ScreenShot
| Created | 2021.04.16 09:02 | Machine | s1_win7_x6401 |
| Filename | ratan.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 15 detected (malicious, high confidence, confidence, FileRepMetagen, score, Artemis, kcloud, Wacatac) | ||
| md5 | 1fa020f37a9780eb6e8203d9723c6256 | ||
| sha256 | 2e5275c35b262674705f3c2bd6becc80a067f2660798881d0f5344ac97bd592d | ||
| ssdeep | 6144:apbsp5OF6v4GNlEIlVpCq6RCEEot8BA9LhzC7jlc:aRsp5OF6vBNlllVpCq6Rw0BC7jW | ||
| imphash | cc214655089f13d387ac39cfc5307c58 | ||
| impfuzzy | 24:Td3C0D8SMUjk02tMS17mlJnc+pl395oX8OovbOPZiv7BuPhTHd4eyBBZKOq:T1YtMS17kc+ppfk3a7BuPJ9FyW | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140024038 HeapSize
0x140024040 CreateWaitableTimerExW
0x140024048 GetDiskFreeSpaceW
0x140024050 LoadLibraryA
0x140024058 GetProcAddress
0x140024060 VirtualProtect
0x140024068 HeapFree
0x140024070 CreateFileW
0x140024078 CloseHandle
0x140024080 SetFilePointerEx
0x140024088 GetConsoleMode
0x140024090 GetConsoleCP
0x140024098 FlushFileBuffers
0x1400240a0 HeapReAlloc
0x1400240a8 HeapAlloc
0x1400240b0 GetProcessHeap
0x1400240b8 VirtualAlloc
0x1400240c0 VirtualFree
0x1400240c8 WriteConsoleW
0x1400240d0 LCMapStringW
0x1400240d8 RtlCaptureContext
0x1400240e0 RtlLookupFunctionEntry
0x1400240e8 RtlVirtualUnwind
0x1400240f0 UnhandledExceptionFilter
0x1400240f8 SetUnhandledExceptionFilter
0x140024100 GetCurrentProcess
0x140024108 TerminateProcess
0x140024110 IsProcessorFeaturePresent
0x140024118 QueryPerformanceCounter
0x140024120 GetCurrentProcessId
0x140024128 GetCurrentThreadId
0x140024130 GetSystemTimeAsFileTime
0x140024138 InitializeSListHead
0x140024140 IsDebuggerPresent
0x140024148 GetStartupInfoW
0x140024150 GetModuleHandleW
0x140024158 RtlUnwindEx
0x140024160 GetLastError
0x140024168 SetLastError
0x140024170 EnterCriticalSection
0x140024178 LeaveCriticalSection
0x140024180 DeleteCriticalSection
0x140024188 InitializeCriticalSectionAndSpinCount
0x140024190 TlsAlloc
0x140024198 TlsGetValue
0x1400241a0 TlsSetValue
0x1400241a8 TlsFree
0x1400241b0 FreeLibrary
0x1400241b8 LoadLibraryExW
0x1400241c0 GetStdHandle
0x1400241c8 WriteFile
0x1400241d0 GetModuleFileNameW
0x1400241d8 MultiByteToWideChar
0x1400241e0 WideCharToMultiByte
0x1400241e8 ExitProcess
0x1400241f0 GetModuleHandleExW
0x1400241f8 GetACP
0x140024200 FindClose
0x140024208 FindFirstFileExW
0x140024210 FindNextFileW
0x140024218 IsValidCodePage
0x140024220 GetOEMCP
0x140024228 GetCPInfo
0x140024230 GetCommandLineA
0x140024238 GetCommandLineW
0x140024240 GetEnvironmentStringsW
0x140024248 FreeEnvironmentStringsW
0x140024250 SetStdHandle
0x140024258 GetFileType
0x140024260 GetStringTypeW
0x140024268 RaiseException
USER32.dll
0x140024288 PrintWindow
0x140024290 GetCursorInfo
0x140024298 SetWindowWord
ole32.dll
0x1400242a8 HACCEL_UserMarshal
