ScreenShot
| Created | 2021.04.10 09:25 | Machine | s1_win7_x6401 |
| Filename | dubi.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, GenKryptik, FDVZ, score, Stop, DropperX, Raas, Auto, Mokes, Ranumbot, BScope, Wacatac, Kryptik, CLOUD, Static AI, Malicious PE, susgen, HKIW, ZexaF, VCW@am, 0Lwic, confidence, QVM10) | ||
| md5 | 7d828df10c7f01c56773e98a6a88d5a8 | ||
| sha256 | 078741f43087dba0c7be612a212710c83c602d28a6a64a40581ca1df90820101 | ||
| ssdeep | 12288:Vo6MTH47YMZvW5pGyPBY58/iTkMRYBwEtvHXBGonoPPBuki9HcJFJagem+Whrk4r:Is7/tW5L+58qUBxxG7i98fMcdk4+S | ||
| imphash | e124209f91a98dbd65697c49d4798cec | ||
| impfuzzy | 48:21Oljzx6h2m+JtdcMSMuDj2FqKdrNZyp6F3:2clzx6h2JtdcMSFj2FqGrsI3 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xa8c008 WriteConsoleOutputCharacterA
0xa8c00c LoadResource
0xa8c010 SystemTimeToTzSpecificLocalTime
0xa8c014 HeapAlloc
0xa8c018 SetWaitableTimer
0xa8c01c HeapFree
0xa8c020 GetModuleHandleExW
0xa8c024 GlobalLock
0xa8c028 LockFile
0xa8c02c ConnectNamedPipe
0xa8c030 GetConsoleAliasesA
0xa8c034 FindResourceExA
0xa8c038 GlobalAlloc
0xa8c03c GetLocaleInfoW
0xa8c040 GetSystemTimeAdjustment
0xa8c044 InterlockedPopEntrySList
0xa8c048 GetFileAttributesA
0xa8c04c GetExitCodeProcess
0xa8c050 GetCompressedFileSizeA
0xa8c054 EnumDateFormatsExW
0xa8c058 GetEnvironmentVariableA
0xa8c05c VirtualUnlock
0xa8c060 LCMapStringA
0xa8c064 GetAtomNameA
0xa8c068 OpenWaitableTimerW
0xa8c06c AddAtomA
0xa8c070 GetTapeParameters
0xa8c074 GlobalFindAtomW
0xa8c078 SetConsoleCursorInfo
0xa8c07c GlobalUnWire
0xa8c080 VirtualProtect
0xa8c084 GetFileTime
0xa8c088 GetCurrentProcessId
0xa8c08c EnumCalendarInfoExA
0xa8c090 LocalFree
0xa8c094 LocalFileTimeToFileTime
0xa8c098 SetEnvironmentVariableA
0xa8c09c CompareStringW
0xa8c0a0 GetTimeZoneInformation
0xa8c0a4 RemoveVectoredExceptionHandler
0xa8c0a8 GetStartupInfoW
0xa8c0ac TerminateProcess
0xa8c0b0 GetCurrentProcess
0xa8c0b4 UnhandledExceptionFilter
0xa8c0b8 SetUnhandledExceptionFilter
0xa8c0bc IsDebuggerPresent
0xa8c0c0 EnterCriticalSection
0xa8c0c4 LeaveCriticalSection
0xa8c0c8 RtlUnwind
0xa8c0cc GetModuleHandleW
0xa8c0d0 Sleep
0xa8c0d4 GetProcAddress
0xa8c0d8 ExitProcess
0xa8c0dc WriteFile
0xa8c0e0 GetStdHandle
0xa8c0e4 GetModuleFileNameA
0xa8c0e8 GetModuleFileNameW
0xa8c0ec FreeEnvironmentStringsW
0xa8c0f0 GetEnvironmentStringsW
0xa8c0f4 GetCommandLineW
0xa8c0f8 SetHandleCount
