ScreenShot
| Created | 2021.04.30 09:33 | Machine | s1_win7_x6401 |
| Filename | 280421-z1z.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 20 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Hacktool, Attribute, HighConfidence, Lockbit, Static AI, Malicious PE, Predator, score, MachineLearning, Anomalous, Generic@ML, RDML, BPB8, zwVhs734rdHG6nUQA, LoadMoney, ZexaF, My0@aiyEvJdO) | ||
| md5 | 2699077a996951eac7b369b6356ff296 | ||
| sha256 | 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044 | ||
| ssdeep | 12288:iSDW0/Ph/JtjwVXfFUOj9Y9A3o6rq9JSsQ+uP096/X:fW0h/JtjwVXSOj9GA3o62Esn9SX | ||
| imphash | 83bd011ef23b4af0fb7ccf87a8ce5854 | ||
| impfuzzy | 24:As8kotTgAj0eq+rJcDL1V6JUGOkmIuQA7tehJK5cxOaNTcKdZluHuOZyvFlRfGNM:XN+O1IgCA7to6cvKKdZ0ulfGNZ2Kp6rn | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4b1000 GetModuleHandleExA
0x4b1004 MapViewOfFile
0x4b1008 FindResourceW
0x4b100c SystemTimeToTzSpecificLocalTime
0x4b1010 GetConsoleAliasA
0x4b1014 GetTickCount
0x4b1018 SetFileTime
0x4b101c GlobalFindAtomA
0x4b1020 TerminateThread
0x4b1024 GetLocaleInfoW
0x4b1028 GetSystemTimeAdjustment
0x4b102c GetFileAttributesA
0x4b1030 GetFileAttributesW
0x4b1034 SetTimeZoneInformation
0x4b1038 GetAtomNameW
0x4b103c FileTimeToSystemTime
0x4b1040 ReadFile
0x4b1044 lstrcatA
0x4b1048 RaiseException
0x4b104c LCMapStringA
0x4b1050 FreeLibraryAndExitThread
0x4b1054 SetLastError
0x4b1058 GetProcAddress
0x4b105c OpenWaitableTimerA
0x4b1060 LoadLibraryA
0x4b1064 OpenWaitableTimerW
0x4b1068 LocalAlloc
0x4b106c SetConsoleOutputCP
0x4b1070 LoadLibraryExA
0x4b1074 GetConsoleCursorInfo
0x4b1078 FindAtomW
0x4b107c DeleteTimerQueueTimer
0x4b1080 GetCurrentProcessId
0x4b1084 SetEnvironmentVariableA
0x4b1088 CompareStringW
0x4b108c GetModuleHandleW
0x4b1090 Sleep
0x4b1094 ExitProcess
0x4b1098 GetStartupInfoW
0x4b109c TerminateProcess
0x4b10a0 GetCurrentProcess
0x4b10a4 UnhandledExceptionFilter
0x4b10a8 SetUnhandledExceptionFilter
0x4b10ac IsDebuggerPresent
0x4b10b0 HeapAlloc
0x4b10b4 TlsGetValue
0x4b10b8 TlsAlloc
0x4b10bc TlsSetValue
0x4b10c0 TlsFree
0x4b10c4 InterlockedIncrement
0x4b10c8 GetCurrentThreadId
0x4b10cc GetLastError
0x4b10d0 InterlockedDecrement
0x4b10d4 GetCurrentThread
0x4b10d8 WriteFile
0x4b10dc GetStdHandle
0x4b10e0 GetModuleFileNameA
0x4b10e4 DeleteCriticalSection
0x4b10e8 LeaveCriticalSection
0x4b10ec FatalAppExitA
0x4b10f0 EnterCriticalSection
0x4b10f4 SetConsoleCtrlHandler
0x4b10f8 FreeLibrary
0x4b10fc InterlockedExchange
0x4b1100 InitializeCriticalSectionAndSpinCount
0x4b1104 GetModuleFileNameW
0x4b1108 FreeEnvironmentStringsW
0x4b110c GetEnvironmentStringsW
0x4b1110 GetCommandLineW
0x4b1114 SetHandleCount
0x4b1118 GetFileType
0x4b111c GetStartupInfoA
0x4b1120 HeapCreate
0x4b1124 HeapDestroy
0x4b1128 VirtualFree
0x4b112c HeapFree
0x4b1130 QueryPerformanceCounter
0x4b1134 GetSystemTimeAsFileTime
0x4b1138 VirtualAlloc
0x4b113c HeapReAlloc
0x4b1140 GetCPInfo
0x4b1144 GetACP
0x4b1148 GetOEMCP
0x4b114c IsValidCodePage
0x4b1150 HeapSize
0x4b1154 RtlUnwind
0x4b1158 GetLocaleInfoA
