ScreenShot
| Created | 2021.06.11 11:02 | Machine | s1_win7_x6402 |
| Filename | nerik.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Hacktool, ZexaF, yuW@aqq, Attribute, HighConfidence, Kryptik, HLHB, FileRepMalware, A + Troj, Static AI, Malicious PE, 18JIJAK, kcloud, Azorult, score, BScope, Sabsik, DanaBot, ET#86%, RDMK, cmRtazpc1Iv4xWJUojqXtBc5x1GD, susgen, GenKryptik, FGJV, confidence, 100%) | ||
| md5 | 6803ee8f500080b6a72a7e391bc4778e | ||
| sha256 | 377030b4311c86adfdbab3a625400cfeae0288f71bb6a3530ed022a9ff87b04e | ||
| ssdeep | 12288:ZMIVwTCJkvB+FBOEWm4l6KIqadh7ENpd:Z9Vd65+aEWHva77kd | ||
| imphash | 74556c3d2d30d4b65eb21185fd13000f | ||
| impfuzzy | 48:d/04tIkq8gAKD9zoYkJCIIu3/pL2+fcLadOv5MdFTZvc3pZIPO+l:d/CtuJCbu3hC+fcOd4MdFTZvc3zM | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x447008 EnumResourceNamesW
0x44700c HeapReAlloc
0x447010 lstrlenA
0x447014 WritePrivateProfileStructA
0x447018 GetModuleHandleExA
0x44701c SetLocalTime
0x447020 GetDriveTypeW
0x447024 SetEndOfFile
0x447028 CallNamedPipeA
0x44702c _lwrite
0x447030 InterlockedDecrement
0x447034 WritePrivateProfileSectionA
0x447038 CreateDirectoryW
0x44703c GlobalLock
0x447040 GetProfileSectionA
0x447044 WaitForSingleObject
0x447048 SetVolumeMountPointW
0x44704c OpenSemaphoreA
0x447050 GetModuleHandleW
0x447054 CreateNamedPipeW
0x447058 ReadConsoleW
0x44705c EnumTimeFormatsA
0x447060 CreateActCtxW
0x447064 CreateDirectoryExW
0x447068 GetPriorityClass
0x44706c GlobalAlloc
0x447070 GetVolumeInformationA
0x447074 LoadLibraryW
0x447078 GetConsoleMode
0x44707c Sleep
0x447080 ReadConsoleInputA
0x447084 CopyFileW
0x447088 _hread
0x44708c GetVersionExW
0x447090 GetComputerNameExA
0x447094 SetConsoleMode
0x447098 Beep
0x44709c SetConsoleCursorPosition
0x4470a0 GetBinaryTypeA
0x4470a4 TerminateProcess
0x4470a8 GetAtomNameW
0x4470ac ReadFile
0x4470b0 GetModuleFileNameW
0x4470b4 CreateFileW
0x4470b8 CompareStringW
0x4470bc FillConsoleOutputCharacterA
0x4470c0 SetConsoleTitleA
0x4470c4 VerifyVersionInfoW
0x4470c8 GlobalUnfix
0x4470cc FindFirstFileA
0x4470d0 GetCPInfoExW
0x4470d4 OpenMutexW
0x4470d8 GetHandleInformation
0x4470dc IsDBCSLeadByteEx
0x4470e0 GetCurrentDirectoryW
0x4470e4 GetThreadLocale
0x4470e8 ReadConsoleOutputCharacterA
0x4470ec GetProcAddress
0x4470f0 GetProcessHeaps
0x4470f4 IsValidCodePage
0x4470f8 CopyFileA
0x4470fc SetComputerNameA
0x447100 BuildCommDCBW
0x447104 ResetEvent
0x447108 ProcessIdToSessionId
0x44710c UnhandledExceptionFilter
0x447110 OpenWaitableTimerW
0x447114 GetFileType
0x447118 IsSystemResumeAutomatic
0x44711c AddAtomW
0x447120 SetCurrentDirectoryW
0x447124 GetCommMask
0x447128 GetPrivateProfileStructA
0x44712c SetEnvironmentVariableA
0x447130 WTSGetActiveConsoleSessionId
0x447134 CreateIoCompletionPort
0x447138 FreeEnvironmentStringsW
0x44713c CompareStringA
0x447140 SetCalendarInfoA
0x447144 _lopen
0x447148 ReadConsoleInputW
