AI, Malicious PE, susgen, HKIW, ZexaF, VCW@am, 0Lwic, confidence, QVM10)
md5 7d828df10c7f01c56773e98a6a88d5a8
sha256 078741f43087dba0c7be612a212710c83c602d28a6a64a40581ca1df90820101
ssdeep 12288:Vo6MTH47YMZvW5pGyPBY58/iTkMRYBwEtvHXBGonoPPBuki9HcJFJagem+Whrk4r:Is7/tW5L+58qUBxxG7i98fMcdk4+S
imphash e124209f91a98dbd65697c49d4798cec
impfuzzy 48:21Oljzx6h2m+JtdcMSMuDj2FqKdrNZyp6F3:2clzx6h2JtdcMSFj2FqGrsI3
  Network IP location

Signature (5cnts)

Level Description
danger File has been identified by 30 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (7cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check Signature Zero binaries (upload)
info PE_Header_Zero PE File Signature Zero binaries (upload)
info IsPacked Entropy Check binaries (upload)
info IsWindowsGUI (no description) binaries (upload)
info win_files_operation Affect private profile binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0xa8c008 WriteConsoleOutputCharacterA
 0xa8c00c LoadResource
 0xa8c010 SystemTimeToTzSpecificLocalTime
 0xa8c014 HeapAlloc
 0xa8c018 SetWaitableTimer
 0xa8c01c HeapFree
 0xa8c020 GetModuleHandleExW
 0xa8c024 GlobalLock
 0xa8c028 LockFile
 0xa8c02c ConnectNamedPipe
 0xa8c030 GetConsoleAliasesA
 0xa8c034 FindResourceExA
 0xa8c038 GlobalAlloc
 0xa8c03c GetLocaleInfoW
 0xa8c040 GetSystemTimeAdjustment
 0xa8c044 InterlockedPopEntrySList
 0xa8c048 GetFileAttributesA
 0xa8c04c GetExitCodeProcess
 0xa8c050 GetCompressedFileSizeA
 0xa8c054 EnumDateFormatsExW
 0xa8c058 GetEnvironmentVariableA
 0xa8c05c VirtualUnlock
 0xa8c060 LCMapStringA
 0xa8c064 GetAtomNameA
 0xa8c068 OpenWaitableTimerW
 0xa8c06c AddAtomA
 0xa8c070 GetTapeParameters
 0xa8c074 GlobalFindAtomW
 0xa8c078 SetConsoleCursorInfo
 0xa8c07c GlobalUnWire
 0xa8c080 VirtualProtect
 0xa8c084 GetFileTime
 0xa8c088 GetCurrentProcessId
 0xa8c08c EnumCalendarInfoExA
 0xa8c090 LocalFree
 0xa8c094 LocalFileTimeToFileTime
 0xa8c098 SetEnvironmentVariableA
 0xa8c09c CompareStringW
 0xa8c0a0 GetTimeZoneInformation
 0xa8c0a4 RemoveVectoredExceptionHandler
 0xa8c0a8 GetStartupInfoW
 0xa8c0ac TerminateProcess
 0xa8c0b0 GetCurrentProcess
 0xa8c0b4 UnhandledExceptionFilter
 0xa8c0b8 SetUnhandledExceptionFilter
 0xa8c0bc IsDebuggerPresent
 0xa8c0c0 EnterCriticalSection
 0xa8c0c4 LeaveCriticalSection
 0xa8c0c8 RtlUnwind
 0xa8c0cc GetModuleHandleW
 0xa8c0d0 Sleep
 0xa8c0d4 GetProcAddress
 0xa8c0d8 ExitProcess
 0xa8c0dc WriteFile
 0xa8c0e0 GetStdHandle
 0xa8c0e4 GetModuleFileNameA
 0xa8c0e8 GetModuleFileNameW
 0xa8c0ec FreeEnvironmentStringsW
 0xa8c0f0 GetEnvironmentStringsW
 0xa8c0f4 GetCommandLineW
 0xa8c0f8 SetHandleCount
 0xa8c0fc GetFileType
 0xa8c100 GetStartupInfoA
 0xa8c104 DeleteCriticalSection
 0xa8c108 TlsGetValue
 0xa8c10c TlsAlloc
 0xa8c110 TlsSetValue
 0xa8c114 TlsFree
 0xa8c118 InterlockedIncrement
 0xa8c11c SetLastError
 0xa8c120 GetCurrentThreadId
 0xa8c124 GetLastError
 0xa8c128 InterlockedDecrement
 0xa8c12c GetCurrentThread
 0xa8c130 HeapCreate
 0xa8c134 HeapDestroy
 0xa8c138 VirtualFree
 0xa8c13c QueryPerformanceCounter
 0xa8c140 GetTickCount
 0xa8c144 GetSystemTimeAsFileTime
 0xa8c148 SetFilePointer
 0xa8c14c WideCharToMultiByte
 0xa8c150 GetConsoleCP
 0xa8c154 GetConsoleMode
 0xa8c158 GetCPInfo
 0xa8c15c GetACP
 0xa8c160 GetOEMCP
 0xa8c164 IsValidCodePage
 0xa8c168 FatalAppExitA
 0xa8c16c VirtualAlloc
 0xa8c170 HeapReAlloc
 0xa8c174 MultiByteToWideChar
 0xa8c178 CloseHandle
 0xa8c17c CreateFileA
 0xa8c180 InitializeCriticalSectionAndSpinCount
 0xa8c184 SetConsoleCtrlHandler
 0xa8c188 FreeLibrary
 0xa8c18c InterlockedExchange
 0xa8c190 LoadLibraryA
 0xa8c194 SetStdHandle
 0xa8c198 WriteConsoleA
 0xa8c19c GetConsoleOutputCP
 0xa8c1a0 WriteConsoleW
 0xa8c1a4 LCMapStringW
 0xa8c1a8 GetStringTypeA
 0xa8c1ac GetStringTypeW
 0xa8c1b0 GetTimeFormatA
 0xa8c1b4 GetDateFormatA
 0xa8c1b8 GetUserDefaultLCID
 0xa8c1bc GetLocaleInfoA
 0xa8c1c0 EnumSystemLocalesA
 0xa8c1c4 IsValidLocale
 0xa8c1c8 FlushFileBuffers
 0xa8c1cc ReadFile
 0xa8c1d0 SetEndOfFile
 0xa8c1d4 GetProcessHeap
 0xa8c1d8 HeapSize
 0xa8c1dc CompareStringA
 0xa8c1e0 GetModuleHandleA
USER32.dll
 0xa8c1e8 GetProcessDefaultLayout
ADVAPI32.dll
 0xa8c000 EqualSid

EAT(Export Address Table) Library

0x4acbd0 Gorgeous
0x4acbc0 Robinson
0x4acbb0 SeeYou


Similarity measure (PE file only) - Checking for service failure