ScreenShot
| Created | 2021.05.20 09:43 | Machine | s1_win7_x6402 |
| Filename | updatewin1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (TiggreRP, GenericKD, Stop, S7866402, Unsafe, Vilsel, Save, Fareit, malicious, Kryptik, Eldorado, AAFU, BotX, score, fmbxlx, GandCrab, KTSE, R + Mal, GandCrypt, AA@82gsko, dcbhq, iyodi, ai score=100, kcloud, Gandcrab10, BScope, Chapak, Gencirc, GenAsa, 0onnx8zfuyY, confidence, 100%) | ||
| md5 | 5b4bd24d6240f467bfbc74803c9f15b0 | ||
| sha256 | 14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e | ||
| ssdeep | 6144:7qZQGv0d4dW6efSyahstfKVkW5XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXk:2ZQGXdPe6qU6W5XXnXXfXXXWXXXXHXXE | ||
| imphash | 0bcca924efe6e6fa741675d8e687fbb3 | ||
| impfuzzy | 48:iV9MzepL0ZTk/VG1tocU9GKKSxNKdFVlEH+R0DzgFjmzz5CAxm:iPTgOG1tocCGKKSxNGFEDKypm | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Looks for the Windows Idle Time to determine the uptime |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41e028 ExitThread
0x41e02c GetStartupInfoW
0x41e030 GetLastError
0x41e034 GetProcAddress
0x41e038 CreateJobSet
0x41e03c GlobalFree
0x41e040 LoadLibraryA
0x41e044 OpenWaitableTimerW
0x41e048 AddAtomA
0x41e04c FindFirstChangeNotificationA
0x41e050 VirtualProtect
0x41e054 GetCurrentDirectoryA
0x41e058 GetACP
0x41e05c InterlockedPushEntrySList
0x41e060 CompareStringW
0x41e064 CompareStringA
0x41e068 CreateFileA
0x41e06c GetTimeZoneInformation
0x41e070 WriteConsoleW
0x41e074 GetConsoleOutputCP
0x41e078 WriteConsoleA
0x41e07c CloseHandle
0x41e080 IsValidLocale
0x41e084 EnumSystemLocalesA
0x41e088 GetUserDefaultLCID
0x41e08c GetSystemTimeAdjustment
0x41e090 GetSystemTimes
0x41e094 GetTickCount
0x41e098 FreeEnvironmentStringsA
0x41e09c GetComputerNameW
0x41e0a0 FindCloseChangeNotification
0x41e0a4 FindResourceExW
0x41e0a8 GetCPInfo
0x41e0ac SetProcessShutdownParameters
0x41e0b0 GetModuleHandleExA
0x41e0b4 GetDateFormatA
0x41e0b8 GetTimeFormatA
0x41e0bc GetStringTypeW
0x41e0c0 GetStringTypeA
0x41e0c4 LCMapStringW
0x41e0c8 GetCommandLineA
0x41e0cc GetStartupInfoA
0x41e0d0 RaiseException
0x41e0d4 RtlUnwind
0x41e0d8 TerminateProcess
0x41e0dc GetCurrentProcess
0x41e0e0 UnhandledExceptionFilter
0x41e0e4 SetUnhandledExceptionFilter
0x41e0e8 IsDebuggerPresent
0x41e0ec HeapAlloc
0x41e0f0 HeapFree
0x41e0f4 EnterCriticalSection
0x41e0f8 LeaveCriticalSection
0x41e0fc SetHandleCount
0x41e100 GetStdHandle
0x41e104 GetFileType
0x41e108 DeleteCriticalSection
0x41e10c GetModuleHandleW
0x41e110 Sleep
