ScreenShot
| Created | 2021.05.27 10:28 | Machine | s1_win7_x6401 |
| Filename | file21.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 40 detected (AIDetect, malware1, malicious, high confidence, GenericKDZ, Save, ZexaF, LqW@aKrg@GI, Kryptik, Eldorado, Attribute, HighConfidence, HLBA, Stop, PWSX, A + Troj, Androm, Emotet, Kovter, ai score=88, Azorult, score, Glupteba, R422595, BScope, Sabsik, Graftor, Unsafe, CLASSIC, Static AI, Malicious PE, Genetic, confidence, 100%) | ||
| md5 | f9003a4991f68b4b07e73ac1e89cf374 | ||
| sha256 | 7725783b9c6ee597f0b1017861d4adcc0470de26d10bfe1757145bd44776ea54 | ||
| ssdeep | 12288:jUdFkl4VCSgNDZ+QkXiTRL4Tlu3oYVolV2VJLCYyU3ZGPY:Ekv0QkyTRL4TlmtogJ5pGg | ||
| imphash | 928ce6a1c3ed4dc8c4db0816d5ad1440 | ||
| impfuzzy | 48:WzpdboechDolNJX1rd9KogDFqyYP6ycftBaCe/Sy+mxMA+D:Wr0ttolDX1JIog5qxPJcftoCe/SVmxg | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424000 FillConsoleOutputCharacterA
0x424004 WriteConsoleInputW
0x424008 SetFilePointer
0x42400c lstrlenA
0x424010 GetConsoleAliasesLengthW
0x424014 TlsGetValue
0x424018 CommConfigDialogA
0x42401c FindResourceExW
0x424020 FreeLibrary
0x424024 CallNamedPipeA
0x424028 LoadResource
0x42402c ScrollConsoleScreenBufferW
0x424030 WritePrivateProfileSectionA
0x424034 GlobalSize
0x424038 CreateJobObjectW
0x42403c GetProfileStringW
0x424040 WaitForSingleObject
0x424044 SignalObjectAndWait
0x424048 SetComputerNameW
0x42404c GetProcessPriorityBoost
0x424050 GetTickCount
0x424054 EnumTimeFormatsW
0x424058 GetDriveTypeA
0x42405c GlobalAlloc
0x424060 GetConsoleMode
0x424064 TerminateThread
0x424068 SizeofResource
0x42406c SetVolumeMountPointA
0x424070 GetVersionExW
0x424074 SetConsoleMode
0x424078 SetConsoleCursorPosition
0x42407c GetFileAttributesW
0x424080 SetTimeZoneInformation
0x424084 WriteConsoleW
0x424088 SetSystemPowerState
0x42408c ReadFile
0x424090 CompareStringW
0x424094 SetThreadPriority
0x424098 DeactivateActCtx
0x42409c VerifyVersionInfoW
0x4240a0 InterlockedExchange
0x4240a4 ReleaseActCtx
0x4240a8 GetFileSizeEx
0x4240ac GetStdHandle
0x4240b0 OpenMutexW
0x4240b4 FindFirstFileExA
0x4240b8 GetLastError
0x4240bc ReadConsoleOutputCharacterA
0x4240c0 GetProcAddress
0x4240c4 VirtualAlloc
0x4240c8 SetVolumeLabelW
0x4240cc MoveFileW
0x4240d0 SetStdHandle
0x4240d4 SetComputerNameA
0x4240d8 GetPrivateProfileStringA
0x4240dc ResetEvent
0x4240e0 LoadLibraryA
0x4240e4 ProcessIdToSessionId
0x4240e8 OpenWaitableTimerW
0x4240ec LocalAlloc
0x4240f0 DeleteTimerQueue
0x4240f4 IsSystemResumeAutomatic
0x4240f8 AddAtomW
0x4240fc WriteProfileSectionW
0x424100 FindAtomA
0x424104 GetPrivateProfileStructA
0x424108 WaitForMultipleObjects
0x42410c GetPrivateProfileSectionNamesA
0x424110 GetThreadPriority
0x424114 GetModuleHandleA
0x424118 DebugBreakProcess
0x42411c EnumResourceNamesA
0x424120 GetStringTypeW
0x424124 WaitForDebugEvent
