ScreenShot
| Created | 2021.06.12 12:55 | Machine | s1_win7_x6402 |
| Filename | ASDFG345SD45ASD.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetect, malware1, malicious, high confidence, BrsecmonE, Unsafe, Yakes, Save, confidence, 100%, ZexaF, lKW@aK, iJjgi, Attribute, HighConfidence, Kryptik, FIKT, MalwareCrypter, qvha, egrigb, Pcrx, MiliCry, GenKD, AGEN, ASMalwS, GenericKD, kcloud, Dynamer, score, BScope, ai score=88, MachineLearning, Anomalous, Generic@ML, RDML, X7gWT3818k+RAZjw0WCKSQ, GenAsa, Gn9tUCxmWMU, Static AI, Malicious PE, GdSda) | ||
| md5 | b5113d839a4752d320b02ef4f5846523 | ||
| sha256 | c6f00b83e8b9ef80ef51702bad5d85dc6802a6317f3d9563371f68aabdd608a4 | ||
| ssdeep | 1536:1MUCUM/GCKI7+Ww2edp/DFjkJbl7Aqe50smwlE7h5hkVQWpHgu9ngroQsOViKbWq:1TMx00Aqe50KEd5hkVQyr9grv3Vtl | ||
| imphash | 3ca94f885beaa1f663e92508583ab6a3 | ||
| impfuzzy | 96:Xau/0TfplJc+MM6OLGFpwOtCf0i1mhC9n:7/i+JFpwOtCfp1KU | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x417040 GetStartupInfoA
0x417044 GetLastError
0x417048 GetProcAddress
0x41704c LoadLibraryA
0x417050 SetConsoleCtrlHandler
0x417054 LockResource
0x417058 PostQueuedCompletionStatus
0x41705c GetModuleFileNameA
0x417060 CreateIoCompletionPort
0x417064 GetModuleHandleA
0x417068 CloseHandle
0x41706c GetCurrentProcessId
0x417070 OpenFileMappingA
0x417074 CreateFileA
0x417078 FlushFileBuffers
0x41707c GetStringTypeW
0x417080 GetStringTypeA
0x417084 LCMapStringW
0x417088 LCMapStringA
0x41708c WriteConsoleW
0x417090 GetConsoleOutputCP
0x417094 WriteConsoleA
0x417098 SetStdHandle
0x41709c InterlockedExchange
0x4170a0 HeapSize
0x4170a4 IsValidCodePage
0x4170a8 GetOEMCP
0x4170ac GetACP
0x4170b0 GetCPInfo
0x4170b4 GetConsoleMode
0x4170b8 GetConsoleCP
0x4170bc GetProcessHeap
0x4170c0 GetSystemTimeAsFileTime
0x4170c4 QueryPerformanceCounter
0x4170c8 GetEnvironmentStringsW
0x4170cc WideCharToMultiByte
0x4170d0 FreeEnvironmentStringsW
0x4170d4 GetEnvironmentStrings
0x4170d8 FreeEnvironmentStringsA
0x4170dc InitializeCriticalSectionAndSpinCount
0x4170e0 GetFileType
0x4170e4 SetHandleCount
0x4170e8 InterlockedDecrement
0x4170ec GetCurrentThreadId
0x4170f0 SetLastError
0x4170f4 InterlockedIncrement
0x4170f8 TlsFree
0x4170fc TlsSetValue
0x417100 TlsAlloc
0x417104 TlsGetValue
0x417108 GetStdHandle
0x41710c WriteFile
0x417110 HeapCreate
0x417114 SetConsoleTitleA
0x417118 MultiByteToWideChar
0x41711c CreateEventA
0x417120 SizeofResource
0x417124 Sleep
0x417128 FindResourceExA
0x41712c FormatMessageA
0x417130 EnumResourceTypesA
0x417134 GetLocaleInfoA
0x417138 GetConsoleTitleA
0x41713c HeapReAlloc
0x417140 VirtualAlloc
0x417144 VirtualFree
0x417148 EnterCriticalSection
0x41714c LeaveCriticalSection
0x417150 DeleteCriticalSection
0x417154 RtlUnwind
0x417158 RaiseException
0x41715c GetCommandLineA
0x417160 ExitProcess
0x417164 GetModuleHandleW
0x417168 IsDebuggerPresent
0x41716c SetUnhandledExceptionFilter
0x417170 UnhandledExceptionFilter
0x417174 GetCurrentProcess
0x417178 TerminateProcess
0x41717c WaitForSingleObject
0x417180 GetTickCount
0x417184 HeapFree
0x417188 UpdateResourceA
0x41718c HeapAlloc
0x417190 LoadResource
0x417194 UnmapViewOfFile
0x417198 MapViewOfFile
0x41719c SetFilePointer
0x4171a0 FreeResource
USER32.dll
0x41722c GetDlgItemTextA
0x417230 SetClipboardViewer
