ScreenShot
| Created | 2021.04.28 09:25 | Machine | s1_win7_x6402 |
| Filename | tret.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 22 detected (malicious, high confidence, FGOI, Unsafe, GenKryptik, FEGA, FileRepMalware, CLOUD, kcloud, Wacatac, R002H0DDR21, confidence) | ||
| md5 | ee1db7f0ad39df1af6eb5166447b1471 | ||
| sha256 | 842e396f05d590ec88da30e6180dfb29a7aec16e3ef5b49398fde8b79e4090bd | ||
| ssdeep | 6144:tpAjX3PhxbtNWsDD8/x1b8MthF10zO+UkEb+XL7bZVhT6nhVqokJWFX7m1pnk9Pd:Ajn6sEZCM7FyzZUkEbYa/4ea1OD | ||
| imphash | fa677faa551dd71de23395a2baeb8056 | ||
| impfuzzy | 48:RfutMS17kc+ppfk3rB0jkgRCsBQEtxZ2/:4tMS17kc+ppfoOj0kZC | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140042020 HeapAlloc
0x140042028 HeapReAlloc
0x140042030 HeapFree
0x140042038 HeapSize
0x140042040 K32GetModuleBaseNameW
0x140042048 FindResourceExA
0x140042050 SetFileAttributesTransactedA
0x140042058 GetVolumePathNameW
0x140042060 FindResourceW
0x140042068 OpenPrivateNamespaceW
0x140042070 LoadLibraryA
0x140042078 GetProcAddress
0x140042080 VirtualProtect
0x140042088 GetProcessHeap
0x140042090 WriteConsoleW
0x140042098 CreateFileW
0x1400420a0 CloseHandle
0x1400420a8 SetFilePointerEx
0x1400420b0 GetConsoleMode
0x1400420b8 GetConsoleCP
0x1400420c0 FlushFileBuffers
0x1400420c8 LCMapStringW
0x1400420d0 VirtualAlloc
0x1400420d8 VirtualFree
0x1400420e0 GetStringTypeW
0x1400420e8 GetFileType
0x1400420f0 SetStdHandle
0x1400420f8 RtlCaptureContext
0x140042100 RtlLookupFunctionEntry
0x140042108 RtlVirtualUnwind
0x140042110 UnhandledExceptionFilter
0x140042118 SetUnhandledExceptionFilter
0x140042120 GetCurrentProcess
0x140042128 TerminateProcess
0x140042130 IsProcessorFeaturePresent
0x140042138 QueryPerformanceCounter
0x140042140 GetCurrentProcessId
0x140042148 GetCurrentThreadId
0x140042150 GetSystemTimeAsFileTime
0x140042158 InitializeSListHead
0x140042160 IsDebuggerPresent
0x140042168 GetStartupInfoW
0x140042170 GetModuleHandleW
0x140042178 RtlUnwindEx
0x140042180 GetLastError
0x140042188 SetLastError
0x140042190 EnterCriticalSection
0x140042198 LeaveCriticalSection
0x1400421a0 DeleteCriticalSection
0x1400421a8 InitializeCriticalSectionAndSpinCount
0x1400421b0 TlsAlloc
0x1400421b8 TlsGetValue
0x1400421c0 TlsSetValue
0x1400421c8 TlsFree
0x1400421d0 FreeLibrary
0x1400421d8 LoadLibraryExW
0x1400421e0 GetStdHandle
0x1400421e8 WriteFile
0x1400421f0 GetModuleFileNameW
0x1400421f8 MultiByteToWideChar
0x140042200 WideCharToMultiByte
0x140042208 ExitProcess
0x140042210 GetModuleHandleExW
0x140042218 GetACP
0x140042220 FindClose
0x140042228 FindFirstFileExW
0x140042230 FindNextFileW
0x140042238 IsValidCodePage
0x140042240 GetOEMCP
0x140042248 GetCPInfo
0x140042250 GetCommandLineA
0x140042258 GetCommandLineW
0x140042260 GetEnvironmentStringsW
0x140042268 FreeEnvironmentStringsW
0x140042270 RaiseException
USER32.dll
0x1400422b0 RegisterShellHookWindow
0x1400422b8 DdeCreateStringHandleA
0x1400422c0 GetGestureConfig
0x1400422c8 OpenDesktopA
0x1400422d0 SetWindowWord
0x1400422d8 BroadcastSystemMessageExA
ole32.dll
0x1400422e8 CoGetObjectContext
0x1400422f0 HICON_UserMarshal
0x1400422f8 HMETAFILE_UserSize
0x140042300 NdrProxyForwardingFunction26