0x424128 GetCurrentThreadId
0x42412c DuplicateHandle
0x424130 SetProcessShutdownParameters
0x424134 OpenSemaphoreW
0x424138 LocalSize
0x42413c AddConsoleAliasA
0x424140 DebugBreak
0x424144 FindActCtxSectionStringW
0x424148 GetProfileSectionW
0x42414c AreFileApisANSI
0x424150 GetVolumeInformationW
0x424154 InterlockedIncrement
0x424158 InterlockedDecrement
0x42415c DecodePointer
0x424160 GetModuleHandleW
0x424164 ExitProcess
0x424168 GetCommandLineW
0x42416c HeapSetInformation
0x424170 GetStartupInfoW
0x424174 EnterCriticalSection
0x424178 LeaveCriticalSection
0x42417c TerminateProcess
0x424180 GetCurrentProcess
0x424184 UnhandledExceptionFilter
0x424188 SetUnhandledExceptionFilter
0x42418c IsDebuggerPresent
0x424190 EncodePointer
0x424194 GetModuleFileNameW
0x424198 IsProcessorFeaturePresent
0x42419c HeapValidate
0x4241a0 IsBadReadPtr
0x4241a4 WriteFile
0x4241a8 GetACP
0x4241ac GetOEMCP
0x4241b0 GetCPInfo
0x4241b4 IsValidCodePage
0x4241b8 TlsAlloc
0x4241bc TlsSetValue
0x4241c0 TlsFree
0x4241c4 SetLastError
0x4241c8 InitializeCriticalSectionAndSpinCount
0x4241cc DeleteCriticalSection
0x4241d0 LoadLibraryW
0x4241d4 QueryPerformanceCounter
0x4241d8 GetCurrentProcessId
0x4241dc GetSystemTimeAsFileTime
0x4241e0 FreeEnvironmentStringsW
0x4241e4 GetEnvironmentStringsW
0x4241e8 SetHandleCount
0x4241ec GetFileType
0x4241f0 HeapCreate
0x4241f4 OutputDebugStringA
0x4241f8 OutputDebugStringW
0x4241fc RtlUnwind
0x424200 MultiByteToWideChar
0x424204 RaiseException
0x424208 HeapAlloc
0x42420c GetModuleFileNameA
0x424210 HeapReAlloc
0x424214 HeapSize
0x424218 HeapQueryInformation
0x42421c HeapFree
0x424220 WideCharToMultiByte
0x424224 LCMapStringW
0x424228 FlushFileBuffers
0x42422c GetConsoleCP
0x424230 CloseHandle
0x424234 CreateFileW
USER32.dll
0x42423c GetComboBoxInfo
0x424240 GetCursorInfo
EAT(Export Address Table) Library
0x422cb0 _go@4
0x422ca0 _regulmoto@4
KERNEL32.dll
0x424000 FillConsoleOutputCharacterA
0x424004 WriteConsoleInputW
0x424008 SetFilePointer
0x42400c lstrlenA
0x424010 GetConsoleAliasesLengthW
0x424014 TlsGetValue
0x424018 CommConfigDialogA
0x42401c FindResourceExW
0x424020 FreeLibrary
0x424024 CallNamedPipeA
0x424028 LoadResource
0x42402c ScrollConsoleScreenBufferW
0x424030 WritePrivateProfileSectionA
0x424034 GlobalSize
0x424038 CreateJobObjectW
0x42403c GetProfileStringW
0x424040 WaitForSingleObject
0x424044 SignalObjectAndWait
0x424048 SetComputerNameW
0x42404c GetProcessPriorityBoost
0x424050 GetTickCount
0x424054 EnumTimeFormatsW
0x424058 GetDriveTypeA
0x42405c GlobalAlloc
0x424060 GetConsoleMode
0x424064 TerminateThread
0x424068 SizeofResource
0x42406c SetVolumeMountPointA
0x424070 GetVersionExW
0x424074 SetConsoleMode
0x424078 SetConsoleCursorPosition
0x42407c GetFileAttributesW
0x424080 SetTimeZoneInformation
0x424084 WriteConsoleW
0x424088 SetSystemPowerState
0x42408c ReadFile
0x424090 CompareStringW