0x41e114 ExitProcess
0x41e118 WriteFile
0x41e11c GetModuleFileNameA
0x41e120 GetEnvironmentStrings
0x41e124 FreeEnvironmentStringsW
0x41e128 WideCharToMultiByte
0x41e12c GetEnvironmentStringsW
0x41e130 TlsGetValue
0x41e134 TlsAlloc
0x41e138 TlsSetValue
0x41e13c TlsFree
0x41e140 InterlockedIncrement
0x41e144 SetLastError
0x41e148 GetCurrentThreadId
0x41e14c InterlockedDecrement
0x41e150 GetCurrentThread
0x41e154 HeapCreate
0x41e158 HeapDestroy
0x41e15c VirtualFree
0x41e160 QueryPerformanceCounter
0x41e164 GetCurrentProcessId
0x41e168 GetSystemTimeAsFileTime
0x41e16c FatalAppExitA
0x41e170 VirtualAlloc
0x41e174 HeapReAlloc
0x41e178 MultiByteToWideChar
0x41e17c ReadFile
0x41e180 InitializeCriticalSectionAndSpinCount
0x41e184 HeapSize
0x41e188 SetConsoleCtrlHandler
0x41e18c FreeLibrary
0x41e190 InterlockedExchange
0x41e194 GetOEMCP
0x41e198 IsValidCodePage
0x41e19c GetConsoleCP
0x41e1a0 GetConsoleMode
0x41e1a4 FlushFileBuffers
0x41e1a8 SetFilePointer
0x41e1ac SetStdHandle
0x41e1b0 GetLocaleInfoW
0x41e1b4 GetLocaleInfoA
0x41e1b8 LCMapStringA
0x41e1bc SetEnvironmentVariableA
USER32.dll
0x41e1d8 CloseClipboard
0x41e1dc BeginPaint
0x41e1e0 CallMsgFilterW
0x41e1e4 PeekMessageA
0x41e1e8 MapVirtualKeyExW
0x41e1ec RegisterRawInputDevices
0x41e1f0 GetClipboardSequenceNumber
0x41e1f4 CountClipboardFormats
0x41e1f8 GetDialogBaseUnits
0x41e1fc GetClassLongW
GDI32.dll
0x41e000 PolyTextOutW
0x41e004 CreateCompatibleDC
0x41e008 Rectangle
0x41e00c SetStretchBltMode
0x41e010 SetPixelV
0x41e014 GetClipBox
0x41e018 CreateDiscardableBitmap
0x41e01c StrokeAndFillPath
0x41e020 GetBitmapBits
SHELL32.dll
0x41e1c4 ShellExecuteW
0x41e1c8 ShellAboutW
0x41e1cc DuplicateIcon
0x41e1d0 DragQueryFileA
EAT(Export Address Table) is none
KERNEL32.dll
0x41e028 ExitThread
0x41e02c GetStartupInfoW
0x41e030 GetLastError
0x41e034 GetProcAddress
0x41e038 CreateJobSet
0x41e03c GlobalFree
0x41e040 LoadLibraryA
0x41e044 OpenWaitableTimerW
0x41e048 AddAtomA
0x41e04c FindFirstChangeNotificationA
0x41e050 VirtualProtect
0x41e054 GetCurrentDirectoryA
0x41e058 GetACP
0x41e05c InterlockedPushEntrySList
0x41e060 CompareStringW
0x41e064 CompareStringA
0x41e068 CreateFileA
0x41e06c GetTimeZoneInformation
0x41e070 WriteConsoleW
0x41e074 GetConsoleOutputCP
0x41e078 WriteConsoleA
0x41e07c CloseHandle
0x41e080 IsValidLocale
0x41e084 EnumSystemLocalesA
0x41e088 GetUserDefaultLCID
0x41e08c GetSystemTimeAdjustment
0x41e090 GetSystemTimes
0x41e094 GetTickCount
0x41e098 FreeEnvironmentStringsA
