ScreenShot
| Created | 2021.05.07 11:45 | Machine | s1_win7_x6401 |
| Filename | ster.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 13 detected (malicious, confidence, FileRepMalware, Artemis, kcloud, Casdet, CLOUD) | ||
| md5 | 5cef87c65c9a2545eb8c9151a5fa1e1d | ||
| sha256 | 9088e5ed27f14a67077827ca9ec4bf6cfa24b4ec669d253e593a1a2d0c66b9da | ||
| ssdeep | 6144:obpjhQX5nE8CBatjBq2PkD+rXpAF7TCc4QWoE/rzcPzny:0jGE8CBejtkD+r5Pdrzcu | ||
| imphash | 1b67617243a922f784610b5e37db7c39 | ||
| impfuzzy | 24:L6U0k1PJTS1o0qtSmlJnc+pl3eDoTeBUSOovbO9Ziv2jME:L6U0k1PJTS1YtSkc+pp/p3A+ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations. |
| watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x140010230 CharNextA
0x140010238 DialogBoxParamA
0x140010240 IsMenu
0x140010248 TabbedTextOutA
0x140010250 CallWindowProcW
GDI32.dll
0x140010000 GetBkMode
0x140010008 CopyMetaFileA
0x140010010 CreateHalftonePalette
KERNEL32.dll
0x140010020 CloseHandle
0x140010028 WriteConsoleW
0x140010030 CreateFileW
0x140010038 ExitProcess
0x140010040 QueryPerformanceCounter
0x140010048 GetCurrentProcessId
0x140010050 GetCurrentThreadId
0x140010058 GetSystemTimeAsFileTime
0x140010060 InitializeSListHead
0x140010068 RtlCaptureContext
0x140010070 RtlLookupFunctionEntry
0x140010078 RtlVirtualUnwind
0x140010080 IsDebuggerPresent
0x140010088 UnhandledExceptionFilter
0x140010090 SetUnhandledExceptionFilter
0x140010098 GetStartupInfoW
0x1400100a0 IsProcessorFeaturePresent
0x1400100a8 GetModuleHandleW
0x1400100b0 RtlUnwindEx
0x1400100b8 GetLastError
0x1400100c0 SetLastError
0x1400100c8 EnterCriticalSection
0x1400100d0 LeaveCriticalSection
0x1400100d8 DeleteCriticalSection
0x1400100e0 InitializeCriticalSectionAndSpinCount
0x1400100e8 TlsAlloc
0x1400100f0 TlsGetValue
0x1400100f8 TlsSetValue
0x140010100 TlsFree
0x140010108 FreeLibrary
0x140010110 GetProcAddress
0x140010118 LoadLibraryExW
0x140010120 RaiseException
0x140010128 GetStdHandle
0x140010130 WriteFile
0x140010138 GetModuleFileNameW
0x140010140 GetCurrentProcess
0x140010148 TerminateProcess
0x140010150 GetModuleHandleExW
0x140010158 HeapAlloc
0x140010160 HeapFree
0x140010168 FindClose
0x140010170 FindFirstFileExW
0x140010178 FindNextFileW
0x140010180 IsValidCodePage
0x140010188 GetACP
0x140010190 GetOEMCP
0x140010198 GetCPInfo
0x1400101a0 GetCommandLineA
0x1400101a8 GetCommandLineW
0x1400101b0 MultiByteToWideChar
0x1400101b8 WideCharToMultiByte
0x1400101c0 GetEnvironmentStringsW
0x1400101c8 FreeEnvironmentStringsW
0x1400101d0 SetStdHandle
0x1400101d8 GetFileType
0x1400101e0 GetStringTypeW
0x1400101e8 LCMapStringW
0x1400101f0 GetProcessHeap
0x1400101f8 HeapSize
0x140010200 HeapReAlloc
0x140010208 FlushFileBuffers
0x140010210 GetConsoleCP
0x140010218 GetConsoleMode
0x140010220 SetFilePointerEx
EAT(Export Address Table) is none
USER32.dll
0x140010230 CharNextA
0x140010238 DialogBoxParamA
0x140010240 IsMenu
0x140010248 TabbedTextOutA
0x140010250 CallWindowProcW
GDI32.dll
0x140010000 GetBkMode
0x140010008 CopyMetaFileA
0x140010010 CreateHalftonePalette
KERNEL32.dll
0x140010020 CloseHandle
0x140010028 WriteConsoleW
0x140010030 CreateFileW
0x140010038 ExitProcess
0x140010040 QueryPerformanceCounter
0x140010048 GetCurrentProcessId
0x140010050 GetCurrentThreadId
0x140010058 GetSystemTimeAsFileTime
0x140010060 InitializeSListHead
0x140010068 RtlCaptureContext
0x140010070 RtlLookupFunctionEntry
0x140010078 RtlVirtualUnwind
0x140010080 IsDebuggerPresent
0x140010088 UnhandledExceptionFilter
0x140010090 SetUnhandledExceptionFilter
0x140010098 GetStartupInfoW
0x1400100a0 IsProcessorFeaturePresent
0x1400100a8 GetModuleHandleW
0x1400100b0 RtlUnwindEx
0x1400100b8 GetLastError
0x1400100c0 SetLastError
0x1400100c8 EnterCriticalSection
0x1400100d0 LeaveCriticalSection
0x1400100d8 DeleteCriticalSection
0x1400100e0 InitializeCriticalSectionAndSpinCount
0x1400100e8 TlsAlloc
0x1400100f0 TlsGetValue
0x1400100f8 TlsSetValue
0x140010100 TlsFree
0x140010108 FreeLibrary
0x140010110 GetProcAddress
0x140010118 LoadLibraryExW
0x140010120 RaiseException
0x140010128 GetStdHandle
0x140010130 WriteFile
0x140010138 GetModuleFileNameW
0x140010140 GetCurrentProcess
0x140010148 TerminateProcess
0x140010150 GetModuleHandleExW
0x140010158 HeapAlloc
0x140010160 HeapFree
0x140010168 FindClose
0x140010170 FindFirstFileExW
0x140010178 FindNextFileW
0x140010180 IsValidCodePage
0x140010188 GetACP
0x140010190 GetOEMCP
0x140010198 GetCPInfo
0x1400101a0 GetCommandLineA
0x1400101a8 GetCommandLineW
0x1400101b0 MultiByteToWideChar
0x1400101b8 WideCharToMultiByte
0x1400101c0 GetEnvironmentStringsW
0x1400101c8 FreeEnvironmentStringsW
0x1400101d0 SetStdHandle
0x1400101d8 GetFileType
0x1400101e0 GetStringTypeW
0x1400101e8 LCMapStringW
0x1400101f0 GetProcessHeap
0x1400101f8 HeapSize
0x140010200 HeapReAlloc
0x140010208 FlushFileBuffers
0x140010210 GetConsoleCP
0x140010218 GetConsoleMode
0x140010220 SetFilePointerEx
EAT(Export Address Table) is none