ScreenShot
| Created | 2021.04.15 15:03 | Machine | s1_win7_x6401 |
| Filename | hah5.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 13 detected (malicious, high confidence, FileRepMetagen, Undefined, CLOUD, Dapato, confidence) | ||
| md5 | bb5ef523f0bf243790b6c67dd77ee986 | ||
| sha256 | c51bf8c74311b8941dca2f63a0850e61c1058af6af0ac42d81c2d85cd64d37cb | ||
| ssdeep | 6144:dL8d+BxlwJG25dgtNZfWjBVyRaViIboK:diilKG2ypWjBwjIsK | ||
| imphash | f0b3b47c1c4e1d4f46796f8c66fb904f | ||
| impfuzzy | 24:8uDC6590D0nMUyi02tMS17mlJnc+pl39VoX8OovbOPZiv7BA09Jkku0p0JDGdMBf:8uDrtMS17kc+ppvk3a7BA09qTJ4MBWE | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14001e038 HeapSize
0x14001e040 WerUnregisterRuntimeExceptionModule
0x14001e048 GetModuleFileNameW
0x14001e050 SetCriticalSectionSpinCount
0x14001e058 GetLargePageMinimum
0x14001e060 ReadDirectoryChangesW
0x14001e068 FindFirstFileA
0x14001e070 LoadLibraryA
0x14001e078 GetProcAddress
0x14001e080 HeapFree
0x14001e088 WriteConsoleW
0x14001e090 CreateFileW
0x14001e098 CloseHandle
0x14001e0a0 SetFilePointerEx
0x14001e0a8 GetConsoleMode
0x14001e0b0 GetConsoleCP
0x14001e0b8 FlushFileBuffers
0x14001e0c0 LCMapStringW
0x14001e0c8 HeapReAlloc
0x14001e0d0 GetProcessHeap
0x14001e0d8 HeapAlloc
0x14001e0e0 VirtualAlloc
0x14001e0e8 VirtualFree
0x14001e0f0 VirtualProtect
0x14001e0f8 RtlCaptureContext
0x14001e100 RtlLookupFunctionEntry
0x14001e108 RtlVirtualUnwind
0x14001e110 UnhandledExceptionFilter
0x14001e118 SetUnhandledExceptionFilter
0x14001e120 GetCurrentProcess
0x14001e128 TerminateProcess
0x14001e130 IsProcessorFeaturePresent
0x14001e138 QueryPerformanceCounter
0x14001e140 GetCurrentProcessId
0x14001e148 GetCurrentThreadId
0x14001e150 GetSystemTimeAsFileTime
0x14001e158 InitializeSListHead
0x14001e160 IsDebuggerPresent
0x14001e168 GetStartupInfoW
0x14001e170 GetModuleHandleW
0x14001e178 RtlUnwindEx
0x14001e180 GetLastError
0x14001e188 SetLastError
0x14001e190 EnterCriticalSection
0x14001e198 LeaveCriticalSection
0x14001e1a0 DeleteCriticalSection
0x14001e1a8 InitializeCriticalSectionAndSpinCount
0x14001e1b0 TlsAlloc
0x14001e1b8 TlsGetValue
0x14001e1c0 TlsSetValue
0x14001e1c8 TlsFree
0x14001e1d0 FreeLibrary
0x14001e1d8 LoadLibraryExW
0x14001e1e0 GetStdHandle
0x14001e1e8 WriteFile
0x14001e1f0 MultiByteToWideChar
0x14001e1f8 WideCharToMultiByte
0x14001e200 ExitProcess
0x14001e208 GetModuleHandleExW
0x14001e210 GetACP
0x14001e218 FindClose
0x14001e220 FindFirstFileExW
0x14001e228 FindNextFileW
0x14001e230 IsValidCodePage
0x14001e238 GetOEMCP
0x14001e240 GetCPInfo
0x14001e248 GetCommandLineA
0x14001e250 GetCommandLineW
0x14001e258 GetEnvironmentStringsW
0x14001e260 FreeEnvironmentStringsW
0x14001e268 SetStdHandle
0x14001e270 GetFileType
0x14001e278 GetStringTypeW
0x14001e280 RaiseException
USER32.dll
0x14001e2c8 GetIconInfoExA
0x14001e2d0 RegisterClassExW
0x14001e2d8 FillRect
ole32.dll
0x14001e2e8 ReleaseStgMedium
0x14001e2f0 CoSetMessageDispatcher
0x14001e2f8 OleLoadPictureExt
0x14001e300 OleGetIconOfFile
GDI32.dll
0x14001e000 GdiEndDocEMF
0x14001e008 D3DKMTInvalidateActiveVidPn
0x14001e010 GetGlyphIndicesA
