ScreenShot
| Created | 2021.06.07 17:58 | Machine | s1_win7_x6401 |
| Filename | regasm.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, None, Faker, Eldorado, Attribute, HighConfidence, MalwareX, Emotet, Static AI, Malicious PE, Wacatac, score, Artemis, Kryptik, CLASSIC, Outbreak, susgen, Behavior, ZexaF, FuW@aOylQbfi) | ||
| md5 | fbd53ac915163d948614d6b92d47d85d | ||
| sha256 | ba93351ea18a63224b06ce774e0efe9dc3f55256bbb008adc2211f85a45dd397 | ||
| ssdeep | 12288:rmvjl4GdJsjSY2Mi1ncSD1LQTXC/4lc4GZna/6:6rl4GPYlsncSD57BZZaS | ||
| imphash | bff7f0d993e196435116fbe641c887cd | ||
| impfuzzy | 48:AipGkGleeu1kt7c+AS5/zFnBr6Uy+EGs09SYPSvjKXC/KAR:AIGkGkeGkt7cYfSx | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40a000 lstrlenW
0x40a004 CloseHandle
0x40a008 WriteConsoleW
0x40a00c SetFilePointerEx
0x40a010 SetStdHandle
0x40a014 GetConsoleMode
0x40a018 GetConsoleCP
0x40a01c FlushFileBuffers
0x40a020 GetStringTypeW
0x40a024 LCMapStringEx
0x40a028 WideCharToMultiByte
0x40a02c LoadLibraryW
0x40a030 OutputDebugStringW
0x40a034 HeapReAlloc
0x40a038 GetCPInfo
0x40a03c GetOEMCP
0x40a040 EncodePointer
0x40a044 DecodePointer
0x40a048 GetCommandLineW
0x40a04c RaiseException
0x40a050 RtlUnwind
0x40a054 IsDebuggerPresent
0x40a058 IsProcessorFeaturePresent
0x40a05c GetLastError
0x40a060 InterlockedDecrement
0x40a064 ExitProcess
0x40a068 GetModuleHandleExW
0x40a06c GetProcAddress
0x40a070 MultiByteToWideChar
0x40a074 HeapSize
0x40a078 Sleep
0x40a07c GetStdHandle
0x40a080 WriteFile
0x40a084 GetModuleFileNameW
0x40a088 HeapFree
0x40a08c HeapAlloc
0x40a090 SetLastError
0x40a094 InterlockedIncrement
0x40a098 GetCurrentThreadId
0x40a09c GetProcessHeap
0x40a0a0 GetFileType
0x40a0a4 InitializeCriticalSectionAndSpinCount
0x40a0a8 DeleteCriticalSection
0x40a0ac InitOnceExecuteOnce
0x40a0b0 GetStartupInfoW
0x40a0b4 QueryPerformanceCounter
0x40a0b8 GetSystemTimeAsFileTime
0x40a0bc GetTickCount64
0x40a0c0 GetEnvironmentStringsW
0x40a0c4 FreeEnvironmentStringsW
0x40a0c8 UnhandledExceptionFilter
0x40a0cc SetUnhandledExceptionFilter
0x40a0d0 FlsAlloc
0x40a0d4 FlsGetValue
0x40a0d8 FlsSetValue
0x40a0dc FlsFree
0x40a0e0 GetCurrentProcess
0x40a0e4 TerminateProcess
0x40a0e8 GetModuleHandleW
0x40a0ec EnterCriticalSection
0x40a0f0 LeaveCriticalSection
0x40a0f4 LoadLibraryExW
0x40a0f8 IsValidCodePage
0x40a0fc GetACP
0x40a100 CreateFileW
USER32.dll
0x40a108 EndPaint
0x40a10c DestroyWindow
0x40a110 TranslateAcceleratorW
0x40a114 GetMessageW
0x40a118 PostQuitMessage
0x40a11c DrawTextW
0x40a120 DialogBoxParamW
