ScreenShot
| Created | 2021.06.08 12:29 | Machine | s1_win7_x6402 |
| Filename | app.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | f0e0670ed51fa999a58e0efeb03a8b54 | ||
| sha256 | d0977bcaff2bea222d6d7426f3c5ea09abcec2c867f63c274bc183fed985bc73 | ||
| ssdeep | 98304:W07S+uBIyncAc+R2fTF727BExFRCVzMdpLOXjZbNSovkHnM+6rULzSQ:WKWhfR2f87BYRIMzLYZLvk2g3SQ | ||
| imphash | f6fd925686f2488c5f12dd7bfb580a41 | ||
| impfuzzy | 48:XioG9eHTK88dP6xK11YLgF+eTAcIe4V8Ca9mxWBg:XosUP6mKGDTAcIe4V8P9mxD | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (8cnts) ?
Suricata ids
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
ET INFO EXE - Served Attached HTTP
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x855008 lstrlenA
0x85500c CopyFileExW
0x855010 SetEndOfFile
0x855014 HeapAlloc
0x855018 InterlockedIncrement
0x85501c WritePrivateProfileSectionA
0x855020 SetEnvironmentVariableW
0x855024 GetModuleHandleExW
0x855028 GetProfileSectionA
0x85502c SetVolumeMountPointW
0x855030 OpenSemaphoreA
0x855034 EnumTimeFormatsW
0x855038 CreateActCtxW
0x85503c GetDriveTypeA
0x855040 TlsSetValue
0x855044 LoadLibraryW
0x855048 TerminateThread
0x85504c ReadConsoleInputA
0x855050 CopyFileW
0x855054 GetPrivateProfileStructW
0x855058 GlobalFlags
0x85505c WritePrivateProfileStructW
0x855060 SetConsoleMode
0x855064 VerifyVersionInfoA
0x855068 WriteConsoleW
0x85506c GetBinaryTypeA
0x855070 GetAtomNameW
0x855074 IsDBCSLeadByte
0x855078 ReadFile
0x85507c CreateFileW
0x855080 GetOverlappedResult
0x855084 CompareStringW
0x855088 GetACP
0x85508c CreateDirectoryA
0x855090 InterlockedExchange
0x855094 SetCurrentDirectoryA
0x855098 FindFirstFileA
0x85509c GlobalFix
0x8550a0 SetLastError
0x8550a4 GetThreadLocale
0x8550a8 GetProcAddress
0x8550ac GetComputerNameExW
0x8550b0 IsValidCodePage
0x8550b4 SetComputerNameA
0x8550b8 BuildCommDCBW
0x8550bc GetTempFileNameA
0x8550c0 ResetEvent
0x8550c4 OpenWaitableTimerA
0x8550c8 LoadLibraryA
0x8550cc OpenMutexA
0x8550d0 WriteConsoleA
0x8550d4 UnhandledExceptionFilter
0x8550d8 LocalAlloc
0x8550dc GetFileType
0x8550e0 AddAtomW
0x8550e4 WriteProfileSectionW
0x8550e8 SetCommMask
0x8550ec SetSystemTime
0x8550f0 GetModuleFileNameA
0x8550f4 SetConsoleCursorInfo
0x8550f8 SetConsoleTitleW
0x8550fc GetModuleHandleA
0x855100 FreeEnvironmentStringsW
0x855104 RequestWakeupLatency
0x855108 GetCurrentDirectoryA
0x85510c GetCPInfoExA
0x855110 SetCalendarInfoA
0x855114 GetVersionExA
0x855118 ReadConsoleOutputCharacterW
0x85511c LCMapStringW
0x855120 GetVolumeInformationW
0x855124 GetHandleInformation
0x855128 FillConsoleOutputCharacterA
0x85512c GetCommandLineW
0x855130 HeapSetInformation
0x855134 GetStartupInfoW
0x855138 InterlockedDecrement
0x85513c DecodePointer
0x855140 GetModuleHandleW
0x855144 ExitProcess
0x855148 TerminateProcess
0x85514c GetCurrentProcess
0x855150 SetUnhandledExceptionFilter
0x855154 IsDebuggerPresent
0x855158 EncodePointer
0x85515c GetLastError
0x855160 GetModuleFileNameW
0x855164 WriteFile
0x855168 GetStdHandle
0x85516c EnterCriticalSection
0x855170 LeaveCriticalSection
0x855174 SetHandleCount
0x855178 InitializeCriticalSectionAndSpinCount
0x85517c DeleteCriticalSection
0x855180 IsProcessorFeaturePresent
0x855184 QueryPerformanceCounter
0x855188 GetTickCount
0x85518c GetCurrentThreadId
0x855190 GetCurrentProcessId
0x855194 GetSystemTimeAsFileTime
0x855198 GetEnvironmentStringsW
0x85519c HeapValidate
0x8551a0 IsBadReadPtr
0x8551a4 TlsAlloc
0x8551a8 TlsGetValue
0x8551ac TlsFree
0x8551b0 HeapCreate
0x8551b4 GetOEMCP
0x8551b8 GetCPInfo
0x8551bc OutputDebugStringA
0x8551c0 OutputDebugStringW
0x8551c4 RtlUnwind
0x8551c8 MultiByteToWideChar
0x8551cc RaiseException
0x8551d0 HeapReAlloc
0x8551d4 HeapSize
0x8551d8 HeapQueryInformation