0xa8c0fc GetFileType
0xa8c100 GetStartupInfoA
0xa8c104 DeleteCriticalSection
0xa8c108 TlsGetValue
0xa8c10c TlsAlloc
0xa8c110 TlsSetValue
0xa8c114 TlsFree
0xa8c118 InterlockedIncrement
0xa8c11c SetLastError
0xa8c120 GetCurrentThreadId
0xa8c124 GetLastError
0xa8c128 InterlockedDecrement
0xa8c12c GetCurrentThread
0xa8c130 HeapCreate
0xa8c134 HeapDestroy
0xa8c138 VirtualFree
0xa8c13c QueryPerformanceCounter
0xa8c140 GetTickCount
0xa8c144 GetSystemTimeAsFileTime
0xa8c148 SetFilePointer
0xa8c14c WideCharToMultiByte
0xa8c150 GetConsoleCP
0xa8c154 GetConsoleMode
0xa8c158 GetCPInfo
0xa8c15c GetACP
0xa8c160 GetOEMCP
0xa8c164 IsValidCodePage
0xa8c168 FatalAppExitA
0xa8c16c VirtualAlloc
0xa8c170 HeapReAlloc
0xa8c174 MultiByteToWideChar
0xa8c178 CloseHandle
0xa8c17c CreateFileA
0xa8c180 InitializeCriticalSectionAndSpinCount
0xa8c184 SetConsoleCtrlHandler
0xa8c188 FreeLibrary
0xa8c18c InterlockedExchange
0xa8c190 LoadLibraryA
0xa8c194 SetStdHandle
0xa8c198 WriteConsoleA
0xa8c19c GetConsoleOutputCP
0xa8c1a0 WriteConsoleW
0xa8c1a4 LCMapStringW
0xa8c1a8 GetStringTypeA
0xa8c1ac GetStringTypeW
0xa8c1b0 GetTimeFormatA
0xa8c1b4 GetDateFormatA
0xa8c1b8 GetUserDefaultLCID
0xa8c1bc GetLocaleInfoA
0xa8c1c0 EnumSystemLocalesA
0xa8c1c4 IsValidLocale
0xa8c1c8 FlushFileBuffers
0xa8c1cc ReadFile
0xa8c1d0 SetEndOfFile
0xa8c1d4 GetProcessHeap
0xa8c1d8 HeapSize
0xa8c1dc CompareStringA
0xa8c1e0 GetModuleHandleA
USER32.dll
0xa8c1e8 GetProcessDefaultLayout
ADVAPI32.dll
0xa8c000 EqualSid
EAT(Export Address Table) Library
0x4acbd0 Gorgeous
0x4acbc0 Robinson
0x4acbb0 SeeYou
KERNEL32.dll
0xa8c008 WriteConsoleOutputCharacterA
0xa8c00c LoadResource
0xa8c010 SystemTimeToTzSpecificLocalTime
0xa8c014 HeapAlloc
0xa8c018 SetWaitableTimer
0xa8c01c HeapFree
0xa8c020 GetModuleHandleExW
0xa8c024 GlobalLock
0xa8c028 LockFile
0xa8c02c ConnectNamedPipe
0xa8c030 GetConsoleAliasesA
0xa8c034 FindResourceExA
0xa8c038 GlobalAlloc
0xa8c03c GetLocaleInfoW
0xa8c040 GetSystemTimeAdjustment
0xa8c044 InterlockedPopEntrySList
0xa8c048 GetFileAttributesA
0xa8c04c GetExitCodeProcess
0xa8c050 GetCompressedFileSizeA
0xa8c054 EnumDateFormatsExW
0xa8c058 GetEnvironmentVariableA
0xa8c05c VirtualUnlock
0xa8c060 LCMapStringA
0xa8c064 GetAtomNameA
0xa8c068 OpenWaitableTimerW
0xa8c06c AddAtomA
0xa8c070 GetTapeParameters
0xa8c074 GlobalFindAtomW
0xa8c078 SetConsoleCursorInfo
0xa8c07c GlobalUnWire
0xa8c080 VirtualProtect
