ScreenShot
| Created | 2021.05.18 09:09 | Machine | s1_win7_x6401 |
| Filename | file2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | dba20ac697952657e4daee957e10a805 | ||
| sha256 | fb5d2b6d9ec1b9c07e64f6b9eb148099f0b43d58dc867102c02b16a9a9152022 | ||
| ssdeep | 6144:APKOuJJKWdQDUJoHYJ/+Uta+/bLOBL+tKf1I1of3RY2epMmzSt:APKOuLKWdQDyoHwtbbqBLAm1XvC2JV | ||
| imphash | 95170a5170e5bf0a112c8a368a569a22 | ||
| impfuzzy | 48:Y61ZpBDZPq5prIOS6yS1MdbqkutSVYhOlEaftlV8qK9cA6AO:YGji5przS6hcmZtSah2ftlV8qQcAe | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43f000 ExitProcess
0x43f004 GetCommandLineW
0x43f008 GetTempFileNameW
0x43f00c SetVolumeLabelA
0x43f010 SetFilePointer
0x43f014 WritePrivateProfileStructA
0x43f018 SetLocalTime
0x43f01c DebugActiveProcessStop
0x43f020 GetNumberOfConsoleInputEvents
0x43f024 BuildCommDCBAndTimeoutsA
0x43f028 DeleteVolumeMountPointA
0x43f02c SetConsoleActiveScreenBuffer
0x43f030 WritePrivateProfileSectionA
0x43f034 CreateJobObjectW
0x43f038 WaitForSingleObject
0x43f03c WriteConsoleInputA
0x43f040 SetComputerNameW
0x43f044 GetSystemDefaultLCID
0x43f048 SetTapeParameters
0x43f04c GetProcessPriorityBoost
0x43f050 IsBadReadPtr
0x43f054 EnumTimeFormatsW
0x43f058 GetUserDefaultLangID
0x43f05c SetCommState
0x43f060 GetDriveTypeA
0x43f064 TlsSetValue
0x43f068 FindResourceExA
0x43f06c GlobalAlloc
0x43f070 SetSystemTimeAdjustment
0x43f074 SetConsoleCP
0x43f078 HeapDestroy
0x43f07c GlobalFlags
0x43f080 SetConsoleMode
0x43f084 GetFileAttributesW
0x43f088 MulDiv
0x43f08c WriteConsoleW
0x43f090 GetBinaryTypeA
0x43f094 SetSystemPowerState
0x43f098 LocalHandle
0x43f09c GetTimeZoneInformation
0x43f0a0 GetOverlappedResult
0x43f0a4 GetACP
0x43f0a8 lstrlenW
0x43f0ac RaiseException
0x43f0b0 DeactivateActCtx
0x43f0b4 GetPrivateProfileIntW
0x43f0b8 GetConsoleOutputCP
0x43f0bc VerifyVersionInfoW
0x43f0c0 InterlockedExchange
0x43f0c4 GetStdHandle
0x43f0c8 FreeLibraryAndExitThread
0x43f0cc OpenMutexW
0x43f0d0 GetLastError
0x43f0d4 SetLastError
0x43f0d8 GetProcAddress
0x43f0dc VirtualAlloc
0x43f0e0 CreateNamedPipeA
0x43f0e4 EnterCriticalSection
0x43f0e8 SearchPathA
0x43f0ec SetFileApisToOEM
0x43f0f0 GetAtomNameA
0x43f0f4 LoadLibraryA
0x43f0f8 OpenThread
0x43f0fc ProcessIdToSessionId
0x43f100 MoveFileA
0x43f104 IsSystemResumeAutomatic
0x43f108 SetConsoleDisplayMode
0x43f10c GetProfileStringA
0x43f110 GetCurrentConsoleFont
0x43f114 SetCommMask
0x43f118 GetPrivateProfileStructA
0x43f11c WaitForMultipleObjects
0x43f120 GetPrivateProfileSectionNamesA
0x43f124 RequestWakeupLatency
0x43f128 GetCurrentDirectoryA
0x43f12c GetConsoleCursorInfo
0x43f130 ScrollConsoleScreenBufferA
0x43f134 OpenSemaphoreW
0x43f138 GetVersionExA
0x43f13c WriteFileEx
0x43f140 AddConsoleAliasA
0x43f144 GetSystemTime
0x43f148 GetProfileSectionW
0x43f14c CopyFileExA
