ScreenShot
| Created | 2021.05.25 10:00 | Machine | s1_win7_x6402 |
| Filename | svch.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 37 detected (AIDetect, malware2, malicious, high confidence, GenericKDZ, Artemis, Save, confidence, 100%, Attribute, HighConfidence, Kryptik, HLAB, Tofsee, FileRepMalware, Auto, R + Mal, GandCrypt, Static AI, Malicious PE, FormBook, BU8ONU, Unsafe, Score, ai score=82, Convagent, Azorult, MalPE, R422236, R002H0CEO21, CLOUD, Nymaim, HLAA, ZexaF, zuX@aOqWEWx) | ||
| md5 | 13023b4453e98378bf05047bd0bbb9f8 | ||
| sha256 | 36b5ddc5914b203b4213ad5cc15cc498ad16691d84fb239220331fc83503e76d | ||
| ssdeep | 6144:MKL0e5f1XMELk0YVYISuhA9VxoFVGMZud83+xcb88O5lDNNq992XsTRV:MKL0e5f1XxTYVdNA9/If6xllNc/2XsL | ||
| imphash | 40bba328aeeb86af0602a23d2610bb0c | ||
| impfuzzy | 48:jSMpgcO1WprIOY3J8a1eeM9FmFxabhX8uAK9SBcBRpRBg:jSMFnprze5MvHbhX8uAQSBcBRpQ | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x421000 GetPrivateProfileSectionNamesW
0x421004 EnumResourceNamesW
0x421008 SetVolumeLabelA
0x42100c GetFileSize
0x421010 lstrlenA
0x421014 GetDriveTypeW
0x421018 SetEndOfFile
0x42101c LoadResource
0x421020 ScrollConsoleScreenBufferW
0x421024 GlobalSize
0x421028 GetProfileSectionA
0x42102c WaitForSingleObject
0x421030 WriteConsoleInputA
0x421034 SignalObjectAndWait
0x421038 AddConsoleAliasW
0x42103c SetVolumeMountPointW
0x421040 FindFirstFileExW
0x421044 GetProcessPriorityBoost
0x421048 GetTickCount
0x42104c GetCurrentThread
0x421050 GetConsoleAliasesLengthA
0x421054 GetPrivateProfileStringW
0x421058 EnumTimeFormatsW
0x42105c GetUserDefaultLangID
0x421060 SetCommState
0x421064 SetProcessPriorityBoost
0x421068 TlsSetValue
0x42106c FindResourceExA
0x421070 GetVolumeInformationA
0x421074 LoadLibraryW
0x421078 GetConsoleMode
0x42107c TerminateThread
0x421080 GetPrivateProfileStructW
0x421084 GetSystemPowerStatus
0x421088 GetFileAttributesA
0x42108c SetConsoleCursorPosition
0x421090 WriteConsoleW
0x421094 WritePrivateProfileSectionW
0x421098 IsDBCSLeadByte
0x42109c GetTimeZoneInformation
0x4210a0 DeactivateActCtx
0x4210a4 CreateJobObjectA
0x4210a8 FillConsoleOutputCharacterW
0x4210ac GetLastError
0x4210b0 SetLastError
0x4210b4 GetProcAddress
0x4210b8 WriteProfileSectionA
0x4210bc SetStdHandle
0x4210c0 SetComputerNameA
0x4210c4 OpenWaitableTimerA
0x4210c8 OpenThread
0x4210cc OpenMutexA
0x4210d0 LocalAlloc
0x4210d4 DeleteTimerQueue
0x4210d8 MoveFileA
0x4210dc GetProfileStringA
0x4210e0 AddAtomA
0x4210e4 WaitForMultipleObjects
0x4210e8 WTSGetActiveConsoleSessionId
0x4210ec GetThreadPriority
0x4210f0 DebugSetProcessKillOnExit
0x4210f4 GetModuleHandleA
0x4210f8 RequestWakeupLatency
0x4210fc WaitForDebugEvent
0x421100 ScrollConsoleScreenBufferA
0x421104 DuplicateHandle
0x421108 SetProcessShutdownParameters
