ScreenShot
| Created | 2021.06.02 18:17 | Machine | s1_win7_x6402 |
| Filename | filename.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Hacktool, Kryptik, Eldorado, score, Emotet, A + Troj, Static AI, Malicious PE, Glupteba, 18JIJAK, ZexaF, JqW@amHGbkbc, ET#89%, RDMK, cmRtazpsCduQCFn1jz4ntPqzRXzG, Raccoon, susgen, confidence, 100%) | ||
| md5 | e9f7040390e3052baacd0e25e6186e01 | ||
| sha256 | 2c5105d428486ab9bd43df850f2b74e9250769976662bc9937128ce0ff6257b0 | ||
| ssdeep | 12288:lBYRupYFZO2zGOgHajakuecAySpi1JCb+EF/RZGbRCw+7PBnd:l96ZO2Hjakujii1J4+E1GdGJn | ||
| imphash | c79d21a18d2d983f887085ba949c12f3 | ||
| impfuzzy | 48:2dz5d8Os7YJX1huXSD1Ynd/fJrQ8+fcmWxtjtavV8I9SBo:2dHfdX1huXSD85d+fcmWxtjUvV8I9H | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x474008 FillConsoleOutputCharacterA
0x47400c GlobalFix
0x474010 SetPriorityClass
0x474014 lstrlenA
0x474018 GetConsoleAliasesLengthW
0x47401c GetModuleHandleExA
0x474020 SetHandleInformation
0x474024 SetComputerNameW
0x474028 SetVolumeMountPointW
0x47402c GetComputerNameW
0x474030 OpenSemaphoreA
0x474034 CallNamedPipeW
0x474038 FreeEnvironmentStringsA
0x47403c GetCurrentThread
0x474040 GetWindowsDirectoryA
0x474044 EnumTimeFormatsA
0x474048 WriteFile
0x47404c SetCommState
0x474050 CreateDirectoryExW
0x474054 TlsSetValue
0x474058 GetVolumeInformationA
0x47405c LoadLibraryW
0x474060 ReadConsoleInputA
0x474064 CopyFileW
0x474068 GetVersionExW
0x47406c GetFileAttributesA
0x474070 SetConsoleMode
0x474074 WriteConsoleW
0x474078 WritePrivateProfileSectionW
0x47407c CompareStringW
0x474080 SetThreadPriority
0x474084 SetConsoleTitleA
0x474088 VerifyVersionInfoW
0x47408c SetCurrentDirectoryA
0x474090 SetThreadLocale
0x474094 PulseEvent
0x474098 FindFirstFileA
0x47409c GetLastError
0x4740a0 GetCurrentDirectoryW
0x4740a4 SetLastError
0x4740a8 ReadConsoleOutputCharacterA
0x4740ac GetProcAddress
0x4740b0 VirtualAlloc
0x4740b4 OpenWaitableTimerA
0x4740b8 LoadLibraryA
0x4740bc OpenMutexA
0x4740c0 InterlockedExchangeAdd
0x4740c4 LocalAlloc
0x4740c8 DnsHostnameToComputerNameA
0x4740cc GetFileType
0x4740d0 MoveFileA
0x4740d4 SetFileApisToANSI
0x4740d8 WriteProfileSectionW
0x4740dc SetConsoleWindowInfo
0x4740e0 AddAtomA
0x4740e4 SetEnvironmentVariableA
0x4740e8 GetPrivateProfileSectionNamesA
0x4740ec WTSGetActiveConsoleSessionId
0x4740f0 WaitCommEvent
0x4740f4 ContinueDebugEvent
0x4740f8 OpenFileMappingW
0x4740fc BuildCommDCBA
0x474100 SetProcessShutdownParameters
0x474104 GetVersionExA
0x474108 LocalSize
0x47410c FindAtomW
0x474110 FindActCtxSectionStringW
0x474114 GetStdHandle
0x474118 GetCommandLineW
0x47411c InterlockedIncrement
0x474120 InterlockedDecrement
0x474124 InitializeCriticalSection
0x474128 DeleteCriticalSection
0x47412c EnterCriticalSection
0x474130 LeaveCriticalSection
0x474134 HeapSetInformation
0x474138 GetStartupInfoW
0x47413c GetModuleFileNameW
0x474140 RaiseException
0x474144 EncodePointer
0x474148 DecodePointer
0x47414c IsProcessorFeaturePresent
0x474150 GetModuleHandleW
0x474154 ExitProcess
0x474158 TerminateProcess
0x47415c GetCurrentProcess
0x474160 UnhandledExceptionFilter
0x474164 SetUnhandledExceptionFilter
0x474168 IsDebuggerPresent
0x47416c InitializeCriticalSectionAndSpinCount
0x474170 SetStdHandle
0x474174 WideCharToMultiByte
0x474178 GetConsoleCP
0x47417c GetConsoleMode
0x474180 HeapValidate
0x474184 IsBadReadPtr
0x474188 QueryPerformanceCounter
0x47418c GetTickCount
0x474190 GetCurrentThreadId
0x474194 GetCurrentProcessId
0x474198 GetSystemTimeAsFileTime
0x47419c FreeEnvironmentStringsW
0x4741a0 GetEnvironmentStringsW
0x4741a4 SetHandleCount
0x4741a8 TlsAlloc
0x4741ac TlsGetValue
0x4741b0 TlsFree
0x4741b4 HeapCreate
0x4741b8 OutputDebugStringA
0x4741bc OutputDebugStringW
0x4741c0 GetACP
0x4741c4 GetOEMCP
0x4741c8 GetCPInfo
0x4741cc IsValidCodePage
0x4741d0 MultiByteToWideChar
0x4741d4 SetFilePointer
0x4741d8 RtlUnwind