0x43f150 AreFileApisANSI
0x43f154 GetVolumeInformationW
0x43f158 lstrcpyA
0x43f15c SetStdHandle
0x43f160 CloseHandle
0x43f164 DeleteFileA
0x43f168 EncodePointer
0x43f16c DecodePointer
0x43f170 GetCommandLineA
0x43f174 HeapSetInformation
0x43f178 GetStartupInfoW
0x43f17c HeapValidate
0x43f180 LeaveCriticalSection
0x43f184 TerminateProcess
0x43f188 GetCurrentProcess
0x43f18c UnhandledExceptionFilter
0x43f190 SetUnhandledExceptionFilter
0x43f194 IsDebuggerPresent
0x43f198 GetModuleFileNameW
0x43f19c InterlockedIncrement
0x43f1a0 InterlockedDecrement
0x43f1a4 GetModuleHandleW
0x43f1a8 IsProcessorFeaturePresent
0x43f1ac QueryPerformanceCounter
0x43f1b0 GetTickCount
0x43f1b4 GetCurrentThreadId
0x43f1b8 GetCurrentProcessId
0x43f1bc GetSystemTimeAsFileTime
0x43f1c0 GetModuleFileNameA
0x43f1c4 FreeEnvironmentStringsW
0x43f1c8 WideCharToMultiByte
0x43f1cc GetEnvironmentStringsW
0x43f1d0 SetHandleCount
0x43f1d4 InitializeCriticalSectionAndSpinCount
0x43f1d8 GetFileType
0x43f1dc DeleteCriticalSection
0x43f1e0 TlsAlloc
0x43f1e4 TlsGetValue
0x43f1e8 TlsFree
0x43f1ec HeapCreate
0x43f1f0 WriteFile
0x43f1f4 HeapAlloc
0x43f1f8 HeapReAlloc
0x43f1fc HeapSize
0x43f200 HeapQueryInformation
0x43f204 HeapFree
0x43f208 GetOEMCP
0x43f20c GetCPInfo
0x43f210 IsValidCodePage
0x43f214 OutputDebugStringA
0x43f218 OutputDebugStringW
0x43f21c LoadLibraryW
0x43f220 RtlUnwind
0x43f224 MultiByteToWideChar
0x43f228 LCMapStringW
0x43f22c GetStringTypeW
0x43f230 FlushFileBuffers
0x43f234 GetConsoleCP
0x43f238 GetConsoleMode
0x43f23c ReadFile
0x43f240 CreateFileW
USER32.dll
0x43f248 GetAncestor
EAT(Export Address Table) Library
0x43d890 _futurama@4
0x43d8a0 _getArchiveInfo@8
KERNEL32.dll
0x43f000 ExitProcess
0x43f004 GetCommandLineW
0x43f008 GetTempFileNameW
0x43f00c SetVolumeLabelA
0x43f010 SetFilePointer
0x43f014 WritePrivateProfileStructA
0x43f018 SetLocalTime
0x43f01c DebugActiveProcessStop
0x43f020 GetNumberOfConsoleInputEvents
0x43f024 BuildCommDCBAndTimeoutsA
0x43f028 DeleteVolumeMountPointA
0x43f02c SetConsoleActiveScreenBuffer
0x43f030 WritePrivateProfileSectionA
0x43f034 CreateJobObjectW
0x43f038 WaitForSingleObject
0x43f03c WriteConsoleInputA
0x43f040 SetComputerNameW
0x43f044 GetSystemDefaultLCID
0x43f048 SetTapeParameters
0x43f04c GetProcessPriorityBoost
0x43f050 IsBadReadPtr
0x43f054 EnumTimeFormatsW
0x43f058 GetUserDefaultLangID
0x43f05c SetCommState
0x43f060 GetDriveTypeA
0x43f064 TlsSetValue
0x43f068 FindResourceExA
0x43f06c GlobalAlloc
0x43f070 SetSystemTimeAdjustment
0x43f074 SetConsoleCP
0x43f078 HeapDestroy
0x43f07c GlobalFlags
0x43f080 SetConsoleMode
0x43f084 GetFileAttributesW
0x43f088 MulDiv
0x43f08c WriteConsoleW
0x43f090 GetBinaryTypeA
0x43f094 SetSystemPowerState
0x43f098 LocalHandle
0x43f09c GetTimeZoneInformation
0x43f0a0 GetOverlappedResult
