ScreenShot
| Created | 2021.06.08 13:21 | Machine | s1_win7_x6402 |
| Filename | filename.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | b962ee63b8f28568191028fa44df69ee | ||
| sha256 | 7b8b6dd0f2e3dd6475137e3f236d89b3a1abf66779f2f1ef1d9cc779f33dc327 | ||
| ssdeep | 12288:EFBqGRucn2cPp4/H5Yp9LWVApDeD5DDMcPcDNVO7L:GfD+xHjDFDgA7L | ||
| imphash | f6fd925686f2488c5f12dd7bfb580a41 | ||
| impfuzzy | 48:XioG9eHTK88dP6xK11YLgF+eTAcIe4V8Ca9mxWBg:XosUP6mKGDTAcIe4V8P9mxD | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x473008 lstrlenA
0x47300c CopyFileExW
0x473010 SetEndOfFile
0x473014 HeapAlloc
0x473018 InterlockedIncrement
0x47301c WritePrivateProfileSectionA
0x473020 SetEnvironmentVariableW
0x473024 GetModuleHandleExW
0x473028 GetProfileSectionA
0x47302c SetVolumeMountPointW
0x473030 OpenSemaphoreA
0x473034 EnumTimeFormatsW
0x473038 CreateActCtxW
0x47303c GetDriveTypeA
0x473040 TlsSetValue
0x473044 LoadLibraryW
0x473048 TerminateThread
0x47304c ReadConsoleInputA
0x473050 CopyFileW
0x473054 GetPrivateProfileStructW
0x473058 GlobalFlags
0x47305c WritePrivateProfileStructW
0x473060 SetConsoleMode
0x473064 VerifyVersionInfoA
0x473068 WriteConsoleW
0x47306c GetBinaryTypeA
0x473070 GetAtomNameW
0x473074 IsDBCSLeadByte
0x473078 ReadFile
0x47307c CreateFileW
0x473080 GetOverlappedResult
0x473084 CompareStringW
0x473088 GetACP
0x47308c CreateDirectoryA
0x473090 InterlockedExchange
0x473094 SetCurrentDirectoryA
0x473098 FindFirstFileA
0x47309c GlobalFix
0x4730a0 SetLastError
0x4730a4 GetThreadLocale
0x4730a8 GetProcAddress
0x4730ac GetComputerNameExW
0x4730b0 IsValidCodePage
0x4730b4 SetComputerNameA
0x4730b8 BuildCommDCBW
0x4730bc GetTempFileNameA
0x4730c0 ResetEvent
0x4730c4 OpenWaitableTimerA
0x4730c8 LoadLibraryA
0x4730cc OpenMutexA
0x4730d0 WriteConsoleA
0x4730d4 UnhandledExceptionFilter
0x4730d8 LocalAlloc
0x4730dc GetFileType
0x4730e0 AddAtomW
0x4730e4 WriteProfileSectionW
0x4730e8 SetCommMask
0x4730ec SetSystemTime
0x4730f0 GetModuleFileNameA
0x4730f4 SetConsoleCursorInfo
0x4730f8 SetConsoleTitleW
0x4730fc GetModuleHandleA
0x473100 FreeEnvironmentStringsW
0x473104 RequestWakeupLatency
0x473108 GetCurrentDirectoryA
0x47310c GetCPInfoExA
0x473110 SetCalendarInfoA
0x473114 GetVersionExA
0x473118 ReadConsoleOutputCharacterW
0x47311c LCMapStringW
0x473120 GetVolumeInformationW
0x473124 GetHandleInformation
0x473128 FillConsoleOutputCharacterA
0x47312c GetCommandLineW
0x473130 HeapSetInformation
0x473134 GetStartupInfoW
0x473138 InterlockedDecrement
0x47313c DecodePointer
0x473140 GetModuleHandleW
0x473144 ExitProcess
0x473148 TerminateProcess
0x47314c GetCurrentProcess
0x473150 SetUnhandledExceptionFilter
0x473154 IsDebuggerPresent
0x473158 EncodePointer
0x47315c GetLastError
0x473160 GetModuleFileNameW
0x473164 WriteFile
0x473168 GetStdHandle
0x47316c EnterCriticalSection
0x473170 LeaveCriticalSection
0x473174 SetHandleCount
0x473178 InitializeCriticalSectionAndSpinCount
0x47317c DeleteCriticalSection
0x473180 IsProcessorFeaturePresent
0x473184 QueryPerformanceCounter
0x473188 GetTickCount
0x47318c GetCurrentThreadId
0x473190 GetCurrentProcessId
0x473194 GetSystemTimeAsFileTime
0x473198 GetEnvironmentStringsW
0x47319c HeapValidate
0x4731a0 IsBadReadPtr
0x4731a4 TlsAlloc
0x4731a8 TlsGetValue
0x4731ac TlsFree
0x4731b0 HeapCreate
0x4731b4 GetOEMCP
0x4731b8 GetCPInfo
0x4731bc OutputDebugStringA
0x4731c0 OutputDebugStringW
0x4731c4 RtlUnwind
0x4731c8 MultiByteToWideChar
0x4731cc RaiseException
0x4731d0 HeapReAlloc
0x4731d4 HeapSize
0x4731d8 HeapQueryInformation
0x4731dc HeapFree
0x4731e0 WideCharToMultiByte
0x4731e4 GetStringTypeW
0x4731e8 FlushFileBuffers
