ScreenShot
| Created | 2021.05.27 17:41 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetect, malware1, malicious, high confidence, Artemis, Unsafe, Save, confidence, 100%, Telebot, Eldorado, FileRepMalware, score, Static AI, Malicious PE, Glupteba, ZexaF, TqW@ae5JBCiG, BScope, ET#76%, RDMK, cmRtazrLalLMg3X+3d39SX+THf+L, susgen) | ||
| md5 | 7a2f5bc93c259322c16e5a94f7139031 | ||
| sha256 | e5dae08e748e408a4a256bd0c5d216281596a20399ea0127ac35b1661248b3ea | ||
| ssdeep | 12288:ARMTHCo1KlqQcZUgix5ieKimzvRP9pVgIae6wJTCjMFMt9qIzT7Y8A/5+Cwr4:LTYluWO5igf3gIjQjL8/0n | ||
| imphash | 556bc424bd608c9e064a122699e67eca | ||
| impfuzzy | 48:8GTn2o6X2CJX11dlXQJAA69HPVO76Eauefc9tfSXvGl9BY:TPerX1XlX06lV0yuefc9tfS/Gl8 | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x422000 GetComputerNameA
0x422004 EnumResourceNamesW
0x422008 GetThreadIOPendingFlag
0x42200c SetPriorityClass
0x422010 lstrlenA
0x422014 TlsGetValue
0x422018 CommConfigDialogA
0x42201c DebugActiveProcessStop
0x422020 CallNamedPipeA
0x422024 LoadResource
0x422028 ZombifyActCtx
0x42202c ScrollConsoleScreenBufferW
0x422030 WritePrivateProfileSectionA
0x422034 GlobalSize
0x422038 CreateJobObjectW
0x42203c SetHandleInformation
0x422040 WaitForSingleObject
0x422044 WriteConsoleInputA
0x422048 SetComputerNameW
0x42204c AddConsoleAliasW
0x422050 SetVolumeMountPointW
0x422054 GetTickCount
0x422058 GetConsoleAliasesLengthA
0x42205c GetWindowsDirectoryA
0x422060 EnumTimeFormatsA
0x422064 FindResourceExA
0x422068 GlobalAlloc
0x42206c GetVolumeInformationA
0x422070 GetConsoleMode
0x422074 ReadConsoleInputA
0x422078 GetPrivateProfileStructW
0x42207c SizeofResource
0x422080 DnsHostnameToComputerNameW
0x422084 SetConsoleMode
0x422088 SetConsoleCursorPosition
0x42208c GetFileAttributesW
0x422090 LocalReAlloc
0x422094 WriteConsoleW
0x422098 IsDBCSLeadByte
0x42209c ReadFile
0x4220a0 CompareStringW
0x4220a4 SetThreadPriority
0x4220a8 SetConsoleTitleA
0x4220ac DeactivateActCtx
0x4220b0 VerifyVersionInfoW
0x4220b4 InterlockedExchange
0x4220b8 GetFileSizeEx
0x4220bc SetThreadLocale
0x4220c0 GetStdHandle
0x4220c4 FillConsoleOutputCharacterW
0x4220c8 FindFirstFileExA
0x4220cc GetLastError
0x4220d0 SetLastError
0x4220d4 ReadConsoleOutputCharacterA
0x4220d8 GetProcAddress
0x4220dc VirtualAlloc
0x4220e0 WriteProfileSectionA
0x4220e4 SetStdHandle
0x4220e8 SetFileApisToOEM
0x4220ec LoadLibraryA
0x4220f0 OpenMutexA
0x4220f4 ProcessIdToSessionId
0x4220f8 MoveFileA
0x4220fc AddAtomW
0x422100 SetCurrentDirectoryW
0x422104 SetFileApisToANSI
0x422108 GetPrivateProfileSectionNamesA
0x42210c GetProcessShutdownParameters
0x422110 DebugBreakProcess
0x422114 BuildCommDCBA
0x422118 WaitForDebugEvent
0x42211c ScrollConsoleScreenBufferA
0x422120 GetCurrentThreadId