0x8551dc HeapFree
0x8551e0 WideCharToMultiByte
0x8551e4 GetStringTypeW
0x8551e8 FlushFileBuffers
0x8551ec GetConsoleCP
0x8551f0 GetConsoleMode
0x8551f4 CloseHandle
0x8551f8 SetStdHandle
0x8551fc SetFilePointer
USER32.dll
0x855204 GetMessageTime
0x855208 GetMenuCheckMarkDimensions
ADVAPI32.dll
0x855000 AdjustTokenPrivileges
EAT(Export Address Table) is none
KERNEL32.dll
0x855008 lstrlenA
0x85500c CopyFileExW
0x855010 SetEndOfFile
0x855014 HeapAlloc
0x855018 InterlockedIncrement
0x85501c WritePrivateProfileSectionA
0x855020 SetEnvironmentVariableW
0x855024 GetModuleHandleExW
0x855028 GetProfileSectionA
0x85502c SetVolumeMountPointW
0x855030 OpenSemaphoreA
0x855034 EnumTimeFormatsW
0x855038 CreateActCtxW
0x85503c GetDriveTypeA
0x855040 TlsSetValue
0x855044 LoadLibraryW
0x855048 TerminateThread
0x85504c ReadConsoleInputA
0x855050 CopyFileW
0x855054 GetPrivateProfileStructW
0x855058 GlobalFlags
0x85505c WritePrivateProfileStructW
0x855060 SetConsoleMode
0x855064 VerifyVersionInfoA
0x855068 WriteConsoleW
0x85506c GetBinaryTypeA
0x855070 GetAtomNameW
0x855074 IsDBCSLeadByte
0x855078 ReadFile
0x85507c CreateFileW
0x855080 GetOverlappedResult
0x855084 CompareStringW
0x855088 GetACP
0x85508c CreateDirectoryA
0x855090 InterlockedExchange
0x855094 SetCurrentDirectoryA
0x855098 FindFirstFileA
0x85509c GlobalFix
0x8550a0 SetLastError
0x8550a4 GetThreadLocale
0x8550a8 GetProcAddress
0x8550ac GetComputerNameExW
0x8550b0 IsValidCodePage
0x8550b4 SetComputerNameA
0x8550b8 BuildCommDCBW
0x8550bc GetTempFileNameA
0x8550c0 ResetEvent
0x8550c4 OpenWaitableTimerA
0x8550c8 LoadLibraryA
0x8550cc OpenMutexA
0x8550d0 WriteConsoleA
0x8550d4 UnhandledExceptionFilter
0x8550d8 LocalAlloc
0x8550dc GetFileType
0x8550e0 AddAtomW
0x8550e4 WriteProfileSectionW
0x8550e8 SetCommMask
0x8550ec SetSystemTime
0x8550f0 GetModuleFileNameA
0x8550f4 SetConsoleCursorInfo
0x8550f8 SetConsoleTitleW
0x8550fc GetModuleHandleA
0x855100 FreeEnvironmentStringsW
0x855104 RequestWakeupLatency
0x855108 GetCurrentDirectoryA
0x85510c GetCPInfoExA
0x855110 SetCalendarInfoA
0x855114 GetVersionExA
0x855118 ReadConsoleOutputCharacterW
0x85511c LCMapStringW
0x855120 GetVolumeInformationW
0x855124 GetHandleInformation
0x855128 FillConsoleOutputCharacterA
0x85512c GetCommandLineW
0x855130 HeapSetInformation
0x855134 GetStartupInfoW
0x855138 InterlockedDecrement
0x85513c DecodePointer
0x855140 GetModuleHandleW
0x855144 ExitProcess
0x855148 TerminateProcess
0x85514c GetCurrentProcess
0x855150 SetUnhandledExceptionFilter
0x855154 IsDebuggerPresent
0x855158 EncodePointer
0x85515c GetLastError
0x855160 GetModuleFileNameW
0x855164 WriteFile
0x855168 GetStdHandle
0x85516c EnterCriticalSection
0x855170 LeaveCriticalSection
0x855174 SetHandleCount
0x855178 InitializeCriticalSectionAndSpinCount
0x85517c DeleteCriticalSection
0x855180 IsProcessorFeaturePresent
0x855184 QueryPerformanceCounter
0x855188 GetTickCount
0x85518c GetCurrentThreadId
0x855190 GetCurrentProcessId
0x855194 GetSystemTimeAsFileTime
0x855198 GetEnvironmentStringsW
0x85519c HeapValidate
0x8551a0 IsBadReadPtr
0x8551a4 TlsAlloc
0x8551a8 TlsGetValue
0x8551ac TlsFree
0x8551b0 HeapCreate
0x8551b4 GetOEMCP
0x8551b8 GetCPInfo
0x8551bc OutputDebugStringA
0x8551c0 OutputDebugStringW
0x8551c4 RtlUnwind
0x8551c8 MultiByteToWideChar
0x8551cc RaiseException
0x8551d0 HeapReAlloc
0x8551d4 HeapSize
0x8551d8 HeapQueryInformation
0x8551dc HeapFree
0x8551e0 WideCharToMultiByte
0x8551e4 GetStringTypeW
0x8551e8 FlushFileBuffers
0x8551ec GetConsoleCP
0x8551f0 GetConsoleMode
0x8551f4 CloseHandle
0x8551f8 SetStdHandle
0x8551fc SetFilePointer
USER32.dll
0x855204 GetMessageTime
0x855208 GetMenuCheckMarkDimensions
ADVAPI32.dll
0x855000 AdjustTokenPrivileges
EAT(Export Address Table) is none