ScreenShot
| Created | 2021.05.23 10:04 | Machine | s1_win7_x6402 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 26 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, FileRepMetagen, A + Troj, Androm, Lockbit, Score, Caynamer, ZexaF, VuW@aSETNokG, BScope, Convagent, Generic@ML, RDML, BOLvfRuQKsYKUWGEQqd3ag, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 208d68b24b8a9d9f9db57f5f7705ecf9 | ||
| sha256 | d33f181d301c77c0bf13c7a00ae367485a3f5e97eb34671e9da81fa0af86b59e | ||
| ssdeep | 12288:+5BKPoLJlD+jazZuFzPZCmEftQVvlRE2vWk7CD5eKBzXKe9EXsL:+BKfjXPwN63EWS5JBmqEXsL | ||
| imphash | eaf6c398deaaa81e3b5479039cba0b97 | ||
| impfuzzy | 48:nQpKA1i9OYprc1y709F0OuLfpKIa75hSvojLUJcOO:no6sHY0v03fpO75hSvojLUJI | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x422000 EnumResourceNamesW
0x422004 SetVolumeLabelA
0x422008 GetFileSize
0x42200c OpenFile
0x422010 GetDriveTypeW
0x422014 SetEndOfFile
0x422018 BuildCommDCBAndTimeoutsA
0x42201c LoadResource
0x422020 ScrollConsoleScreenBufferW
0x422024 GetProfileSectionA
0x422028 WaitForSingleObject
0x42202c WriteConsoleInputA
0x422030 SetVolumeMountPointW
0x422034 FindFirstFileExW
0x422038 GetProcessPriorityBoost
0x42203c GetTickCount
0x422040 GetCurrentThread
0x422044 GetConsoleAliasesLengthA
0x422048 EnumTimeFormatsW
0x42204c SetCommState
0x422050 SetProcessPriorityBoost
0x422054 TlsSetValue
0x422058 FindResourceExA
0x42205c GetPrivateProfileIntA
0x422060 GetVolumeInformationA
0x422064 GetConsoleMode
0x422068 TerminateThread
0x42206c GetPrivateProfileStructW
0x422070 GetSystemPowerStatus
0x422074 GetFileAttributesA
0x422078 GlobalFlags
0x42207c SetConsoleCursorPosition
0x422080 WriteConsoleW
0x422084 WritePrivateProfileSectionW
0x422088 IsDBCSLeadByte
0x42208c GetTimeZoneInformation
0x422090 lstrlenW
0x422094 DeactivateActCtx
0x422098 CreateJobObjectA
0x42209c FillConsoleOutputCharacterW
0x4220a0 GetLastError
0x4220a4 SetLastError
0x4220a8 GetProcAddress
0x4220ac SetStdHandle
0x4220b0 SetComputerNameA
0x4220b4 OpenWaitableTimerA
0x4220b8 LoadLibraryA
0x4220bc OpenThread
0x4220c0 OpenMutexA
0x4220c4 LocalAlloc
0x4220c8 MoveFileA
0x4220cc GetProfileStringA
0x4220d0 WriteProfileSectionW
0x4220d4 AddAtomA
0x4220d8 SetSystemTime
0x4220dc GetPrivateProfileSectionNamesA
0x4220e0 WTSGetActiveConsoleSessionId
0x4220e4 GetThreadPriority
0x4220e8 DebugSetProcessKillOnExit
0x4220ec GetModuleHandleA
0x4220f0 GetProcessShutdownParameters
0x4220f4 CancelTimerQueueTimer
0x4220f8 RequestWakeupLatency
0x4220fc WaitForDebugEvent
0x422100 ScrollConsoleScreenBufferA
0x422104 OpenSemaphoreW
0x422108 ReleaseMutex
0x42210c FindAtomW
0x422110 AddConsoleAliasA
0x422114 DebugBreak
