ScreenShot
| Created | 2021.05.07 11:40 | Machine | s1_win7_x6401 |
| Filename | msoffice.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (AIDetect, malware1, malicious, high confidence, Artemis, Unsafe, Save, confidence, 100%, Hacktool, Kryptik, Eldorado, Attribute, HighConfidence, FileRepMalware, Lockbit, Raccoon, M8NUWI, Caynamer, score, ZexaF, MyW@aqwNWQcO, BScope, CLOUD, Static AI, Malicious PE) | ||
| md5 | 4834277170bcb025809c6bcd8c967bc2 | ||
| sha256 | caf3eca514de58e215b5e9f568f748293be64a3c82e15c2f905903cd9bfacc1c | ||
| ssdeep | 12288:8Uf6GgYdyR6XH5Gwrt4Cl5YRc6tqe9XTyct3DHJ8zmrqJ:8Uf65YdyU359rt4RRFgU3DHJ8zy | ||
| imphash | 08a879d554c99744f28f371eb1c590a6 | ||
| impfuzzy | 24:uTkaAIPkPzcDL1yJ1Kg8TqvHoepD/OovEG+G/J3I+jFQ8Ryv98RSRxOaPTcKdbpD:LY1yJGepD2VGBP69YSRvwKd1ANZBIdrn | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x48b000 FindResourceA
0x48b004 GetModuleHandleExA
0x48b008 GetLocaleInfoA
0x48b00c MapViewOfFile
0x48b010 GetTickCount
0x48b014 WriteFile
0x48b018 TzSpecificLocalTimeToSystemTime
0x48b01c LoadLibraryW
0x48b020 TerminateThread
0x48b024 SetSystemTimeAdjustment
0x48b028 GetFileAttributesA
0x48b02c HeapCreate
0x48b030 GetConsoleAliasW
0x48b034 SetTimeZoneInformation
0x48b038 lstrcatA
0x48b03c FreeLibraryAndExitThread
0x48b040 GetLastError
0x48b044 GetProcAddress
0x48b048 OpenWaitableTimerA
0x48b04c GetAtomNameA
0x48b050 GetProcessId
0x48b054 UnhandledExceptionFilter
0x48b058 SetConsoleOutputCP
0x48b05c FindAtomA
0x48b060 GlobalFindAtomW
0x48b064 SetConsoleCursorInfo
0x48b068 GetModuleHandleA
0x48b06c LoadLibraryExA
0x48b070 GetFileTime
0x48b074 FileTimeToLocalFileTime
0x48b078 DeleteTimerQueueTimer
0x48b07c CompareStringW
0x48b080 CompareStringA
0x48b084 TerminateProcess
0x48b088 GetCurrentProcess
0x48b08c SetUnhandledExceptionFilter
0x48b090 IsDebuggerPresent
0x48b094 GetCommandLineA
0x48b098 GetStartupInfoA
0x48b09c RaiseException
0x48b0a0 RtlUnwind
0x48b0a4 HeapAlloc
0x48b0a8 HeapFree
0x48b0ac GetModuleHandleW
0x48b0b0 TlsGetValue
0x48b0b4 TlsAlloc
0x48b0b8 TlsSetValue
0x48b0bc TlsFree
0x48b0c0 InterlockedIncrement
0x48b0c4 SetLastError
0x48b0c8 GetCurrentThreadId
0x48b0cc InterlockedDecrement
0x48b0d0 GetCurrentThread
0x48b0d4 Sleep
0x48b0d8 ExitProcess
0x48b0dc GetStdHandle
0x48b0e0 GetModuleFileNameA
0x48b0e4 FreeEnvironmentStringsA
0x48b0e8 GetEnvironmentStrings
0x48b0ec FreeEnvironmentStringsW
0x48b0f0 WideCharToMultiByte
0x48b0f4 GetEnvironmentStringsW
0x48b0f8 SetHandleCount
0x48b0fc GetFileType
0x48b100 DeleteCriticalSection
0x48b104 HeapDestroy
0x48b108 VirtualFree
0x48b10c QueryPerformanceCounter
0x48b110 GetCurrentProcessId
0x48b114 GetSystemTimeAsFileTime
0x48b118 LeaveCriticalSection
0x48b11c FatalAppExitA
0x48b120 EnterCriticalSection
0x48b124 VirtualAlloc
0x48b128 HeapReAlloc
0x48b12c GetCPInfo
0x48b130 GetACP
0x48b134 GetOEMCP
0x48b138 IsValidCodePage
0x48b13c HeapSize
0x48b140 SetConsoleCtrlHandler
0x48b144 FreeLibrary
0x48b148 InterlockedExchange
0x48b14c LoadLibraryA
0x48b150 InitializeCriticalSectionAndSpinCount
