ScreenShot
| Created | 2021.04.16 09:05 | Machine | s1_win7_x6402 |
| Filename | rets.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 8 detected (malicious, high confidence, Unsafe, Dapato, confidence) | ||
| md5 | e31198c0a7e97c0584ad38f2c66d01b1 | ||
| sha256 | 5b05cae0880543c3adc28a2d5a45af4931de6d2b4197d2d3c26e4471dd4cf2a8 | ||
| ssdeep | 6144:VdgxX4K3UMRIzHok07anvXHGr+sU8bar:VCXTFREvXHGr+kw | ||
| imphash | c1bf70b0284697c622bf36c94d083845 | ||
| impfuzzy | 48:2pd6tMS17kc+ppfk3a7Be8RTpSeC5VBnhvW:+d6tMS17kc+ppf1FpSeArRW | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| notice | File has been identified by 8 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14001d028 HeapReAlloc
0x14001d030 HeapFree
0x14001d038 HeapSize
0x14001d040 BuildCommDCBAndTimeoutsW
0x14001d048 GetTickCount64
0x14001d050 GetSystemInfo
0x14001d058 InitializeSynchronizationBarrier
0x14001d060 K32EnumPageFilesA
0x14001d068 FreeLibraryAndExitThread
0x14001d070 HeapAlloc
0x14001d078 GetProcAddress
0x14001d080 VirtualProtect
0x14001d088 WriteConsoleW
0x14001d090 CreateFileW
0x14001d098 CloseHandle
0x14001d0a0 SetFilePointerEx
0x14001d0a8 GetConsoleMode
0x14001d0b0 GetConsoleCP
0x14001d0b8 GetProcessHeap
0x14001d0c0 VirtualAlloc
0x14001d0c8 VirtualFree
0x14001d0d0 LoadLibraryA
0x14001d0d8 FlushFileBuffers
0x14001d0e0 LCMapStringW
0x14001d0e8 RtlCaptureContext
0x14001d0f0 RtlLookupFunctionEntry
0x14001d0f8 RtlVirtualUnwind
0x14001d100 UnhandledExceptionFilter
0x14001d108 SetUnhandledExceptionFilter
0x14001d110 GetCurrentProcess
0x14001d118 TerminateProcess
0x14001d120 IsProcessorFeaturePresent
0x14001d128 QueryPerformanceCounter
0x14001d130 GetCurrentProcessId
0x14001d138 GetCurrentThreadId
0x14001d140 GetSystemTimeAsFileTime
0x14001d148 InitializeSListHead
0x14001d150 IsDebuggerPresent
0x14001d158 GetStartupInfoW
0x14001d160 GetModuleHandleW
0x14001d168 RtlUnwindEx
0x14001d170 GetLastError
0x14001d178 SetLastError
0x14001d180 EnterCriticalSection
0x14001d188 LeaveCriticalSection
0x14001d190 DeleteCriticalSection
0x14001d198 InitializeCriticalSectionAndSpinCount
0x14001d1a0 TlsAlloc
0x14001d1a8 TlsGetValue
0x14001d1b0 TlsSetValue
0x14001d1b8 TlsFree
0x14001d1c0 FreeLibrary
0x14001d1c8 LoadLibraryExW
0x14001d1d0 GetStdHandle
0x14001d1d8 WriteFile
0x14001d1e0 GetModuleFileNameW
0x14001d1e8 MultiByteToWideChar
0x14001d1f0 WideCharToMultiByte
0x14001d1f8 ExitProcess
0x14001d200 GetModuleHandleExW
0x14001d208 GetACP
0x14001d210 FindClose
0x14001d218 FindFirstFileExW
0x14001d220 FindNextFileW
0x14001d228 IsValidCodePage
0x14001d230 GetOEMCP
0x14001d238 GetCPInfo
0x14001d240 GetCommandLineA
0x14001d248 GetCommandLineW
0x14001d250 GetEnvironmentStringsW
0x14001d258 FreeEnvironmentStringsW
0x14001d260 SetStdHandle
0x14001d268 GetFileType
0x14001d270 GetStringTypeW
0x14001d278 RaiseException
USER32.dll
0x14001d2d8 GetUpdateRect
0x14001d2e0 CallMsgFilterA
ole32.dll
0x14001d2f0 CoGetApartmentID
0x14001d2f8 OleConvertOLESTREAMToIStorageEx
GDI32.dll
0x14001d000 GdiGradientFill
0x14001d008 D3DKMTOpenAdapterFromDeviceName