0xa8c084 GetFileTime
0xa8c088 GetCurrentProcessId
0xa8c08c EnumCalendarInfoExA
0xa8c090 LocalFree
0xa8c094 LocalFileTimeToFileTime
0xa8c098 SetEnvironmentVariableA
0xa8c09c CompareStringW
0xa8c0a0 GetTimeZoneInformation
0xa8c0a4 RemoveVectoredExceptionHandler
0xa8c0a8 GetStartupInfoW
0xa8c0ac TerminateProcess
0xa8c0b0 GetCurrentProcess
0xa8c0b4 UnhandledExceptionFilter
0xa8c0b8 SetUnhandledExceptionFilter
0xa8c0bc IsDebuggerPresent
0xa8c0c0 EnterCriticalSection
0xa8c0c4 LeaveCriticalSection
0xa8c0c8 RtlUnwind
0xa8c0cc GetModuleHandleW
0xa8c0d0 Sleep
0xa8c0d4 GetProcAddress
0xa8c0d8 ExitProcess
0xa8c0dc WriteFile
0xa8c0e0 GetStdHandle
0xa8c0e4 GetModuleFileNameA
0xa8c0e8 GetModuleFileNameW
0xa8c0ec FreeEnvironmentStringsW
0xa8c0f0 GetEnvironmentStringsW
0xa8c0f4 GetCommandLineW
0xa8c0f8 SetHandleCount
0xa8c0fc GetFileType
0xa8c100 GetStartupInfoA
0xa8c104 DeleteCriticalSection
0xa8c108 TlsGetValue
0xa8c10c TlsAlloc
0xa8c110 TlsSetValue
0xa8c114 TlsFree
0xa8c118 InterlockedIncrement
0xa8c11c SetLastError
0xa8c120 GetCurrentThreadId
0xa8c124 GetLastError
0xa8c128 InterlockedDecrement
0xa8c12c GetCurrentThread
0xa8c130 HeapCreate
0xa8c134 HeapDestroy
0xa8c138 VirtualFree
0xa8c13c QueryPerformanceCounter
0xa8c140 GetTickCount
0xa8c144 GetSystemTimeAsFileTime
0xa8c148 SetFilePointer
0xa8c14c WideCharToMultiByte
0xa8c150 GetConsoleCP
0xa8c154 GetConsoleMode
0xa8c158 GetCPInfo
0xa8c15c GetACP
0xa8c160 GetOEMCP
0xa8c164 IsValidCodePage
0xa8c168 FatalAppExitA
0xa8c16c VirtualAlloc
0xa8c170 HeapReAlloc
0xa8c174 MultiByteToWideChar
0xa8c178 CloseHandle
0xa8c17c CreateFileA
0xa8c180 InitializeCriticalSectionAndSpinCount
0xa8c184 SetConsoleCtrlHandler
0xa8c188 FreeLibrary
0xa8c18c InterlockedExchange
0xa8c190 LoadLibraryA
0xa8c194 SetStdHandle
0xa8c198 WriteConsoleA
0xa8c19c GetConsoleOutputCP
0xa8c1a0 WriteConsoleW
0xa8c1a4 LCMapStringW
0xa8c1a8 GetStringTypeA
0xa8c1ac GetStringTypeW
0xa8c1b0 GetTimeFormatA
0xa8c1b4 GetDateFormatA
0xa8c1b8 GetUserDefaultLCID
0xa8c1bc GetLocaleInfoA
0xa8c1c0 EnumSystemLocalesA
0xa8c1c4 IsValidLocale
0xa8c1c8 FlushFileBuffers
0xa8c1cc ReadFile
0xa8c1d0 SetEndOfFile
0xa8c1d4 GetProcessHeap
0xa8c1d8 HeapSize
0xa8c1dc CompareStringA
0xa8c1e0 GetModuleHandleA
USER32.dll
0xa8c1e8 GetProcessDefaultLayout
ADVAPI32.dll
0xa8c000 EqualSid
EAT(Export Address Table) Library
0x4acbd0 Gorgeous
0x4acbc0 Robinson
0x4acbb0 SeeYou