ScreenShot
| Created | 2021.04.26 18:20 | Machine | s1_win7_x6401 |
| Filename | regasm.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 25 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, GenKryptik, FENA, score, Tofsee, BotX, Siggen2, kcloud, LockBit, Kryptik, CLASSIC, Static AI, Suspicious PE, HKOJ, ZexaF, qqW@aOKTpHhO, confidence, 100%) | ||
| md5 | d7a120c277d010f9757a22fab6cc6d29 | ||
| sha256 | d1a3d96ac2e08cda4f4dc7e0a2b51e9a308fabf7bd3747c550760227d5801bb6 | ||
| ssdeep | 3072:KENtPdLy50acuFGK8Kl2gLG55hgU2hXavascUL0iDiT4TI1lnjQpOHps0mdGh4qP:KMLs03KZLGHxBIqESKdzHpTmdRq | ||
| imphash | 472a8cc58e197fd941fb6c419ae1ed73 | ||
| impfuzzy | 48:QXKq1ajUO+upewoqM8WdjdrqBp0OOGVxDlW8EMc2gWl:QXKMajV+uKtbO70BGV5lWzMc2gg | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x415000 FileTimeToDosDateTime
0x415004 SetThreadContext
0x415008 lstrlenA
0x41500c TlsGetValue
0x415010 SetLocalTime
0x415014 GetDefaultCommConfigW
0x415018 FreeLibrary
0x41501c CallNamedPipeA
0x415020 LoadResource
0x415024 SystemTimeToTzSpecificLocalTime
0x415028 SetWaitableTimer
0x41502c SetUnhandledExceptionFilter
0x415030 LoadLibraryExW
0x415034 GetNumberOfConsoleMouseButtons
0x415038 GetCurrentActCtx
0x41503c GlobalSize
0x415040 GetProfileSectionA
0x415044 SetConsoleScreenBufferSize
0x415048 WriteConsoleInputA
0x41504c GetComputerNameW
0x415050 GetProcessPriorityBoost
0x415054 CreateNamedPipeW
0x415058 VirtualFree
0x41505c EnumTimeFormatsA
0x415060 WriteFile
0x415064 GetCommandLineA
0x415068 GetPriorityClass
0x41506c GlobalAlloc
0x415070 GetVolumeInformationA
0x415074 GetConsoleMode
0x415078 GetSystemPowerStatus
0x41507c SizeofResource
0x415080 SetVolumeMountPointA
0x415084 GetSystemTimeAdjustment
0x415088 DeleteVolumeMountPointW
0x41508c LeaveCriticalSection
0x415090 GetFileAttributesA
0x415094 Beep
0x415098 SetTimeZoneInformation
0x41509c VerifyVersionInfoA
0x4150a0 GetBinaryTypeA
0x4150a4 TerminateProcess
0x4150a8 DisconnectNamedPipe
0x4150ac CreateJobObjectA
0x4150b0 InterlockedExchange
0x4150b4 ReleaseActCtx
0x4150b8 GetStdHandle
0x4150bc OpenMutexW
0x4150c0 GetHandleInformation
0x4150c4 GetLastError
0x4150c8 GetCurrentDirectoryW
0x4150cc HeapSize
0x4150d0 MoveFileW
0x4150d4 GetLocalTime
0x4150d8 LoadLibraryA
0x4150dc BuildCommDCBAndTimeoutsW
0x4150e0 AddAtomA
0x4150e4 SetCommMask
0x4150e8 GetOEMCP
0x4150ec DebugBreakProcess
0x4150f0 CreateMutexA
0x4150f4 VirtualProtect
0x4150f8 GetVersionExA
0x4150fc GetSystemTime
0x415100 lstrcpyA
0x415104 DeleteFileA
0x415108 HeapReAlloc
0x41510c HeapAlloc
0x415110 GetStartupInfoW
0x415114 RaiseException
0x415118 RtlUnwind
0x41511c EnterCriticalSection
0x415120 SetHandleCount
0x415124 GetFileType
0x415128 GetStartupInfoA
0x41512c DeleteCriticalSection
0x415130 GetCurrentProcess
0x415134 UnhandledExceptionFilter
0x415138 IsDebuggerPresent
0x41513c HeapFree
0x415140 HeapCreate
0x415144 VirtualAlloc
0x415148 GetModuleHandleW
0x41514c Sleep
0x415150 GetProcAddress
0x415154 ExitProcess
0x415158 GetModuleFileNameA
0x41515c GetModuleFileNameW
0x415160 FreeEnvironmentStringsW
0x415164 GetEnvironmentStringsW
0x415168 GetCommandLineW
0x41516c TlsAlloc
0x415170 TlsSetValue
0x415174 TlsFree
0x415178 InterlockedIncrement
0x41517c SetLastError
0x415180 GetCurrentThreadId
0x415184 InterlockedDecrement
0x415188 QueryPerformanceCounter
0x41518c GetTickCount
0x415190 GetCurrentProcessId
0x415194 GetSystemTimeAsFileTime
0x415198 InitializeCriticalSectionAndSpinCount
0x41519c GetCPInfo
0x4151a0 GetACP
0x4151a4 IsValidCodePage
0x4151a8 MultiByteToWideChar
0x4151ac WideCharToMultiByte
0x4151b0 GetConsoleCP
0x4151b4 FlushFileBuffers
0x4151b8 LCMapStringA
0x4151bc LCMapStringW