0x40a124 LoadCursorW
0x40a128 BeginPaint
0x40a12c TranslateMessage
0x40a130 LoadAcceleratorsW
0x40a134 RegisterClassExW
0x40a138 LoadIconW
0x40a13c SetRect
0x40a140 EndDialog
0x40a144 LoadStringW
0x40a148 ShowWindow
0x40a14c CreateWindowExW
0x40a150 UpdateWindow
0x40a154 DefWindowProcW
0x40a158 DispatchMessageW
EAT(Export Address Table) is none
KERNEL32.dll
0x40a000 lstrlenW
0x40a004 CloseHandle
0x40a008 WriteConsoleW
0x40a00c SetFilePointerEx
0x40a010 SetStdHandle
0x40a014 GetConsoleMode
0x40a018 GetConsoleCP
0x40a01c FlushFileBuffers
0x40a020 GetStringTypeW
0x40a024 LCMapStringEx
0x40a028 WideCharToMultiByte
0x40a02c LoadLibraryW
0x40a030 OutputDebugStringW
0x40a034 HeapReAlloc
0x40a038 GetCPInfo
0x40a03c GetOEMCP
0x40a040 EncodePointer
0x40a044 DecodePointer
0x40a048 GetCommandLineW
0x40a04c RaiseException
0x40a050 RtlUnwind
0x40a054 IsDebuggerPresent
0x40a058 IsProcessorFeaturePresent
0x40a05c GetLastError
0x40a060 InterlockedDecrement
0x40a064 ExitProcess
0x40a068 GetModuleHandleExW
0x40a06c GetProcAddress
0x40a070 MultiByteToWideChar
0x40a074 HeapSize
0x40a078 Sleep
0x40a07c GetStdHandle
0x40a080 WriteFile
0x40a084 GetModuleFileNameW
0x40a088 HeapFree
0x40a08c HeapAlloc
0x40a090 SetLastError
0x40a094 InterlockedIncrement
0x40a098 GetCurrentThreadId
0x40a09c GetProcessHeap
0x40a0a0 GetFileType
0x40a0a4 InitializeCriticalSectionAndSpinCount
0x40a0a8 DeleteCriticalSection
0x40a0ac InitOnceExecuteOnce
0x40a0b0 GetStartupInfoW
0x40a0b4 QueryPerformanceCounter
0x40a0b8 GetSystemTimeAsFileTime
0x40a0bc GetTickCount64
0x40a0c0 GetEnvironmentStringsW
0x40a0c4 FreeEnvironmentStringsW
0x40a0c8 UnhandledExceptionFilter
0x40a0cc SetUnhandledExceptionFilter
0x40a0d0 FlsAlloc
0x40a0d4 FlsGetValue
0x40a0d8 FlsSetValue
0x40a0dc FlsFree
0x40a0e0 GetCurrentProcess
0x40a0e4 TerminateProcess
0x40a0e8 GetModuleHandleW
0x40a0ec EnterCriticalSection
0x40a0f0 LeaveCriticalSection
0x40a0f4 LoadLibraryExW
0x40a0f8 IsValidCodePage
0x40a0fc GetACP
0x40a100 CreateFileW
USER32.dll
0x40a108 EndPaint
0x40a10c DestroyWindow
0x40a110 TranslateAcceleratorW
0x40a114 GetMessageW
0x40a118 PostQuitMessage
0x40a11c DrawTextW
0x40a120 DialogBoxParamW
0x40a124 LoadCursorW
0x40a128 BeginPaint
0x40a12c TranslateMessage
0x40a130 LoadAcceleratorsW
0x40a134 RegisterClassExW
0x40a138 LoadIconW
0x40a13c SetRect
0x40a140 EndDialog
0x40a144 LoadStringW
0x40a148 ShowWindow
0x40a14c CreateWindowExW
0x40a150 UpdateWindow
0x40a154 DefWindowProcW
0x40a158 DispatchMessageW
EAT(Export Address Table) is none