ScreenShot
| Created | 2021.06.04 11:42 | Machine | s1_win7_x6402 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, PWSX, score, 14FJAB1, ET#92%, RDMK, cmRtazrUYUOrN7AiuEeggZFvovEc, A + Troj, Kryptik, Static AI, Malicious PE, STOP, se1401, MalPe, R332586, BScope, TrojanPSW, Ficker, Kovter, susgen, ZexaF, UqW@auvTzEoG, confidence, 100%) | ||
| md5 | ec250b7fcf58aae6f996e3ad512ac6c8 | ||
| sha256 | 6f6a28c56adaaf83617deac4c89e060074b14697872ffcbce53c72cd5cf5a3b5 | ||
| ssdeep | 12288:rDhwmbyuTW0anIHMva6/QlN4X0519dBw1ciNPNvLsqFShZS/OnpIxjM:rD3uqW0HsvXQXC0jH+cCBLVFSPSmS1M | ||
| imphash | cbeae8361a19a91fa1242808c9b08b0f | ||
| impfuzzy | 48:eDRi8OmxldMXhygCtEpj7p+fcXOv3WxtMKFavV8I98BZ:ekfMMXh08j7p+fcXiWxtMRvV8I9Y | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4a1008 GetFileSize
0x4a100c lstrlenA
0x4a1010 SetComputerNameExA
0x4a1014 SetEndOfFile
0x4a1018 CallNamedPipeA
0x4a101c SetEnvironmentVariableW
0x4a1020 GetModuleHandleExW
0x4a1024 SetHandleInformation
0x4a1028 SetComputerNameW
0x4a102c SetVolumeMountPointW
0x4a1030 GetComputerNameW
0x4a1034 OpenSemaphoreA
0x4a1038 FreeEnvironmentStringsA
0x4a103c GetCurrentThread
0x4a1040 GetConsoleAliasesLengthA
0x4a1044 EnumTimeFormatsA
0x4a1048 WriteFile
0x4a104c SetCommState
0x4a1050 TlsSetValue
0x4a1054 GetPriorityClass
0x4a1058 LoadLibraryW
0x4a105c GetConsoleMode
0x4a1060 ReadConsoleInputA
0x4a1064 CopyFileW
0x4a1068 GetVersionExW
0x4a106c SetConsoleMode
0x4a1070 VerifyVersionInfoA
0x4a1074 WriteConsoleW
0x4a1078 WritePrivateProfileSectionW
0x4a107c GetModuleFileNameW
0x4a1080 CreateFileW
0x4a1084 CreateDirectoryA
0x4a1088 InterlockedExchange
0x4a108c GlobalUnfix
0x4a1090 SetThreadLocale
0x4a1094 GetPrivateProfileSectionNamesW
0x4a1098 GetCPInfoExW
0x4a109c FillConsoleOutputCharacterW
0x4a10a0 GetLastError
0x4a10a4 GetCurrentDirectoryW
0x4a10a8 SetLastError
0x4a10ac ReadConsoleOutputCharacterA
0x4a10b0 GetProcAddress
0x4a10b4 WriteProfileSectionA
0x4a10b8 SetStdHandle
0x4a10bc LoadLibraryA
0x4a10c0 Process32FirstW
0x4a10c4 OpenMutexA
0x4a10c8 WriteConsoleA
0x4a10cc OpenWaitableTimerW
0x4a10d0 LocalAlloc
0x4a10d4 GetExitCodeThread
0x4a10d8 AddAtomW
0x4a10dc SetConsoleWindowInfo
0x4a10e0 FindAtomA
0x4a10e4 ContinueDebugEvent
0x4a10e8 BuildCommDCBA
0x4a10ec VirtualProtect
0x4a10f0 CompareStringA
0x4a10f4 QueryPerformanceFrequency
0x4a10f8 ReadConsoleInputW
0x4a10fc LocalSize
0x4a1100 GetWindowsDirectoryW
0x4a1104 FileTimeToLocalFileTime
0x4a1108 OpenFileMappingA
0x4a110c LCMapStringW
0x4a1110 CopyFileExA
0x4a1114 GetVolumeInformationW
0x4a1118 FindFirstFileA
