ScreenShot
| Created | 2021.04.17 10:25 | Machine | s1_win7_x6402 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, GenKryptik, FEDH, TrojanX, R + Troj, Androm, Wacatac, score, ZexaF, SCW@aqppZDcG, Obscure, CLOUD, Static AI, Malicious PE) | ||
| md5 | 28babff4bf714869ede6763962b401f6 | ||
| sha256 | a2d3a21b0f2d7e34ea7498d45676f0e9879e734910c55fd38d1b815bccbe2fda | ||
| ssdeep | 12288:QP8Twnt2BfYyPXDBQQockSCdEDSjZPkbkBlxxQXg2T1fFWvzoD0:bTjBAsNPoJSNSPTxjOZFWvUw | ||
| imphash | 7fc39213713180aae00d5962f7c21023 | ||
| impfuzzy | 48:g1c8pO4plkBw8xj0XcA9ep6Ot1tl37n98cbd1GnNZed8:2fO4plP8xoX/26o1tl3798c51GH1 | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4a4008 WriteConsoleW
0x4a400c GetSystemPowerStatus
0x4a4010 DeleteVolumeMountPointW
0x4a4014 Sleep
0x4a4018 GetDefaultCommConfigW
0x4a401c CreateMutexW
0x4a4020 GetStdHandle
0x4a4024 InterlockedDecrement
0x4a4028 SetSystemTimeAdjustment
0x4a402c FileTimeToSystemTime
0x4a4030 GetNamedPipeHandleStateW
0x4a4034 CallNamedPipeW
0x4a4038 EnumResourceNamesW
0x4a403c BuildCommDCBAndTimeoutsA
0x4a4040 EnterCriticalSection
0x4a4044 DebugSetProcessKillOnExit
0x4a4048 EnumTimeFormatsW
0x4a404c TlsSetValue
0x4a4050 GetACP
0x4a4054 WriteFile
0x4a4058 GetCurrentActCtx
0x4a405c ReleaseActCtx
0x4a4060 AddRefActCtx
0x4a4064 GetHandleInformation
0x4a4068 OpenFile
0x4a406c VerifyVersionInfoA
0x4a4070 GetVersionExA
0x4a4074 FreeLibrary
0x4a4078 LoadLibraryExW
0x4a407c GetComputerNameA
0x4a4080 CommConfigDialogA
0x4a4084 GetProcessPriorityBoost
0x4a4088 lstrcatA
0x4a408c LoadLibraryW
0x4a4090 LocalAlloc
0x4a4094 SetEndOfFile
0x4a4098 CancelWaitableTimer
0x4a409c GetCurrentDirectoryW
0x4a40a0 GetCommMask
0x4a40a4 HeapFree
0x4a40a8 RaiseException
0x4a40ac GetBinaryTypeA
0x4a40b0 LocalSize
0x4a40b4 SetConsoleMode
0x4a40b8 GetLargestConsoleWindowSize
0x4a40bc WriteConsoleInputW
0x4a40c0 OpenMutexW
0x4a40c4 SetThreadContext
0x4a40c8 AddAtomW
0x4a40cc FindVolumeMountPointClose
0x4a40d0 GetSystemTime
0x4a40d4 GetCommandLineA
0x4a40d8 SetLocalTime
0x4a40dc GetLastError
0x4a40e0 GetSystemTimeAsFileTime
0x4a40e4 DisconnectNamedPipe
0x4a40e8 SetConsoleCursorInfo
0x4a40ec TerminateThread
0x4a40f0 GetFileAttributesW
0x4a40f4 SetLastError
0x4a40f8 lstrlenA
0x4a40fc CompareStringW
0x4a4100 CompareStringA
0x4a4104 VirtualProtect
0x4a4108 CreateJobObjectA
0x4a410c DeleteFileA
0x4a4110 RtlUnwind
0x4a4114 TerminateProcess
0x4a4118 GetCurrentProcess
0x4a411c UnhandledExceptionFilter
0x4a4120 SetUnhandledExceptionFilter
0x4a4124 IsDebuggerPresent
0x4a4128 GetStartupInfoA
0x4a412c HeapAlloc
0x4a4130 LeaveCriticalSection