0x422118 ReadConsoleOutputCharacterW
0x42211c CloseHandle
0x422120 FlushFileBuffers
0x422124 CreateFileW
0x422128 DeleteFileA
0x42212c MultiByteToWideChar
0x422130 GetCommandLineA
0x422134 HeapSetInformation
0x422138 GetStartupInfoW
0x42213c LeaveCriticalSection
0x422140 EnterCriticalSection
0x422144 InitializeCriticalSectionAndSpinCount
0x422148 GetFileType
0x42214c WriteFile
0x422150 WideCharToMultiByte
0x422154 GetConsoleCP
0x422158 HeapValidate
0x42215c IsBadReadPtr
0x422160 EncodePointer
0x422164 DecodePointer
0x422168 IsProcessorFeaturePresent
0x42216c GetModuleFileNameW
0x422170 InterlockedIncrement
0x422174 InterlockedDecrement
0x422178 GetACP
0x42217c GetOEMCP
0x422180 GetCPInfo
0x422184 IsValidCodePage
0x422188 TlsAlloc
0x42218c TlsGetValue
0x422190 GetCurrentThreadId
0x422194 TlsFree
0x422198 GetModuleHandleW
0x42219c SetUnhandledExceptionFilter
0x4221a0 QueryPerformanceCounter
0x4221a4 GetCurrentProcessId
0x4221a8 GetSystemTimeAsFileTime
0x4221ac ExitProcess
0x4221b0 GetModuleFileNameA
0x4221b4 FreeEnvironmentStringsW
0x4221b8 GetEnvironmentStringsW
0x4221bc SetHandleCount
0x4221c0 GetStdHandle
0x4221c4 DeleteCriticalSection
0x4221c8 HeapCreate
0x4221cc TerminateProcess
0x4221d0 GetCurrentProcess
0x4221d4 UnhandledExceptionFilter
0x4221d8 IsDebuggerPresent
0x4221dc SetFilePointer
0x4221e0 RtlUnwind
0x4221e4 HeapAlloc
0x4221e8 HeapReAlloc
0x4221ec HeapSize
0x4221f0 HeapQueryInformation
0x4221f4 HeapFree
0x4221f8 RaiseException
0x4221fc GetStringTypeW
0x422200 OutputDebugStringA
0x422204 OutputDebugStringW
0x422208 LoadLibraryW
0x42220c LCMapStringW
USER32.dll
0x422214 GetListBoxInfo
0x422218 GetAncestor
EAT(Export Address Table) Library
0x41fee0 _CallPattern@8
0x41fed0 _go@4
KERNEL32.dll
0x422000 EnumResourceNamesW
0x422004 SetVolumeLabelA
0x422008 GetFileSize
0x42200c OpenFile
0x422010 GetDriveTypeW
0x422014 SetEndOfFile
0x422018 BuildCommDCBAndTimeoutsA
0x42201c LoadResource
0x422020 ScrollConsoleScreenBufferW
0x422024 GetProfileSectionA
0x422028 WaitForSingleObject
0x42202c WriteConsoleInputA
0x422030 SetVolumeMountPointW
0x422034 FindFirstFileExW
0x422038 GetProcessPriorityBoost
0x42203c GetTickCount
0x422040 GetCurrentThread
0x422044 GetConsoleAliasesLengthA
0x422048 EnumTimeFormatsW
0x42204c SetCommState
0x422050 SetProcessPriorityBoost
0x422054 TlsSetValue
0x422058 FindResourceExA
0x42205c GetPrivateProfileIntA
0x422060 GetVolumeInformationA
0x422064 GetConsoleMode
0x422068 TerminateThread
0x42206c GetPrivateProfileStructW
0x422070 GetSystemPowerStatus
0x422074 GetFileAttributesA
0x422078 GlobalFlags
0x42207c SetConsoleCursorPosition
0x422080 WriteConsoleW
0x422084 WritePrivateProfileSectionW
