ScreenShot
| Created | 2021.05.18 10:08 | Machine | s1_win7_x6402 |
| Filename | cvhost.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 5db833b014cd9a4b96d3e780543eaea6 | ||
| sha256 | a51135863b3f11b776bed0e27b48426c1b7fce3352d9020d5fa68a87a7bb0b8b | ||
| ssdeep | 196608:fu0cGmgd4p/UUb/+2q9E6IIqvQuwMGGQhpz:fu0cGVd4JB/VqidIqvHcp | ||
| imphash | 2ebc38a75b061e0ebff9474bd25dafde | ||
| impfuzzy | 48:Y6SQQcAe59OS8HGyS1+dbrnp8hYitsQfpHxKcGbARO:Y075sSOGhiPp8uitsQfpocGbAk | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x9e9000 ExitProcess
0x9e9004 GetCommandLineW
0x9e9008 GetTempFileNameW
0x9e900c SetFilePointer
0x9e9010 WritePrivateProfileStructA
0x9e9014 DebugActiveProcessStop
0x9e9018 GetNumberOfConsoleInputEvents
0x9e901c DeleteVolumeMountPointA
0x9e9020 SystemTimeToFileTime
0x9e9024 SetConsoleActiveScreenBuffer
0x9e9028 WritePrivateProfileSectionA
0x9e902c CreateJobObjectW
0x9e9030 GetProfileStringW
0x9e9034 WaitForSingleObject
0x9e9038 WriteConsoleInputA
0x9e903c SignalObjectAndWait
0x9e9040 SetComputerNameW
0x9e9044 FindFirstFileExW
0x9e9048 SetTapeParameters
0x9e904c GetProcessPriorityBoost
0x9e9050 CreateNamedPipeW
0x9e9054 IsBadReadPtr
0x9e9058 EnumTimeFormatsW
0x9e905c SetCommState
0x9e9060 GetDriveTypeA
0x9e9064 TlsSetValue
0x9e9068 FindResourceExA
0x9e906c GlobalAlloc
0x9e9070 GetVolumeInformationA
0x9e9074 GetSystemWow64DirectoryW
0x9e9078 SetSystemTimeAdjustment
0x9e907c HeapDestroy
0x9e9080 GetFileAttributesA
0x9e9084 GlobalFlags
0x9e9088 SetConsoleMode
0x9e908c MulDiv
0x9e9090 VerifyVersionInfoA
0x9e9094 WriteConsoleW
0x9e9098 GetBinaryTypeA
0x9e909c SetSystemPowerState
0x9e90a0 LocalHandle
0x9e90a4 GetTimeZoneInformation
0x9e90a8 GetOverlappedResult
0x9e90ac GetACP
0x9e90b0 lstrlenW
0x9e90b4 RaiseException
0x9e90b8 DeactivateActCtx
0x9e90bc GetPrivateProfileIntW
0x9e90c0 GetConsoleOutputCP
0x9e90c4 InterlockedExchange
0x9e90c8 GetStdHandle
0x9e90cc FreeLibraryAndExitThread
0x9e90d0 OpenMutexW
0x9e90d4 GetLastError
0x9e90d8 SetLastError
0x9e90dc ReadConsoleOutputCharacterA
0x9e90e0 GetProcAddress
0x9e90e4 VirtualAlloc
0x9e90e8 SearchPathA
0x9e90ec GetAtomNameA
0x9e90f0 LoadLibraryA
0x9e90f4 OpenThread
0x9e90f8 ProcessIdToSessionId
0x9e90fc MoveFileA
0x9e9100 BuildCommDCBAndTimeoutsW
0x9e9104 IsSystemResumeAutomatic
0x9e9108 SetConsoleDisplayMode
0x9e910c GetCurrentConsoleFont
0x9e9110 SetCommMask
0x9e9114 GetPrivateProfileStructA
0x9e9118 WaitForMultipleObjects
0x9e911c SetSystemTime
0x9e9120 GetPrivateProfileSectionNamesA
0x9e9124 RequestWakeupLatency
0x9e9128 GetCurrentDirectoryA
0x9e912c GetConsoleCursorInfo
0x9e9130 ScrollConsoleScreenBufferA
0x9e9134 OpenSemaphoreW
0x9e9138 GetVersionExA
0x9e913c AddConsoleAliasA
0x9e9140 GetSystemTime
