ScreenShot
Created | 2021.05.25 18:09 | Machine | s1_win7_x6402 |
Filename | phantom.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 23 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, ZexaF, KqW@aisgI@M, Attribute, HighConfidence, Emotet, A + Mal, GandCrypt, Kovter, Glupteba, score, BScope, Sabsik, Kryptik, CLASSIC, Static AI, Malicious PE, susgen, confidence, 100%) | ||
md5 | 2e2c59afbb7175fbafabe95d0d2730a4 | ||
sha256 | c973d3fe22ac9f3b3f25cb6acb6720befc1ba3e07c2dea9cdd676f732fedfec1 | ||
ssdeep | 12288:V/q+VazoXawCCSYneHTJ4sCqHX3uB7LM8f1UuDHY5xM4XiFBmdW:VZV/asSu0TJ4+0nfLDHsxhX9Y | ||
imphash | 1b2eb0959f4570acd48df61d115e8278 | ||
impfuzzy | 48:GzpFVoecyDDokNJX1Jdrtl39F8XYrycAtBavSuWK9nl4fABD:GXOtYokDX1TJl3v8I+cAtovSuWQnl4i |
Network IP location
Signature (7cnts)
Level | Description |
---|---|
warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
watch | Communicates with host for which no DNS query was performed |
watch | Tries to unhook Windows functions monitored by Cuckoo |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | One or more processes crashed |
info | This executable has a PDB path |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424000 PulseEvent
0x424004 FillConsoleOutputCharacterA
0x424008 GetPrivateProfileSectionNamesW
0x42400c SetVolumeLabelA
0x424010 GetFileSize
0x424014 WriteConsoleInputW
0x424018 lstrlenA
0x42401c GetConsoleAliasesLengthW
0x424020 TlsGetValue
0x424024 CommConfigDialogA
0x424028 SetEndOfFile
0x42402c FindResourceExW
0x424030 FreeLibrary
0x424034 LoadResource
0x424038 ScrollConsoleScreenBufferW
0x42403c WritePrivateProfileSectionA
0x424040 GlobalSize
0x424044 CreateJobObjectW
0x424048 GetProfileStringW
0x42404c WaitForSingleObject
0x424050 SignalObjectAndWait
0x424054 SetComputerNameW
0x424058 OpenSemaphoreA
0x42405c CallNamedPipeW
0x424060 GetProcessPriorityBoost
0x424064 GetTickCount
0x424068 EnumTimeFormatsW
0x42406c GetDriveTypeA
0x424070 GlobalAlloc
0x424074 GetConsoleMode
0x424078 TerminateThread
0x42407c SetVolumeMountPointA
0x424080 GetVersionExW
0x424084 SetConsoleCursorPosition
0x424088 GetFileAttributesW
0x42408c SetTimeZoneInformation
0x424090 VerifyVersionInfoA
0x424094 SetSystemPowerState
0x424098 ReadFile
0x42409c CompareStringW
0x4240a0 SetThreadPriority
0x4240a4 DeactivateActCtx
0x4240a8 InterlockedExchange
0x4240ac ReleaseActCtx
0x4240b0 GetStdHandle
0x4240b4 OpenMutexW
0x4240b8 FindFirstFileExA
0x4240bc GetLastError
0x4240c0 SetLastError
0x4240c4 ReadConsoleOutputCharacterA
0x4240c8 GetProcAddress
0x4240cc VirtualAlloc
0x4240d0 MoveFileW
0x4240d4 SetStdHandle
0x4240d8 SetComputerNameA
0x4240dc GetPrivateProfileStringA
0x4240e0 LoadLibraryA
0x4240e4 WriteConsoleA
0x4240e8 OpenWaitableTimerW
0x4240ec LocalAlloc
0x4240f0 DeleteTimerQueue
0x4240f4 IsSystemResumeAutomatic
0x4240f8 WriteProfileSectionW
0x4240fc AddAtomA
0x424100 FindAtomA
0x424104 GetPrivateProfileStructA
0x424108 WaitForMultipleObjects
0x42410c WTSGetActiveConsoleSessionId