0x424094 SetThreadPriority
0x424098 DeactivateActCtx
0x42409c VerifyVersionInfoW
0x4240a0 InterlockedExchange
0x4240a4 ReleaseActCtx
0x4240a8 GetFileSizeEx
0x4240ac GetStdHandle
0x4240b0 OpenMutexW
0x4240b4 FindFirstFileExA
0x4240b8 GetLastError
0x4240bc ReadConsoleOutputCharacterA
0x4240c0 GetProcAddress
0x4240c4 VirtualAlloc
0x4240c8 SetVolumeLabelW
0x4240cc MoveFileW
0x4240d0 SetStdHandle
0x4240d4 SetComputerNameA
0x4240d8 GetPrivateProfileStringA
0x4240dc ResetEvent
0x4240e0 LoadLibraryA
0x4240e4 ProcessIdToSessionId
0x4240e8 OpenWaitableTimerW
0x4240ec LocalAlloc
0x4240f0 DeleteTimerQueue
0x4240f4 IsSystemResumeAutomatic
0x4240f8 AddAtomW
0x4240fc WriteProfileSectionW
0x424100 FindAtomA
0x424104 GetPrivateProfileStructA
0x424108 WaitForMultipleObjects
0x42410c GetPrivateProfileSectionNamesA
0x424110 GetThreadPriority
0x424114 GetModuleHandleA
0x424118 DebugBreakProcess
0x42411c EnumResourceNamesA
0x424120 GetStringTypeW
0x424124 WaitForDebugEvent
0x424128 GetCurrentThreadId
0x42412c DuplicateHandle
0x424130 SetProcessShutdownParameters
0x424134 OpenSemaphoreW
0x424138 LocalSize
0x42413c AddConsoleAliasA
0x424140 DebugBreak
0x424144 FindActCtxSectionStringW
0x424148 GetProfileSectionW
0x42414c AreFileApisANSI
0x424150 GetVolumeInformationW
0x424154 InterlockedIncrement
0x424158 InterlockedDecrement
0x42415c DecodePointer
0x424160 GetModuleHandleW
0x424164 ExitProcess
0x424168 GetCommandLineW
0x42416c HeapSetInformation
0x424170 GetStartupInfoW
0x424174 EnterCriticalSection
0x424178 LeaveCriticalSection
0x42417c TerminateProcess
0x424180 GetCurrentProcess
0x424184 UnhandledExceptionFilter
0x424188 SetUnhandledExceptionFilter
0x42418c IsDebuggerPresent
0x424190 EncodePointer
0x424194 GetModuleFileNameW
0x424198 IsProcessorFeaturePresent
0x42419c HeapValidate
0x4241a0 IsBadReadPtr
0x4241a4 WriteFile
0x4241a8 GetACP
0x4241ac GetOEMCP
0x4241b0 GetCPInfo
0x4241b4 IsValidCodePage
0x4241b8 TlsAlloc
0x4241bc TlsSetValue
0x4241c0 TlsFree
0x4241c4 SetLastError
0x4241c8 InitializeCriticalSectionAndSpinCount
0x4241cc DeleteCriticalSection
0x4241d0 LoadLibraryW
0x4241d4 QueryPerformanceCounter
0x4241d8 GetCurrentProcessId
0x4241dc GetSystemTimeAsFileTime
0x4241e0 FreeEnvironmentStringsW
0x4241e4 GetEnvironmentStringsW
0x4241e8 SetHandleCount
0x4241ec GetFileType
0x4241f0 HeapCreate
0x4241f4 OutputDebugStringA
0x4241f8 OutputDebugStringW
0x4241fc RtlUnwind
0x424200 MultiByteToWideChar
0x424204 RaiseException
0x424208 HeapAlloc
0x42420c GetModuleFileNameA
0x424210 HeapReAlloc
0x424214 HeapSize
0x424218 HeapQueryInformation
0x42421c HeapFree
0x424220 WideCharToMultiByte
0x424224 LCMapStringW
0x424228 FlushFileBuffers
0x42422c GetConsoleCP
0x424230 CloseHandle
0x424234 CreateFileW
USER32.dll
0x42423c GetComboBoxInfo
0x424240 GetCursorInfo
EAT(Export Address Table) Library
0x422cb0 _go@4
0x422ca0 _regulmoto@4