ScreenShot
| Created | 2021.05.20 10:16 | Machine | s1_win7_x6402 |
| Filename | updatewin2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 60 detected (WioesjeNWF, malicious, high confidence, AgentWDCR, Stop, S7866402, Unsafe, Save, Qhost, ZexaF, ru0@aqo3V9lG, Kryptik, Eldorado, BotX, fmcefj, Gencirc, R + Mal, GandCrab, GandCrypt, AA@82gsko, Hosts2, dayql, Score, tbytt, ai score=100, kcloud, Fareit, BHC4MD, Gandcrab10, DNSChanger, KTSE, GenAsa, 4PBpAla5ciE, Ransomeware, Installcore, confidence, 100%) | ||
| md5 | 996ba35165bb62473d2a6743a5200d45 | ||
| sha256 | 5caffdc76a562e098c471feaede5693f9ead92d5c6c10fb3951dd1fa6c12d21d | ||
| ssdeep | 6144:vLgbC0mVQlY+3aKn7n4CTHcXXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXXP:vGCtQlb3aKzvT8XXnXXfXXXWXXXXHXXf | ||
| imphash | 5921adaaf66f8c259aeda9e22686cd4b | ||
| impfuzzy | 48:K9apL0ZqI6eQDVG1tocU9GKKSxNKd5lbibEH+R0DzgJFjz7Ggc1Dgxm:qUgQxG1tocCGKKSxNG1DGLGgc9cm | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Looks for the Windows Idle Time to determine the uptime |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41e024 ExitThread
0x41e028 GetStartupInfoW
0x41e02c GetLastError
0x41e030 GetProcAddress
0x41e034 GlobalFree
0x41e038 LoadLibraryA
0x41e03c AddAtomA
0x41e040 FindFirstChangeNotificationA
0x41e044 VirtualProtect
0x41e048 GetCurrentDirectoryA
0x41e04c SetProcessShutdownParameters
0x41e050 GetACP
0x41e054 CompareStringA
0x41e058 CreateFileA
0x41e05c GetTimeZoneInformation
0x41e060 WriteConsoleW
0x41e064 GetConsoleOutputCP
0x41e068 WriteConsoleA
0x41e06c CloseHandle
0x41e070 IsValidLocale
0x41e074 EnumSystemLocalesA
0x41e078 GetUserDefaultLCID
0x41e07c GetDateFormatA
0x41e080 GetTimeFormatA
0x41e084 InitAtomTable
0x41e088 GetSystemTimes
0x41e08c GetTickCount
0x41e090 FreeEnvironmentStringsA
0x41e094 GetComputerNameW
0x41e098 FindCloseChangeNotification
0x41e09c FindResourceExW
0x41e0a0 CompareStringW
0x41e0a4 GetCPInfo
0x41e0a8 GetStringTypeW
0x41e0ac GetStringTypeA
0x41e0b0 LCMapStringW
0x41e0b4 LCMapStringA
0x41e0b8 GetLocaleInfoA
0x41e0bc GetCommandLineA
0x41e0c0 GetStartupInfoA
0x41e0c4 RaiseException
0x41e0c8 RtlUnwind
0x41e0cc TerminateProcess
0x41e0d0 GetCurrentProcess
0x41e0d4 UnhandledExceptionFilter
0x41e0d8 SetUnhandledExceptionFilter
0x41e0dc IsDebuggerPresent
0x41e0e0 HeapAlloc
0x41e0e4 HeapFree
0x41e0e8 EnterCriticalSection
0x41e0ec LeaveCriticalSection
0x41e0f0 SetHandleCount
0x41e0f4 GetStdHandle
0x41e0f8 GetFileType
0x41e0fc DeleteCriticalSection
