ScreenShot
| Created | 2021.04.23 10:07 | Machine | s1_win7_x6401 |
| Filename | Ra.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 01b6e74634db81acecadb5fcc20932e9 | ||
| sha256 | c09c016cd3f44ec4e0c4101dace8fb230871149f9cdc682e511af43fd73ef686 | ||
| ssdeep | 12288:t4qJTkwKaUHsBYBAoFQubXlwO69+rVtZ55k4y7rw:tzTkw5UMB6AS1XGB9+bZ55k9A | ||
| imphash | a3de837605b40443b304cb05fccaf2e6 | ||
| impfuzzy | 24:hzbkM+fNx687bCcDLpgITJOpqOovEG3tmkJ3ITZcOFQ8Ryv9gRTOOlTcKdbplyjt:sLN7RXOzVG3thyZc598MKd1tNZjpCH | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | Library_Malware_Zero | Library Malware | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4a7008 SetLocalTime
0x4a700c MapViewOfFile
0x4a7010 FindResourceW
0x4a7014 LoadLibraryExW
0x4a7018 InterlockedIncrement
0x4a701c GetConsoleAliasA
0x4a7020 SetConsoleScreenBufferSize
0x4a7024 ConnectNamedPipe
0x4a7028 GetModuleHandleW
0x4a702c SetFileTime
0x4a7030 TzSpecificLocalTimeToSystemTime
0x4a7034 FindResourceExA
0x4a7038 GlobalAlloc
0x4a703c SizeofResource
0x4a7040 SetSystemTimeAdjustment
0x4a7044 GetFileAttributesA
0x4a7048 GetLocaleInfoA
0x4a704c GetAtomNameW
0x4a7050 GetTimeZoneInformation
0x4a7054 GlobalUnlock
0x4a7058 LCMapStringA
0x4a705c GetConsoleOutputCP
0x4a7060 GetLastError
0x4a7064 GetProcAddress
0x4a7068 OpenWaitableTimerW
0x4a706c FindAtomA
0x4a7070 GetTapeParameters
0x4a7074 GlobalFindAtomW
0x4a7078 GlobalUnWire
0x4a707c lstrcatW
0x4a7080 FileTimeToLocalFileTime
0x4a7084 GetCurrentProcessId
0x4a7088 LocalFree
0x4a708c TerminateProcess
0x4a7090 GetModuleHandleExA
0x4a7094 GetCommandLineA
0x4a7098 GetStartupInfoA
0x4a709c RaiseException
0x4a70a0 RtlUnwind
0x4a70a4 GetCurrentProcess
0x4a70a8 UnhandledExceptionFilter
0x4a70ac SetUnhandledExceptionFilter
0x4a70b0 IsDebuggerPresent
0x4a70b4 HeapAlloc
0x4a70b8 HeapFree
0x4a70bc TlsGetValue
0x4a70c0 TlsAlloc
0x4a70c4 TlsSetValue
0x4a70c8 TlsFree
0x4a70cc SetLastError
0x4a70d0 GetCurrentThreadId
0x4a70d4 InterlockedDecrement
0x4a70d8 GetCurrentThread
0x4a70dc Sleep
0x4a70e0 HeapSize
0x4a70e4 ExitProcess
0x4a70e8 EnterCriticalSection
0x4a70ec LeaveCriticalSection
0x4a70f0 WriteFile
0x4a70f4 GetStdHandle
0x4a70f8 GetModuleFileNameA
0x4a70fc FreeEnvironmentStringsA
0x4a7100 GetEnvironmentStrings
0x4a7104 FreeEnvironmentStringsW
0x4a7108 WideCharToMultiByte
0x4a710c GetEnvironmentStringsW
0x4a7110 SetHandleCount
0x4a7114 GetFileType
0x4a7118 DeleteCriticalSection
0x4a711c HeapCreate
0x4a7120 HeapDestroy
0x4a7124 VirtualFree
0x4a7128 QueryPerformanceCounter
0x4a712c GetTickCount
0x4a7130 GetSystemTimeAsFileTime
0x4a7134 FatalAppExitA
0x4a7138 VirtualAlloc
0x4a713c HeapReAlloc
0x4a7140 GetCPInfo
0x4a7144 GetACP
0x4a7148 GetOEMCP
0x4a714c IsValidCodePage
0x4a7150 SetConsoleCtrlHandler
0x4a7154 FreeLibrary
0x4a7158 InterlockedExchange
0x4a715c LoadLibraryA
0x4a7160 InitializeCriticalSectionAndSpinCount
0x4a7164 SetFilePointer
0x4a7168 GetConsoleCP
0x4a716c GetConsoleMode
0x4a7170 MultiByteToWideChar
0x4a7174 CloseHandle
0x4a7178 CreateFileA
0x4a717c GetTimeFormatA
0x4a7180 GetDateFormatA
0x4a7184 GetUserDefaultLCID
0x4a7188 EnumSystemLocalesA
0x4a718c IsValidLocale
0x4a7190 GetStringTypeA
0x4a7194 GetStringTypeW
0x4a7198 LCMapStringW
0x4a719c GetLocaleInfoW
0x4a71a0 SetStdHandle
