ScreenShot
| Created | 2021.04.29 22:21 | Machine | s1_win7_x6402 |
| Filename | download.blog | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 18 detected (Artemis, Virut, DownLoad2, epaaqp, FileRepMalware, CLOUD, Wacapew, Bobax, 7F6CRN, PossibleThreat) | ||
| md5 | 0e65369ce84e7693c3a2bad17fdc1a57 | ||
| sha256 | 5d8eca5ffd91ba9db05c4c81d4433f09d5f2a192ea9ce05e6114fd6a7a52a091 | ||
| ssdeep | 49152:RUwVmcGxgeqQkrdv2Racqo1nNoL35YKPK5LZwz2lrCv2+NOElWsvJwj6:RUwVmcGkP9OapkNQGKgN14vlCj6 | ||
| imphash | 3690af39f782c8fd8d85051248a86f61 | ||
| impfuzzy | 48:zSe40QlX/u/1EofhS5twy+GT0KxInBQCX6fpVOfhAcqTu:fltz6fpViADTu | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Deletes executed files from disk |
| watch | File has been identified by 18 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable uses a known packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x409148 GetSystemMetrics
0x40914c LoadIconA
0x409150 LoadCursorA
0x409154 RegisterClassA
0x409158 CreateWindowExA
0x40915c SendMessageA
0x409160 DestroyWindow
0x409164 MessageBoxA
0x409168 DefWindowProcA
0x40916c BeginPaint
0x409170 GetClientRect
0x409174 LoadImageA
0x409178 DrawTextA
0x40917c EndPaint
0x409180 GetSysColor
0x409184 FillRect
0x409188 SetTimer
0x40918c PeekMessageA
0x409190 TranslateMessage
0x409194 DispatchMessageA
0x409198 GetForegroundWindow
0x40919c ShowWindow
0x4091a0 WaitMessage
0x4091a4 KillTimer
0x4091a8 PostQuitMessage
0x4091ac InvalidateRect
0x4091b0 UpdateWindow
0x4091b4 wsprintfA
GDI32.dll
0x409000 SelectObject
0x409004 SetTextColor
0x409008 SetBkMode
0x40900c GetObjectA
0x409010 CreateCompatibleDC
0x409014 BitBlt
0x409018 DeleteDC
0x40901c DeleteObject
0x409020 GetStockObject
0x409024 CreateSolidBrush
0x409028 CreateFontIndirectA
KERNEL32.dll
0x409030 InterlockedIncrement
0x409034 InterlockedDecrement
0x409038 GetStringTypeW
0x40903c GetStringTypeA
0x409040 LCMapStringW
0x409044 LCMapStringA
0x409048 MultiByteToWideChar
0x40904c LoadLibraryA
0x409050 GetOEMCP
0x409054 GetACP
0x409058 GetCPInfo
0x40905c LeaveCriticalSection
0x409060 EnterCriticalSection
0x409064 InitializeCriticalSection
0x409068 GetProcAddress
0x40906c GetModuleHandleA
0x409070 _lcreat
0x409074 GlobalLock
0x409078 GlobalAlloc
0x40907c GlobalUnlock
0x409080 GlobalHandle
0x409084 GlobalFree
0x409088 _llseek
0x40908c _lread
0x409090 GetTempFileNameA
0x409094 GetTempPathA
0x409098 _lclose
0x40909c _lwrite
0x4090a0 CloseHandle
0x4090a4 GetLastError
0x4090a8 CreateFileA
0x4090ac DeleteFileA
0x4090b0 WinExec
0x4090b4 lstrcpyA
0x4090b8 _lopen
0x4090bc GetModuleFileNameA
0x4090c0 RemoveDirectoryA
0x4090c4 CreateDirectoryA
0x4090c8 GetStartupInfoA
0x4090cc GetCommandLineA
0x4090d0 GetVersion
0x4090d4 ExitProcess
0x4090d8 HeapAlloc
0x4090dc HeapFree
0x4090e0 TerminateProcess
0x4090e4 GetCurrentProcess
0x4090e8 UnhandledExceptionFilter
0x4090ec FreeEnvironmentStringsA
0x4090f0 FreeEnvironmentStringsW
0x4090f4 WideCharToMultiByte
0x4090f8 GetEnvironmentStrings
