ScreenShot
| Created | 2021.05.28 09:43 | Machine | s1_win7_x6401 |
| Filename | seleja.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 18 detected (malicious, high confidence, Unsafe, Save, confidence, Kryptik, Eldorado, Attribute, HighConfidence, Lockbit, Static AI, Suspicious PE, Score, Azorult, ZexaF, @xW@ai2qLhpG, ET#80%, RDMK, cmRtazoIDIQVwPRIiqsOkX4btQB, susgen) | ||
| md5 | 38976248b5751e588795a5c9c4ca0327 | ||
| sha256 | 4a2ed0d379350270d2a380b42a5620a20e1f1663f2d846796f86a6667edd7676 | ||
| ssdeep | 196608:UlJFmxSzD+NbPQZcn3DDt/mB++FaEWtpb8E:U8SzuboZi3Fv+FaEI2 | ||
| imphash | 40995fbfaf4aeb6de757dff7f29100e9 | ||
| impfuzzy | 48:rzppYNtXX1TdpuXYKm7cEpXgUOZ6OtyaTefc/SyWXGwBY:rXYNBX1RpuXkvXgUWBtfTefc/SbXGd | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 18 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x9ea000 EnumResourceNamesW
0x9ea004 SetPriorityClass
0x9ea008 lstrlenA
0x9ea00c GetConsoleAliasesLengthW
0x9ea010 TlsGetValue
0x9ea014 CommConfigDialogA
0x9ea018 ZombifyActCtx
0x9ea01c GlobalSize
0x9ea020 SetHandleInformation
0x9ea024 WriteConsoleInputA
0x9ea028 GetComputerNameW
0x9ea02c FindFirstFileExW
0x9ea030 CallNamedPipeW
0x9ea034 GetTickCount
0x9ea038 GetWindowsDirectoryA
0x9ea03c EnumTimeFormatsA
0x9ea040 FindActCtxSectionStringA
0x9ea044 FindResourceExA
0x9ea048 GlobalAlloc
0x9ea04c GetVolumeInformationA
0x9ea050 ReadConsoleInputA
0x9ea054 GetPrivateProfileStructW
0x9ea058 SetVolumeMountPointA
0x9ea05c DnsHostnameToComputerNameW
0x9ea060 SetConsoleMode
0x9ea064 GetFileAttributesW
0x9ea068 VerifyVersionInfoA
0x9ea06c WriteConsoleW
0x9ea070 WritePrivateProfileSectionW
0x9ea074 IsDBCSLeadByte
0x9ea078 ReadFile
0x9ea07c SetThreadPriority
0x9ea080 SetConsoleTitleA
0x9ea084 DeactivateActCtx
0x9ea088 InterlockedExchange
0x9ea08c GetFileSizeEx
0x9ea090 SetCurrentDirectoryA
0x9ea094 SetThreadLocale
0x9ea098 GetStdHandle
0x9ea09c FillConsoleOutputCharacterW
0x9ea0a0 OpenMutexW
0x9ea0a4 GetHandleInformation
0x9ea0a8 GetLastError
0x9ea0ac SetLastError
0x9ea0b0 ReadConsoleOutputCharacterA
0x9ea0b4 WriteProfileSectionA
0x9ea0b8 SetStdHandle
0x9ea0bc LoadLibraryA
0x9ea0c0 ProcessIdToSessionId
0x9ea0c4 MoveFileA
0x9ea0c8 AddAtomW
0x9ea0cc SetFileApisToANSI
0x9ea0d0 SetConsoleWindowInfo
0x9ea0d4 FindAtomA
0x9ea0d8 WaitForMultipleObjects
0x9ea0dc GetPrivateProfileSectionNamesA
0x9ea0e0 SetConsoleCursorInfo
0x9ea0e4 DebugSetProcessKillOnExit
0x9ea0e8 GetProcessShutdownParameters
0x9ea0ec BuildCommDCBA
0x9ea0f0 VirtualProtect
0x9ea0f4 CompareStringA
0x9ea0f8 GetFileAttributesExW
0x9ea0fc WaitForDebugEvent
0x9ea100 GetCurrentThreadId
0x9ea104 OpenSemaphoreW
0x9ea108 GetVersionExA
0x9ea10c LocalSize