0x4731ec GetConsoleCP
0x4731f0 GetConsoleMode
0x4731f4 CloseHandle
0x4731f8 SetStdHandle
0x4731fc SetFilePointer
USER32.dll
0x473204 GetMessageTime
0x473208 GetMenuCheckMarkDimensions
ADVAPI32.dll
0x473000 AdjustTokenPrivileges
EAT(Export Address Table) is none
KERNEL32.dll
0x473008 lstrlenA
0x47300c CopyFileExW
0x473010 SetEndOfFile
0x473014 HeapAlloc
0x473018 InterlockedIncrement
0x47301c WritePrivateProfileSectionA
0x473020 SetEnvironmentVariableW
0x473024 GetModuleHandleExW
0x473028 GetProfileSectionA
0x47302c SetVolumeMountPointW
0x473030 OpenSemaphoreA
0x473034 EnumTimeFormatsW
0x473038 CreateActCtxW
0x47303c GetDriveTypeA
0x473040 TlsSetValue
0x473044 LoadLibraryW
0x473048 TerminateThread
0x47304c ReadConsoleInputA
0x473050 CopyFileW
0x473054 GetPrivateProfileStructW
0x473058 GlobalFlags
0x47305c WritePrivateProfileStructW
0x473060 SetConsoleMode
0x473064 VerifyVersionInfoA
0x473068 WriteConsoleW
0x47306c GetBinaryTypeA
0x473070 GetAtomNameW
0x473074 IsDBCSLeadByte
0x473078 ReadFile
0x47307c CreateFileW
0x473080 GetOverlappedResult
0x473084 CompareStringW
0x473088 GetACP
0x47308c CreateDirectoryA
0x473090 InterlockedExchange
0x473094 SetCurrentDirectoryA
0x473098 FindFirstFileA
0x47309c GlobalFix
0x4730a0 SetLastError
0x4730a4 GetThreadLocale
0x4730a8 GetProcAddress
0x4730ac GetComputerNameExW
0x4730b0 IsValidCodePage
0x4730b4 SetComputerNameA
0x4730b8 BuildCommDCBW
0x4730bc GetTempFileNameA
0x4730c0 ResetEvent
0x4730c4 OpenWaitableTimerA
0x4730c8 LoadLibraryA
0x4730cc OpenMutexA
0x4730d0 WriteConsoleA
0x4730d4 UnhandledExceptionFilter
0x4730d8 LocalAlloc
0x4730dc GetFileType
0x4730e0 AddAtomW
0x4730e4 WriteProfileSectionW
0x4730e8 SetCommMask
0x4730ec SetSystemTime
0x4730f0 GetModuleFileNameA
0x4730f4 SetConsoleCursorInfo
0x4730f8 SetConsoleTitleW
0x4730fc GetModuleHandleA
0x473100 FreeEnvironmentStringsW
0x473104 RequestWakeupLatency
0x473108 GetCurrentDirectoryA
0x47310c GetCPInfoExA
0x473110 SetCalendarInfoA
0x473114 GetVersionExA
0x473118 ReadConsoleOutputCharacterW
0x47311c LCMapStringW
0x473120 GetVolumeInformationW
0x473124 GetHandleInformation
0x473128 FillConsoleOutputCharacterA
0x47312c GetCommandLineW
0x473130 HeapSetInformation
0x473134 GetStartupInfoW
0x473138 InterlockedDecrement
0x47313c DecodePointer
0x473140 GetModuleHandleW
0x473144 ExitProcess
0x473148 TerminateProcess
0x47314c GetCurrentProcess
0x473150 SetUnhandledExceptionFilter
0x473154 IsDebuggerPresent
0x473158 EncodePointer
0x47315c GetLastError
0x473160 GetModuleFileNameW
0x473164 WriteFile
0x473168 GetStdHandle
0x47316c EnterCriticalSection
0x473170 LeaveCriticalSection
0x473174 SetHandleCount
0x473178 InitializeCriticalSectionAndSpinCount
0x47317c DeleteCriticalSection
0x473180 IsProcessorFeaturePresent
0x473184 QueryPerformanceCounter
0x473188 GetTickCount
0x47318c GetCurrentThreadId
0x473190 GetCurrentProcessId
0x473194 GetSystemTimeAsFileTime
0x473198 GetEnvironmentStringsW
0x47319c HeapValidate
0x4731a0 IsBadReadPtr
0x4731a4 TlsAlloc
0x4731a8 TlsGetValue
0x4731ac TlsFree
0x4731b0 HeapCreate
0x4731b4 GetOEMCP
0x4731b8 GetCPInfo
0x4731bc OutputDebugStringA
0x4731c0 OutputDebugStringW
0x4731c4 RtlUnwind
0x4731c8 MultiByteToWideChar
0x4731cc RaiseException
0x4731d0 HeapReAlloc
0x4731d4 HeapSize
0x4731d8 HeapQueryInformation
0x4731dc HeapFree
0x4731e0 WideCharToMultiByte
0x4731e4 GetStringTypeW
0x4731e8 FlushFileBuffers
0x4731ec GetConsoleCP
0x4731f0 GetConsoleMode
0x4731f4 CloseHandle
0x4731f8 SetStdHandle
0x4731fc SetFilePointer
USER32.dll
0x473204 GetMessageTime
0x473208 GetMenuCheckMarkDimensions
ADVAPI32.dll
0x473000 AdjustTokenPrivileges
EAT(Export Address Table) is none