0x14001d010 GetPaletteEntries
0x14001d018 ColorMatchToTarget
SHELL32.dll
0x14001d288 None
0x14001d290 SHQueryRecycleBinA
0x14001d298 SHGetPathFromIDList
0x14001d2a0 None
0x14001d2a8 None
0x14001d2b0 SHCreateDefaultPropertiesOp
0x14001d2b8 SHGetIconOverlayIndexA
0x14001d2c0 None
0x14001d2c8 DragAcceptFiles
EAT(Export Address Table) Library
KERNEL32.dll
0x14001d028 HeapReAlloc
0x14001d030 HeapFree
0x14001d038 HeapSize
0x14001d040 BuildCommDCBAndTimeoutsW
0x14001d048 GetTickCount64
0x14001d050 GetSystemInfo
0x14001d058 InitializeSynchronizationBarrier
0x14001d060 K32EnumPageFilesA
0x14001d068 FreeLibraryAndExitThread
0x14001d070 HeapAlloc
0x14001d078 GetProcAddress
0x14001d080 VirtualProtect
0x14001d088 WriteConsoleW
0x14001d090 CreateFileW
0x14001d098 CloseHandle
0x14001d0a0 SetFilePointerEx
0x14001d0a8 GetConsoleMode
0x14001d0b0 GetConsoleCP
0x14001d0b8 GetProcessHeap
0x14001d0c0 VirtualAlloc
0x14001d0c8 VirtualFree
0x14001d0d0 LoadLibraryA
0x14001d0d8 FlushFileBuffers
0x14001d0e0 LCMapStringW
0x14001d0e8 RtlCaptureContext
0x14001d0f0 RtlLookupFunctionEntry
0x14001d0f8 RtlVirtualUnwind
0x14001d100 UnhandledExceptionFilter
0x14001d108 SetUnhandledExceptionFilter
0x14001d110 GetCurrentProcess
0x14001d118 TerminateProcess
0x14001d120 IsProcessorFeaturePresent
0x14001d128 QueryPerformanceCounter
0x14001d130 GetCurrentProcessId
0x14001d138 GetCurrentThreadId
0x14001d140 GetSystemTimeAsFileTime
0x14001d148 InitializeSListHead
0x14001d150 IsDebuggerPresent
0x14001d158 GetStartupInfoW
0x14001d160 GetModuleHandleW
0x14001d168 RtlUnwindEx
0x14001d170 GetLastError
0x14001d178 SetLastError
0x14001d180 EnterCriticalSection
0x14001d188 LeaveCriticalSection
0x14001d190 DeleteCriticalSection
0x14001d198 InitializeCriticalSectionAndSpinCount
0x14001d1a0 TlsAlloc
0x14001d1a8 TlsGetValue
0x14001d1b0 TlsSetValue
0x14001d1b8 TlsFree
0x14001d1c0 FreeLibrary
0x14001d1c8 LoadLibraryExW
0x14001d1d0 GetStdHandle
0x14001d1d8 WriteFile
0x14001d1e0 GetModuleFileNameW
0x14001d1e8 MultiByteToWideChar
0x14001d1f0 WideCharToMultiByte
0x14001d1f8 ExitProcess
0x14001d200 GetModuleHandleExW
0x14001d208 GetACP
0x14001d210 FindClose
0x14001d218 FindFirstFileExW
0x14001d220 FindNextFileW
0x14001d228 IsValidCodePage
0x14001d230 GetOEMCP
0x14001d238 GetCPInfo
0x14001d240 GetCommandLineA
0x14001d248 GetCommandLineW
0x14001d250 GetEnvironmentStringsW
0x14001d258 FreeEnvironmentStringsW
0x14001d260 SetStdHandle
0x14001d268 GetFileType
0x14001d270 GetStringTypeW
0x14001d278 RaiseException
USER32.dll
0x14001d2d8 GetUpdateRect
0x14001d2e0 CallMsgFilterA
ole32.dll
0x14001d2f0 CoGetApartmentID
0x14001d2f8 OleConvertOLESTREAMToIStorageEx
GDI32.dll
0x14001d000 GdiGradientFill
0x14001d008 D3DKMTOpenAdapterFromDeviceName
0x14001d010 GetPaletteEntries
0x14001d018 ColorMatchToTarget
SHELL32.dll
0x14001d288 None
0x14001d290 SHQueryRecycleBinA
0x14001d298 SHGetPathFromIDList
0x14001d2a0 None
0x14001d2a8 None
0x14001d2b0 SHCreateDefaultPropertiesOp
0x14001d2b8 SHGetIconOverlayIndexA
0x14001d2c0 None
0x14001d2c8 DragAcceptFiles
EAT(Export Address Table) Library