ScreenShot
| Created | 2021.05.23 10:23 | Machine | s1_win7_x6401 |
| Filename | att.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 21 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, Attribute, HighConfidence, GandCrypt, Lockbit, Static AI, Malicious PE, ZPACK, Gen2, Wacatac, score, BScope, Convagent, Generic@ML, RDML, g1VLAMwGJOogC15FaFoJ, 100%, ZexaF, @BW@aOHa3TiG, susgen) | ||
| md5 | a119eaea434c7e0c58663c605e9c0ac6 | ||
| sha256 | fab6d986da3028232fa6cf55122e550b05d57a47fb01258177f5b4df47351be5 | ||
| ssdeep | 196608:RpuKJyr52MUsekXRIqcbm8tpY8GyaITKplt8R2GoJ/:RpuAwFHjWZHGJImPVJ/ | ||
| imphash | a61874996ef957c79786ba3bba5ffda2 | ||
| impfuzzy | 48:7EA1i9OYpJc1e7e9FSyOvLfpKIaIhX8uo8m1VJgg:7Qs9kevryfpOIhX8uo8m1Vf | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x421000 EnumResourceNamesW
0x421004 SetVolumeLabelA
0x421008 GetFileSize
0x42100c GetDriveTypeW
0x421010 SetEndOfFile
0x421014 LoadResource
0x421018 ScrollConsoleScreenBufferW
0x42101c GetProfileSectionA
0x421020 WaitForSingleObject
0x421024 WriteConsoleInputA
0x421028 SetVolumeMountPointW
0x42102c FindFirstFileExW
0x421030 GetProcessPriorityBoost
0x421034 GetTickCount
0x421038 GetCurrentThread
0x42103c GetConsoleAliasesLengthA
0x421040 EnumTimeFormatsW
0x421044 SetCommState
0x421048 SetProcessPriorityBoost
0x42104c TlsSetValue
0x421050 FindResourceExA
0x421054 GetPrivateProfileIntA
0x421058 GetVolumeInformationA
0x42105c LoadLibraryW
0x421060 GetConsoleMode
0x421064 TerminateThread
0x421068 GetPrivateProfileStructW
0x42106c GetSystemPowerStatus
0x421070 GetFileAttributesA
0x421074 GlobalFlags
0x421078 SetConsoleCursorPosition
0x42107c WriteConsoleW
0x421080 WritePrivateProfileSectionW
0x421084 IsDBCSLeadByte
0x421088 GetTimeZoneInformation
0x42108c lstrlenW
0x421090 DeactivateActCtx
0x421094 CreateJobObjectA
0x421098 FillConsoleOutputCharacterW
0x42109c GetLastError
0x4210a0 SetLastError
0x4210a4 GetProcAddress
0x4210a8 SetStdHandle
0x4210ac SetComputerNameA
0x4210b0 OpenWaitableTimerA
0x4210b4 OpenThread
0x4210b8 OpenMutexA
0x4210bc LocalAlloc
0x4210c0 MoveFileA
0x4210c4 GetProfileStringA
0x4210c8 WriteProfileSectionW
0x4210cc AddAtomA
0x4210d0 GetPrivateProfileSectionNamesA
0x4210d4 WTSGetActiveConsoleSessionId
0x4210d8 GetThreadPriority
0x4210dc DebugSetProcessKillOnExit
0x4210e0 GetModuleHandleA
0x4210e4 GetProcessShutdownParameters
0x4210e8 CancelTimerQueueTimer
0x4210ec RequestWakeupLatency
0x4210f0 WaitForDebugEvent
0x4210f4 ScrollConsoleScreenBufferA
0x4210f8 DuplicateHandle
0x4210fc OpenSemaphoreW
0x421100 ReleaseMutex
0x421104 LocalSize
0x421108 FindAtomW
0x42110c AddConsoleAliasA
0x421110 DebugBreak
0x421114 ReadConsoleOutputCharacterW
