ScreenShot
| Created | 2021.06.12 11:28 | Machine | s1_win7_x6401 |
| Filename | ner.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetect, malware1, malicious, high confidence, Siggen13, GenericKD, Save, ZexaF, xuW@a4L7cZmO, Attribute, HighConfidence, Kryptik, HLHU, Bsymem, PWSX, R + Troj, Static AI, Malicious PE, Racealer, Unsafe, Score, Chapak, bxbma, kcloud, Azorult, 18JIJAK, Glupteba, R425222, BScope, Sabsik, CLASSIC, susgen, confidence, 100%) | ||
| md5 | 4e99138abad19c9cba519e39083831c5 | ||
| sha256 | 0e568f8920a068d8300b2ef9096c8394cfa77b6002be1692ad3a6fead7e3eb1f | ||
| ssdeep | 6144:V52UF0fONhqdOEREwEZcOseglbiRJ4YfwxRRvexW+opFtjUuS3:X2UF0ONhsxEZlsegoRJ4mcR+F8tjC | ||
| imphash | 59b984cbbff57adffa13e215b34ee50b | ||
| impfuzzy | 48:4O834+Ikq8gI4XF9zeIiH3/pL1ZL+fcLadOv5MdzTHSvc3yPO+Sl:4O8yfXrhiH3hDL+fcOd4MdzTyvc37 | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44900c CreateFileA
0x449010 GetFileSize
0x449014 FindFirstFileW
0x449018 SetFilePointer
0x44901c lstrlenA
0x449020 WritePrivateProfileStructA
0x449024 CopyFileExW
0x449028 SetLocalTime
0x44902c GetDriveTypeW
0x449030 CallNamedPipeA
0x449034 SetUnhandledExceptionFilter
0x449038 _lwrite
0x44903c InterlockedDecrement
0x449040 WritePrivateProfileSectionA
0x449044 CreateDirectoryW
0x449048 GlobalLock
0x44904c GetProfileSectionA
0x449050 WaitForSingleObject
0x449054 SetComputerNameW
0x449058 OpenSemaphoreA
0x44905c GetModuleHandleW
0x449060 CreateNamedPipeW
0x449064 ReadConsoleW
0x449068 EnumTimeFormatsA
0x44906c CreateActCtxW
0x449070 CreateDirectoryExW
0x449074 GetPriorityClass
0x449078 GlobalAlloc
0x44907c GetVolumeInformationA
0x449080 LoadLibraryW
0x449084 GetConsoleMode
0x449088 Sleep
0x44908c ReadConsoleInputA
0x449090 CopyFileW
0x449094 _hread
0x449098 SetVolumeMountPointA
0x44909c GetVersionExW
0x4490a0 SetConsoleMode
0x4490a4 Beep
0x4490a8 SetConsoleCursorPosition
0x4490ac TerminateProcess
0x4490b0 ReadFile
0x4490b4 GetModuleFileNameW
0x4490b8 GetBinaryTypeW
0x4490bc HeapReAlloc
0x4490c0 SetConsoleTitleA
0x4490c4 VerifyVersionInfoW
0x4490c8 GlobalUnfix
0x4490cc SetThreadLocale
0x4490d0 GetCPInfoExW
0x4490d4 OpenMutexW
0x4490d8 GetHandleInformation
0x4490dc IsDBCSLeadByteEx
0x4490e0 GetCurrentDirectoryW
0x4490e4 ReadConsoleOutputCharacterA
0x4490e8 GetProcAddress
0x4490ec GetProcessHeaps
0x4490f0 GetComputerNameExW
0x4490f4 CopyFileA
0x4490f8 BuildCommDCBW
0x4490fc GetTempFileNameA
0x449100 ResetEvent
0x449104 GetAtomNameA
0x449108 OpenWaitableTimerW
0x44910c LocalAlloc
0x449110 IsSystemResumeAutomatic
0x449114 SetCurrentDirectoryW
0x449118 AddAtomA
0x44911c SetCommMask
0x449120 GetPrivateProfileStructA
0x449124 SetEnvironmentVariableA
0x449128 GetOEMCP
0x44912c WTSGetActiveConsoleSessionId
0x449130 CreateIoCompletionPort
0x449134 FreeEnvironmentStringsW
0x449138 CompareStringA
0x44913c SetCalendarInfoA
0x449140 _lopen
0x449144 ReadConsoleInputW
0x449148 LocalSize