0x4a111c PulseEvent
0x4a1120 InterlockedIncrement
0x4a1124 InterlockedDecrement
0x4a1128 InitializeCriticalSection
0x4a112c DeleteCriticalSection
0x4a1130 EnterCriticalSection
0x4a1134 LeaveCriticalSection
0x4a1138 DeleteFileA
0x4a113c GetCommandLineW
0x4a1140 HeapSetInformation
0x4a1144 GetStartupInfoW
0x4a1148 RaiseException
0x4a114c EncodePointer
0x4a1150 DecodePointer
0x4a1154 IsProcessorFeaturePresent
0x4a1158 GetModuleHandleW
0x4a115c ExitProcess
0x4a1160 TerminateProcess
0x4a1164 GetCurrentProcess
0x4a1168 UnhandledExceptionFilter
0x4a116c SetUnhandledExceptionFilter
0x4a1170 IsDebuggerPresent
0x4a1174 GetStdHandle
0x4a1178 InitializeCriticalSectionAndSpinCount
0x4a117c GetFileType
0x4a1180 WideCharToMultiByte
0x4a1184 GetConsoleCP
0x4a1188 HeapValidate
0x4a118c IsBadReadPtr
0x4a1190 QueryPerformanceCounter
0x4a1194 GetTickCount
0x4a1198 GetCurrentThreadId
0x4a119c GetCurrentProcessId
0x4a11a0 GetSystemTimeAsFileTime
0x4a11a4 FreeEnvironmentStringsW
0x4a11a8 GetEnvironmentStringsW
0x4a11ac SetHandleCount
0x4a11b0 TlsAlloc
0x4a11b4 TlsGetValue
0x4a11b8 TlsFree
0x4a11bc HeapCreate
0x4a11c0 OutputDebugStringA
0x4a11c4 OutputDebugStringW
0x4a11c8 GetACP
0x4a11cc GetOEMCP
0x4a11d0 GetCPInfo
0x4a11d4 IsValidCodePage
0x4a11d8 MultiByteToWideChar
0x4a11dc SetFilePointer
0x4a11e0 RtlUnwind
0x4a11e4 HeapAlloc
0x4a11e8 GetModuleFileNameA
0x4a11ec HeapReAlloc
0x4a11f0 HeapSize
0x4a11f4 HeapQueryInformation
0x4a11f8 HeapFree
0x4a11fc GetStringTypeW
0x4a1200 CloseHandle
0x4a1204 FlushFileBuffers
USER32.dll
0x4a120c GetMessageTime
0x4a1210 GetListBoxInfo
ADVAPI32.dll
0x4a1000 ImpersonateSelf
EAT(Export Address Table) is none
KERNEL32.dll
0x4a1008 GetFileSize
0x4a100c lstrlenA
0x4a1010 SetComputerNameExA
0x4a1014 SetEndOfFile
0x4a1018 CallNamedPipeA
0x4a101c SetEnvironmentVariableW
0x4a1020 GetModuleHandleExW
0x4a1024 SetHandleInformation
0x4a1028 SetComputerNameW
0x4a102c SetVolumeMountPointW
0x4a1030 GetComputerNameW
0x4a1034 OpenSemaphoreA
0x4a1038 FreeEnvironmentStringsA
0x4a103c GetCurrentThread
0x4a1040 GetConsoleAliasesLengthA
0x4a1044 EnumTimeFormatsA
0x4a1048 WriteFile
0x4a104c SetCommState
0x4a1050 TlsSetValue
0x4a1054 GetPriorityClass
0x4a1058 LoadLibraryW
0x4a105c GetConsoleMode
0x4a1060 ReadConsoleInputA
0x4a1064 CopyFileW
0x4a1068 GetVersionExW
0x4a106c SetConsoleMode
0x4a1070 VerifyVersionInfoA
0x4a1074 WriteConsoleW
0x4a1078 WritePrivateProfileSectionW
0x4a107c GetModuleFileNameW
0x4a1080 CreateFileW
0x4a1084 CreateDirectoryA
0x4a1088 InterlockedExchange
0x4a108c GlobalUnfix