0x417234 RegisterClassA
0x417238 DispatchMessageW
0x41723c FindWindowA
0x417240 LoadCursorA
0x417244 DeleteMenu
0x417248 DefWindowProcA
0x41724c SetWindowTextA
0x417250 GetSystemMetrics
0x417254 SystemParametersInfoA
0x417258 DispatchMessageA
0x41725c CreateWindowExW
0x417260 IsDlgButtonChecked
0x417264 ShowWindow
0x417268 GetCursorPos
0x41726c GetDlgItem
0x417270 ChangeClipboardChain
0x417274 CreateWindowExA
0x417278 EndPaint
0x41727c GetMessageA
0x417280 GetSystemMenu
0x417284 GetWindowRect
0x417288 GetMessageW
0x41728c PostQuitMessage
0x417290 SetForegroundWindow
0x417294 InvalidateRect
0x417298 LoadIconA
0x41729c wsprintfA
0x4172a0 GetClientRect
0x4172a4 CreateMenu
0x4172a8 SetFocus
0x4172ac SendMessageA
0x4172b0 BeginPaint
0x4172b4 GetDC
0x4172b8 TranslateMessage
0x4172bc SetWindowPos
GDI32.dll
0x417030 CreateFontIndirectA
0x417034 DeleteObject
0x417038 SetTextColor
COMDLG32.dll
0x417028 FindTextW
SHELL32.dll
0x417210 SHBindToParent
0x417214 SHParseDisplayName
ole32.dll
0x4172d8 CoInitializeEx
0x4172dc StgOpenStorage
0x4172e0 WriteClassStg
0x4172e4 StgCreateDocfile
0x4172e8 ReadClassStg
0x4172ec CoUnmarshalInterface
0x4172f0 CreateStreamOnHGlobal
OLEAUT32.dll
0x4171bc SysAllocString
0x4171c0 SysStringLen
0x4171c4 VariantInit
0x4171c8 LoadTypeLib
0x4171cc RegisterTypeLib
0x4171d0 CreateStdDispatch
0x4171d4 LoadRegTypeLib
0x4171d8 SysFreeString
0x4171dc VariantClear
0x4171e0 RevokeActiveObject
WS2_32.dll
0x4172c4 htons
0x4172c8 ind
0x4172cc listen
0x4172d0 WSAStartup
MSVFW32.dll
0x4171a8 ICInfo
0x4171ac ICSendMessage
0x4171b0 ICOpen
0x4171b4 ICClose
AVIFIL32.dll
0x417000 AVIFileRelease
0x417004 AVIFileInfoA
0x417008 AVIStreamOpenFromFileA
0x41700c AVIFileInit
0x417010 AVIFileGetStream
0x417014 AVIStreamInfoA
0x417018 AVIFileOpenA
SHLWAPI.dll
0x41721c PathFindExtensionA
0x417220 PathFindFileNameA
0x417224 StrChrA
COMCTL32.dll
0x417020 InitCommonControlsEx
RPCRT4.dll
0x417200 RpcStringFreeA
0x417204 UuidToStringA
0x417208 UuidCreate
OPENGL32.dll
0x4171e8 glLoadIdentity
0x4171ec glClear
0x4171f0 glTexCoord2f
0x4171f4 glBegin
0x4171f8 glVertex3f
EAT(Export Address Table) Library
0x401210 Take
KERNEL32.dll
0x417040 GetStartupInfoA
0x417044 GetLastError
0x417048 GetProcAddress
0x41704c LoadLibraryA
0x417050 SetConsoleCtrlHandler
0x417054 LockResource
0x417058 PostQueuedCompletionStatus
0x41705c GetModuleFileNameA
0x417060 CreateIoCompletionPort
0x417064 GetModuleHandleA
0x417068 CloseHandle
0x41706c GetCurrentProcessId
0x417070 OpenFileMappingA
0x417074 CreateFileA
0x417078 FlushFileBuffers
0x41707c GetStringTypeW
0x417080 GetStringTypeA
0x417084 LCMapStringW
0x417088 LCMapStringA
0x41708c WriteConsoleW
0x417090 GetConsoleOutputCP
0x417094 WriteConsoleA
0x417098 SetStdHandle
0x41709c InterlockedExchange
0x4170a0 HeapSize
0x4170a4 IsValidCodePage
0x4170a8 GetOEMCP
0x4170ac GetACP
0x4170b0 GetCPInfo
0x4170b4 GetConsoleMode
0x4170b8 GetConsoleCP
0x4170bc GetProcessHeap
0x4170c0 GetSystemTimeAsFileTime
0x4170c4 QueryPerformanceCounter
0x4170c8 GetEnvironmentStringsW
0x4170cc WideCharToMultiByte
0x4170d0 FreeEnvironmentStringsW
0x4170d4 GetEnvironmentStrings
0x4170d8 FreeEnvironmentStringsA
0x4170dc InitializeCriticalSectionAndSpinCount
0x4170e0 GetFileType
0x4170e4 SetHandleCount
0x4170e8 InterlockedDecrement
0x4170ec GetCurrentThreadId