0x9ea110 AddConsoleAliasA
0x9ea114 OpenFileMappingA
0x9ea118 GlobalReAlloc
0x9ea11c DeleteFileA
0x9ea120 InterlockedIncrement
0x9ea124 InterlockedDecrement
0x9ea128 DecodePointer
0x9ea12c GetProcAddress
0x9ea130 GetModuleHandleW
0x9ea134 ExitProcess
0x9ea138 GetCommandLineW
0x9ea13c HeapSetInformation
0x9ea140 GetStartupInfoW
0x9ea144 TerminateProcess
0x9ea148 GetCurrentProcess
0x9ea14c UnhandledExceptionFilter
0x9ea150 SetUnhandledExceptionFilter
0x9ea154 IsDebuggerPresent
0x9ea158 EncodePointer
0x9ea15c GetModuleFileNameW
0x9ea160 HeapValidate
0x9ea164 IsBadReadPtr
0x9ea168 IsProcessorFeaturePresent
0x9ea16c WriteFile
0x9ea170 GetACP
0x9ea174 GetOEMCP
0x9ea178 GetCPInfo
0x9ea17c IsValidCodePage
0x9ea180 TlsAlloc
0x9ea184 TlsSetValue
0x9ea188 TlsFree
0x9ea18c InitializeCriticalSectionAndSpinCount
0x9ea190 DeleteCriticalSection
0x9ea194 EnterCriticalSection
0x9ea198 LeaveCriticalSection
0x9ea19c LoadLibraryW
0x9ea1a0 QueryPerformanceCounter
0x9ea1a4 GetCurrentProcessId
0x9ea1a8 GetSystemTimeAsFileTime
0x9ea1ac FreeEnvironmentStringsW
0x9ea1b0 GetEnvironmentStringsW
0x9ea1b4 SetHandleCount
0x9ea1b8 GetFileType
0x9ea1bc HeapCreate
0x9ea1c0 SetFilePointer
0x9ea1c4 WideCharToMultiByte
0x9ea1c8 GetConsoleCP
0x9ea1cc GetConsoleMode
0x9ea1d0 OutputDebugStringA
0x9ea1d4 OutputDebugStringW
0x9ea1d8 MultiByteToWideChar
0x9ea1dc HeapAlloc
0x9ea1e0 GetModuleFileNameA
0x9ea1e4 HeapReAlloc
0x9ea1e8 HeapSize
0x9ea1ec HeapQueryInformation
0x9ea1f0 HeapFree
0x9ea1f4 RaiseException
0x9ea1f8 RtlUnwind
0x9ea1fc LCMapStringW
0x9ea200 GetStringTypeW
0x9ea204 CreateFileW
0x9ea208 CloseHandle
0x9ea20c FlushFileBuffers
USER32.dll
0x9ea214 GetMessageTime
0x9ea218 GetMenuInfo
EAT(Export Address Table) Library
0x9e8980 _zabiray@8
KERNEL32.dll
0x9ea000 EnumResourceNamesW
0x9ea004 SetPriorityClass
0x9ea008 lstrlenA
0x9ea00c GetConsoleAliasesLengthW
0x9ea010 TlsGetValue
0x9ea014 CommConfigDialogA
0x9ea018 ZombifyActCtx
0x9ea01c GlobalSize
0x9ea020 SetHandleInformation
0x9ea024 WriteConsoleInputA
0x9ea028 GetComputerNameW
0x9ea02c FindFirstFileExW
0x9ea030 CallNamedPipeW
0x9ea034 GetTickCount
0x9ea038 GetWindowsDirectoryA
0x9ea03c EnumTimeFormatsA
0x9ea040 FindActCtxSectionStringA
0x9ea044 FindResourceExA
0x9ea048 GlobalAlloc
0x9ea04c GetVolumeInformationA
0x9ea050 ReadConsoleInputA
0x9ea054 GetPrivateProfileStructW
0x9ea058 SetVolumeMountPointA
0x9ea05c DnsHostnameToComputerNameW
0x9ea060 SetConsoleMode
0x9ea064 GetFileAttributesW
0x9ea068 VerifyVersionInfoA
0x9ea06c WriteConsoleW
0x9ea070 WritePrivateProfileSectionW
0x9ea074 IsDBCSLeadByte
0x9ea078 ReadFile
0x9ea07c SetThreadPriority
0x9ea080 SetConsoleTitleA
0x9ea084 DeactivateActCtx
