ScreenShot
| Created | 2021.05.21 09:57 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 02e171ec492666d05afa7e86f10cd2a4 | ||
| sha256 | 35ff264d4f296b3fcf8a4a86cbda7246e73862e99e35b71bbd2499d9028024b3 | ||
| ssdeep | 24576:yfNE4ru0tVccL3I20O6LcQDK9Xf/xzDOXNqRXsLj:yJuWccNh6LQpN+qRX | ||
| imphash | 5e4af829e45903391dccafe97a3396f2 | ||
| impfuzzy | 48:C5/xORNhopIaX1w3/1WVnp/+fccOlVt8FH1acTSEljgD:iIFozX1wPUp/+fccgt8F8cTSElM | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424000 GetCommandLineW
0x424004 GetPrivateProfileSectionNamesW
0x424008 SetVolumeLabelA
0x42400c GetFileSize
0x424010 SetPriorityClass
0x424014 OpenFile
0x424018 WriteConsoleInputW
0x42401c WritePrivateProfileStructA
0x424020 GetConsoleAliasesLengthW
0x424024 CopyFileExW
0x424028 TlsGetValue
0x42402c GetDriveTypeW
0x424030 SetEndOfFile
0x424034 FindResourceExW
0x424038 LoadResource
0x42403c HeapAlloc
0x424040 SystemTimeToFileTime
0x424044 GetCommState
0x424048 ZombifyActCtx
0x42404c ScrollConsoleScreenBufferW
0x424050 WritePrivateProfileSectionA
0x424054 GetProfileStringW
0x424058 WaitForSingleObject
0x42405c SetComputerNameW
0x424060 OpenSemaphoreA
0x424064 FindFirstFileExW
0x424068 GetTickCount
0x42406c GetWindowsDirectoryA
0x424070 EnumTimeFormatsA
0x424074 GetSystemWow64DirectoryA
0x424078 SetProcessPriorityBoost
0x42407c GlobalAlloc
0x424080 GetConsoleMode
0x424084 TerminateThread
0x424088 GetPrivateProfileStructW
0x42408c GetSystemPowerStatus
0x424090 SetVolumeMountPointA
0x424094 GlobalFlags
0x424098 SetConsoleMode
0x42409c GetFileAttributesW
0x4240a0 SetTimeZoneInformation
0x4240a4 HeapQueryInformation
0x4240a8 TerminateProcess
0x4240ac GetTimeZoneInformation
0x4240b0 GetBinaryTypeW
0x4240b4 GetACP
0x4240b8 lstrlenW
0x4240bc SetThreadPriority
0x4240c0 RaiseException
0x4240c4 CreateJobObjectA
0x4240c8 GetPrivateProfileIntW
0x4240cc GetLastError
0x4240d0 IsDBCSLeadByteEx
0x4240d4 SetLastError
0x4240d8 ReadConsoleOutputCharacterA
0x4240dc GetProcAddress
0x4240e0 SetComputerNameA
0x4240e4 OpenWaitableTimerA
0x4240e8 GetLocalTime
0x4240ec LoadLibraryA
0x4240f0 OpenThread
0x4240f4 OpenMutexA
0x4240f8 WriteConsoleA
0x4240fc ProcessIdToSessionId
0x424100 MoveFileA
0x424104 BuildCommDCBAndTimeoutsW
0x424108 SetConsoleOutputCP
0x42410c AddAtomW
0x424110 WriteProfileSectionW
0x424114 GetCommMask
0x424118 SetSystemTime
0x42411c SetConsoleCursorInfo
0x424120 DebugSetProcessKillOnExit
0x424124 GetProcessShutdownParameters
0x424128 ContinueDebugEvent
0x42412c CancelTimerQueueTimer
0x424130 EnumResourceNamesA
0x424134 RequestWakeupLatency
0x424138 VirtualProtect
0x42413c GetConsoleCursorInfo
0x424140 ReleaseMutex
0x424144 FindAtomW
0x424148 AddConsoleAliasA
0x42414c DebugBreak
0x424150 GetProfileSectionW
0x424154 GetVolumeInformationW