0x4a71a4 WriteConsoleA
0x4a71a8 WriteConsoleW
0x4a71ac FlushFileBuffers
0x4a71b0 SetEndOfFile
0x4a71b4 GetProcessHeap
0x4a71b8 ReadFile
0x4a71bc CompareStringA
0x4a71c0 CompareStringW
0x4a71c4 SetEnvironmentVariableA
0x4a71c8 GetModuleHandleA
ADVAPI32.dll
0x4a7000 OpenThreadToken
EAT(Export Address Table) is none
KERNEL32.dll
0x4a7008 SetLocalTime
0x4a700c MapViewOfFile
0x4a7010 FindResourceW
0x4a7014 LoadLibraryExW
0x4a7018 InterlockedIncrement
0x4a701c GetConsoleAliasA
0x4a7020 SetConsoleScreenBufferSize
0x4a7024 ConnectNamedPipe
0x4a7028 GetModuleHandleW
0x4a702c SetFileTime
0x4a7030 TzSpecificLocalTimeToSystemTime
0x4a7034 FindResourceExA
0x4a7038 GlobalAlloc
0x4a703c SizeofResource
0x4a7040 SetSystemTimeAdjustment
0x4a7044 GetFileAttributesA
0x4a7048 GetLocaleInfoA
0x4a704c GetAtomNameW
0x4a7050 GetTimeZoneInformation
0x4a7054 GlobalUnlock
0x4a7058 LCMapStringA
0x4a705c GetConsoleOutputCP
0x4a7060 GetLastError
0x4a7064 GetProcAddress
0x4a7068 OpenWaitableTimerW
0x4a706c FindAtomA
0x4a7070 GetTapeParameters
0x4a7074 GlobalFindAtomW
0x4a7078 GlobalUnWire
0x4a707c lstrcatW
0x4a7080 FileTimeToLocalFileTime
0x4a7084 GetCurrentProcessId
0x4a7088 LocalFree
0x4a708c TerminateProcess
0x4a7090 GetModuleHandleExA
0x4a7094 GetCommandLineA
0x4a7098 GetStartupInfoA
0x4a709c RaiseException
0x4a70a0 RtlUnwind
0x4a70a4 GetCurrentProcess
0x4a70a8 UnhandledExceptionFilter
0x4a70ac SetUnhandledExceptionFilter
0x4a70b0 IsDebuggerPresent
0x4a70b4 HeapAlloc
0x4a70b8 HeapFree
0x4a70bc TlsGetValue
0x4a70c0 TlsAlloc
0x4a70c4 TlsSetValue
0x4a70c8 TlsFree
0x4a70cc SetLastError
0x4a70d0 GetCurrentThreadId
0x4a70d4 InterlockedDecrement
0x4a70d8 GetCurrentThread
0x4a70dc Sleep
0x4a70e0 HeapSize
0x4a70e4 ExitProcess
0x4a70e8 EnterCriticalSection
0x4a70ec LeaveCriticalSection
0x4a70f0 WriteFile
0x4a70f4 GetStdHandle
0x4a70f8 GetModuleFileNameA
0x4a70fc FreeEnvironmentStringsA
0x4a7100 GetEnvironmentStrings
0x4a7104 FreeEnvironmentStringsW
0x4a7108 WideCharToMultiByte
0x4a710c GetEnvironmentStringsW
0x4a7110 SetHandleCount
0x4a7114 GetFileType
0x4a7118 DeleteCriticalSection
0x4a711c HeapCreate
0x4a7120 HeapDestroy
0x4a7124 VirtualFree
0x4a7128 QueryPerformanceCounter
0x4a712c GetTickCount
0x4a7130 GetSystemTimeAsFileTime
0x4a7134 FatalAppExitA
0x4a7138 VirtualAlloc
0x4a713c HeapReAlloc
0x4a7140 GetCPInfo
0x4a7144 GetACP
0x4a7148 GetOEMCP
0x4a714c IsValidCodePage
0x4a7150 SetConsoleCtrlHandler
0x4a7154 FreeLibrary
0x4a7158 InterlockedExchange
0x4a715c LoadLibraryA
0x4a7160 InitializeCriticalSectionAndSpinCount
0x4a7164 SetFilePointer
0x4a7168 GetConsoleCP
0x4a716c GetConsoleMode
0x4a7170 MultiByteToWideChar
0x4a7174 CloseHandle
0x4a7178 CreateFileA
0x4a717c GetTimeFormatA
0x4a7180 GetDateFormatA
0x4a7184 GetUserDefaultLCID
0x4a7188 EnumSystemLocalesA
0x4a718c IsValidLocale
0x4a7190 GetStringTypeA
0x4a7194 GetStringTypeW
0x4a7198 LCMapStringW
0x4a719c GetLocaleInfoW
0x4a71a0 SetStdHandle
0x4a71a4 WriteConsoleA
0x4a71a8 WriteConsoleW
0x4a71ac FlushFileBuffers
0x4a71b0 SetEndOfFile
0x4a71b4 GetProcessHeap
0x4a71b8 ReadFile
0x4a71bc CompareStringA
0x4a71c0 CompareStringW
0x4a71c4 SetEnvironmentVariableA
0x4a71c8 GetModuleHandleA
ADVAPI32.dll
0x4a7000 OpenThreadToken
EAT(Export Address Table) is none