0x140042308 OleCreate
0x140042310 SetConvertStg
GDI32.dll
0x140042000 CancelDC
0x140042008 D3DKMTCreateAllocation
0x140042010 AddFontResourceA
SHELL32.dll
0x140042280 None
0x140042288 ExtractIconExA
0x140042290 SHCreateDefaultContextMenu
0x140042298 SHGetInstanceExplorer
0x1400422a0 None
EAT(Export Address Table) Library
KERNEL32.dll
0x140042020 HeapAlloc
0x140042028 HeapReAlloc
0x140042030 HeapFree
0x140042038 HeapSize
0x140042040 K32GetModuleBaseNameW
0x140042048 FindResourceExA
0x140042050 SetFileAttributesTransactedA
0x140042058 GetVolumePathNameW
0x140042060 FindResourceW
0x140042068 OpenPrivateNamespaceW
0x140042070 LoadLibraryA
0x140042078 GetProcAddress
0x140042080 VirtualProtect
0x140042088 GetProcessHeap
0x140042090 WriteConsoleW
0x140042098 CreateFileW
0x1400420a0 CloseHandle
0x1400420a8 SetFilePointerEx
0x1400420b0 GetConsoleMode
0x1400420b8 GetConsoleCP
0x1400420c0 FlushFileBuffers
0x1400420c8 LCMapStringW
0x1400420d0 VirtualAlloc
0x1400420d8 VirtualFree
0x1400420e0 GetStringTypeW
0x1400420e8 GetFileType
0x1400420f0 SetStdHandle
0x1400420f8 RtlCaptureContext
0x140042100 RtlLookupFunctionEntry
0x140042108 RtlVirtualUnwind
0x140042110 UnhandledExceptionFilter
0x140042118 SetUnhandledExceptionFilter
0x140042120 GetCurrentProcess
0x140042128 TerminateProcess
0x140042130 IsProcessorFeaturePresent
0x140042138 QueryPerformanceCounter
0x140042140 GetCurrentProcessId
0x140042148 GetCurrentThreadId
0x140042150 GetSystemTimeAsFileTime
0x140042158 InitializeSListHead
0x140042160 IsDebuggerPresent
0x140042168 GetStartupInfoW
0x140042170 GetModuleHandleW
0x140042178 RtlUnwindEx
0x140042180 GetLastError
0x140042188 SetLastError
0x140042190 EnterCriticalSection
0x140042198 LeaveCriticalSection
0x1400421a0 DeleteCriticalSection
0x1400421a8 InitializeCriticalSectionAndSpinCount
0x1400421b0 TlsAlloc
0x1400421b8 TlsGetValue
0x1400421c0 TlsSetValue
0x1400421c8 TlsFree
0x1400421d0 FreeLibrary
0x1400421d8 LoadLibraryExW
0x1400421e0 GetStdHandle
0x1400421e8 WriteFile
0x1400421f0 GetModuleFileNameW
0x1400421f8 MultiByteToWideChar
0x140042200 WideCharToMultiByte
0x140042208 ExitProcess
0x140042210 GetModuleHandleExW
0x140042218 GetACP
0x140042220 FindClose
0x140042228 FindFirstFileExW
0x140042230 FindNextFileW
0x140042238 IsValidCodePage
0x140042240 GetOEMCP
0x140042248 GetCPInfo
0x140042250 GetCommandLineA
0x140042258 GetCommandLineW
0x140042260 GetEnvironmentStringsW
0x140042268 FreeEnvironmentStringsW
0x140042270 RaiseException
USER32.dll
0x1400422b0 RegisterShellHookWindow
0x1400422b8 DdeCreateStringHandleA
0x1400422c0 GetGestureConfig
0x1400422c8 OpenDesktopA
0x1400422d0 SetWindowWord
0x1400422d8 BroadcastSystemMessageExA
ole32.dll
0x1400422e8 CoGetObjectContext
0x1400422f0 HICON_UserMarshal
0x1400422f8 HMETAFILE_UserSize
0x140042300 NdrProxyForwardingFunction26
0x140042308 OleCreate
0x140042310 SetConvertStg
GDI32.dll
0x140042000 CancelDC
0x140042008 D3DKMTCreateAllocation
0x140042010 AddFontResourceA
SHELL32.dll
0x140042280 None
0x140042288 ExtractIconExA
0x140042290 SHCreateDefaultContextMenu
0x140042298 SHGetInstanceExplorer
0x1400422a0 None
EAT(Export Address Table) Library