0x4b115c WideCharToMultiByte
0x4b1160 MultiByteToWideChar
0x4b1164 LCMapStringW
0x4b1168 GetStringTypeA
0x4b116c GetStringTypeW
0x4b1170 GetTimeFormatA
0x4b1174 GetDateFormatA
0x4b1178 GetUserDefaultLCID
0x4b117c EnumSystemLocalesA
0x4b1180 IsValidLocale
0x4b1184 GetTimeZoneInformation
0x4b1188 CompareStringA
0x4b118c GetModuleHandleA
USER32.dll
0x4b1194 GetDesktopWindow
EAT(Export Address Table) is none
KERNEL32.dll
0x4b1000 GetModuleHandleExA
0x4b1004 MapViewOfFile
0x4b1008 FindResourceW
0x4b100c SystemTimeToTzSpecificLocalTime
0x4b1010 GetConsoleAliasA
0x4b1014 GetTickCount
0x4b1018 SetFileTime
0x4b101c GlobalFindAtomA
0x4b1020 TerminateThread
0x4b1024 GetLocaleInfoW
0x4b1028 GetSystemTimeAdjustment
0x4b102c GetFileAttributesA
0x4b1030 GetFileAttributesW
0x4b1034 SetTimeZoneInformation
0x4b1038 GetAtomNameW
0x4b103c FileTimeToSystemTime
0x4b1040 ReadFile
0x4b1044 lstrcatA
0x4b1048 RaiseException
0x4b104c LCMapStringA
0x4b1050 FreeLibraryAndExitThread
0x4b1054 SetLastError
0x4b1058 GetProcAddress
0x4b105c OpenWaitableTimerA
0x4b1060 LoadLibraryA
0x4b1064 OpenWaitableTimerW
0x4b1068 LocalAlloc
0x4b106c SetConsoleOutputCP
0x4b1070 LoadLibraryExA
0x4b1074 GetConsoleCursorInfo
0x4b1078 FindAtomW
0x4b107c DeleteTimerQueueTimer
0x4b1080 GetCurrentProcessId
0x4b1084 SetEnvironmentVariableA
0x4b1088 CompareStringW
0x4b108c GetModuleHandleW
0x4b1090 Sleep
0x4b1094 ExitProcess
0x4b1098 GetStartupInfoW
0x4b109c TerminateProcess
0x4b10a0 GetCurrentProcess
0x4b10a4 UnhandledExceptionFilter
0x4b10a8 SetUnhandledExceptionFilter
0x4b10ac IsDebuggerPresent
0x4b10b0 HeapAlloc
0x4b10b4 TlsGetValue
0x4b10b8 TlsAlloc
0x4b10bc TlsSetValue
0x4b10c0 TlsFree
0x4b10c4 InterlockedIncrement
0x4b10c8 GetCurrentThreadId
0x4b10cc GetLastError
0x4b10d0 InterlockedDecrement
0x4b10d4 GetCurrentThread
0x4b10d8 WriteFile
0x4b10dc GetStdHandle
0x4b10e0 GetModuleFileNameA
0x4b10e4 DeleteCriticalSection
0x4b10e8 LeaveCriticalSection
0x4b10ec FatalAppExitA
0x4b10f0 EnterCriticalSection
0x4b10f4 SetConsoleCtrlHandler
0x4b10f8 FreeLibrary
0x4b10fc InterlockedExchange
0x4b1100 InitializeCriticalSectionAndSpinCount
0x4b1104 GetModuleFileNameW
0x4b1108 FreeEnvironmentStringsW
0x4b110c GetEnvironmentStringsW
0x4b1110 GetCommandLineW
0x4b1114 SetHandleCount
0x4b1118 GetFileType
0x4b111c GetStartupInfoA
0x4b1120 HeapCreate
0x4b1124 HeapDestroy
0x4b1128 VirtualFree
0x4b112c HeapFree
0x4b1130 QueryPerformanceCounter
0x4b1134 GetSystemTimeAsFileTime
0x4b1138 VirtualAlloc
0x4b113c HeapReAlloc
0x4b1140 GetCPInfo
0x4b1144 GetACP
0x4b1148 GetOEMCP
0x4b114c IsValidCodePage
0x4b1150 HeapSize
0x4b1154 RtlUnwind
0x4b1158 GetLocaleInfoA
0x4b115c WideCharToMultiByte
0x4b1160 MultiByteToWideChar
0x4b1164 LCMapStringW
0x4b1168 GetStringTypeA
0x4b116c GetStringTypeW
0x4b1170 GetTimeFormatA
0x4b1174 GetDateFormatA
0x4b1178 GetUserDefaultLCID
0x4b117c EnumSystemLocalesA
0x4b1180 IsValidLocale
0x4b1184 GetTimeZoneInformation
0x4b1188 CompareStringA
0x4b118c GetModuleHandleA
USER32.dll
0x4b1194 GetDesktopWindow
EAT(Export Address Table) is none