ScreenShot
Created | 2021.06.08 13:30 | Machine | s1_win7_x6402 |
Filename | excel | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 33 detected (malicious, high confidence, GenericKD, Unsafe, Save, TrojanX, ZexaF, 4xW@aqTl7mbi, Attribute, HighConfidence, ADBL, MultiPlug, qjpkp, ai score=85, Wacatac, score, GenericRXOK, R002H06F521, confidence) | ||
md5 | 4024e3a79b01981ce7e8c42c8c815d30 | ||
sha256 | c4856ddecc01169640f9ea92e6d66e84db1b654edf04dc1556bd6fa527178760 | ||
ssdeep | 49152:Ieobme+pQ+E8IaHwEEUw2jdf2BEwoeedYRveenS37ndasTXT4YZV9TGYRW21bx2x:48w7UTjdOBE3D37dVNZVQYEE | ||
imphash | b642b824b122af236e0e7b3be6fa8740 | ||
impfuzzy | 24:t4EpOovcprXjDVaeDmWlKAWk/KblJKu9UMUOaNjEq9cgcfCQS1jtlopl79TAEOrM:QXrX1a/WzWGP9cgcfCQS1jtlopp9kgBr |
Network IP location
Signature (3cnts)
Level | Description |
---|---|
danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
watch | Communicates with host for which no DNS query was performed |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x713000 GetTickCount
0x713004 GetProcessHeap
0x713008 GetVersion
0x71300c GetLastError
0x713010 GetEnvironmentStrings
0x713014 GetCommandLineA
0x713018 GetCurrentProcess
0x71301c HeapAlloc
0x713020 HeapFree
0x713024 HeapReAlloc
0x713028 AddVectoredExceptionHandler
0x71302c SetThreadStackGuarantee
0x713030 GetSystemInfo
0x713034 VirtualAlloc
0x713038 GetVolumePathNameW
0x71303c GetDiskFreeSpaceW
0x713040 GetModuleHandleA
0x713044 GetProcAddress
0x713048 TlsGetValue
0x71304c TlsSetValue
0x713050 AcquireSRWLockExclusive
0x713054 ReleaseSRWLockExclusive
0x713058 AcquireSRWLockShared
0x71305c ReleaseSRWLockShared
0x713060 SetLastError
0x713064 GetEnvironmentVariableW
0x713068 GetStdHandle
0x71306c GetConsoleMode
0x713070 WriteFile
0x713074 WriteConsoleW
0x713078 GetCurrentDirectoryW
0x71307c GetCurrentThread
0x713080 RtlCaptureContext
0x713084 ReleaseMutex
0x713088 WaitForSingleObjectEx
0x71308c LoadLibraryA
0x713090 CreateMutexA
0x713094 CloseHandle
0x713098 TlsAlloc
0x71309c GetModuleHandleW
0x7130a0 FormatMessageW
0x7130a4 InitializeCriticalSection
0x7130a8 TryEnterCriticalSection
0x7130ac LeaveCriticalSection
0x7130b0 EnterCriticalSection
0x7130b4 ExitProcess
0x7130b8 CreateFileW
0x7130bc QueryPerformanceCounter
0x7130c0 GetCurrentProcessId
0x7130c4 GetCurrentThreadId
0x7130c8 GetSystemTimeAsFileTime
0x7130cc InitializeSListHead
0x7130d0 IsDebuggerPresent
0x7130d4 UnhandledExceptionFilter
0x7130d8 SetUnhandledExceptionFilter
0x7130dc GetStartupInfoW
0x7130e0 IsProcessorFeaturePresent
0x7130e4 TerminateProcess
0x7130e8 RtlUnwind
0x7130ec DeleteCriticalSection
0x7130f0 InitializeCriticalSectionAndSpinCount
0x7130f4 TlsFree
0x7130f8 FreeLibrary
0x7130fc LoadLibraryExW
0x713100 RaiseException
0x713104 GetModuleFileNameW
0x713108 GetModuleHandleExW
0x71310c GetCommandLineW
0x713110 FindClose
0x713114 FindFirstFileExW
0x713118 FindNextFileW
