ScreenShot
| Created | 2021.04.28 17:36 | Machine | s1_win7_x6402 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 41 detected (malicious, high confidence, GenericKD, Save, Convagent, Eldorado, Attribute, HighConfidence, Kryptik, HKPD, PWSX, Telebot, A + Troj, Steal, DownLoader38, Static AI, Malicious PE, ai score=86, Azorult, score, AGEN, R417906, BScope, Unsafe, R002H0CDR21, CLOUD, susgen, HKPK, ZexaF, EC0@aK, ItSok, confidence, 100%) | ||
| md5 | e716d52efd4cfaa34624d374ca37b65b | ||
| sha256 | 5a2f2c14ae6ff0c58e2c7b04b53baa83801b069479af2e5605a012a110883742 | ||
| ssdeep | 12288:0biBZTVuB0UAGwJQ+mfBpVu5KbIckot/KKUyKrjROEtwl:0biHAAtNmfBa5WmuUJrjROEtw | ||
| imphash | 432fa5211ef0f96934979b9062f09f53 | ||
| impfuzzy | 24:U9zbkxpUJVzj/IhfdcDL1fKg8TbqLOova1tmkJ3I5cxOaNTqdbplOFQ8RyvHRBZ7:UWsYG18q6v1thGcvcd1/xBZBpKpCZ | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xa46008 FreeLibrary
0xa4600c LoadLibraryExW
0xa46010 InterlockedIncrement
0xa46014 GetConsoleAliasA
0xa46018 GetModuleHandleExW
0xa4601c GetTimeFormatA
0xa46020 ConnectNamedPipe
0xa46024 GetTickCount
0xa46028 TzSpecificLocalTimeToSystemTime
0xa4602c GlobalAlloc
0xa46030 TerminateThread
0xa46034 GetLocaleInfoW
0xa46038 GetSystemTimeAdjustment
0xa4603c GetFileAttributesA
0xa46040 SetConsoleCursorPosition
0xa46044 FindResourceW
0xa46048 SetTimeZoneInformation
0xa4604c GetAtomNameW
0xa46050 lstrcatA
0xa46054 RaiseException
0xa46058 GetLastError
0xa4605c GetProcAddress
0xa46060 OpenWaitableTimerA
0xa46064 SetConsoleOutputCP
0xa46068 FindAtomA
0xa4606c GlobalFindAtomW
0xa46070 GetModuleHandleA
0xa46074 GetFileTime
0xa46078 FileTimeToLocalFileTime
0xa4607c GetCurrentProcessId
0xa46080 GetFileAttributesW
0xa46084 MapViewOfFile
0xa46088 GetModuleHandleW
0xa4608c Sleep
0xa46090 ExitProcess
0xa46094 GetCommandLineA
0xa46098 GetStartupInfoA
0xa4609c RtlUnwind
0xa460a0 TerminateProcess
0xa460a4 GetCurrentProcess
0xa460a8 UnhandledExceptionFilter
0xa460ac SetUnhandledExceptionFilter
0xa460b0 IsDebuggerPresent
0xa460b4 HeapAlloc
0xa460b8 HeapFree
0xa460bc TlsGetValue
0xa460c0 TlsAlloc
0xa460c4 TlsSetValue
0xa460c8 TlsFree
0xa460cc SetLastError
0xa460d0 GetCurrentThreadId
0xa460d4 InterlockedDecrement
0xa460d8 GetCurrentThread
0xa460dc WriteFile
0xa460e0 GetStdHandle
0xa460e4 GetModuleFileNameA
0xa460e8 DeleteCriticalSection
0xa460ec LeaveCriticalSection
0xa460f0 FatalAppExitA
0xa460f4 EnterCriticalSection
0xa460f8 SetConsoleCtrlHandler
0xa460fc InterlockedExchange
0xa46100 LoadLibraryA
0xa46104 InitializeCriticalSectionAndSpinCount
0xa46108 FreeEnvironmentStringsA
0xa4610c GetEnvironmentStrings
0xa46110 FreeEnvironmentStringsW
0xa46114 WideCharToMultiByte
0xa46118 GetEnvironmentStringsW
0xa4611c SetHandleCount
0xa46120 GetFileType
0xa46124 HeapCreate
0xa46128 HeapDestroy
0xa4612c VirtualFree
0xa46130 QueryPerformanceCounter
0xa46134 GetSystemTimeAsFileTime
0xa46138 VirtualAlloc
0xa4613c HeapReAlloc
0xa46140 GetCPInfo
0xa46144 GetACP
0xa46148 GetOEMCP
0xa4614c IsValidCodePage
0xa46150 HeapSize