0x42110c OpenSemaphoreW
0x421110 ReleaseMutex
0x421114 LocalSize
0x421118 FindAtomW
0x42111c DebugBreak
0x421120 ReadConsoleOutputCharacterW
0x421124 CommConfigDialogW
0x421128 CloseHandle
0x42112c CreateFileW
0x421130 GetCommandLineA
0x421134 HeapSetInformation
0x421138 GetStartupInfoW
0x42113c EncodePointer
0x421140 DecodePointer
0x421144 IsProcessorFeaturePresent
0x421148 HeapValidate
0x42114c IsBadReadPtr
0x421150 SetUnhandledExceptionFilter
0x421154 QueryPerformanceCounter
0x421158 GetCurrentThreadId
0x42115c GetCurrentProcessId
0x421160 GetSystemTimeAsFileTime
0x421164 InterlockedIncrement
0x421168 InterlockedDecrement
0x42116c GetModuleHandleW
0x421170 ExitProcess
0x421174 GetModuleFileNameA
0x421178 FreeEnvironmentStringsW
0x42117c WideCharToMultiByte
0x421180 GetEnvironmentStringsW
0x421184 SetHandleCount
0x421188 GetStdHandle
0x42118c InitializeCriticalSectionAndSpinCount
0x421190 GetFileType
0x421194 DeleteCriticalSection
0x421198 TlsAlloc
0x42119c TlsGetValue
0x4211a0 TlsFree
0x4211a4 HeapCreate
0x4211a8 GetModuleFileNameW
0x4211ac WriteFile
0x4211b0 RaiseException
0x4211b4 EnterCriticalSection
0x4211b8 LeaveCriticalSection
0x4211bc HeapAlloc
0x4211c0 HeapReAlloc
0x4211c4 HeapSize
0x4211c8 HeapQueryInformation
0x4211cc TerminateProcess
0x4211d0 GetCurrentProcess
0x4211d4 UnhandledExceptionFilter
0x4211d8 IsDebuggerPresent
0x4211dc HeapFree
0x4211e0 GetACP
0x4211e4 GetOEMCP
0x4211e8 GetCPInfo
0x4211ec IsValidCodePage
0x4211f0 RtlUnwind
0x4211f4 OutputDebugStringA
0x4211f8 OutputDebugStringW
0x4211fc LCMapStringW
0x421200 MultiByteToWideChar
0x421204 GetStringTypeW
0x421208 SetFilePointer
0x42120c GetConsoleCP
0x421210 FlushFileBuffers
USER32.dll
0x421218 GetMessageTime
0x42121c GetListBoxInfo
EAT(Export Address Table) Library
0x41f0d0 _CallPattern@8
0x41f0b0 _futurama@4
0x41f0c0 _go@4
0x41f0a0 _hiduk@8
KERNEL32.dll
0x421000 GetPrivateProfileSectionNamesW
0x421004 EnumResourceNamesW
0x421008 SetVolumeLabelA
0x42100c GetFileSize
0x421010 lstrlenA
0x421014 GetDriveTypeW
0x421018 SetEndOfFile
0x42101c LoadResource
0x421020 ScrollConsoleScreenBufferW
0x421024 GlobalSize
0x421028 GetProfileSectionA
0x42102c WaitForSingleObject
0x421030 WriteConsoleInputA
0x421034 SignalObjectAndWait
0x421038 AddConsoleAliasW
0x42103c SetVolumeMountPointW
0x421040 FindFirstFileExW
0x421044 GetProcessPriorityBoost
0x421048 GetTickCount
0x42104c GetCurrentThread
0x421050 GetConsoleAliasesLengthA
0x421054 GetPrivateProfileStringW
0x421058 EnumTimeFormatsW
0x42105c GetUserDefaultLangID
0x421060 SetCommState
0x421064 SetProcessPriorityBoost
0x421068 TlsSetValue
0x42106c FindResourceExA
0x421070 GetVolumeInformationA
0x421074 LoadLibraryW
0x421078 GetConsoleMode
0x42107c TerminateThread
0x421080 GetPrivateProfileStructW