0x9ea088 InterlockedExchange
0x9ea08c GetFileSizeEx
0x9ea090 SetCurrentDirectoryA
0x9ea094 SetThreadLocale
0x9ea098 GetStdHandle
0x9ea09c FillConsoleOutputCharacterW
0x9ea0a0 OpenMutexW
0x9ea0a4 GetHandleInformation
0x9ea0a8 GetLastError
0x9ea0ac SetLastError
0x9ea0b0 ReadConsoleOutputCharacterA
0x9ea0b4 WriteProfileSectionA
0x9ea0b8 SetStdHandle
0x9ea0bc LoadLibraryA
0x9ea0c0 ProcessIdToSessionId
0x9ea0c4 MoveFileA
0x9ea0c8 AddAtomW
0x9ea0cc SetFileApisToANSI
0x9ea0d0 SetConsoleWindowInfo
0x9ea0d4 FindAtomA
0x9ea0d8 WaitForMultipleObjects
0x9ea0dc GetPrivateProfileSectionNamesA
0x9ea0e0 SetConsoleCursorInfo
0x9ea0e4 DebugSetProcessKillOnExit
0x9ea0e8 GetProcessShutdownParameters
0x9ea0ec BuildCommDCBA
0x9ea0f0 VirtualProtect
0x9ea0f4 CompareStringA
0x9ea0f8 GetFileAttributesExW
0x9ea0fc WaitForDebugEvent
0x9ea100 GetCurrentThreadId
0x9ea104 OpenSemaphoreW
0x9ea108 GetVersionExA
0x9ea10c LocalSize
0x9ea110 AddConsoleAliasA
0x9ea114 OpenFileMappingA
0x9ea118 GlobalReAlloc
0x9ea11c DeleteFileA
0x9ea120 InterlockedIncrement
0x9ea124 InterlockedDecrement
0x9ea128 DecodePointer
0x9ea12c GetProcAddress
0x9ea130 GetModuleHandleW
0x9ea134 ExitProcess
0x9ea138 GetCommandLineW
0x9ea13c HeapSetInformation
0x9ea140 GetStartupInfoW
0x9ea144 TerminateProcess
0x9ea148 GetCurrentProcess
0x9ea14c UnhandledExceptionFilter
0x9ea150 SetUnhandledExceptionFilter
0x9ea154 IsDebuggerPresent
0x9ea158 EncodePointer
0x9ea15c GetModuleFileNameW
0x9ea160 HeapValidate
0x9ea164 IsBadReadPtr
0x9ea168 IsProcessorFeaturePresent
0x9ea16c WriteFile
0x9ea170 GetACP
0x9ea174 GetOEMCP
0x9ea178 GetCPInfo
0x9ea17c IsValidCodePage
0x9ea180 TlsAlloc
0x9ea184 TlsSetValue
0x9ea188 TlsFree
0x9ea18c InitializeCriticalSectionAndSpinCount
0x9ea190 DeleteCriticalSection
0x9ea194 EnterCriticalSection
0x9ea198 LeaveCriticalSection
0x9ea19c LoadLibraryW
0x9ea1a0 QueryPerformanceCounter
0x9ea1a4 GetCurrentProcessId
0x9ea1a8 GetSystemTimeAsFileTime
0x9ea1ac FreeEnvironmentStringsW
0x9ea1b0 GetEnvironmentStringsW
0x9ea1b4 SetHandleCount
0x9ea1b8 GetFileType
0x9ea1bc HeapCreate
0x9ea1c0 SetFilePointer
0x9ea1c4 WideCharToMultiByte
0x9ea1c8 GetConsoleCP
0x9ea1cc GetConsoleMode
0x9ea1d0 OutputDebugStringA
0x9ea1d4 OutputDebugStringW
0x9ea1d8 MultiByteToWideChar
0x9ea1dc HeapAlloc
0x9ea1e0 GetModuleFileNameA
0x9ea1e4 HeapReAlloc
0x9ea1e8 HeapSize
0x9ea1ec HeapQueryInformation
0x9ea1f0 HeapFree
0x9ea1f4 RaiseException
0x9ea1f8 RtlUnwind
0x9ea1fc LCMapStringW
0x9ea200 GetStringTypeW
0x9ea204 CreateFileW
0x9ea208 CloseHandle
0x9ea20c FlushFileBuffers
USER32.dll
0x9ea214 GetMessageTime
0x9ea218 GetMenuInfo
EAT(Export Address Table) Library
0x9e8980 _zabiray@8