0x71311c IsValidCodePage
0x713120 GetACP
0x713124 GetOEMCP
0x713128 GetCPInfo
0x71312c MultiByteToWideChar
0x713130 WideCharToMultiByte
0x713134 GetEnvironmentStringsW
0x713138 FreeEnvironmentStringsW
0x71313c SetEnvironmentVariableW
0x713140 SetStdHandle
0x713144 GetFileType
0x713148 GetStringTypeW
0x71314c CompareStringW
0x713150 LCMapStringW
0x713154 HeapSize
0x713158 FlushFileBuffers
0x71315c GetConsoleCP
0x713160 SetFilePointerEx
0x713164 DecodePointer
EAT(Export Address Table) is none
KERNEL32.dll
0x713000 GetTickCount
0x713004 GetProcessHeap
0x713008 GetVersion
0x71300c GetLastError
0x713010 GetEnvironmentStrings
0x713014 GetCommandLineA
0x713018 GetCurrentProcess
0x71301c HeapAlloc
0x713020 HeapFree
0x713024 HeapReAlloc
0x713028 AddVectoredExceptionHandler
0x71302c SetThreadStackGuarantee
0x713030 GetSystemInfo
0x713034 VirtualAlloc
0x713038 GetVolumePathNameW
0x71303c GetDiskFreeSpaceW
0x713040 GetModuleHandleA
0x713044 GetProcAddress
0x713048 TlsGetValue
0x71304c TlsSetValue
0x713050 AcquireSRWLockExclusive
0x713054 ReleaseSRWLockExclusive
0x713058 AcquireSRWLockShared
0x71305c ReleaseSRWLockShared
0x713060 SetLastError
0x713064 GetEnvironmentVariableW
0x713068 GetStdHandle
0x71306c GetConsoleMode
0x713070 WriteFile
0x713074 WriteConsoleW
0x713078 GetCurrentDirectoryW
0x71307c GetCurrentThread
0x713080 RtlCaptureContext
0x713084 ReleaseMutex
0x713088 WaitForSingleObjectEx
0x71308c LoadLibraryA
0x713090 CreateMutexA
0x713094 CloseHandle
0x713098 TlsAlloc
0x71309c GetModuleHandleW
0x7130a0 FormatMessageW
0x7130a4 InitializeCriticalSection
0x7130a8 TryEnterCriticalSection
0x7130ac LeaveCriticalSection
0x7130b0 EnterCriticalSection
0x7130b4 ExitProcess
0x7130b8 CreateFileW
0x7130bc QueryPerformanceCounter
0x7130c0 GetCurrentProcessId
0x7130c4 GetCurrentThreadId
0x7130c8 GetSystemTimeAsFileTime
0x7130cc InitializeSListHead
0x7130d0 IsDebuggerPresent
0x7130d4 UnhandledExceptionFilter
0x7130d8 SetUnhandledExceptionFilter
0x7130dc GetStartupInfoW
0x7130e0 IsProcessorFeaturePresent
0x7130e4 TerminateProcess
0x7130e8 RtlUnwind
0x7130ec DeleteCriticalSection
0x7130f0 InitializeCriticalSectionAndSpinCount
0x7130f4 TlsFree
0x7130f8 FreeLibrary
0x7130fc LoadLibraryExW
0x713100 RaiseException
0x713104 GetModuleFileNameW
0x713108 GetModuleHandleExW
0x71310c GetCommandLineW
0x713110 FindClose
0x713114 FindFirstFileExW
0x713118 FindNextFileW
0x71311c IsValidCodePage
0x713120 GetACP
0x713124 GetOEMCP
0x713128 GetCPInfo
0x71312c MultiByteToWideChar
0x713130 WideCharToMultiByte
0x713134 GetEnvironmentStringsW
0x713138 FreeEnvironmentStringsW
0x71313c SetEnvironmentVariableW
0x713140 SetStdHandle
0x713144 GetFileType
0x713148 GetStringTypeW
0x71314c CompareStringW
0x713150 LCMapStringW
0x713154 HeapSize
0x713158 FlushFileBuffers
0x71315c GetConsoleCP
0x713160 SetFilePointerEx
0x713164 DecodePointer
EAT(Export Address Table) is none