0x421084 GetSystemPowerStatus
0x421088 GetFileAttributesA
0x42108c SetConsoleCursorPosition
0x421090 WriteConsoleW
0x421094 WritePrivateProfileSectionW
0x421098 IsDBCSLeadByte
0x42109c GetTimeZoneInformation
0x4210a0 DeactivateActCtx
0x4210a4 CreateJobObjectA
0x4210a8 FillConsoleOutputCharacterW
0x4210ac GetLastError
0x4210b0 SetLastError
0x4210b4 GetProcAddress
0x4210b8 WriteProfileSectionA
0x4210bc SetStdHandle
0x4210c0 SetComputerNameA
0x4210c4 OpenWaitableTimerA
0x4210c8 OpenThread
0x4210cc OpenMutexA
0x4210d0 LocalAlloc
0x4210d4 DeleteTimerQueue
0x4210d8 MoveFileA
0x4210dc GetProfileStringA
0x4210e0 AddAtomA
0x4210e4 WaitForMultipleObjects
0x4210e8 WTSGetActiveConsoleSessionId
0x4210ec GetThreadPriority
0x4210f0 DebugSetProcessKillOnExit
0x4210f4 GetModuleHandleA
0x4210f8 RequestWakeupLatency
0x4210fc WaitForDebugEvent
0x421100 ScrollConsoleScreenBufferA
0x421104 DuplicateHandle
0x421108 SetProcessShutdownParameters
0x42110c OpenSemaphoreW
0x421110 ReleaseMutex
0x421114 LocalSize
0x421118 FindAtomW
0x42111c DebugBreak
0x421120 ReadConsoleOutputCharacterW
0x421124 CommConfigDialogW
0x421128 CloseHandle
0x42112c CreateFileW
0x421130 GetCommandLineA
0x421134 HeapSetInformation
0x421138 GetStartupInfoW
0x42113c EncodePointer
0x421140 DecodePointer
0x421144 IsProcessorFeaturePresent
0x421148 HeapValidate
0x42114c IsBadReadPtr
0x421150 SetUnhandledExceptionFilter
0x421154 QueryPerformanceCounter
0x421158 GetCurrentThreadId
0x42115c GetCurrentProcessId
0x421160 GetSystemTimeAsFileTime
0x421164 InterlockedIncrement
0x421168 InterlockedDecrement
0x42116c GetModuleHandleW
0x421170 ExitProcess
0x421174 GetModuleFileNameA
0x421178 FreeEnvironmentStringsW
0x42117c WideCharToMultiByte
0x421180 GetEnvironmentStringsW
0x421184 SetHandleCount
0x421188 GetStdHandle
0x42118c InitializeCriticalSectionAndSpinCount
0x421190 GetFileType
0x421194 DeleteCriticalSection
0x421198 TlsAlloc
0x42119c TlsGetValue
0x4211a0 TlsFree
0x4211a4 HeapCreate
0x4211a8 GetModuleFileNameW
0x4211ac WriteFile
0x4211b0 RaiseException
0x4211b4 EnterCriticalSection
0x4211b8 LeaveCriticalSection
0x4211bc HeapAlloc
0x4211c0 HeapReAlloc
0x4211c4 HeapSize
0x4211c8 HeapQueryInformation
0x4211cc TerminateProcess
0x4211d0 GetCurrentProcess
0x4211d4 UnhandledExceptionFilter
0x4211d8 IsDebuggerPresent
0x4211dc HeapFree
0x4211e0 GetACP
0x4211e4 GetOEMCP
0x4211e8 GetCPInfo
0x4211ec IsValidCodePage
0x4211f0 RtlUnwind
0x4211f4 OutputDebugStringA
0x4211f8 OutputDebugStringW
0x4211fc LCMapStringW
0x421200 MultiByteToWideChar
0x421204 GetStringTypeW
0x421208 SetFilePointer
0x42120c GetConsoleCP
0x421210 FlushFileBuffers
USER32.dll
0x421218 GetMessageTime
0x42121c GetListBoxInfo
EAT(Export Address Table) Library
0x41f0d0 _CallPattern@8
0x41f0b0 _futurama@4
0x41f0c0 _go@4
0x41f0a0 _hiduk@8