0xa46154 GetLocaleInfoA
0xa46158 GetDateFormatA
0xa4615c GetUserDefaultLCID
0xa46160 EnumSystemLocalesA
0xa46164 IsValidLocale
0xa46168 GetStringTypeA
0xa4616c MultiByteToWideChar
0xa46170 GetStringTypeW
0xa46174 LCMapStringA
0xa46178 LCMapStringW
0xa4617c GetTimeZoneInformation
0xa46180 CompareStringA
0xa46184 CompareStringW
0xa46188 SetEnvironmentVariableA
ADVAPI32.dll
0xa46000 RegCreateKeyW
EAT(Export Address Table) Library
0x4683cc Linear
KERNEL32.dll
0xa46008 FreeLibrary
0xa4600c LoadLibraryExW
0xa46010 InterlockedIncrement
0xa46014 GetConsoleAliasA
0xa46018 GetModuleHandleExW
0xa4601c GetTimeFormatA
0xa46020 ConnectNamedPipe
0xa46024 GetTickCount
0xa46028 TzSpecificLocalTimeToSystemTime
0xa4602c GlobalAlloc
0xa46030 TerminateThread
0xa46034 GetLocaleInfoW
0xa46038 GetSystemTimeAdjustment
0xa4603c GetFileAttributesA
0xa46040 SetConsoleCursorPosition
0xa46044 FindResourceW
0xa46048 SetTimeZoneInformation
0xa4604c GetAtomNameW
0xa46050 lstrcatA
0xa46054 RaiseException
0xa46058 GetLastError
0xa4605c GetProcAddress
0xa46060 OpenWaitableTimerA
0xa46064 SetConsoleOutputCP
0xa46068 FindAtomA
0xa4606c GlobalFindAtomW
0xa46070 GetModuleHandleA
0xa46074 GetFileTime
0xa46078 FileTimeToLocalFileTime
0xa4607c GetCurrentProcessId
0xa46080 GetFileAttributesW
0xa46084 MapViewOfFile
0xa46088 GetModuleHandleW
0xa4608c Sleep
0xa46090 ExitProcess
0xa46094 GetCommandLineA
0xa46098 GetStartupInfoA
0xa4609c RtlUnwind
0xa460a0 TerminateProcess
0xa460a4 GetCurrentProcess
0xa460a8 UnhandledExceptionFilter
0xa460ac SetUnhandledExceptionFilter
0xa460b0 IsDebuggerPresent
0xa460b4 HeapAlloc
0xa460b8 HeapFree
0xa460bc TlsGetValue
0xa460c0 TlsAlloc
0xa460c4 TlsSetValue
0xa460c8 TlsFree
0xa460cc SetLastError
0xa460d0 GetCurrentThreadId
0xa460d4 InterlockedDecrement
0xa460d8 GetCurrentThread
0xa460dc WriteFile
0xa460e0 GetStdHandle
0xa460e4 GetModuleFileNameA
0xa460e8 DeleteCriticalSection
0xa460ec LeaveCriticalSection
0xa460f0 FatalAppExitA
0xa460f4 EnterCriticalSection
0xa460f8 SetConsoleCtrlHandler
0xa460fc InterlockedExchange
0xa46100 LoadLibraryA
0xa46104 InitializeCriticalSectionAndSpinCount
0xa46108 FreeEnvironmentStringsA
0xa4610c GetEnvironmentStrings
0xa46110 FreeEnvironmentStringsW
0xa46114 WideCharToMultiByte
0xa46118 GetEnvironmentStringsW
0xa4611c SetHandleCount
0xa46120 GetFileType
0xa46124 HeapCreate
0xa46128 HeapDestroy
0xa4612c VirtualFree
0xa46130 QueryPerformanceCounter
0xa46134 GetSystemTimeAsFileTime
0xa46138 VirtualAlloc
0xa4613c HeapReAlloc
0xa46140 GetCPInfo
0xa46144 GetACP
0xa46148 GetOEMCP
0xa4614c IsValidCodePage
0xa46150 HeapSize
0xa46154 GetLocaleInfoA
0xa46158 GetDateFormatA
0xa4615c GetUserDefaultLCID
0xa46160 EnumSystemLocalesA
0xa46164 IsValidLocale
0xa46168 GetStringTypeA
0xa4616c MultiByteToWideChar
0xa46170 GetStringTypeW
0xa46174 LCMapStringA
0xa46178 LCMapStringW
0xa4617c GetTimeZoneInformation
0xa46180 CompareStringA
0xa46184 CompareStringW
0xa46188 SetEnvironmentVariableA
ADVAPI32.dll
0xa46000 RegCreateKeyW
EAT(Export Address Table) Library
0x4683cc Linear