0x9e9144 GetProfileSectionW
0x9e9148 CopyFileExA
0x9e914c AreFileApisANSI
0x9e9150 lstrcpyA
0x9e9154 WideCharToMultiByte
0x9e9158 EncodePointer
0x9e915c DecodePointer
0x9e9160 HeapSetInformation
0x9e9164 GetStartupInfoW
0x9e9168 TerminateProcess
0x9e916c GetCurrentProcess
0x9e9170 UnhandledExceptionFilter
0x9e9174 SetUnhandledExceptionFilter
0x9e9178 IsDebuggerPresent
0x9e917c GetModuleFileNameW
0x9e9180 InterlockedIncrement
0x9e9184 InterlockedDecrement
0x9e9188 GetOEMCP
0x9e918c GetCPInfo
0x9e9190 IsValidCodePage
0x9e9194 TlsAlloc
0x9e9198 TlsGetValue
0x9e919c GetCurrentThreadId
0x9e91a0 TlsFree
0x9e91a4 GetModuleHandleW
0x9e91a8 LeaveCriticalSection
0x9e91ac EnterCriticalSection
0x9e91b0 InitializeCriticalSectionAndSpinCount
0x9e91b4 SetStdHandle
0x9e91b8 GetFileType
0x9e91bc WriteFile
0x9e91c0 GetConsoleCP
0x9e91c4 GetConsoleMode
0x9e91c8 HeapValidate
0x9e91cc IsProcessorFeaturePresent
0x9e91d0 QueryPerformanceCounter
0x9e91d4 GetTickCount
0x9e91d8 GetCurrentProcessId
0x9e91dc GetSystemTimeAsFileTime
0x9e91e0 FreeEnvironmentStringsW
0x9e91e4 GetEnvironmentStringsW
0x9e91e8 SetHandleCount
0x9e91ec DeleteCriticalSection
0x9e91f0 HeapCreate
0x9e91f4 OutputDebugStringA
0x9e91f8 OutputDebugStringW
0x9e91fc LoadLibraryW
0x9e9200 RtlUnwind
0x9e9204 LCMapStringW
0x9e9208 MultiByteToWideChar
0x9e920c GetStringTypeW
0x9e9210 HeapAlloc
0x9e9214 GetModuleFileNameA
0x9e9218 HeapReAlloc
0x9e921c HeapSize
0x9e9220 HeapQueryInformation
0x9e9224 HeapFree
0x9e9228 CreateFileW
0x9e922c CloseHandle
0x9e9230 FlushFileBuffers
USER32.dll
0x9e9238 GetAncestor
EAT(Export Address Table) is none
KERNEL32.dll
0x9e9000 ExitProcess
0x9e9004 GetCommandLineW
0x9e9008 GetTempFileNameW
0x9e900c SetFilePointer
0x9e9010 WritePrivateProfileStructA
0x9e9014 DebugActiveProcessStop
0x9e9018 GetNumberOfConsoleInputEvents
0x9e901c DeleteVolumeMountPointA
0x9e9020 SystemTimeToFileTime
0x9e9024 SetConsoleActiveScreenBuffer
0x9e9028 WritePrivateProfileSectionA
0x9e902c CreateJobObjectW
0x9e9030 GetProfileStringW
0x9e9034 WaitForSingleObject
0x9e9038 WriteConsoleInputA
0x9e903c SignalObjectAndWait
0x9e9040 SetComputerNameW
0x9e9044 FindFirstFileExW
0x9e9048 SetTapeParameters
0x9e904c GetProcessPriorityBoost
0x9e9050 CreateNamedPipeW
0x9e9054 IsBadReadPtr
0x9e9058 EnumTimeFormatsW
0x9e905c SetCommState
0x9e9060 GetDriveTypeA
0x9e9064 TlsSetValue
0x9e9068 FindResourceExA
0x9e906c GlobalAlloc
0x9e9070 GetVolumeInformationA
0x9e9074 GetSystemWow64DirectoryW
0x9e9078 SetSystemTimeAdjustment
0x9e907c HeapDestroy
0x9e9080 GetFileAttributesA
0x9e9084 GlobalFlags
0x9e9088 SetConsoleMode
0x9e908c MulDiv
0x9e9090 VerifyVersionInfoA
0x9e9094 WriteConsoleW
0x9e9098 GetBinaryTypeA
0x9e909c SetSystemPowerState