0x4170f0 SetLastError
0x4170f4 InterlockedIncrement
0x4170f8 TlsFree
0x4170fc TlsSetValue
0x417100 TlsAlloc
0x417104 TlsGetValue
0x417108 GetStdHandle
0x41710c WriteFile
0x417110 HeapCreate
0x417114 SetConsoleTitleA
0x417118 MultiByteToWideChar
0x41711c CreateEventA
0x417120 SizeofResource
0x417124 Sleep
0x417128 FindResourceExA
0x41712c FormatMessageA
0x417130 EnumResourceTypesA
0x417134 GetLocaleInfoA
0x417138 GetConsoleTitleA
0x41713c HeapReAlloc
0x417140 VirtualAlloc
0x417144 VirtualFree
0x417148 EnterCriticalSection
0x41714c LeaveCriticalSection
0x417150 DeleteCriticalSection
0x417154 RtlUnwind
0x417158 RaiseException
0x41715c GetCommandLineA
0x417160 ExitProcess
0x417164 GetModuleHandleW
0x417168 IsDebuggerPresent
0x41716c SetUnhandledExceptionFilter
0x417170 UnhandledExceptionFilter
0x417174 GetCurrentProcess
0x417178 TerminateProcess
0x41717c WaitForSingleObject
0x417180 GetTickCount
0x417184 HeapFree
0x417188 UpdateResourceA
0x41718c HeapAlloc
0x417190 LoadResource
0x417194 UnmapViewOfFile
0x417198 MapViewOfFile
0x41719c SetFilePointer
0x4171a0 FreeResource
USER32.dll
0x41722c GetDlgItemTextA
0x417230 SetClipboardViewer
0x417234 RegisterClassA
0x417238 DispatchMessageW
0x41723c FindWindowA
0x417240 LoadCursorA
0x417244 DeleteMenu
0x417248 DefWindowProcA
0x41724c SetWindowTextA
0x417250 GetSystemMetrics
0x417254 SystemParametersInfoA
0x417258 DispatchMessageA
0x41725c CreateWindowExW
0x417260 IsDlgButtonChecked
0x417264 ShowWindow
0x417268 GetCursorPos
0x41726c GetDlgItem
0x417270 ChangeClipboardChain
0x417274 CreateWindowExA
0x417278 EndPaint
0x41727c GetMessageA
0x417280 GetSystemMenu
0x417284 GetWindowRect
0x417288 GetMessageW
0x41728c PostQuitMessage
0x417290 SetForegroundWindow
0x417294 InvalidateRect
0x417298 LoadIconA
0x41729c wsprintfA
0x4172a0 GetClientRect
0x4172a4 CreateMenu
0x4172a8 SetFocus
0x4172ac SendMessageA
0x4172b0 BeginPaint
0x4172b4 GetDC
0x4172b8 TranslateMessage
0x4172bc SetWindowPos
GDI32.dll
0x417030 CreateFontIndirectA
0x417034 DeleteObject
0x417038 SetTextColor
COMDLG32.dll
0x417028 FindTextW
SHELL32.dll
0x417210 SHBindToParent
0x417214 SHParseDisplayName
ole32.dll
0x4172d8 CoInitializeEx
0x4172dc StgOpenStorage
0x4172e0 WriteClassStg
0x4172e4 StgCreateDocfile
0x4172e8 ReadClassStg
0x4172ec CoUnmarshalInterface
0x4172f0 CreateStreamOnHGlobal
OLEAUT32.dll
0x4171bc SysAllocString
0x4171c0 SysStringLen
0x4171c4 VariantInit
0x4171c8 LoadTypeLib
0x4171cc RegisterTypeLib
0x4171d0 CreateStdDispatch
0x4171d4 LoadRegTypeLib
0x4171d8 SysFreeString
0x4171dc VariantClear
0x4171e0 RevokeActiveObject
WS2_32.dll
0x4172c4 htons
0x4172c8 ind
0x4172cc listen
0x4172d0 WSAStartup
MSVFW32.dll
0x4171a8 ICInfo
0x4171ac ICSendMessage
0x4171b0 ICOpen
0x4171b4 ICClose
AVIFIL32.dll
0x417000 AVIFileRelease
0x417004 AVIFileInfoA
0x417008 AVIStreamOpenFromFileA
0x41700c AVIFileInit
0x417010 AVIFileGetStream
0x417014 AVIStreamInfoA
0x417018 AVIFileOpenA
SHLWAPI.dll
0x41721c PathFindExtensionA
0x417220 PathFindFileNameA
0x417224 StrChrA
COMCTL32.dll
0x417020 InitCommonControlsEx
RPCRT4.dll
0x417200 RpcStringFreeA
0x417204 UuidToStringA
0x417208 UuidCreate
OPENGL32.dll
0x4171e8 glLoadIdentity
0x4171ec glClear
0x4171f0 glTexCoord2f
0x4171f4 glBegin
0x4171f8 glVertex3f
EAT(Export Address Table) Library
0x401210 Take