0x421118 CommConfigDialogW
0x42111c FlushFileBuffers
0x421120 DeleteFileA
0x421124 GetCommandLineA
0x421128 HeapSetInformation
0x42112c GetStartupInfoW
0x421130 LeaveCriticalSection
0x421134 EnterCriticalSection
0x421138 InitializeCriticalSectionAndSpinCount
0x42113c GetFileType
0x421140 WriteFile
0x421144 WideCharToMultiByte
0x421148 GetConsoleCP
0x42114c HeapValidate
0x421150 IsBadReadPtr
0x421154 EncodePointer
0x421158 DecodePointer
0x42115c IsProcessorFeaturePresent
0x421160 SetUnhandledExceptionFilter
0x421164 QueryPerformanceCounter
0x421168 GetCurrentThreadId
0x42116c GetCurrentProcessId
0x421170 GetSystemTimeAsFileTime
0x421174 InterlockedIncrement
0x421178 InterlockedDecrement
0x42117c GetModuleHandleW
0x421180 ExitProcess
0x421184 GetModuleFileNameA
0x421188 FreeEnvironmentStringsW
0x42118c GetEnvironmentStringsW
0x421190 SetHandleCount
0x421194 GetStdHandle
0x421198 DeleteCriticalSection
0x42119c TlsAlloc
0x4211a0 TlsGetValue
0x4211a4 TlsFree
0x4211a8 HeapCreate
0x4211ac GetModuleFileNameW
0x4211b0 TerminateProcess
0x4211b4 GetCurrentProcess
0x4211b8 UnhandledExceptionFilter
0x4211bc IsDebuggerPresent
0x4211c0 MultiByteToWideChar
0x4211c4 SetFilePointer
0x4211c8 RtlUnwind
0x4211cc HeapAlloc
0x4211d0 HeapReAlloc
0x4211d4 HeapSize
0x4211d8 HeapQueryInformation
0x4211dc HeapFree
0x4211e0 GetACP
0x4211e4 GetOEMCP
0x4211e8 GetCPInfo
0x4211ec IsValidCodePage
0x4211f0 RaiseException
0x4211f4 OutputDebugStringA
0x4211f8 OutputDebugStringW
0x4211fc CreateFileW
0x421200 CloseHandle
0x421204 GetStringTypeW
0x421208 LCMapStringW
USER32.dll
0x421210 GetAncestor
0x421214 GetListBoxInfo
EAT(Export Address Table) Library
0x41fd60 _CallPattern@8
0x41fd40 _futurama@4
0x41fd50 _go@4
0x41fd30 _hiduk@8
KERNEL32.dll
0x421000 EnumResourceNamesW
0x421004 SetVolumeLabelA
0x421008 GetFileSize
0x42100c GetDriveTypeW
0x421010 SetEndOfFile
0x421014 LoadResource
0x421018 ScrollConsoleScreenBufferW
0x42101c GetProfileSectionA
0x421020 WaitForSingleObject
0x421024 WriteConsoleInputA
0x421028 SetVolumeMountPointW
0x42102c FindFirstFileExW
0x421030 GetProcessPriorityBoost
0x421034 GetTickCount
0x421038 GetCurrentThread
0x42103c GetConsoleAliasesLengthA
0x421040 EnumTimeFormatsW
0x421044 SetCommState
0x421048 SetProcessPriorityBoost
0x42104c TlsSetValue
0x421050 FindResourceExA
0x421054 GetPrivateProfileIntA
0x421058 GetVolumeInformationA
0x42105c LoadLibraryW
0x421060 GetConsoleMode
0x421064 TerminateThread
0x421068 GetPrivateProfileStructW
0x42106c GetSystemPowerStatus
0x421070 GetFileAttributesA
0x421074 GlobalFlags
0x421078 SetConsoleCursorPosition
0x42107c WriteConsoleW
0x421080 WritePrivateProfileSectionW
0x421084 IsDBCSLeadByte