0x9e90a0 LocalHandle
0x9e90a4 GetTimeZoneInformation
0x9e90a8 GetOverlappedResult
0x9e90ac GetACP
0x9e90b0 lstrlenW
0x9e90b4 RaiseException
0x9e90b8 DeactivateActCtx
0x9e90bc GetPrivateProfileIntW
0x9e90c0 GetConsoleOutputCP
0x9e90c4 InterlockedExchange
0x9e90c8 GetStdHandle
0x9e90cc FreeLibraryAndExitThread
0x9e90d0 OpenMutexW
0x9e90d4 GetLastError
0x9e90d8 SetLastError
0x9e90dc ReadConsoleOutputCharacterA
0x9e90e0 GetProcAddress
0x9e90e4 VirtualAlloc
0x9e90e8 SearchPathA
0x9e90ec GetAtomNameA
0x9e90f0 LoadLibraryA
0x9e90f4 OpenThread
0x9e90f8 ProcessIdToSessionId
0x9e90fc MoveFileA
0x9e9100 BuildCommDCBAndTimeoutsW
0x9e9104 IsSystemResumeAutomatic
0x9e9108 SetConsoleDisplayMode
0x9e910c GetCurrentConsoleFont
0x9e9110 SetCommMask
0x9e9114 GetPrivateProfileStructA
0x9e9118 WaitForMultipleObjects
0x9e911c SetSystemTime
0x9e9120 GetPrivateProfileSectionNamesA
0x9e9124 RequestWakeupLatency
0x9e9128 GetCurrentDirectoryA
0x9e912c GetConsoleCursorInfo
0x9e9130 ScrollConsoleScreenBufferA
0x9e9134 OpenSemaphoreW
0x9e9138 GetVersionExA
0x9e913c AddConsoleAliasA
0x9e9140 GetSystemTime
0x9e9144 GetProfileSectionW
0x9e9148 CopyFileExA
0x9e914c AreFileApisANSI
0x9e9150 lstrcpyA
0x9e9154 WideCharToMultiByte
0x9e9158 EncodePointer
0x9e915c DecodePointer
0x9e9160 HeapSetInformation
0x9e9164 GetStartupInfoW
0x9e9168 TerminateProcess
0x9e916c GetCurrentProcess
0x9e9170 UnhandledExceptionFilter
0x9e9174 SetUnhandledExceptionFilter
0x9e9178 IsDebuggerPresent
0x9e917c GetModuleFileNameW
0x9e9180 InterlockedIncrement
0x9e9184 InterlockedDecrement
0x9e9188 GetOEMCP
0x9e918c GetCPInfo
0x9e9190 IsValidCodePage
0x9e9194 TlsAlloc
0x9e9198 TlsGetValue
0x9e919c GetCurrentThreadId
0x9e91a0 TlsFree
0x9e91a4 GetModuleHandleW
0x9e91a8 LeaveCriticalSection
0x9e91ac EnterCriticalSection
0x9e91b0 InitializeCriticalSectionAndSpinCount
0x9e91b4 SetStdHandle
0x9e91b8 GetFileType
0x9e91bc WriteFile
0x9e91c0 GetConsoleCP
0x9e91c4 GetConsoleMode
0x9e91c8 HeapValidate
0x9e91cc IsProcessorFeaturePresent
0x9e91d0 QueryPerformanceCounter
0x9e91d4 GetTickCount
0x9e91d8 GetCurrentProcessId
0x9e91dc GetSystemTimeAsFileTime
0x9e91e0 FreeEnvironmentStringsW
0x9e91e4 GetEnvironmentStringsW
0x9e91e8 SetHandleCount
0x9e91ec DeleteCriticalSection
0x9e91f0 HeapCreate
0x9e91f4 OutputDebugStringA
0x9e91f8 OutputDebugStringW
0x9e91fc LoadLibraryW
0x9e9200 RtlUnwind
0x9e9204 LCMapStringW
0x9e9208 MultiByteToWideChar
0x9e920c GetStringTypeW
0x9e9210 HeapAlloc
0x9e9214 GetModuleFileNameA
0x9e9218 HeapReAlloc
0x9e921c HeapSize
0x9e9220 HeapQueryInformation
0x9e9224 HeapFree
0x9e9228 CreateFileW
0x9e922c CloseHandle
0x9e9230 FlushFileBuffers
USER32.dll
0x9e9238 GetAncestor
EAT(Export Address Table) is none