0x44714c LocalSize
0x447150 InterlockedPushEntrySList
0x447154 TlsFree
0x447158 LCMapStringW
0x44715c CopyFileExA
0x447160 CloseHandle
0x447164 SetStdHandle
0x447168 GetConsoleCP
0x44716c SetFilePointer
0x447170 GetACP
0x447174 GetTempFileNameW
0x447178 InterlockedIncrement
0x44717c EncodePointer
0x447180 DecodePointer
0x447184 InitializeCriticalSection
0x447188 DeleteCriticalSection
0x44718c EnterCriticalSection
0x447190 LeaveCriticalSection
0x447194 HeapValidate
0x447198 IsBadReadPtr
0x44719c GetLastError
0x4471a0 DeleteFileA
0x4471a4 GetCommandLineW
0x4471a8 HeapSetInformation
0x4471ac GetStartupInfoW
0x4471b0 RtlUnwind
0x4471b4 RaiseException
0x4471b8 WideCharToMultiByte
0x4471bc MultiByteToWideChar
0x4471c0 GetCPInfo
0x4471c4 ExitProcess
0x4471c8 GetCurrentProcess
0x4471cc SetUnhandledExceptionFilter
0x4471d0 IsDebuggerPresent
0x4471d4 WriteFile
0x4471d8 GetStdHandle
0x4471dc InitializeCriticalSectionAndSpinCount
0x4471e0 HeapAlloc
0x4471e4 GetModuleFileNameA
0x4471e8 HeapSize
0x4471ec HeapQueryInformation
0x4471f0 HeapFree
0x4471f4 HeapCreate
0x4471f8 GetOEMCP
0x4471fc TlsAlloc
0x447200 TlsGetValue
0x447204 TlsSetValue
0x447208 GetCurrentThreadId
0x44720c SetLastError
0x447210 QueryPerformanceCounter
0x447214 GetTickCount
0x447218 GetCurrentProcessId
0x44721c GetSystemTimeAsFileTime
0x447220 GetEnvironmentStringsW
0x447224 SetHandleCount
0x447228 GetLocaleInfoW
0x44722c IsProcessorFeaturePresent
0x447230 OutputDebugStringA
0x447234 WriteConsoleW
0x447238 OutputDebugStringW
0x44723c GetStringTypeW
0x447240 GetLocaleInfoA
0x447244 IsValidLocale
0x447248 EnumSystemLocalesA
0x44724c GetUserDefaultLCID
0x447250 FlushFileBuffers
USER32.dll
0x447258 GetCursorInfo
0x44725c GetListBoxInfo
0x447260 GetComboBoxInfo
0x447264 GetMenuBarInfo
ADVAPI32.dll
0x447000 AdjustTokenPrivileges
EAT(Export Address Table) is none
KERNEL32.dll
0x447008 EnumResourceNamesW
0x44700c HeapReAlloc
0x447010 lstrlenA
0x447014 WritePrivateProfileStructA
0x447018 GetModuleHandleExA
0x44701c SetLocalTime
0x447020 GetDriveTypeW
0x447024 SetEndOfFile
0x447028 CallNamedPipeA
0x44702c _lwrite
0x447030 InterlockedDecrement
0x447034 WritePrivateProfileSectionA
0x447038 CreateDirectoryW
0x44703c GlobalLock
0x447040 GetProfileSectionA
0x447044 WaitForSingleObject
0x447048 SetVolumeMountPointW
0x44704c OpenSemaphoreA
0x447050 GetModuleHandleW
0x447054 CreateNamedPipeW
0x447058 ReadConsoleW
0x44705c EnumTimeFormatsA
0x447060 CreateActCtxW
0x447064 CreateDirectoryExW
0x447068 GetPriorityClass
0x44706c GlobalAlloc
0x447070 GetVolumeInformationA
0x447074 LoadLibraryW
0x447078 GetConsoleMode
0x44707c Sleep
0x447080 ReadConsoleInputA
0x447084 CopyFileW
0x447088 _hread
0x44708c GetVersionExW
0x447090 GetComputerNameExA
0x447094 SetConsoleMode
0x447098 Beep
0x44709c SetConsoleCursorPosition
0x4470a0 GetBinaryTypeA
0x4470a4 TerminateProcess
0x4470a8 GetAtomNameW
0x4470ac ReadFile