0x422088 IsDBCSLeadByte
0x42208c GetTimeZoneInformation
0x422090 lstrlenW
0x422094 DeactivateActCtx
0x422098 CreateJobObjectA
0x42209c FillConsoleOutputCharacterW
0x4220a0 GetLastError
0x4220a4 SetLastError
0x4220a8 GetProcAddress
0x4220ac SetStdHandle
0x4220b0 SetComputerNameA
0x4220b4 OpenWaitableTimerA
0x4220b8 LoadLibraryA
0x4220bc OpenThread
0x4220c0 OpenMutexA
0x4220c4 LocalAlloc
0x4220c8 MoveFileA
0x4220cc GetProfileStringA
0x4220d0 WriteProfileSectionW
0x4220d4 AddAtomA
0x4220d8 SetSystemTime
0x4220dc GetPrivateProfileSectionNamesA
0x4220e0 WTSGetActiveConsoleSessionId
0x4220e4 GetThreadPriority
0x4220e8 DebugSetProcessKillOnExit
0x4220ec GetModuleHandleA
0x4220f0 GetProcessShutdownParameters
0x4220f4 CancelTimerQueueTimer
0x4220f8 RequestWakeupLatency
0x4220fc WaitForDebugEvent
0x422100 ScrollConsoleScreenBufferA
0x422104 OpenSemaphoreW
0x422108 ReleaseMutex
0x42210c FindAtomW
0x422110 AddConsoleAliasA
0x422114 DebugBreak
0x422118 ReadConsoleOutputCharacterW
0x42211c CloseHandle
0x422120 FlushFileBuffers
0x422124 CreateFileW
0x422128 DeleteFileA
0x42212c MultiByteToWideChar
0x422130 GetCommandLineA
0x422134 HeapSetInformation
0x422138 GetStartupInfoW
0x42213c LeaveCriticalSection
0x422140 EnterCriticalSection
0x422144 InitializeCriticalSectionAndSpinCount
0x422148 GetFileType
0x42214c WriteFile
0x422150 WideCharToMultiByte
0x422154 GetConsoleCP
0x422158 HeapValidate
0x42215c IsBadReadPtr
0x422160 EncodePointer
0x422164 DecodePointer
0x422168 IsProcessorFeaturePresent
0x42216c GetModuleFileNameW
0x422170 InterlockedIncrement
0x422174 InterlockedDecrement
0x422178 GetACP
0x42217c GetOEMCP
0x422180 GetCPInfo
0x422184 IsValidCodePage
0x422188 TlsAlloc
0x42218c TlsGetValue
0x422190 GetCurrentThreadId
0x422194 TlsFree
0x422198 GetModuleHandleW
0x42219c SetUnhandledExceptionFilter
0x4221a0 QueryPerformanceCounter
0x4221a4 GetCurrentProcessId
0x4221a8 GetSystemTimeAsFileTime
0x4221ac ExitProcess
0x4221b0 GetModuleFileNameA
0x4221b4 FreeEnvironmentStringsW
0x4221b8 GetEnvironmentStringsW
0x4221bc SetHandleCount
0x4221c0 GetStdHandle
0x4221c4 DeleteCriticalSection
0x4221c8 HeapCreate
0x4221cc TerminateProcess
0x4221d0 GetCurrentProcess
0x4221d4 UnhandledExceptionFilter
0x4221d8 IsDebuggerPresent
0x4221dc SetFilePointer
0x4221e0 RtlUnwind
0x4221e4 HeapAlloc
0x4221e8 HeapReAlloc
0x4221ec HeapSize
0x4221f0 HeapQueryInformation
0x4221f4 HeapFree
0x4221f8 RaiseException
0x4221fc GetStringTypeW
0x422200 OutputDebugStringA
0x422204 OutputDebugStringW
0x422208 LoadLibraryW
0x42220c LCMapStringW
USER32.dll
0x422214 GetListBoxInfo
0x422218 GetAncestor
EAT(Export Address Table) Library
0x41fee0 _CallPattern@8
0x41fed0 _go@4