0x4a1090 SetThreadLocale
0x4a1094 GetPrivateProfileSectionNamesW
0x4a1098 GetCPInfoExW
0x4a109c FillConsoleOutputCharacterW
0x4a10a0 GetLastError
0x4a10a4 GetCurrentDirectoryW
0x4a10a8 SetLastError
0x4a10ac ReadConsoleOutputCharacterA
0x4a10b0 GetProcAddress
0x4a10b4 WriteProfileSectionA
0x4a10b8 SetStdHandle
0x4a10bc LoadLibraryA
0x4a10c0 Process32FirstW
0x4a10c4 OpenMutexA
0x4a10c8 WriteConsoleA
0x4a10cc OpenWaitableTimerW
0x4a10d0 LocalAlloc
0x4a10d4 GetExitCodeThread
0x4a10d8 AddAtomW
0x4a10dc SetConsoleWindowInfo
0x4a10e0 FindAtomA
0x4a10e4 ContinueDebugEvent
0x4a10e8 BuildCommDCBA
0x4a10ec VirtualProtect
0x4a10f0 CompareStringA
0x4a10f4 QueryPerformanceFrequency
0x4a10f8 ReadConsoleInputW
0x4a10fc LocalSize
0x4a1100 GetWindowsDirectoryW
0x4a1104 FileTimeToLocalFileTime
0x4a1108 OpenFileMappingA
0x4a110c LCMapStringW
0x4a1110 CopyFileExA
0x4a1114 GetVolumeInformationW
0x4a1118 FindFirstFileA
0x4a111c PulseEvent
0x4a1120 InterlockedIncrement
0x4a1124 InterlockedDecrement
0x4a1128 InitializeCriticalSection
0x4a112c DeleteCriticalSection
0x4a1130 EnterCriticalSection
0x4a1134 LeaveCriticalSection
0x4a1138 DeleteFileA
0x4a113c GetCommandLineW
0x4a1140 HeapSetInformation
0x4a1144 GetStartupInfoW
0x4a1148 RaiseException
0x4a114c EncodePointer
0x4a1150 DecodePointer
0x4a1154 IsProcessorFeaturePresent
0x4a1158 GetModuleHandleW
0x4a115c ExitProcess
0x4a1160 TerminateProcess
0x4a1164 GetCurrentProcess
0x4a1168 UnhandledExceptionFilter
0x4a116c SetUnhandledExceptionFilter
0x4a1170 IsDebuggerPresent
0x4a1174 GetStdHandle
0x4a1178 InitializeCriticalSectionAndSpinCount
0x4a117c GetFileType
0x4a1180 WideCharToMultiByte
0x4a1184 GetConsoleCP
0x4a1188 HeapValidate
0x4a118c IsBadReadPtr
0x4a1190 QueryPerformanceCounter
0x4a1194 GetTickCount
0x4a1198 GetCurrentThreadId
0x4a119c GetCurrentProcessId
0x4a11a0 GetSystemTimeAsFileTime
0x4a11a4 FreeEnvironmentStringsW
0x4a11a8 GetEnvironmentStringsW
0x4a11ac SetHandleCount
0x4a11b0 TlsAlloc
0x4a11b4 TlsGetValue
0x4a11b8 TlsFree
0x4a11bc HeapCreate
0x4a11c0 OutputDebugStringA
0x4a11c4 OutputDebugStringW
0x4a11c8 GetACP
0x4a11cc GetOEMCP
0x4a11d0 GetCPInfo
0x4a11d4 IsValidCodePage
0x4a11d8 MultiByteToWideChar
0x4a11dc SetFilePointer
0x4a11e0 RtlUnwind
0x4a11e4 HeapAlloc
0x4a11e8 GetModuleFileNameA
0x4a11ec HeapReAlloc
0x4a11f0 HeapSize
0x4a11f4 HeapQueryInformation
0x4a11f8 HeapFree
0x4a11fc GetStringTypeW
0x4a1200 CloseHandle
0x4a1204 FlushFileBuffers
USER32.dll
0x4a120c GetMessageTime
0x4a1210 GetListBoxInfo
ADVAPI32.dll
0x4a1000 ImpersonateSelf
EAT(Export Address Table) is none