0x14001e018 D3DKMTCreateSynchronizationObject
0x14001e020 D3DKMTShareObjects
0x14001e028 GetEnhMetaFileDescriptionA
SHELL32.dll
0x14001e290 None
0x14001e298 None
0x14001e2a0 SetCurrentProcessExplicitAppUserModelID
0x14001e2a8 None
0x14001e2b0 None
0x14001e2b8 SHGetDriveMedia
EAT(Export Address Table) Library
KERNEL32.dll
0x14001e038 HeapSize
0x14001e040 WerUnregisterRuntimeExceptionModule
0x14001e048 GetModuleFileNameW
0x14001e050 SetCriticalSectionSpinCount
0x14001e058 GetLargePageMinimum
0x14001e060 ReadDirectoryChangesW
0x14001e068 FindFirstFileA
0x14001e070 LoadLibraryA
0x14001e078 GetProcAddress
0x14001e080 HeapFree
0x14001e088 WriteConsoleW
0x14001e090 CreateFileW
0x14001e098 CloseHandle
0x14001e0a0 SetFilePointerEx
0x14001e0a8 GetConsoleMode
0x14001e0b0 GetConsoleCP
0x14001e0b8 FlushFileBuffers
0x14001e0c0 LCMapStringW
0x14001e0c8 HeapReAlloc
0x14001e0d0 GetProcessHeap
0x14001e0d8 HeapAlloc
0x14001e0e0 VirtualAlloc
0x14001e0e8 VirtualFree
0x14001e0f0 VirtualProtect
0x14001e0f8 RtlCaptureContext
0x14001e100 RtlLookupFunctionEntry
0x14001e108 RtlVirtualUnwind
0x14001e110 UnhandledExceptionFilter
0x14001e118 SetUnhandledExceptionFilter
0x14001e120 GetCurrentProcess
0x14001e128 TerminateProcess
0x14001e130 IsProcessorFeaturePresent
0x14001e138 QueryPerformanceCounter
0x14001e140 GetCurrentProcessId
0x14001e148 GetCurrentThreadId
0x14001e150 GetSystemTimeAsFileTime
0x14001e158 InitializeSListHead
0x14001e160 IsDebuggerPresent
0x14001e168 GetStartupInfoW
0x14001e170 GetModuleHandleW
0x14001e178 RtlUnwindEx
0x14001e180 GetLastError
0x14001e188 SetLastError
0x14001e190 EnterCriticalSection
0x14001e198 LeaveCriticalSection
0x14001e1a0 DeleteCriticalSection
0x14001e1a8 InitializeCriticalSectionAndSpinCount
0x14001e1b0 TlsAlloc
0x14001e1b8 TlsGetValue
0x14001e1c0 TlsSetValue
0x14001e1c8 TlsFree
0x14001e1d0 FreeLibrary
0x14001e1d8 LoadLibraryExW
0x14001e1e0 GetStdHandle
0x14001e1e8 WriteFile
0x14001e1f0 MultiByteToWideChar
0x14001e1f8 WideCharToMultiByte
0x14001e200 ExitProcess
0x14001e208 GetModuleHandleExW
0x14001e210 GetACP
0x14001e218 FindClose
0x14001e220 FindFirstFileExW
0x14001e228 FindNextFileW
0x14001e230 IsValidCodePage
0x14001e238 GetOEMCP
0x14001e240 GetCPInfo
0x14001e248 GetCommandLineA
0x14001e250 GetCommandLineW
0x14001e258 GetEnvironmentStringsW
0x14001e260 FreeEnvironmentStringsW
0x14001e268 SetStdHandle
0x14001e270 GetFileType
0x14001e278 GetStringTypeW
0x14001e280 RaiseException
USER32.dll
0x14001e2c8 GetIconInfoExA
0x14001e2d0 RegisterClassExW
0x14001e2d8 FillRect
ole32.dll
0x14001e2e8 ReleaseStgMedium
0x14001e2f0 CoSetMessageDispatcher
0x14001e2f8 OleLoadPictureExt
0x14001e300 OleGetIconOfFile
GDI32.dll
0x14001e000 GdiEndDocEMF
0x14001e008 D3DKMTInvalidateActiveVidPn
0x14001e010 GetGlyphIndicesA
0x14001e018 D3DKMTCreateSynchronizationObject
0x14001e020 D3DKMTShareObjects
0x14001e028 GetEnhMetaFileDescriptionA
SHELL32.dll
0x14001e290 None
0x14001e298 None
0x14001e2a0 SetCurrentProcessExplicitAppUserModelID
0x14001e2a8 None
0x14001e2b0 None
0x14001e2b8 SHGetDriveMedia
EAT(Export Address Table) Library