0x422124 OpenSemaphoreW
0x422128 GetVersionExA
0x42212c LocalSize
0x422130 FindAtomW
0x422134 FindActCtxSectionStringW
0x422138 CloseHandle
0x42213c CreateFileW
0x422140 DeleteFileA
0x422144 InterlockedIncrement
0x422148 InterlockedDecrement
0x42214c DecodePointer
0x422150 GetModuleHandleW
0x422154 ExitProcess
0x422158 GetCommandLineA
0x42215c HeapSetInformation
0x422160 GetStartupInfoW
0x422164 EncodePointer
0x422168 IsProcessorFeaturePresent
0x42216c HeapValidate
0x422170 IsBadReadPtr
0x422174 GetModuleFileNameW
0x422178 WriteFile
0x42217c GetACP
0x422180 GetOEMCP
0x422184 GetCPInfo
0x422188 IsValidCodePage
0x42218c TlsAlloc
0x422190 TlsSetValue
0x422194 TlsFree
0x422198 InitializeCriticalSectionAndSpinCount
0x42219c DeleteCriticalSection
0x4221a0 EnterCriticalSection
0x4221a4 LeaveCriticalSection
0x4221a8 LoadLibraryW
0x4221ac TerminateProcess
0x4221b0 GetCurrentProcess
0x4221b4 UnhandledExceptionFilter
0x4221b8 SetUnhandledExceptionFilter
0x4221bc IsDebuggerPresent
0x4221c0 QueryPerformanceCounter
0x4221c4 GetCurrentProcessId
0x4221c8 GetSystemTimeAsFileTime
0x4221cc GetModuleFileNameA
0x4221d0 FreeEnvironmentStringsW
0x4221d4 WideCharToMultiByte
0x4221d8 GetEnvironmentStringsW
0x4221dc SetHandleCount
0x4221e0 GetFileType
0x4221e4 HeapCreate
0x4221e8 RaiseException
0x4221ec HeapAlloc
0x4221f0 HeapReAlloc
0x4221f4 HeapSize
0x4221f8 HeapQueryInformation
0x4221fc HeapFree
0x422200 RtlUnwind
0x422204 LCMapStringW
0x422208 MultiByteToWideChar
0x42220c GetStringTypeW
0x422210 OutputDebugStringA
0x422214 OutputDebugStringW
0x422218 SetFilePointer
0x42221c GetConsoleCP
0x422220 FlushFileBuffers
USER32.dll
0x422228 GetMessageTime
0x42222c GetMenuInfo
EAT(Export Address Table) Library
0x41faf0 _get@12
KERNEL32.dll
0x422000 GetComputerNameA
0x422004 EnumResourceNamesW
0x422008 GetThreadIOPendingFlag
0x42200c SetPriorityClass
0x422010 lstrlenA
0x422014 TlsGetValue
0x422018 CommConfigDialogA
0x42201c DebugActiveProcessStop
0x422020 CallNamedPipeA
0x422024 LoadResource
0x422028 ZombifyActCtx
0x42202c ScrollConsoleScreenBufferW
0x422030 WritePrivateProfileSectionA
0x422034 GlobalSize
0x422038 CreateJobObjectW
0x42203c SetHandleInformation
0x422040 WaitForSingleObject
0x422044 WriteConsoleInputA
0x422048 SetComputerNameW
0x42204c AddConsoleAliasW
0x422050 SetVolumeMountPointW
0x422054 GetTickCount
0x422058 GetConsoleAliasesLengthA
0x42205c GetWindowsDirectoryA
0x422060 EnumTimeFormatsA
0x422064 FindResourceExA
0x422068 GlobalAlloc
0x42206c GetVolumeInformationA
0x422070 GetConsoleMode
0x422074 ReadConsoleInputA
0x422078 GetPrivateProfileStructW
0x42207c SizeofResource
0x422080 DnsHostnameToComputerNameW
0x422084 SetConsoleMode
0x422088 SetConsoleCursorPosition