0x1400242b0 OleCreateLinkToFileEx
0x1400242b8 PropStgNameToFmtId
GDI32.dll
0x140024000 CreateEllipticRgnIndirect
0x140024008 SetDIBits
0x140024010 D3DKMTReleaseProcessVidPnSourceOwners
0x140024018 GetViewportOrgEx
0x140024020 PlayMetaFileRecord
0x140024028 GdiPlayDCScript
SHELL32.dll
0x140024278 None
EAT(Export Address Table) Library
KERNEL32.dll
0x140024038 HeapSize
0x140024040 CreateWaitableTimerExW
0x140024048 GetDiskFreeSpaceW
0x140024050 LoadLibraryA
0x140024058 GetProcAddress
0x140024060 VirtualProtect
0x140024068 HeapFree
0x140024070 CreateFileW
0x140024078 CloseHandle
0x140024080 SetFilePointerEx
0x140024088 GetConsoleMode
0x140024090 GetConsoleCP
0x140024098 FlushFileBuffers
0x1400240a0 HeapReAlloc
0x1400240a8 HeapAlloc
0x1400240b0 GetProcessHeap
0x1400240b8 VirtualAlloc
0x1400240c0 VirtualFree
0x1400240c8 WriteConsoleW
0x1400240d0 LCMapStringW
0x1400240d8 RtlCaptureContext
0x1400240e0 RtlLookupFunctionEntry
0x1400240e8 RtlVirtualUnwind
0x1400240f0 UnhandledExceptionFilter
0x1400240f8 SetUnhandledExceptionFilter
0x140024100 GetCurrentProcess
0x140024108 TerminateProcess
0x140024110 IsProcessorFeaturePresent
0x140024118 QueryPerformanceCounter
0x140024120 GetCurrentProcessId
0x140024128 GetCurrentThreadId
0x140024130 GetSystemTimeAsFileTime
0x140024138 InitializeSListHead
0x140024140 IsDebuggerPresent
0x140024148 GetStartupInfoW
0x140024150 GetModuleHandleW
0x140024158 RtlUnwindEx
0x140024160 GetLastError
0x140024168 SetLastError
0x140024170 EnterCriticalSection
0x140024178 LeaveCriticalSection
0x140024180 DeleteCriticalSection
0x140024188 InitializeCriticalSectionAndSpinCount
0x140024190 TlsAlloc
0x140024198 TlsGetValue
0x1400241a0 TlsSetValue
0x1400241a8 TlsFree
0x1400241b0 FreeLibrary
0x1400241b8 LoadLibraryExW
0x1400241c0 GetStdHandle
0x1400241c8 WriteFile
0x1400241d0 GetModuleFileNameW
0x1400241d8 MultiByteToWideChar
0x1400241e0 WideCharToMultiByte
0x1400241e8 ExitProcess
0x1400241f0 GetModuleHandleExW
0x1400241f8 GetACP
0x140024200 FindClose
0x140024208 FindFirstFileExW
0x140024210 FindNextFileW
0x140024218 IsValidCodePage
0x140024220 GetOEMCP
0x140024228 GetCPInfo
0x140024230 GetCommandLineA
0x140024238 GetCommandLineW
0x140024240 GetEnvironmentStringsW
0x140024248 FreeEnvironmentStringsW
0x140024250 SetStdHandle
0x140024258 GetFileType
0x140024260 GetStringTypeW
0x140024268 RaiseException
USER32.dll
0x140024288 PrintWindow
0x140024290 GetCursorInfo
0x140024298 SetWindowWord
ole32.dll
0x1400242a8 HACCEL_UserMarshal
0x1400242b0 OleCreateLinkToFileEx
0x1400242b8 PropStgNameToFmtId
GDI32.dll
0x140024000 CreateEllipticRgnIndirect
0x140024008 SetDIBits
0x140024010 D3DKMTReleaseProcessVidPnSourceOwners
0x140024018 GetViewportOrgEx
0x140024020 PlayMetaFileRecord
0x140024028 GdiPlayDCScript
SHELL32.dll
0x140024278 None
EAT(Export Address Table) Library