0x44914c InterlockedPushEntrySList
0x449150 TlsFree
0x449154 LCMapStringW
0x449158 CloseHandle
0x44915c CreateFileW
0x449160 GetUserDefaultLCID
0x449164 EnumSystemLocalesA
0x449168 EnumResourceNamesW
0x44916c GetACP
0x449170 FillConsoleOutputCharacterA
0x449174 InterlockedIncrement
0x449178 EncodePointer
0x44917c DecodePointer
0x449180 InitializeCriticalSection
0x449184 DeleteCriticalSection
0x449188 EnterCriticalSection
0x44918c LeaveCriticalSection
0x449190 HeapValidate
0x449194 IsBadReadPtr
0x449198 GetLastError
0x44919c DeleteFileA
0x4491a0 GetCommandLineW
0x4491a4 HeapSetInformation
0x4491a8 GetStartupInfoW
0x4491ac RtlUnwind
0x4491b0 RaiseException
0x4491b4 WideCharToMultiByte
0x4491b8 MultiByteToWideChar
0x4491bc GetCPInfo
0x4491c0 ExitProcess
0x4491c4 GetCurrentProcess
0x4491c8 UnhandledExceptionFilter
0x4491cc IsDebuggerPresent
0x4491d0 WriteFile
0x4491d4 GetStdHandle
0x4491d8 InitializeCriticalSectionAndSpinCount
0x4491dc SetStdHandle
0x4491e0 GetFileType
0x4491e4 GetConsoleCP
0x4491e8 HeapAlloc
0x4491ec GetModuleFileNameA
0x4491f0 HeapSize
0x4491f4 HeapQueryInformation
0x4491f8 HeapFree
0x4491fc HeapCreate
0x449200 IsValidCodePage
0x449204 TlsAlloc
0x449208 TlsGetValue
0x44920c TlsSetValue
0x449210 GetCurrentThreadId
0x449214 SetLastError
0x449218 QueryPerformanceCounter
0x44921c GetTickCount
0x449220 GetCurrentProcessId
0x449224 GetSystemTimeAsFileTime
0x449228 GetEnvironmentStringsW
0x44922c SetHandleCount
0x449230 GetLocaleInfoW
0x449234 IsProcessorFeaturePresent
0x449238 OutputDebugStringA
0x44923c WriteConsoleW
0x449240 OutputDebugStringW
0x449244 GetStringTypeW
0x449248 GetLocaleInfoA
0x44924c IsValidLocale
0x449250 FlushFileBuffers
USER32.dll
0x449258 GetCursorInfo
0x44925c GetListBoxInfo
0x449260 GetComboBoxInfo
0x449264 GetMenuBarInfo
ADVAPI32.dll
0x449000 IsTextUnicode
0x449004 InitiateSystemShutdownW
EAT(Export Address Table) is none
KERNEL32.dll
0x44900c CreateFileA
0x449010 GetFileSize
0x449014 FindFirstFileW
0x449018 SetFilePointer
0x44901c lstrlenA
0x449020 WritePrivateProfileStructA
0x449024 CopyFileExW
0x449028 SetLocalTime
0x44902c GetDriveTypeW
0x449030 CallNamedPipeA
0x449034 SetUnhandledExceptionFilter
0x449038 _lwrite
0x44903c InterlockedDecrement
0x449040 WritePrivateProfileSectionA
0x449044 CreateDirectoryW
0x449048 GlobalLock
0x44904c GetProfileSectionA
0x449050 WaitForSingleObject
0x449054 SetComputerNameW
0x449058 OpenSemaphoreA
0x44905c GetModuleHandleW
0x449060 CreateNamedPipeW
0x449064 ReadConsoleW
0x449068 EnumTimeFormatsA
0x44906c CreateActCtxW
0x449070 CreateDirectoryExW
0x449074 GetPriorityClass
0x449078 GlobalAlloc
0x44907c GetVolumeInformationA
0x449080 LoadLibraryW
0x449084 GetConsoleMode
0x449088 Sleep
0x44908c ReadConsoleInputA
0x449090 CopyFileW
0x449094 _hread
0x449098 SetVolumeMountPointA
0x44909c GetVersionExW
0x4490a0 SetConsoleMode
0x4490a4 Beep
0x4490a8 SetConsoleCursorPosition