0x4151c0 GetStringTypeA
0x4151c4 GetStringTypeW
0x4151c8 GetLocaleInfoA
0x4151cc ReadFile
0x4151d0 CloseHandle
0x4151d4 WriteConsoleA
0x4151d8 GetConsoleOutputCP
0x4151dc WriteConsoleW
0x4151e0 SetFilePointer
0x4151e4 SetStdHandle
0x4151e8 CreateFileA
0x4151ec GetModuleHandleA
USER32.dll
0x4151f4 GetWindowInfo
EAT(Export Address Table) Library
0x40e3b0 _helloworld@4
0x40e3c0 _lifan@8
KERNEL32.dll
0x415000 FileTimeToDosDateTime
0x415004 SetThreadContext
0x415008 lstrlenA
0x41500c TlsGetValue
0x415010 SetLocalTime
0x415014 GetDefaultCommConfigW
0x415018 FreeLibrary
0x41501c CallNamedPipeA
0x415020 LoadResource
0x415024 SystemTimeToTzSpecificLocalTime
0x415028 SetWaitableTimer
0x41502c SetUnhandledExceptionFilter
0x415030 LoadLibraryExW
0x415034 GetNumberOfConsoleMouseButtons
0x415038 GetCurrentActCtx
0x41503c GlobalSize
0x415040 GetProfileSectionA
0x415044 SetConsoleScreenBufferSize
0x415048 WriteConsoleInputA
0x41504c GetComputerNameW
0x415050 GetProcessPriorityBoost
0x415054 CreateNamedPipeW
0x415058 VirtualFree
0x41505c EnumTimeFormatsA
0x415060 WriteFile
0x415064 GetCommandLineA
0x415068 GetPriorityClass
0x41506c GlobalAlloc
0x415070 GetVolumeInformationA
0x415074 GetConsoleMode
0x415078 GetSystemPowerStatus
0x41507c SizeofResource
0x415080 SetVolumeMountPointA
0x415084 GetSystemTimeAdjustment
0x415088 DeleteVolumeMountPointW
0x41508c LeaveCriticalSection
0x415090 GetFileAttributesA
0x415094 Beep
0x415098 SetTimeZoneInformation
0x41509c VerifyVersionInfoA
0x4150a0 GetBinaryTypeA
0x4150a4 TerminateProcess
0x4150a8 DisconnectNamedPipe
0x4150ac CreateJobObjectA
0x4150b0 InterlockedExchange
0x4150b4 ReleaseActCtx
0x4150b8 GetStdHandle
0x4150bc OpenMutexW
0x4150c0 GetHandleInformation
0x4150c4 GetLastError
0x4150c8 GetCurrentDirectoryW
0x4150cc HeapSize
0x4150d0 MoveFileW
0x4150d4 GetLocalTime
0x4150d8 LoadLibraryA
0x4150dc BuildCommDCBAndTimeoutsW
0x4150e0 AddAtomA
0x4150e4 SetCommMask
0x4150e8 GetOEMCP
0x4150ec DebugBreakProcess
0x4150f0 CreateMutexA
0x4150f4 VirtualProtect
0x4150f8 GetVersionExA
0x4150fc GetSystemTime
0x415100 lstrcpyA
0x415104 DeleteFileA
0x415108 HeapReAlloc
0x41510c HeapAlloc
0x415110 GetStartupInfoW
0x415114 RaiseException
0x415118 RtlUnwind
0x41511c EnterCriticalSection
0x415120 SetHandleCount
0x415124 GetFileType
0x415128 GetStartupInfoA
0x41512c DeleteCriticalSection
0x415130 GetCurrentProcess
0x415134 UnhandledExceptionFilter
0x415138 IsDebuggerPresent
0x41513c HeapFree
0x415140 HeapCreate
0x415144 VirtualAlloc
0x415148 GetModuleHandleW
0x41514c Sleep
0x415150 GetProcAddress
0x415154 ExitProcess
0x415158 GetModuleFileNameA
0x41515c GetModuleFileNameW
0x415160 FreeEnvironmentStringsW
0x415164 GetEnvironmentStringsW
0x415168 GetCommandLineW
0x41516c TlsAlloc
0x415170 TlsSetValue
0x415174 TlsFree
0x415178 InterlockedIncrement
0x41517c SetLastError
0x415180 GetCurrentThreadId
0x415184 InterlockedDecrement
0x415188 QueryPerformanceCounter
0x41518c GetTickCount
0x415190 GetCurrentProcessId
0x415194 GetSystemTimeAsFileTime
0x415198 InitializeCriticalSectionAndSpinCount
0x41519c GetCPInfo
0x4151a0 GetACP
0x4151a4 IsValidCodePage
0x4151a8 MultiByteToWideChar
0x4151ac WideCharToMultiByte
0x4151b0 GetConsoleCP
0x4151b4 FlushFileBuffers
0x4151b8 LCMapStringA
0x4151bc LCMapStringW
0x4151c0 GetStringTypeA
0x4151c4 GetStringTypeW
0x4151c8 GetLocaleInfoA
0x4151cc ReadFile
0x4151d0 CloseHandle
0x4151d4 WriteConsoleA
0x4151d8 GetConsoleOutputCP
0x4151dc WriteConsoleW
0x4151e0 SetFilePointer
0x4151e4 SetStdHandle
0x4151e8 CreateFileA
0x4151ec GetModuleHandleA
USER32.dll
0x4151f4 GetWindowInfo
EAT(Export Address Table) Library
0x40e3b0 _helloworld@4
0x40e3c0 _lifan@8