ScreenShot
| Created | 2021.04.13 10:24 | Machine | s1_win7_x6401 |
| Filename | C++%20Dropper.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 35 detected (AIDetect, malware2, GenericRXOF, Unsafe, Wacatac, malicious, confidence, GenericKD, Attribute, HighConfidence, a variant of Generik, DNATVJ, score, Bsymem, CLOUD, Siggen13, Artemis, ai score=100, KVMH017, kcloud, GdSda, Outbreak, HgIASSkA) | ||
| md5 | 356dc1680475998c7c23e199f2c2e9ca | ||
| sha256 | e5990480cda6207bf008957ae5a3fa3debe6303fd19c3babc3f2223bf769479c | ||
| ssdeep | 384:XbRIvCAcTljSxyW79lxqZQC7ZHLh2jSVe0J7OseTe:3jSxykxqhZHLZVnJ7OxTe | ||
| imphash | 68c97f4638ec4d8784dccbf5cd2aa30e | ||
| impfuzzy | 24:MeMS1IjABSsJciUyWPWyWNwULOLTwUKM9JLZhJCocAjyhD/29BAihTK4Tg9bfBSv:MeMS1IjSSjCNfcj93tjI8rKJBMQSLMA | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | network_dropper | File downloader/dropper | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x404000 MultiByteToWideChar
0x404004 GetCurrentDirectoryW
0x404008 CreateProcessW
0x40400c SetUnhandledExceptionFilter
0x404010 GetCurrentProcess
0x404014 TerminateProcess
0x404018 IsProcessorFeaturePresent
0x40401c QueryPerformanceCounter
0x404020 GetCurrentProcessId
0x404024 GetCurrentThreadId
0x404028 GetSystemTimeAsFileTime
0x40402c GetModuleHandleW
0x404030 InitializeSListHead
0x404034 IsDebuggerPresent
0x404038 UnhandledExceptionFilter
USER32.dll
0x40404c wsprintfW
MSVCP140.dll
0x404040 ?_Random_device@std@@YAIXZ
0x404044 ?_Xlength_error@std@@YAXPBD@Z
urlmon.dll
0x404104 URLDownloadToFileW
VCRUNTIME140.dll
0x404054 __std_exception_destroy
0x404058 _except_handler4_common
0x40405c memcpy
0x404060 memset
0x404064 __current_exception_context
0x404068 __current_exception
0x40406c __std_exception_copy
0x404070 __CxxFrameHandler3
0x404074 _CxxThrowException
0x404078 memmove
api-ms-win-crt-runtime-l1-1-0.dll
0x4040a4 _register_thread_local_exe_atexit_callback
0x4040a8 _initialize_onexit_table
0x4040ac _register_onexit_function
0x4040b0 _c_exit
0x4040b4 _controlfp_s
0x4040b8 terminate
0x4040bc __p___argc
0x4040c0 _cexit
0x4040c4 _invalid_parameter_noinfo_noreturn
0x4040c8 __p___argv
0x4040cc exit
0x4040d0 _initterm_e
0x4040d4 _initterm
0x4040d8 _get_initial_narrow_environment
0x4040dc _initialize_narrow_environment
0x4040e0 _configure_narrow_argv
0x4040e4 _crt_atexit
0x4040e8 _set_app_type
0x4040ec _seh_filter_exe
0x4040f0 _exit
api-ms-win-crt-heap-l1-1-0.dll
0x404080 malloc
0x404084 free
0x404088 _callnewh
0x40408c _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
0x40409c __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x4040f8 _set_fmode
0x4040fc __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x404094 _configthreadlocale
EAT(Export Address Table) is none
KERNEL32.dll
0x404000 MultiByteToWideChar
0x404004 GetCurrentDirectoryW
0x404008 CreateProcessW
0x40400c SetUnhandledExceptionFilter
0x404010 GetCurrentProcess
0x404014 TerminateProcess
0x404018 IsProcessorFeaturePresent
0x40401c QueryPerformanceCounter
0x404020 GetCurrentProcessId
0x404024 GetCurrentThreadId
0x404028 GetSystemTimeAsFileTime
0x40402c GetModuleHandleW
0x404030 InitializeSListHead
0x404034 IsDebuggerPresent
0x404038 UnhandledExceptionFilter
USER32.dll
0x40404c wsprintfW
MSVCP140.dll
0x404040 ?_Random_device@std@@YAIXZ
0x404044 ?_Xlength_error@std@@YAXPBD@Z
urlmon.dll
0x404104 URLDownloadToFileW
VCRUNTIME140.dll
0x404054 __std_exception_destroy
0x404058 _except_handler4_common
0x40405c memcpy
0x404060 memset
0x404064 __current_exception_context
0x404068 __current_exception
0x40406c __std_exception_copy
0x404070 __CxxFrameHandler3
0x404074 _CxxThrowException
0x404078 memmove
api-ms-win-crt-runtime-l1-1-0.dll
0x4040a4 _register_thread_local_exe_atexit_callback
0x4040a8 _initialize_onexit_table
0x4040ac _register_onexit_function
0x4040b0 _c_exit
0x4040b4 _controlfp_s
0x4040b8 terminate
0x4040bc __p___argc
0x4040c0 _cexit
0x4040c4 _invalid_parameter_noinfo_noreturn
0x4040c8 __p___argv
0x4040cc exit
0x4040d0 _initterm_e
0x4040d4 _initterm
0x4040d8 _get_initial_narrow_environment
0x4040dc _initialize_narrow_environment
0x4040e0 _configure_narrow_argv
0x4040e4 _crt_atexit
0x4040e8 _set_app_type
0x4040ec _seh_filter_exe
0x4040f0 _exit
api-ms-win-crt-heap-l1-1-0.dll
0x404080 malloc
0x404084 free
0x404088 _callnewh
0x40408c _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
0x40409c __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x4040f8 _set_fmode
0x4040fc __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x404094 _configthreadlocale
EAT(Export Address Table) is none