0x421088 GetTimeZoneInformation
0x42108c lstrlenW
0x421090 DeactivateActCtx
0x421094 CreateJobObjectA
0x421098 FillConsoleOutputCharacterW
0x42109c GetLastError
0x4210a0 SetLastError
0x4210a4 GetProcAddress
0x4210a8 SetStdHandle
0x4210ac SetComputerNameA
0x4210b0 OpenWaitableTimerA
0x4210b4 OpenThread
0x4210b8 OpenMutexA
0x4210bc LocalAlloc
0x4210c0 MoveFileA
0x4210c4 GetProfileStringA
0x4210c8 WriteProfileSectionW
0x4210cc AddAtomA
0x4210d0 GetPrivateProfileSectionNamesA
0x4210d4 WTSGetActiveConsoleSessionId
0x4210d8 GetThreadPriority
0x4210dc DebugSetProcessKillOnExit
0x4210e0 GetModuleHandleA
0x4210e4 GetProcessShutdownParameters
0x4210e8 CancelTimerQueueTimer
0x4210ec RequestWakeupLatency
0x4210f0 WaitForDebugEvent
0x4210f4 ScrollConsoleScreenBufferA
0x4210f8 DuplicateHandle
0x4210fc OpenSemaphoreW
0x421100 ReleaseMutex
0x421104 LocalSize
0x421108 FindAtomW
0x42110c AddConsoleAliasA
0x421110 DebugBreak
0x421114 ReadConsoleOutputCharacterW
0x421118 CommConfigDialogW
0x42111c FlushFileBuffers
0x421120 DeleteFileA
0x421124 GetCommandLineA
0x421128 HeapSetInformation
0x42112c GetStartupInfoW
0x421130 LeaveCriticalSection
0x421134 EnterCriticalSection
0x421138 InitializeCriticalSectionAndSpinCount
0x42113c GetFileType
0x421140 WriteFile
0x421144 WideCharToMultiByte
0x421148 GetConsoleCP
0x42114c HeapValidate
0x421150 IsBadReadPtr
0x421154 EncodePointer
0x421158 DecodePointer
0x42115c IsProcessorFeaturePresent
0x421160 SetUnhandledExceptionFilter
0x421164 QueryPerformanceCounter
0x421168 GetCurrentThreadId
0x42116c GetCurrentProcessId
0x421170 GetSystemTimeAsFileTime
0x421174 InterlockedIncrement
0x421178 InterlockedDecrement
0x42117c GetModuleHandleW
0x421180 ExitProcess
0x421184 GetModuleFileNameA
0x421188 FreeEnvironmentStringsW
0x42118c GetEnvironmentStringsW
0x421190 SetHandleCount
0x421194 GetStdHandle
0x421198 DeleteCriticalSection
0x42119c TlsAlloc
0x4211a0 TlsGetValue
0x4211a4 TlsFree
0x4211a8 HeapCreate
0x4211ac GetModuleFileNameW
0x4211b0 TerminateProcess
0x4211b4 GetCurrentProcess
0x4211b8 UnhandledExceptionFilter
0x4211bc IsDebuggerPresent
0x4211c0 MultiByteToWideChar
0x4211c4 SetFilePointer
0x4211c8 RtlUnwind
0x4211cc HeapAlloc
0x4211d0 HeapReAlloc
0x4211d4 HeapSize
0x4211d8 HeapQueryInformation
0x4211dc HeapFree
0x4211e0 GetACP
0x4211e4 GetOEMCP
0x4211e8 GetCPInfo
0x4211ec IsValidCodePage
0x4211f0 RaiseException
0x4211f4 OutputDebugStringA
0x4211f8 OutputDebugStringW
0x4211fc CreateFileW
0x421200 CloseHandle
0x421204 GetStringTypeW
0x421208 LCMapStringW
USER32.dll
0x421210 GetAncestor
0x421214 GetListBoxInfo
EAT(Export Address Table) Library
0x41fd60 _CallPattern@8
0x41fd40 _futurama@4
0x41fd50 _go@4
0x41fd30 _hiduk@8