0x4a4134 GetProcAddress
0x4a4138 GetModuleHandleA
0x4a413c GetModuleHandleW
0x4a4140 TlsGetValue
0x4a4144 TlsAlloc
0x4a4148 TlsFree
0x4a414c InterlockedIncrement
0x4a4150 GetCurrentThreadId
0x4a4154 GetCurrentThread
0x4a4158 ExitProcess
0x4a415c GetModuleFileNameA
0x4a4160 FreeEnvironmentStringsA
0x4a4164 GetEnvironmentStrings
0x4a4168 FreeEnvironmentStringsW
0x4a416c WideCharToMultiByte
0x4a4170 GetEnvironmentStringsW
0x4a4174 SetHandleCount
0x4a4178 GetFileType
0x4a417c DeleteCriticalSection
0x4a4180 HeapCreate
0x4a4184 HeapDestroy
0x4a4188 VirtualFree
0x4a418c QueryPerformanceCounter
0x4a4190 GetTickCount
0x4a4194 GetCurrentProcessId
0x4a4198 SetFilePointer
0x4a419c GetConsoleCP
0x4a41a0 GetConsoleMode
0x4a41a4 GetCPInfo
0x4a41a8 GetOEMCP
0x4a41ac IsValidCodePage
0x4a41b0 FatalAppExitA
0x4a41b4 VirtualAlloc
0x4a41b8 HeapReAlloc
0x4a41bc HeapSize
0x4a41c0 SetConsoleCtrlHandler
0x4a41c4 InterlockedExchange
0x4a41c8 LoadLibraryA
0x4a41cc InitializeCriticalSectionAndSpinCount
0x4a41d0 SetStdHandle
0x4a41d4 WriteConsoleA
0x4a41d8 GetConsoleOutputCP
0x4a41dc MultiByteToWideChar
0x4a41e0 LCMapStringA
0x4a41e4 LCMapStringW
0x4a41e8 GetStringTypeA
0x4a41ec GetStringTypeW
0x4a41f0 GetTimeFormatA
0x4a41f4 GetDateFormatA
0x4a41f8 GetUserDefaultLCID
0x4a41fc GetLocaleInfoA
0x4a4200 EnumSystemLocalesA
0x4a4204 IsValidLocale
0x4a4208 FlushFileBuffers
0x4a420c GetLocaleInfoW
0x4a4210 CreateFileA
0x4a4214 CloseHandle
0x4a4218 GetTimeZoneInformation
0x4a421c SetEnvironmentVariableA
USER32.dll
0x4a4224 GetComboBoxInfo
ADVAPI32.dll
0x4a4000 ClearEventLogW
EAT(Export Address Table) Library
0x47c280 _lifan@8
KERNEL32.dll
0x4a4008 WriteConsoleW
0x4a400c GetSystemPowerStatus
0x4a4010 DeleteVolumeMountPointW
0x4a4014 Sleep
0x4a4018 GetDefaultCommConfigW
0x4a401c CreateMutexW
0x4a4020 GetStdHandle
0x4a4024 InterlockedDecrement
0x4a4028 SetSystemTimeAdjustment
0x4a402c FileTimeToSystemTime
0x4a4030 GetNamedPipeHandleStateW
0x4a4034 CallNamedPipeW
0x4a4038 EnumResourceNamesW
0x4a403c BuildCommDCBAndTimeoutsA
0x4a4040 EnterCriticalSection
0x4a4044 DebugSetProcessKillOnExit
0x4a4048 EnumTimeFormatsW
0x4a404c TlsSetValue
0x4a4050 GetACP
0x4a4054 WriteFile
0x4a4058 GetCurrentActCtx
0x4a405c ReleaseActCtx
0x4a4060 AddRefActCtx
0x4a4064 GetHandleInformation
0x4a4068 OpenFile
0x4a406c VerifyVersionInfoA
0x4a4070 GetVersionExA
0x4a4074 FreeLibrary
0x4a4078 LoadLibraryExW
0x4a407c GetComputerNameA
0x4a4080 CommConfigDialogA
0x4a4084 GetProcessPriorityBoost
0x4a4088 lstrcatA
0x4a408c LoadLibraryW
0x4a4090 LocalAlloc
0x4a4094 SetEndOfFile
0x4a4098 CancelWaitableTimer