0x424158 lstrcpyA
0x42415c InterlockedIncrement
0x424160 InterlockedDecrement
0x424164 InitializeCriticalSection
0x424168 DeleteCriticalSection
0x42416c EnterCriticalSection
0x424170 LeaveCriticalSection
0x424174 WideCharToMultiByte
0x424178 DeleteFileA
0x42417c EncodePointer
0x424180 DecodePointer
0x424184 GetCommandLineA
0x424188 HeapSetInformation
0x42418c GetStartupInfoW
0x424190 GetModuleFileNameW
0x424194 IsProcessorFeaturePresent
0x424198 GetCurrentProcess
0x42419c UnhandledExceptionFilter
0x4241a0 SetUnhandledExceptionFilter
0x4241a4 IsDebuggerPresent
0x4241a8 GetOEMCP
0x4241ac GetCPInfo
0x4241b0 IsValidCodePage
0x4241b4 TlsAlloc
0x4241b8 TlsSetValue
0x4241bc GetCurrentThreadId
0x4241c0 TlsFree
0x4241c4 GetModuleHandleW
0x4241c8 InitializeCriticalSectionAndSpinCount
0x4241cc SetStdHandle
0x4241d0 GetFileType
0x4241d4 WriteFile
0x4241d8 GetConsoleCP
0x4241dc HeapValidate
0x4241e0 IsBadReadPtr
0x4241e4 ExitProcess
0x4241e8 QueryPerformanceCounter
0x4241ec GetCurrentProcessId
0x4241f0 GetSystemTimeAsFileTime
0x4241f4 GetModuleFileNameA
0x4241f8 FreeEnvironmentStringsW
0x4241fc GetEnvironmentStringsW
0x424200 SetHandleCount
0x424204 GetStdHandle
0x424208 HeapCreate
0x42420c OutputDebugStringA
0x424210 WriteConsoleW
0x424214 OutputDebugStringW
0x424218 LoadLibraryW
0x42421c RtlUnwind
0x424220 LCMapStringW
0x424224 MultiByteToWideChar
0x424228 GetStringTypeW
0x42422c SetFilePointer
0x424230 HeapReAlloc
0x424234 HeapSize
0x424238 HeapFree
0x42423c CreateFileW
0x424240 CloseHandle
0x424244 FlushFileBuffers
USER32.dll
0x42424c GetAncestor
0x424250 GetCursorInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x424000 GetCommandLineW
0x424004 GetPrivateProfileSectionNamesW
0x424008 SetVolumeLabelA
0x42400c GetFileSize
0x424010 SetPriorityClass
0x424014 OpenFile
0x424018 WriteConsoleInputW
0x42401c WritePrivateProfileStructA
0x424020 GetConsoleAliasesLengthW
0x424024 CopyFileExW
0x424028 TlsGetValue
0x42402c GetDriveTypeW
0x424030 SetEndOfFile
0x424034 FindResourceExW
0x424038 LoadResource
0x42403c HeapAlloc
0x424040 SystemTimeToFileTime
0x424044 GetCommState
0x424048 ZombifyActCtx
0x42404c ScrollConsoleScreenBufferW
0x424050 WritePrivateProfileSectionA
0x424054 GetProfileStringW
0x424058 WaitForSingleObject
0x42405c SetComputerNameW
0x424060 OpenSemaphoreA
0x424064 FindFirstFileExW
0x424068 GetTickCount
0x42406c GetWindowsDirectoryA
0x424070 EnumTimeFormatsA
0x424074 GetSystemWow64DirectoryA
0x424078 SetProcessPriorityBoost
0x42407c GlobalAlloc
0x424080 GetConsoleMode
0x424084 TerminateThread
0x424088 GetPrivateProfileStructW
0x42408c GetSystemPowerStatus
0x424090 SetVolumeMountPointA
0x424094 GlobalFlags
0x424098 SetConsoleMode
0x42409c GetFileAttributesW
0x4240a0 SetTimeZoneInformation
0x4240a4 HeapQueryInformation
