ScreenShot
| Created | 2021.04.27 10:25 | Machine | s1_win7_x6401 |
| Filename | SetGamma.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 19 detected (Artemis, Unsafe, Save, malicious, Ursu, Eldorado, Attribute, HighConfidence, Wacatac, ET#94%, RDMK, cmRtazqElPDRxr741M2J2f0Xp5m+, GdSda, HgIASOoA) | ||
| md5 | 20f182a5632ec5a6681a0b4dad61404f | ||
| sha256 | e604e09e93c5358b2fffae0d00f3b6c3ce4753b1b7729958e72fdf34783c3b04 | ||
| ssdeep | 1536:8s5iTCx5cbYdyBCOgu3yUyJCb+ESbz7DebM:8Vmx5cGyBo5/Lz | ||
| imphash | a2fcd99365dc125cfe0d2ed78bd267c0 | ||
| impfuzzy | 24:8fg1JcDzncLJ9enk5XGDZEkNJlkoDqoZzG:8fg1icl9ekJGVEkNJlkoqCG | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | MinGW | Used MinGW (Win GCC) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | IsConsole | (no description) | binaries (upload) |
| info | MinGW_1 | (no description) | binaries (upload) |
| info | screenshot | Take screenshot | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x406124 DeleteCriticalSection
0x406128 EnterCriticalSection
0x40612c GetCurrentProcess
0x406130 GetCurrentProcessId
0x406134 GetCurrentThreadId
0x406138 GetLastError
0x40613c GetProcAddress
0x406140 GetStartupInfoA
0x406144 GetSystemTimeAsFileTime
0x406148 GetTickCount
0x40614c InitializeCriticalSection
0x406150 LeaveCriticalSection
0x406154 LoadLibraryA
0x406158 QueryPerformanceCounter
0x40615c SetUnhandledExceptionFilter
0x406160 Sleep
0x406164 TerminateProcess
0x406168 TlsGetValue
0x40616c UnhandledExceptionFilter
0x406170 VirtualProtect
0x406174 VirtualQuery
msvcrt.dll
0x40617c __dllonexit
0x406180 __getmainargs
0x406184 __initenv
0x406188 __lconv_init
0x40618c __set_app_type
0x406190 __setusermatherr
0x406194 _acmdln
0x406198 _amsg_exit
0x40619c _cexit
0x4061a0 _fmode
0x4061a4 _initterm
0x4061a8 _iob
0x4061ac _lock
0x4061b0 _onexit
0x4061b4 _unlock
0x4061b8 abort
0x4061bc atoi
0x4061c0 calloc
0x4061c4 exit
0x4061c8 fprintf
0x4061cc free
0x4061d0 fwrite
0x4061d4 malloc
0x4061d8 memcpy
0x4061dc signal
0x4061e0 strlen
0x4061e4 strncmp
0x4061e8 vfprintf
USER32.dll
0x4061f0 GetDC
EAT(Export Address Table) is none
KERNEL32.dll
0x406124 DeleteCriticalSection
0x406128 EnterCriticalSection
0x40612c GetCurrentProcess
0x406130 GetCurrentProcessId
0x406134 GetCurrentThreadId
0x406138 GetLastError
0x40613c GetProcAddress
0x406140 GetStartupInfoA
0x406144 GetSystemTimeAsFileTime
0x406148 GetTickCount
0x40614c InitializeCriticalSection
0x406150 LeaveCriticalSection
0x406154 LoadLibraryA
0x406158 QueryPerformanceCounter
0x40615c SetUnhandledExceptionFilter
0x406160 Sleep
0x406164 TerminateProcess
0x406168 TlsGetValue
0x40616c UnhandledExceptionFilter
0x406170 VirtualProtect
0x406174 VirtualQuery
msvcrt.dll
0x40617c __dllonexit
0x406180 __getmainargs
0x406184 __initenv
0x406188 __lconv_init
0x40618c __set_app_type
0x406190 __setusermatherr
0x406194 _acmdln
0x406198 _amsg_exit
0x40619c _cexit
0x4061a0 _fmode
0x4061a4 _initterm
0x4061a8 _iob
0x4061ac _lock
0x4061b0 _onexit
0x4061b4 _unlock
0x4061b8 abort
0x4061bc atoi
0x4061c0 calloc
0x4061c4 exit
0x4061c8 fprintf
0x4061cc free
0x4061d0 fwrite
0x4061d4 malloc
0x4061d8 memcpy
0x4061dc signal
0x4061e0 strlen
0x4061e4 strncmp
0x4061e8 vfprintf
USER32.dll
0x4061f0 GetDC
EAT(Export Address Table) is none