0x42208c GetFileAttributesW
0x422090 LocalReAlloc
0x422094 WriteConsoleW
0x422098 IsDBCSLeadByte
0x42209c ReadFile
0x4220a0 CompareStringW
0x4220a4 SetThreadPriority
0x4220a8 SetConsoleTitleA
0x4220ac DeactivateActCtx
0x4220b0 VerifyVersionInfoW
0x4220b4 InterlockedExchange
0x4220b8 GetFileSizeEx
0x4220bc SetThreadLocale
0x4220c0 GetStdHandle
0x4220c4 FillConsoleOutputCharacterW
0x4220c8 FindFirstFileExA
0x4220cc GetLastError
0x4220d0 SetLastError
0x4220d4 ReadConsoleOutputCharacterA
0x4220d8 GetProcAddress
0x4220dc VirtualAlloc
0x4220e0 WriteProfileSectionA
0x4220e4 SetStdHandle
0x4220e8 SetFileApisToOEM
0x4220ec LoadLibraryA
0x4220f0 OpenMutexA
0x4220f4 ProcessIdToSessionId
0x4220f8 MoveFileA
0x4220fc AddAtomW
0x422100 SetCurrentDirectoryW
0x422104 SetFileApisToANSI
0x422108 GetPrivateProfileSectionNamesA
0x42210c GetProcessShutdownParameters
0x422110 DebugBreakProcess
0x422114 BuildCommDCBA
0x422118 WaitForDebugEvent
0x42211c ScrollConsoleScreenBufferA
0x422120 GetCurrentThreadId
0x422124 OpenSemaphoreW
0x422128 GetVersionExA
0x42212c LocalSize
0x422130 FindAtomW
0x422134 FindActCtxSectionStringW
0x422138 CloseHandle
0x42213c CreateFileW
0x422140 DeleteFileA
0x422144 InterlockedIncrement
0x422148 InterlockedDecrement
0x42214c DecodePointer
0x422150 GetModuleHandleW
0x422154 ExitProcess
0x422158 GetCommandLineA
0x42215c HeapSetInformation
0x422160 GetStartupInfoW
0x422164 EncodePointer
0x422168 IsProcessorFeaturePresent
0x42216c HeapValidate
0x422170 IsBadReadPtr
0x422174 GetModuleFileNameW
0x422178 WriteFile
0x42217c GetACP
0x422180 GetOEMCP
0x422184 GetCPInfo
0x422188 IsValidCodePage
0x42218c TlsAlloc
0x422190 TlsSetValue
0x422194 TlsFree
0x422198 InitializeCriticalSectionAndSpinCount
0x42219c DeleteCriticalSection
0x4221a0 EnterCriticalSection
0x4221a4 LeaveCriticalSection
0x4221a8 LoadLibraryW
0x4221ac TerminateProcess
0x4221b0 GetCurrentProcess
0x4221b4 UnhandledExceptionFilter
0x4221b8 SetUnhandledExceptionFilter
0x4221bc IsDebuggerPresent
0x4221c0 QueryPerformanceCounter
0x4221c4 GetCurrentProcessId
0x4221c8 GetSystemTimeAsFileTime
0x4221cc GetModuleFileNameA
0x4221d0 FreeEnvironmentStringsW
0x4221d4 WideCharToMultiByte
0x4221d8 GetEnvironmentStringsW
0x4221dc SetHandleCount
0x4221e0 GetFileType
0x4221e4 HeapCreate
0x4221e8 RaiseException
0x4221ec HeapAlloc
0x4221f0 HeapReAlloc
0x4221f4 HeapSize
0x4221f8 HeapQueryInformation
0x4221fc HeapFree
0x422200 RtlUnwind
0x422204 LCMapStringW
0x422208 MultiByteToWideChar
0x42220c GetStringTypeW
0x422210 OutputDebugStringA
0x422214 OutputDebugStringW
0x422218 SetFilePointer
0x42221c GetConsoleCP
0x422220 FlushFileBuffers
USER32.dll
0x422228 GetMessageTime
0x42222c GetMenuInfo
EAT(Export Address Table) Library
0x41faf0 _get@12