0x424110 GetThreadPriority
0x424114 DebugSetProcessKillOnExit
0x424118 GetModuleHandleA
0x42411c EnumResourceNamesA
0x424120 GetStringTypeW
0x424124 WaitForDebugEvent
0x424128 GetCurrentThreadId
0x42412c DuplicateHandle
0x424130 SetProcessShutdownParameters
0x424134 LocalSize
0x424138 AddConsoleAliasA
0x42413c DebugBreak
0x424140 FindActCtxSectionStringW
0x424144 GetProfileSectionW
0x424148 AreFileApisANSI
0x42414c GetVolumeInformationW
0x424150 GetCommandLineW
0x424154 HeapSetInformation
0x424158 GetStartupInfoW
0x42415c EnterCriticalSection
0x424160 LeaveCriticalSection
0x424164 DecodePointer
0x424168 TerminateProcess
0x42416c GetCurrentProcess
0x424170 UnhandledExceptionFilter
0x424174 SetUnhandledExceptionFilter
0x424178 IsDebuggerPresent
0x42417c EncodePointer
0x424180 GetModuleFileNameW
0x424184 IsProcessorFeaturePresent
0x424188 HeapValidate
0x42418c IsBadReadPtr
0x424190 QueryPerformanceCounter
0x424194 GetCurrentProcessId
0x424198 GetSystemTimeAsFileTime
0x42419c InterlockedIncrement
0x4241a0 InterlockedDecrement
0x4241a4 GetModuleHandleW
0x4241a8 ExitProcess
0x4241ac FreeEnvironmentStringsW
0x4241b0 GetEnvironmentStringsW
0x4241b4 SetHandleCount
0x4241b8 InitializeCriticalSectionAndSpinCount
0x4241bc GetFileType
0x4241c0 DeleteCriticalSection
0x4241c4 TlsAlloc
0x4241c8 TlsSetValue
0x4241cc TlsFree
0x4241d0 HeapCreate
0x4241d4 WriteFile
0x4241d8 OutputDebugStringA
0x4241dc WriteConsoleW
0x4241e0 OutputDebugStringW
0x4241e4 LoadLibraryW
0x4241e8 RtlUnwind
0x4241ec MultiByteToWideChar
0x4241f0 GetACP
0x4241f4 GetOEMCP
0x4241f8 GetCPInfo
0x4241fc IsValidCodePage
0x424200 RaiseException
0x424204 HeapAlloc
0x424208 GetModuleFileNameA
0x42420c HeapReAlloc
0x424210 HeapSize
0x424214 HeapQueryInformation
0x424218 HeapFree
0x42421c FlushFileBuffers
0x424220 WideCharToMultiByte
0x424224 GetConsoleCP
0x424228 LCMapStringW
0x42422c CloseHandle
0x424230 SetFilePointer
0x424234 CreateFileW
USER32.dll
0x42423c GetMessageTime
0x424240 GetCursorInfo
EAT(Export Address Table) Library
0x422dc0 _go@4
0x422da0 _hockey@4
0x422db0 _regulmoto@4
KERNEL32.dll
0x424000 PulseEvent
0x424004 FillConsoleOutputCharacterA
0x424008 GetPrivateProfileSectionNamesW
0x42400c SetVolumeLabelA
0x424010 GetFileSize
0x424014 WriteConsoleInputW
0x424018 lstrlenA
0x42401c GetConsoleAliasesLengthW
0x424020 TlsGetValue
0x424024 CommConfigDialogA
0x424028 SetEndOfFile
0x42402c FindResourceExW
0x424030 FreeLibrary
0x424034 LoadResource
0x424038 ScrollConsoleScreenBufferW
0x42403c WritePrivateProfileSectionA
0x424040 GlobalSize
0x424044 CreateJobObjectW
0x424048 GetProfileStringW
0x42404c WaitForSingleObject
0x424050 SignalObjectAndWait
0x424054 SetComputerNameW
0x424058 OpenSemaphoreA
0x42405c CallNamedPipeW
0x424060 GetProcessPriorityBoost
0x424064 GetTickCount
0x424068 EnumTimeFormatsW
0x42406c GetDriveTypeA
0x424070 GlobalAlloc
0x424074 GetConsoleMode
0x424078 TerminateThread
0x42407c SetVolumeMountPointA
0x424080 GetVersionExW