0x43f0a4 GetACP
0x43f0a8 lstrlenW
0x43f0ac RaiseException
0x43f0b0 DeactivateActCtx
0x43f0b4 GetPrivateProfileIntW
0x43f0b8 GetConsoleOutputCP
0x43f0bc VerifyVersionInfoW
0x43f0c0 InterlockedExchange
0x43f0c4 GetStdHandle
0x43f0c8 FreeLibraryAndExitThread
0x43f0cc OpenMutexW
0x43f0d0 GetLastError
0x43f0d4 SetLastError
0x43f0d8 GetProcAddress
0x43f0dc VirtualAlloc
0x43f0e0 CreateNamedPipeA
0x43f0e4 EnterCriticalSection
0x43f0e8 SearchPathA
0x43f0ec SetFileApisToOEM
0x43f0f0 GetAtomNameA
0x43f0f4 LoadLibraryA
0x43f0f8 OpenThread
0x43f0fc ProcessIdToSessionId
0x43f100 MoveFileA
0x43f104 IsSystemResumeAutomatic
0x43f108 SetConsoleDisplayMode
0x43f10c GetProfileStringA
0x43f110 GetCurrentConsoleFont
0x43f114 SetCommMask
0x43f118 GetPrivateProfileStructA
0x43f11c WaitForMultipleObjects
0x43f120 GetPrivateProfileSectionNamesA
0x43f124 RequestWakeupLatency
0x43f128 GetCurrentDirectoryA
0x43f12c GetConsoleCursorInfo
0x43f130 ScrollConsoleScreenBufferA
0x43f134 OpenSemaphoreW
0x43f138 GetVersionExA
0x43f13c WriteFileEx
0x43f140 AddConsoleAliasA
0x43f144 GetSystemTime
0x43f148 GetProfileSectionW
0x43f14c CopyFileExA
0x43f150 AreFileApisANSI
0x43f154 GetVolumeInformationW
0x43f158 lstrcpyA
0x43f15c SetStdHandle
0x43f160 CloseHandle
0x43f164 DeleteFileA
0x43f168 EncodePointer
0x43f16c DecodePointer
0x43f170 GetCommandLineA
0x43f174 HeapSetInformation
0x43f178 GetStartupInfoW
0x43f17c HeapValidate
0x43f180 LeaveCriticalSection
0x43f184 TerminateProcess
0x43f188 GetCurrentProcess
0x43f18c UnhandledExceptionFilter
0x43f190 SetUnhandledExceptionFilter
0x43f194 IsDebuggerPresent
0x43f198 GetModuleFileNameW
0x43f19c InterlockedIncrement
0x43f1a0 InterlockedDecrement
0x43f1a4 GetModuleHandleW
0x43f1a8 IsProcessorFeaturePresent
0x43f1ac QueryPerformanceCounter
0x43f1b0 GetTickCount
0x43f1b4 GetCurrentThreadId
0x43f1b8 GetCurrentProcessId
0x43f1bc GetSystemTimeAsFileTime
0x43f1c0 GetModuleFileNameA
0x43f1c4 FreeEnvironmentStringsW
0x43f1c8 WideCharToMultiByte
0x43f1cc GetEnvironmentStringsW
0x43f1d0 SetHandleCount
0x43f1d4 InitializeCriticalSectionAndSpinCount
0x43f1d8 GetFileType
0x43f1dc DeleteCriticalSection
0x43f1e0 TlsAlloc
0x43f1e4 TlsGetValue
0x43f1e8 TlsFree
0x43f1ec HeapCreate
0x43f1f0 WriteFile
0x43f1f4 HeapAlloc
0x43f1f8 HeapReAlloc
0x43f1fc HeapSize
0x43f200 HeapQueryInformation
0x43f204 HeapFree
0x43f208 GetOEMCP
0x43f20c GetCPInfo
0x43f210 IsValidCodePage
0x43f214 OutputDebugStringA
0x43f218 OutputDebugStringW
0x43f21c LoadLibraryW
0x43f220 RtlUnwind
0x43f224 MultiByteToWideChar
0x43f228 LCMapStringW
0x43f22c GetStringTypeW
0x43f230 FlushFileBuffers
0x43f234 GetConsoleCP
0x43f238 GetConsoleMode
0x43f23c ReadFile
0x43f240 CreateFileW
USER32.dll
0x43f248 GetAncestor
EAT(Export Address Table) Library
0x43d890 _futurama@4
0x43d8a0 _getArchiveInfo@8