0x4090fc GetEnvironmentStringsW
0x409100 SetHandleCount
0x409104 GetStdHandle
0x409108 GetFileType
0x40910c GetCurrentThreadId
0x409110 TlsSetValue
0x409114 TlsAlloc
0x409118 SetLastError
0x40911c TlsGetValue
0x409120 GetEnvironmentVariableA
0x409124 GetVersionExA
0x409128 HeapDestroy
0x40912c HeapCreate
0x409130 VirtualFree
0x409134 RtlUnwind
0x409138 WriteFile
0x40913c VirtualAlloc
0x409140 HeapReAlloc
EAT(Export Address Table) is none
USER32.dll
0x409148 GetSystemMetrics
0x40914c LoadIconA
0x409150 LoadCursorA
0x409154 RegisterClassA
0x409158 CreateWindowExA
0x40915c SendMessageA
0x409160 DestroyWindow
0x409164 MessageBoxA
0x409168 DefWindowProcA
0x40916c BeginPaint
0x409170 GetClientRect
0x409174 LoadImageA
0x409178 DrawTextA
0x40917c EndPaint
0x409180 GetSysColor
0x409184 FillRect
0x409188 SetTimer
0x40918c PeekMessageA
0x409190 TranslateMessage
0x409194 DispatchMessageA
0x409198 GetForegroundWindow
0x40919c ShowWindow
0x4091a0 WaitMessage
0x4091a4 KillTimer
0x4091a8 PostQuitMessage
0x4091ac InvalidateRect
0x4091b0 UpdateWindow
0x4091b4 wsprintfA
GDI32.dll
0x409000 SelectObject
0x409004 SetTextColor
0x409008 SetBkMode
0x40900c GetObjectA
0x409010 CreateCompatibleDC
0x409014 BitBlt
0x409018 DeleteDC
0x40901c DeleteObject
0x409020 GetStockObject
0x409024 CreateSolidBrush
0x409028 CreateFontIndirectA
KERNEL32.dll
0x409030 InterlockedIncrement
0x409034 InterlockedDecrement
0x409038 GetStringTypeW
0x40903c GetStringTypeA
0x409040 LCMapStringW
0x409044 LCMapStringA
0x409048 MultiByteToWideChar
0x40904c LoadLibraryA
0x409050 GetOEMCP
0x409054 GetACP
0x409058 GetCPInfo
0x40905c LeaveCriticalSection
0x409060 EnterCriticalSection
0x409064 InitializeCriticalSection
0x409068 GetProcAddress
0x40906c GetModuleHandleA
0x409070 _lcreat
0x409074 GlobalLock
0x409078 GlobalAlloc
0x40907c GlobalUnlock
0x409080 GlobalHandle
0x409084 GlobalFree
0x409088 _llseek
0x40908c _lread
0x409090 GetTempFileNameA
0x409094 GetTempPathA
0x409098 _lclose
0x40909c _lwrite
0x4090a0 CloseHandle
0x4090a4 GetLastError
0x4090a8 CreateFileA
0x4090ac DeleteFileA
0x4090b0 WinExec
0x4090b4 lstrcpyA
0x4090b8 _lopen
0x4090bc GetModuleFileNameA
0x4090c0 RemoveDirectoryA
0x4090c4 CreateDirectoryA
0x4090c8 GetStartupInfoA
0x4090cc GetCommandLineA
0x4090d0 GetVersion
0x4090d4 ExitProcess
0x4090d8 HeapAlloc
0x4090dc HeapFree
0x4090e0 TerminateProcess
0x4090e4 GetCurrentProcess
0x4090e8 UnhandledExceptionFilter
0x4090ec FreeEnvironmentStringsA
0x4090f0 FreeEnvironmentStringsW
0x4090f4 WideCharToMultiByte
0x4090f8 GetEnvironmentStrings
0x4090fc GetEnvironmentStringsW
0x409100 SetHandleCount
0x409104 GetStdHandle
0x409108 GetFileType
0x40910c GetCurrentThreadId
0x409110 TlsSetValue
0x409114 TlsAlloc
0x409118 SetLastError
0x40911c TlsGetValue
0x409120 GetEnvironmentVariableA
0x409124 GetVersionExA
0x409128 HeapDestroy
0x40912c HeapCreate
0x409130 VirtualFree
0x409134 RtlUnwind
0x409138 WriteFile
0x40913c VirtualAlloc
0x409140 HeapReAlloc
EAT(Export Address Table) is none