0x4a409c GetCurrentDirectoryW
0x4a40a0 GetCommMask
0x4a40a4 HeapFree
0x4a40a8 RaiseException
0x4a40ac GetBinaryTypeA
0x4a40b0 LocalSize
0x4a40b4 SetConsoleMode
0x4a40b8 GetLargestConsoleWindowSize
0x4a40bc WriteConsoleInputW
0x4a40c0 OpenMutexW
0x4a40c4 SetThreadContext
0x4a40c8 AddAtomW
0x4a40cc FindVolumeMountPointClose
0x4a40d0 GetSystemTime
0x4a40d4 GetCommandLineA
0x4a40d8 SetLocalTime
0x4a40dc GetLastError
0x4a40e0 GetSystemTimeAsFileTime
0x4a40e4 DisconnectNamedPipe
0x4a40e8 SetConsoleCursorInfo
0x4a40ec TerminateThread
0x4a40f0 GetFileAttributesW
0x4a40f4 SetLastError
0x4a40f8 lstrlenA
0x4a40fc CompareStringW
0x4a4100 CompareStringA
0x4a4104 VirtualProtect
0x4a4108 CreateJobObjectA
0x4a410c DeleteFileA
0x4a4110 RtlUnwind
0x4a4114 TerminateProcess
0x4a4118 GetCurrentProcess
0x4a411c UnhandledExceptionFilter
0x4a4120 SetUnhandledExceptionFilter
0x4a4124 IsDebuggerPresent
0x4a4128 GetStartupInfoA
0x4a412c HeapAlloc
0x4a4130 LeaveCriticalSection
0x4a4134 GetProcAddress
0x4a4138 GetModuleHandleA
0x4a413c GetModuleHandleW
0x4a4140 TlsGetValue
0x4a4144 TlsAlloc
0x4a4148 TlsFree
0x4a414c InterlockedIncrement
0x4a4150 GetCurrentThreadId
0x4a4154 GetCurrentThread
0x4a4158 ExitProcess
0x4a415c GetModuleFileNameA
0x4a4160 FreeEnvironmentStringsA
0x4a4164 GetEnvironmentStrings
0x4a4168 FreeEnvironmentStringsW
0x4a416c WideCharToMultiByte
0x4a4170 GetEnvironmentStringsW
0x4a4174 SetHandleCount
0x4a4178 GetFileType
0x4a417c DeleteCriticalSection
0x4a4180 HeapCreate
0x4a4184 HeapDestroy
0x4a4188 VirtualFree
0x4a418c QueryPerformanceCounter
0x4a4190 GetTickCount
0x4a4194 GetCurrentProcessId
0x4a4198 SetFilePointer
0x4a419c GetConsoleCP
0x4a41a0 GetConsoleMode
0x4a41a4 GetCPInfo
0x4a41a8 GetOEMCP
0x4a41ac IsValidCodePage
0x4a41b0 FatalAppExitA
0x4a41b4 VirtualAlloc
0x4a41b8 HeapReAlloc
0x4a41bc HeapSize
0x4a41c0 SetConsoleCtrlHandler
0x4a41c4 InterlockedExchange
0x4a41c8 LoadLibraryA
0x4a41cc InitializeCriticalSectionAndSpinCount
0x4a41d0 SetStdHandle
0x4a41d4 WriteConsoleA
0x4a41d8 GetConsoleOutputCP
0x4a41dc MultiByteToWideChar
0x4a41e0 LCMapStringA
0x4a41e4 LCMapStringW
0x4a41e8 GetStringTypeA
0x4a41ec GetStringTypeW
0x4a41f0 GetTimeFormatA
0x4a41f4 GetDateFormatA
0x4a41f8 GetUserDefaultLCID
0x4a41fc GetLocaleInfoA
0x4a4200 EnumSystemLocalesA
0x4a4204 IsValidLocale
0x4a4208 FlushFileBuffers
0x4a420c GetLocaleInfoW
0x4a4210 CreateFileA
0x4a4214 CloseHandle
0x4a4218 GetTimeZoneInformation
0x4a421c SetEnvironmentVariableA
USER32.dll
0x4a4224 GetComboBoxInfo
ADVAPI32.dll
0x4a4000 ClearEventLogW
EAT(Export Address Table) Library
0x47c280 _lifan@8