0x41e100 GetModuleHandleW
0x41e104 Sleep
0x41e108 ExitProcess
0x41e10c WriteFile
0x41e110 GetModuleFileNameA
0x41e114 GetEnvironmentStrings
0x41e118 FreeEnvironmentStringsW
0x41e11c WideCharToMultiByte
0x41e120 GetEnvironmentStringsW
0x41e124 TlsGetValue
0x41e128 TlsAlloc
0x41e12c TlsSetValue
0x41e130 TlsFree
0x41e134 InterlockedIncrement
0x41e138 SetLastError
0x41e13c GetCurrentThreadId
0x41e140 InterlockedDecrement
0x41e144 GetCurrentThread
0x41e148 HeapCreate
0x41e14c HeapDestroy
0x41e150 VirtualFree
0x41e154 QueryPerformanceCounter
0x41e158 GetCurrentProcessId
0x41e15c GetSystemTimeAsFileTime
0x41e160 FatalAppExitA
0x41e164 VirtualAlloc
0x41e168 HeapReAlloc
0x41e16c MultiByteToWideChar
0x41e170 ReadFile
0x41e174 InitializeCriticalSectionAndSpinCount
0x41e178 HeapSize
0x41e17c SetConsoleCtrlHandler
0x41e180 FreeLibrary
0x41e184 InterlockedExchange
0x41e188 GetOEMCP
0x41e18c IsValidCodePage
0x41e190 GetConsoleCP
0x41e194 GetConsoleMode
0x41e198 FlushFileBuffers
0x41e19c SetFilePointer
0x41e1a0 SetStdHandle
0x41e1a4 GetLocaleInfoW
0x41e1a8 SetEnvironmentVariableA
USER32.dll
0x41e1c4 CloseClipboard
0x41e1c8 GetSubMenu
0x41e1cc LoadBitmapA
0x41e1d0 BeginPaint
0x41e1d4 CallMsgFilterW
0x41e1d8 PeekMessageA
0x41e1dc MapVirtualKeyExW
0x41e1e0 RegisterRawInputDevices
0x41e1e4 SetWindowsHookExW
0x41e1e8 GetClipboardSequenceNumber
0x41e1ec GetDialogBaseUnits
0x41e1f0 MessageBoxIndirectA
GDI32.dll
0x41e000 CreateCompatibleDC
0x41e004 PlayEnhMetaFile
0x41e008 ScaleViewportExtEx
0x41e00c SetStretchBltMode
0x41e010 SetPixelV
0x41e014 CreateDiscardableBitmap
0x41e018 AddFontResourceW
0x41e01c SetDeviceGammaRamp
SHELL32.dll
0x41e1b0 ExtractAssociatedIconA
0x41e1b4 ShellExecuteW
0x41e1b8 ShellAboutW
0x41e1bc DragQueryFileA
EAT(Export Address Table) is none
KERNEL32.dll
0x41e024 ExitThread
0x41e028 GetStartupInfoW
0x41e02c GetLastError
0x41e030 GetProcAddress
0x41e034 GlobalFree
0x41e038 LoadLibraryA
0x41e03c AddAtomA
0x41e040 FindFirstChangeNotificationA
0x41e044 VirtualProtect
0x41e048 GetCurrentDirectoryA
0x41e04c SetProcessShutdownParameters
0x41e050 GetACP
0x41e054 CompareStringA
0x41e058 CreateFileA
0x41e05c GetTimeZoneInformation
0x41e060 WriteConsoleW
0x41e064 GetConsoleOutputCP
0x41e068 WriteConsoleA
0x41e06c CloseHandle
0x41e070 IsValidLocale
0x41e074 EnumSystemLocalesA
0x41e078 GetUserDefaultLCID
0x41e07c GetDateFormatA
0x41e080 GetTimeFormatA
0x41e084 InitAtomTable
0x41e088 GetSystemTimes
0x41e08c GetTickCount
0x41e090 FreeEnvironmentStringsA
