ScreenShot
| Created | 2021.05.18 09:38 | Machine | s1_win7_x6401 |
| Filename | Optimize.facebook.ads.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 35 detected (AIDetect, malware2, malicious, high confidence, GenericKD, Unsafe, Save, Attribute, HighConfidence, ai score=85, Wacatac, score, Artemis, R002H09E921, CLOUD, Static AI, Suspicious PE, Behavior, confidence) | ||
| md5 | a5292f2ae50ae5ca63dd1ae659548c28 | ||
| sha256 | 788891968f40e55bf749ecd6d67ba4fcd7c1d890293586f19a462a3e670cbe35 | ||
| ssdeep | 3072:Wpo9pRCZC4uXxON7/IK6zvutuxmZ7TJkF65LyaPsKHuuc6s9Jfra52KR5VjRH40w:clD/Autu4XLtPBHexrK2U5lRHbyeGN | ||
| imphash | 82c7cc00390cbd2e9edea8a134be6bcb | ||
| impfuzzy | 24:cfCejtWOovbOGjMh1ulvg1WDHCyl3LPOG3JUsJP:cfCKx331ABhbOGqsJP | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x413d80 CloseHandle
0x413d84 CreateFileW
0x413d88 DecodePointer
0x413d8c DeleteCriticalSection
0x413d90 EnterCriticalSection
0x413d94 ExitProcess
0x413d98 FindClose
0x413d9c FindFirstFileExW
0x413da0 FindNextFileW
0x413da4 FlushFileBuffers
0x413da8 FreeEnvironmentStringsW
0x413dac FreeLibrary
0x413db0 GetACP
0x413db4 GetCPInfo
0x413db8 GetCommandLineA
0x413dbc GetCommandLineW
0x413dc0 GetConsoleCP
0x413dc4 GetConsoleMode
0x413dc8 GetCurrentProcess
0x413dcc GetCurrentProcessId
0x413dd0 GetCurrentThreadId
0x413dd4 GetEnvironmentStringsW
0x413dd8 GetFileType
0x413ddc GetLastError
0x413de0 GetModuleFileNameA
0x413de4 GetModuleFileNameW
0x413de8 GetModuleHandleA
0x413dec GetModuleHandleExW
0x413df0 GetModuleHandleW
0x413df4 GetOEMCP
0x413df8 GetProcAddress
0x413dfc GetProcessHeap
0x413e00 GetStartupInfoW
0x413e04 GetStdHandle
0x413e08 GetStringTypeW
0x413e0c GetSystemTimeAsFileTime
0x413e10 GetTickCount
0x413e14 HeapAlloc
0x413e18 HeapFree
0x413e1c HeapReAlloc
0x413e20 HeapSize
0x413e24 InitializeCriticalSectionAndSpinCount
0x413e28 InitializeSListHead
0x413e2c IsDebuggerPresent
0x413e30 IsProcessorFeaturePresent
0x413e34 IsValidCodePage
0x413e38 LCMapStringW
0x413e3c LeaveCriticalSection
0x413e40 LoadLibraryExW
0x413e44 MultiByteToWideChar
0x413e48 QueryPerformanceCounter
0x413e4c RaiseException
0x413e50 RtlUnwind
0x413e54 SetFilePointerEx
0x413e58 SetLastError
0x413e5c SetStdHandle
0x413e60 SetUnhandledExceptionFilter
0x413e64 TerminateProcess
0x413e68 TlsAlloc
0x413e6c TlsFree
0x413e70 TlsGetValue
0x413e74 TlsSetValue
0x413e78 UnhandledExceptionFilter
0x413e7c WideCharToMultiByte
0x413e80 WriteConsoleW
0x413e84 WriteFile
SHELL32.dll
0x413e8c ShellExecuteA
USER32.dll
0x413e94 LoadBitmapA
EAT(Export Address Table) is none
KERNEL32.dll
0x413d80 CloseHandle
0x413d84 CreateFileW
0x413d88 DecodePointer
0x413d8c DeleteCriticalSection
0x413d90 EnterCriticalSection
0x413d94 ExitProcess
0x413d98 FindClose
0x413d9c FindFirstFileExW
0x413da0 FindNextFileW
0x413da4 FlushFileBuffers
0x413da8 FreeEnvironmentStringsW
0x413dac FreeLibrary
0x413db0 GetACP
0x413db4 GetCPInfo
0x413db8 GetCommandLineA
0x413dbc GetCommandLineW
0x413dc0 GetConsoleCP
0x413dc4 GetConsoleMode
0x413dc8 GetCurrentProcess
0x413dcc GetCurrentProcessId
0x413dd0 GetCurrentThreadId
0x413dd4 GetEnvironmentStringsW
0x413dd8 GetFileType
0x413ddc GetLastError
0x413de0 GetModuleFileNameA
0x413de4 GetModuleFileNameW
0x413de8 GetModuleHandleA
0x413dec GetModuleHandleExW
0x413df0 GetModuleHandleW
0x413df4 GetOEMCP
0x413df8 GetProcAddress
0x413dfc GetProcessHeap
0x413e00 GetStartupInfoW
0x413e04 GetStdHandle
0x413e08 GetStringTypeW
0x413e0c GetSystemTimeAsFileTime
0x413e10 GetTickCount
0x413e14 HeapAlloc
0x413e18 HeapFree
0x413e1c HeapReAlloc
0x413e20 HeapSize
0x413e24 InitializeCriticalSectionAndSpinCount
0x413e28 InitializeSListHead
0x413e2c IsDebuggerPresent
0x413e30 IsProcessorFeaturePresent
0x413e34 IsValidCodePage
0x413e38 LCMapStringW
0x413e3c LeaveCriticalSection
0x413e40 LoadLibraryExW
0x413e44 MultiByteToWideChar
0x413e48 QueryPerformanceCounter
0x413e4c RaiseException
0x413e50 RtlUnwind
0x413e54 SetFilePointerEx
0x413e58 SetLastError
0x413e5c SetStdHandle
0x413e60 SetUnhandledExceptionFilter
0x413e64 TerminateProcess
0x413e68 TlsAlloc
0x413e6c TlsFree
0x413e70 TlsGetValue
0x413e74 TlsSetValue
0x413e78 UnhandledExceptionFilter
0x413e7c WideCharToMultiByte
0x413e80 WriteConsoleW
0x413e84 WriteFile
SHELL32.dll
0x413e8c ShellExecuteA
USER32.dll
0x413e94 LoadBitmapA
EAT(Export Address Table) is none