0x48b154 GetTimeFormatA
0x48b158 GetDateFormatA
0x48b15c GetUserDefaultLCID
0x48b160 EnumSystemLocalesA
0x48b164 IsValidLocale
0x48b168 GetStringTypeA
0x48b16c MultiByteToWideChar
0x48b170 GetStringTypeW
0x48b174 LCMapStringA
0x48b178 LCMapStringW
0x48b17c GetLocaleInfoW
0x48b180 GetTimeZoneInformation
0x48b184 SetEnvironmentVariableA
USER32.dll
0x48b18c GetDesktopWindow
EAT(Export Address Table) is none
KERNEL32.dll
0x48b000 FindResourceA
0x48b004 GetModuleHandleExA
0x48b008 GetLocaleInfoA
0x48b00c MapViewOfFile
0x48b010 GetTickCount
0x48b014 WriteFile
0x48b018 TzSpecificLocalTimeToSystemTime
0x48b01c LoadLibraryW
0x48b020 TerminateThread
0x48b024 SetSystemTimeAdjustment
0x48b028 GetFileAttributesA
0x48b02c HeapCreate
0x48b030 GetConsoleAliasW
0x48b034 SetTimeZoneInformation
0x48b038 lstrcatA
0x48b03c FreeLibraryAndExitThread
0x48b040 GetLastError
0x48b044 GetProcAddress
0x48b048 OpenWaitableTimerA
0x48b04c GetAtomNameA
0x48b050 GetProcessId
0x48b054 UnhandledExceptionFilter
0x48b058 SetConsoleOutputCP
0x48b05c FindAtomA
0x48b060 GlobalFindAtomW
0x48b064 SetConsoleCursorInfo
0x48b068 GetModuleHandleA
0x48b06c LoadLibraryExA
0x48b070 GetFileTime
0x48b074 FileTimeToLocalFileTime
0x48b078 DeleteTimerQueueTimer
0x48b07c CompareStringW
0x48b080 CompareStringA
0x48b084 TerminateProcess
0x48b088 GetCurrentProcess
0x48b08c SetUnhandledExceptionFilter
0x48b090 IsDebuggerPresent
0x48b094 GetCommandLineA
0x48b098 GetStartupInfoA
0x48b09c RaiseException
0x48b0a0 RtlUnwind
0x48b0a4 HeapAlloc
0x48b0a8 HeapFree
0x48b0ac GetModuleHandleW
0x48b0b0 TlsGetValue
0x48b0b4 TlsAlloc
0x48b0b8 TlsSetValue
0x48b0bc TlsFree
0x48b0c0 InterlockedIncrement
0x48b0c4 SetLastError
0x48b0c8 GetCurrentThreadId
0x48b0cc InterlockedDecrement
0x48b0d0 GetCurrentThread
0x48b0d4 Sleep
0x48b0d8 ExitProcess
0x48b0dc GetStdHandle
0x48b0e0 GetModuleFileNameA
0x48b0e4 FreeEnvironmentStringsA
0x48b0e8 GetEnvironmentStrings
0x48b0ec FreeEnvironmentStringsW
0x48b0f0 WideCharToMultiByte
0x48b0f4 GetEnvironmentStringsW
0x48b0f8 SetHandleCount
0x48b0fc GetFileType
0x48b100 DeleteCriticalSection
0x48b104 HeapDestroy
0x48b108 VirtualFree
0x48b10c QueryPerformanceCounter
0x48b110 GetCurrentProcessId
0x48b114 GetSystemTimeAsFileTime
0x48b118 LeaveCriticalSection
0x48b11c FatalAppExitA
0x48b120 EnterCriticalSection
0x48b124 VirtualAlloc
0x48b128 HeapReAlloc
0x48b12c GetCPInfo
0x48b130 GetACP
0x48b134 GetOEMCP
0x48b138 IsValidCodePage
0x48b13c HeapSize
0x48b140 SetConsoleCtrlHandler
0x48b144 FreeLibrary
0x48b148 InterlockedExchange
0x48b14c LoadLibraryA
0x48b150 InitializeCriticalSectionAndSpinCount
0x48b154 GetTimeFormatA
0x48b158 GetDateFormatA
0x48b15c GetUserDefaultLCID
0x48b160 EnumSystemLocalesA
0x48b164 IsValidLocale
0x48b168 GetStringTypeA
0x48b16c MultiByteToWideChar
0x48b170 GetStringTypeW
0x48b174 LCMapStringA
0x48b178 LCMapStringW
0x48b17c GetLocaleInfoW
0x48b180 GetTimeZoneInformation
0x48b184 SetEnvironmentVariableA
USER32.dll
0x48b18c GetDesktopWindow
EAT(Export Address Table) is none