0x41e09c GetComputerNameW
0x41e0a0 FindCloseChangeNotification
0x41e0a4 FindResourceExW
0x41e0a8 GetCPInfo
0x41e0ac SetProcessShutdownParameters
0x41e0b0 GetModuleHandleExA
0x41e0b4 GetDateFormatA
0x41e0b8 GetTimeFormatA
0x41e0bc GetStringTypeW
0x41e0c0 GetStringTypeA
0x41e0c4 LCMapStringW
0x41e0c8 GetCommandLineA
0x41e0cc GetStartupInfoA
0x41e0d0 RaiseException
0x41e0d4 RtlUnwind
0x41e0d8 TerminateProcess
0x41e0dc GetCurrentProcess
0x41e0e0 UnhandledExceptionFilter
0x41e0e4 SetUnhandledExceptionFilter
0x41e0e8 IsDebuggerPresent
0x41e0ec HeapAlloc
0x41e0f0 HeapFree
0x41e0f4 EnterCriticalSection
0x41e0f8 LeaveCriticalSection
0x41e0fc SetHandleCount
0x41e100 GetStdHandle
0x41e104 GetFileType
0x41e108 DeleteCriticalSection
0x41e10c GetModuleHandleW
0x41e110 Sleep
0x41e114 ExitProcess
0x41e118 WriteFile
0x41e11c GetModuleFileNameA
0x41e120 GetEnvironmentStrings
0x41e124 FreeEnvironmentStringsW
0x41e128 WideCharToMultiByte
0x41e12c GetEnvironmentStringsW
0x41e130 TlsGetValue
0x41e134 TlsAlloc
0x41e138 TlsSetValue
0x41e13c TlsFree
0x41e140 InterlockedIncrement
0x41e144 SetLastError
0x41e148 GetCurrentThreadId
0x41e14c InterlockedDecrement
0x41e150 GetCurrentThread
0x41e154 HeapCreate
0x41e158 HeapDestroy
0x41e15c VirtualFree
0x41e160 QueryPerformanceCounter
0x41e164 GetCurrentProcessId
0x41e168 GetSystemTimeAsFileTime
0x41e16c FatalAppExitA
0x41e170 VirtualAlloc
0x41e174 HeapReAlloc
0x41e178 MultiByteToWideChar
0x41e17c ReadFile
0x41e180 InitializeCriticalSectionAndSpinCount
0x41e184 HeapSize
0x41e188 SetConsoleCtrlHandler
0x41e18c FreeLibrary
0x41e190 InterlockedExchange
0x41e194 GetOEMCP
0x41e198 IsValidCodePage
0x41e19c GetConsoleCP
0x41e1a0 GetConsoleMode
0x41e1a4 FlushFileBuffers
0x41e1a8 SetFilePointer
0x41e1ac SetStdHandle
0x41e1b0 GetLocaleInfoW
0x41e1b4 GetLocaleInfoA
0x41e1b8 LCMapStringA
0x41e1bc SetEnvironmentVariableA
USER32.dll
0x41e1d8 CloseClipboard
0x41e1dc BeginPaint
0x41e1e0 CallMsgFilterW
0x41e1e4 PeekMessageA
0x41e1e8 MapVirtualKeyExW
0x41e1ec RegisterRawInputDevices
0x41e1f0 GetClipboardSequenceNumber
0x41e1f4 CountClipboardFormats
0x41e1f8 GetDialogBaseUnits
0x41e1fc GetClassLongW
GDI32.dll
0x41e000 PolyTextOutW
0x41e004 CreateCompatibleDC
0x41e008 Rectangle
0x41e00c SetStretchBltMode
0x41e010 SetPixelV
0x41e014 GetClipBox
0x41e018 CreateDiscardableBitmap
0x41e01c StrokeAndFillPath
0x41e020 GetBitmapBits
SHELL32.dll
0x41e1c4 ShellExecuteW
0x41e1c8 ShellAboutW
0x41e1cc DuplicateIcon
0x41e1d0 DragQueryFileA
EAT(Export Address Table) is none