0x4470b0 GetModuleFileNameW
0x4470b4 CreateFileW
0x4470b8 CompareStringW
0x4470bc FillConsoleOutputCharacterA
0x4470c0 SetConsoleTitleA
0x4470c4 VerifyVersionInfoW
0x4470c8 GlobalUnfix
0x4470cc FindFirstFileA
0x4470d0 GetCPInfoExW
0x4470d4 OpenMutexW
0x4470d8 GetHandleInformation
0x4470dc IsDBCSLeadByteEx
0x4470e0 GetCurrentDirectoryW
0x4470e4 GetThreadLocale
0x4470e8 ReadConsoleOutputCharacterA
0x4470ec GetProcAddress
0x4470f0 GetProcessHeaps
0x4470f4 IsValidCodePage
0x4470f8 CopyFileA
0x4470fc SetComputerNameA
0x447100 BuildCommDCBW
0x447104 ResetEvent
0x447108 ProcessIdToSessionId
0x44710c UnhandledExceptionFilter
0x447110 OpenWaitableTimerW
0x447114 GetFileType
0x447118 IsSystemResumeAutomatic
0x44711c AddAtomW
0x447120 SetCurrentDirectoryW
0x447124 GetCommMask
0x447128 GetPrivateProfileStructA
0x44712c SetEnvironmentVariableA
0x447130 WTSGetActiveConsoleSessionId
0x447134 CreateIoCompletionPort
0x447138 FreeEnvironmentStringsW
0x44713c CompareStringA
0x447140 SetCalendarInfoA
0x447144 _lopen
0x447148 ReadConsoleInputW
0x44714c LocalSize
0x447150 InterlockedPushEntrySList
0x447154 TlsFree
0x447158 LCMapStringW
0x44715c CopyFileExA
0x447160 CloseHandle
0x447164 SetStdHandle
0x447168 GetConsoleCP
0x44716c SetFilePointer
0x447170 GetACP
0x447174 GetTempFileNameW
0x447178 InterlockedIncrement
0x44717c EncodePointer
0x447180 DecodePointer
0x447184 InitializeCriticalSection
0x447188 DeleteCriticalSection
0x44718c EnterCriticalSection
0x447190 LeaveCriticalSection
0x447194 HeapValidate
0x447198 IsBadReadPtr
0x44719c GetLastError
0x4471a0 DeleteFileA
0x4471a4 GetCommandLineW
0x4471a8 HeapSetInformation
0x4471ac GetStartupInfoW
0x4471b0 RtlUnwind
0x4471b4 RaiseException
0x4471b8 WideCharToMultiByte
0x4471bc MultiByteToWideChar
0x4471c0 GetCPInfo
0x4471c4 ExitProcess
0x4471c8 GetCurrentProcess
0x4471cc SetUnhandledExceptionFilter
0x4471d0 IsDebuggerPresent
0x4471d4 WriteFile
0x4471d8 GetStdHandle
0x4471dc InitializeCriticalSectionAndSpinCount
0x4471e0 HeapAlloc
0x4471e4 GetModuleFileNameA
0x4471e8 HeapSize
0x4471ec HeapQueryInformation
0x4471f0 HeapFree
0x4471f4 HeapCreate
0x4471f8 GetOEMCP
0x4471fc TlsAlloc
0x447200 TlsGetValue
0x447204 TlsSetValue
0x447208 GetCurrentThreadId
0x44720c SetLastError
0x447210 QueryPerformanceCounter
0x447214 GetTickCount
0x447218 GetCurrentProcessId
0x44721c GetSystemTimeAsFileTime
0x447220 GetEnvironmentStringsW
0x447224 SetHandleCount
0x447228 GetLocaleInfoW
0x44722c IsProcessorFeaturePresent
0x447230 OutputDebugStringA
0x447234 WriteConsoleW
0x447238 OutputDebugStringW
0x44723c GetStringTypeW
0x447240 GetLocaleInfoA
0x447244 IsValidLocale
0x447248 EnumSystemLocalesA
0x44724c GetUserDefaultLCID
0x447250 FlushFileBuffers
USER32.dll
0x447258 GetCursorInfo
0x44725c GetListBoxInfo
0x447260 GetComboBoxInfo
0x447264 GetMenuBarInfo
ADVAPI32.dll
0x447000 AdjustTokenPrivileges
EAT(Export Address Table) is none