0x4240a8 TerminateProcess
0x4240ac GetTimeZoneInformation
0x4240b0 GetBinaryTypeW
0x4240b4 GetACP
0x4240b8 lstrlenW
0x4240bc SetThreadPriority
0x4240c0 RaiseException
0x4240c4 CreateJobObjectA
0x4240c8 GetPrivateProfileIntW
0x4240cc GetLastError
0x4240d0 IsDBCSLeadByteEx
0x4240d4 SetLastError
0x4240d8 ReadConsoleOutputCharacterA
0x4240dc GetProcAddress
0x4240e0 SetComputerNameA
0x4240e4 OpenWaitableTimerA
0x4240e8 GetLocalTime
0x4240ec LoadLibraryA
0x4240f0 OpenThread
0x4240f4 OpenMutexA
0x4240f8 WriteConsoleA
0x4240fc ProcessIdToSessionId
0x424100 MoveFileA
0x424104 BuildCommDCBAndTimeoutsW
0x424108 SetConsoleOutputCP
0x42410c AddAtomW
0x424110 WriteProfileSectionW
0x424114 GetCommMask
0x424118 SetSystemTime
0x42411c SetConsoleCursorInfo
0x424120 DebugSetProcessKillOnExit
0x424124 GetProcessShutdownParameters
0x424128 ContinueDebugEvent
0x42412c CancelTimerQueueTimer
0x424130 EnumResourceNamesA
0x424134 RequestWakeupLatency
0x424138 VirtualProtect
0x42413c GetConsoleCursorInfo
0x424140 ReleaseMutex
0x424144 FindAtomW
0x424148 AddConsoleAliasA
0x42414c DebugBreak
0x424150 GetProfileSectionW
0x424154 GetVolumeInformationW
0x424158 lstrcpyA
0x42415c InterlockedIncrement
0x424160 InterlockedDecrement
0x424164 InitializeCriticalSection
0x424168 DeleteCriticalSection
0x42416c EnterCriticalSection
0x424170 LeaveCriticalSection
0x424174 WideCharToMultiByte
0x424178 DeleteFileA
0x42417c EncodePointer
0x424180 DecodePointer
0x424184 GetCommandLineA
0x424188 HeapSetInformation
0x42418c GetStartupInfoW
0x424190 GetModuleFileNameW
0x424194 IsProcessorFeaturePresent
0x424198 GetCurrentProcess
0x42419c UnhandledExceptionFilter
0x4241a0 SetUnhandledExceptionFilter
0x4241a4 IsDebuggerPresent
0x4241a8 GetOEMCP
0x4241ac GetCPInfo
0x4241b0 IsValidCodePage
0x4241b4 TlsAlloc
0x4241b8 TlsSetValue
0x4241bc GetCurrentThreadId
0x4241c0 TlsFree
0x4241c4 GetModuleHandleW
0x4241c8 InitializeCriticalSectionAndSpinCount
0x4241cc SetStdHandle
0x4241d0 GetFileType
0x4241d4 WriteFile
0x4241d8 GetConsoleCP
0x4241dc HeapValidate
0x4241e0 IsBadReadPtr
0x4241e4 ExitProcess
0x4241e8 QueryPerformanceCounter
0x4241ec GetCurrentProcessId
0x4241f0 GetSystemTimeAsFileTime
0x4241f4 GetModuleFileNameA
0x4241f8 FreeEnvironmentStringsW
0x4241fc GetEnvironmentStringsW
0x424200 SetHandleCount
0x424204 GetStdHandle
0x424208 HeapCreate
0x42420c OutputDebugStringA
0x424210 WriteConsoleW
0x424214 OutputDebugStringW
0x424218 LoadLibraryW
0x42421c RtlUnwind
0x424220 LCMapStringW
0x424224 MultiByteToWideChar
0x424228 GetStringTypeW
0x42422c SetFilePointer
0x424230 HeapReAlloc
0x424234 HeapSize
0x424238 HeapFree
0x42423c CreateFileW
0x424240 CloseHandle
0x424244 FlushFileBuffers
USER32.dll
0x42424c GetAncestor
0x424250 GetCursorInfo
EAT(Export Address Table) is none