0x424084 SetConsoleCursorPosition
0x424088 GetFileAttributesW
0x42408c SetTimeZoneInformation
0x424090 VerifyVersionInfoA
0x424094 SetSystemPowerState
0x424098 ReadFile
0x42409c CompareStringW
0x4240a0 SetThreadPriority
0x4240a4 DeactivateActCtx
0x4240a8 InterlockedExchange
0x4240ac ReleaseActCtx
0x4240b0 GetStdHandle
0x4240b4 OpenMutexW
0x4240b8 FindFirstFileExA
0x4240bc GetLastError
0x4240c0 SetLastError
0x4240c4 ReadConsoleOutputCharacterA
0x4240c8 GetProcAddress
0x4240cc VirtualAlloc
0x4240d0 MoveFileW
0x4240d4 SetStdHandle
0x4240d8 SetComputerNameA
0x4240dc GetPrivateProfileStringA
0x4240e0 LoadLibraryA
0x4240e4 WriteConsoleA
0x4240e8 OpenWaitableTimerW
0x4240ec LocalAlloc
0x4240f0 DeleteTimerQueue
0x4240f4 IsSystemResumeAutomatic
0x4240f8 WriteProfileSectionW
0x4240fc AddAtomA
0x424100 FindAtomA
0x424104 GetPrivateProfileStructA
0x424108 WaitForMultipleObjects
0x42410c WTSGetActiveConsoleSessionId
0x424110 GetThreadPriority
0x424114 DebugSetProcessKillOnExit
0x424118 GetModuleHandleA
0x42411c EnumResourceNamesA
0x424120 GetStringTypeW
0x424124 WaitForDebugEvent
0x424128 GetCurrentThreadId
0x42412c DuplicateHandle
0x424130 SetProcessShutdownParameters
0x424134 LocalSize
0x424138 AddConsoleAliasA
0x42413c DebugBreak
0x424140 FindActCtxSectionStringW
0x424144 GetProfileSectionW
0x424148 AreFileApisANSI
0x42414c GetVolumeInformationW
0x424150 GetCommandLineW
0x424154 HeapSetInformation
0x424158 GetStartupInfoW
0x42415c EnterCriticalSection
0x424160 LeaveCriticalSection
0x424164 DecodePointer
0x424168 TerminateProcess
0x42416c GetCurrentProcess
0x424170 UnhandledExceptionFilter
0x424174 SetUnhandledExceptionFilter
0x424178 IsDebuggerPresent
0x42417c EncodePointer
0x424180 GetModuleFileNameW
0x424184 IsProcessorFeaturePresent
0x424188 HeapValidate
0x42418c IsBadReadPtr
0x424190 QueryPerformanceCounter
0x424194 GetCurrentProcessId
0x424198 GetSystemTimeAsFileTime
0x42419c InterlockedIncrement
0x4241a0 InterlockedDecrement
0x4241a4 GetModuleHandleW
0x4241a8 ExitProcess
0x4241ac FreeEnvironmentStringsW
0x4241b0 GetEnvironmentStringsW
0x4241b4 SetHandleCount
0x4241b8 InitializeCriticalSectionAndSpinCount
0x4241bc GetFileType
0x4241c0 DeleteCriticalSection
0x4241c4 TlsAlloc
0x4241c8 TlsSetValue
0x4241cc TlsFree
0x4241d0 HeapCreate
0x4241d4 WriteFile
0x4241d8 OutputDebugStringA
0x4241dc WriteConsoleW
0x4241e0 OutputDebugStringW
0x4241e4 LoadLibraryW
0x4241e8 RtlUnwind
0x4241ec MultiByteToWideChar
0x4241f0 GetACP
0x4241f4 GetOEMCP
0x4241f8 GetCPInfo
0x4241fc IsValidCodePage
0x424200 RaiseException
0x424204 HeapAlloc
0x424208 GetModuleFileNameA
0x42420c HeapReAlloc
0x424210 HeapSize
0x424214 HeapQueryInformation
0x424218 HeapFree
0x42421c FlushFileBuffers
0x424220 WideCharToMultiByte
0x424224 GetConsoleCP
0x424228 LCMapStringW
0x42422c CloseHandle
0x424230 SetFilePointer
0x424234 CreateFileW
USER32.dll
0x42423c GetMessageTime
0x424240 GetCursorInfo
EAT(Export Address Table) Library
0x422dc0 _go@4
0x422da0 _hockey@4
0x422db0 _regulmoto@4