0x4490ac TerminateProcess
0x4490b0 ReadFile
0x4490b4 GetModuleFileNameW
0x4490b8 GetBinaryTypeW
0x4490bc HeapReAlloc
0x4490c0 SetConsoleTitleA
0x4490c4 VerifyVersionInfoW
0x4490c8 GlobalUnfix
0x4490cc SetThreadLocale
0x4490d0 GetCPInfoExW
0x4490d4 OpenMutexW
0x4490d8 GetHandleInformation
0x4490dc IsDBCSLeadByteEx
0x4490e0 GetCurrentDirectoryW
0x4490e4 ReadConsoleOutputCharacterA
0x4490e8 GetProcAddress
0x4490ec GetProcessHeaps
0x4490f0 GetComputerNameExW
0x4490f4 CopyFileA
0x4490f8 BuildCommDCBW
0x4490fc GetTempFileNameA
0x449100 ResetEvent
0x449104 GetAtomNameA
0x449108 OpenWaitableTimerW
0x44910c LocalAlloc
0x449110 IsSystemResumeAutomatic
0x449114 SetCurrentDirectoryW
0x449118 AddAtomA
0x44911c SetCommMask
0x449120 GetPrivateProfileStructA
0x449124 SetEnvironmentVariableA
0x449128 GetOEMCP
0x44912c WTSGetActiveConsoleSessionId
0x449130 CreateIoCompletionPort
0x449134 FreeEnvironmentStringsW
0x449138 CompareStringA
0x44913c SetCalendarInfoA
0x449140 _lopen
0x449144 ReadConsoleInputW
0x449148 LocalSize
0x44914c InterlockedPushEntrySList
0x449150 TlsFree
0x449154 LCMapStringW
0x449158 CloseHandle
0x44915c CreateFileW
0x449160 GetUserDefaultLCID
0x449164 EnumSystemLocalesA
0x449168 EnumResourceNamesW
0x44916c GetACP
0x449170 FillConsoleOutputCharacterA
0x449174 InterlockedIncrement
0x449178 EncodePointer
0x44917c DecodePointer
0x449180 InitializeCriticalSection
0x449184 DeleteCriticalSection
0x449188 EnterCriticalSection
0x44918c LeaveCriticalSection
0x449190 HeapValidate
0x449194 IsBadReadPtr
0x449198 GetLastError
0x44919c DeleteFileA
0x4491a0 GetCommandLineW
0x4491a4 HeapSetInformation
0x4491a8 GetStartupInfoW
0x4491ac RtlUnwind
0x4491b0 RaiseException
0x4491b4 WideCharToMultiByte
0x4491b8 MultiByteToWideChar
0x4491bc GetCPInfo
0x4491c0 ExitProcess
0x4491c4 GetCurrentProcess
0x4491c8 UnhandledExceptionFilter
0x4491cc IsDebuggerPresent
0x4491d0 WriteFile
0x4491d4 GetStdHandle
0x4491d8 InitializeCriticalSectionAndSpinCount
0x4491dc SetStdHandle
0x4491e0 GetFileType
0x4491e4 GetConsoleCP
0x4491e8 HeapAlloc
0x4491ec GetModuleFileNameA
0x4491f0 HeapSize
0x4491f4 HeapQueryInformation
0x4491f8 HeapFree
0x4491fc HeapCreate
0x449200 IsValidCodePage
0x449204 TlsAlloc
0x449208 TlsGetValue
0x44920c TlsSetValue
0x449210 GetCurrentThreadId
0x449214 SetLastError
0x449218 QueryPerformanceCounter
0x44921c GetTickCount
0x449220 GetCurrentProcessId
0x449224 GetSystemTimeAsFileTime
0x449228 GetEnvironmentStringsW
0x44922c SetHandleCount
0x449230 GetLocaleInfoW
0x449234 IsProcessorFeaturePresent
0x449238 OutputDebugStringA
0x44923c WriteConsoleW
0x449240 OutputDebugStringW
0x449244 GetStringTypeW
0x449248 GetLocaleInfoA
0x44924c IsValidLocale
0x449250 FlushFileBuffers
USER32.dll
0x449258 GetCursorInfo
0x44925c GetListBoxInfo
0x449260 GetComboBoxInfo
0x449264 GetMenuBarInfo
ADVAPI32.dll
0x449000 IsTextUnicode
0x449004 InitiateSystemShutdownW
EAT(Export Address Table) is none