0x41e094 GetComputerNameW
0x41e098 FindCloseChangeNotification
0x41e09c FindResourceExW
0x41e0a0 CompareStringW
0x41e0a4 GetCPInfo
0x41e0a8 GetStringTypeW
0x41e0ac GetStringTypeA
0x41e0b0 LCMapStringW
0x41e0b4 LCMapStringA
0x41e0b8 GetLocaleInfoA
0x41e0bc GetCommandLineA
0x41e0c0 GetStartupInfoA
0x41e0c4 RaiseException
0x41e0c8 RtlUnwind
0x41e0cc TerminateProcess
0x41e0d0 GetCurrentProcess
0x41e0d4 UnhandledExceptionFilter
0x41e0d8 SetUnhandledExceptionFilter
0x41e0dc IsDebuggerPresent
0x41e0e0 HeapAlloc
0x41e0e4 HeapFree
0x41e0e8 EnterCriticalSection
0x41e0ec LeaveCriticalSection
0x41e0f0 SetHandleCount
0x41e0f4 GetStdHandle
0x41e0f8 GetFileType
0x41e0fc DeleteCriticalSection
0x41e100 GetModuleHandleW
0x41e104 Sleep
0x41e108 ExitProcess
0x41e10c WriteFile
0x41e110 GetModuleFileNameA
0x41e114 GetEnvironmentStrings
0x41e118 FreeEnvironmentStringsW
0x41e11c WideCharToMultiByte
0x41e120 GetEnvironmentStringsW
0x41e124 TlsGetValue
0x41e128 TlsAlloc
0x41e12c TlsSetValue
0x41e130 TlsFree
0x41e134 InterlockedIncrement
0x41e138 SetLastError
0x41e13c GetCurrentThreadId
0x41e140 InterlockedDecrement
0x41e144 GetCurrentThread
0x41e148 HeapCreate
0x41e14c HeapDestroy
0x41e150 VirtualFree
0x41e154 QueryPerformanceCounter
0x41e158 GetCurrentProcessId
0x41e15c GetSystemTimeAsFileTime
0x41e160 FatalAppExitA
0x41e164 VirtualAlloc
0x41e168 HeapReAlloc
0x41e16c MultiByteToWideChar
0x41e170 ReadFile
0x41e174 InitializeCriticalSectionAndSpinCount
0x41e178 HeapSize
0x41e17c SetConsoleCtrlHandler
0x41e180 FreeLibrary
0x41e184 InterlockedExchange
0x41e188 GetOEMCP
0x41e18c IsValidCodePage
0x41e190 GetConsoleCP
0x41e194 GetConsoleMode
0x41e198 FlushFileBuffers
0x41e19c SetFilePointer
0x41e1a0 SetStdHandle
0x41e1a4 GetLocaleInfoW
0x41e1a8 SetEnvironmentVariableA
USER32.dll
0x41e1c4 CloseClipboard
0x41e1c8 GetSubMenu
0x41e1cc LoadBitmapA
0x41e1d0 BeginPaint
0x41e1d4 CallMsgFilterW
0x41e1d8 PeekMessageA
0x41e1dc MapVirtualKeyExW
0x41e1e0 RegisterRawInputDevices
0x41e1e4 SetWindowsHookExW
0x41e1e8 GetClipboardSequenceNumber
0x41e1ec GetDialogBaseUnits
0x41e1f0 MessageBoxIndirectA
GDI32.dll
0x41e000 CreateCompatibleDC
0x41e004 PlayEnhMetaFile
0x41e008 ScaleViewportExtEx
0x41e00c SetStretchBltMode
0x41e010 SetPixelV
0x41e014 CreateDiscardableBitmap
0x41e018 AddFontResourceW
0x41e01c SetDeviceGammaRamp
SHELL32.dll
0x41e1b0 ExtractAssociatedIconA
0x41e1b4 ShellExecuteW
0x41e1b8 ShellAboutW
0x41e1bc DragQueryFileA
EAT(Export Address Table) is none