0x4741dc HeapAlloc
0x4741e0 GetModuleFileNameA
0x4741e4 HeapReAlloc
0x4741e8 HeapSize
0x4741ec HeapQueryInformation
0x4741f0 HeapFree
0x4741f4 LCMapStringW
0x4741f8 GetStringTypeW
0x4741fc CreateFileW
0x474200 CloseHandle
0x474204 FlushFileBuffers
USER32.dll
0x47420c GetMessageTime
0x474210 GetMenuBarInfo
ADVAPI32.dll
0x474000 ImpersonateSelf
EAT(Export Address Table) is none
KERNEL32.dll
0x474008 FillConsoleOutputCharacterA
0x47400c GlobalFix
0x474010 SetPriorityClass
0x474014 lstrlenA
0x474018 GetConsoleAliasesLengthW
0x47401c GetModuleHandleExA
0x474020 SetHandleInformation
0x474024 SetComputerNameW
0x474028 SetVolumeMountPointW
0x47402c GetComputerNameW
0x474030 OpenSemaphoreA
0x474034 CallNamedPipeW
0x474038 FreeEnvironmentStringsA
0x47403c GetCurrentThread
0x474040 GetWindowsDirectoryA
0x474044 EnumTimeFormatsA
0x474048 WriteFile
0x47404c SetCommState
0x474050 CreateDirectoryExW
0x474054 TlsSetValue
0x474058 GetVolumeInformationA
0x47405c LoadLibraryW
0x474060 ReadConsoleInputA
0x474064 CopyFileW
0x474068 GetVersionExW
0x47406c GetFileAttributesA
0x474070 SetConsoleMode
0x474074 WriteConsoleW
0x474078 WritePrivateProfileSectionW
0x47407c CompareStringW
0x474080 SetThreadPriority
0x474084 SetConsoleTitleA
0x474088 VerifyVersionInfoW
0x47408c SetCurrentDirectoryA
0x474090 SetThreadLocale
0x474094 PulseEvent
0x474098 FindFirstFileA
0x47409c GetLastError
0x4740a0 GetCurrentDirectoryW
0x4740a4 SetLastError
0x4740a8 ReadConsoleOutputCharacterA
0x4740ac GetProcAddress
0x4740b0 VirtualAlloc
0x4740b4 OpenWaitableTimerA
0x4740b8 LoadLibraryA
0x4740bc OpenMutexA
0x4740c0 InterlockedExchangeAdd
0x4740c4 LocalAlloc
0x4740c8 DnsHostnameToComputerNameA
0x4740cc GetFileType
0x4740d0 MoveFileA
0x4740d4 SetFileApisToANSI
0x4740d8 WriteProfileSectionW
0x4740dc SetConsoleWindowInfo
0x4740e0 AddAtomA
0x4740e4 SetEnvironmentVariableA
0x4740e8 GetPrivateProfileSectionNamesA
0x4740ec WTSGetActiveConsoleSessionId
0x4740f0 WaitCommEvent
0x4740f4 ContinueDebugEvent
0x4740f8 OpenFileMappingW
0x4740fc BuildCommDCBA
0x474100 SetProcessShutdownParameters
0x474104 GetVersionExA
0x474108 LocalSize
0x47410c FindAtomW
0x474110 FindActCtxSectionStringW
0x474114 GetStdHandle
0x474118 GetCommandLineW
0x47411c InterlockedIncrement
0x474120 InterlockedDecrement
0x474124 InitializeCriticalSection
0x474128 DeleteCriticalSection
0x47412c EnterCriticalSection
0x474130 LeaveCriticalSection
0x474134 HeapSetInformation
0x474138 GetStartupInfoW
0x47413c GetModuleFileNameW
0x474140 RaiseException
0x474144 EncodePointer
0x474148 DecodePointer
0x47414c IsProcessorFeaturePresent
0x474150 GetModuleHandleW
0x474154 ExitProcess
0x474158 TerminateProcess
0x47415c GetCurrentProcess
0x474160 UnhandledExceptionFilter
0x474164 SetUnhandledExceptionFilter
0x474168 IsDebuggerPresent
0x47416c InitializeCriticalSectionAndSpinCount
0x474170 SetStdHandle
0x474174 WideCharToMultiByte
0x474178 GetConsoleCP
0x47417c GetConsoleMode
0x474180 HeapValidate
0x474184 IsBadReadPtr
0x474188 QueryPerformanceCounter
0x47418c GetTickCount
0x474190 GetCurrentThreadId
0x474194 GetCurrentProcessId
0x474198 GetSystemTimeAsFileTime
0x47419c FreeEnvironmentStringsW
0x4741a0 GetEnvironmentStringsW
0x4741a4 SetHandleCount
0x4741a8 TlsAlloc
0x4741ac TlsGetValue
0x4741b0 TlsFree
0x4741b4 HeapCreate
0x4741b8 OutputDebugStringA
0x4741bc OutputDebugStringW
0x4741c0 GetACP
0x4741c4 GetOEMCP
0x4741c8 GetCPInfo
0x4741cc IsValidCodePage
0x4741d0 MultiByteToWideChar
0x4741d4 SetFilePointer
0x4741d8 RtlUnwind
0x4741dc HeapAlloc
0x4741e0 GetModuleFileNameA
0x4741e4 HeapReAlloc
0x4741e8 HeapSize
0x4741ec HeapQueryInformation
0x4741f0 HeapFree
0x4741f4 LCMapStringW
0x4741f8 GetStringTypeW
0x4741fc CreateFileW
0x474200 CloseHandle
0x474204 FlushFileBuffers
USER32.dll
0x47420c GetMessageTime
0x474210 GetMenuBarInfo
ADVAPI32.dll
0x474000 ImpersonateSelf
EAT(Export Address Table) is none