ScreenShot
| Created | 2021.06.12 12:53 | Machine | s1_win7_x6401 |
| Filename | Lovebirds_2021-06-10_19-23.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (AIDetect, malware1, malicious, high confidence, GenericKD, Unsafe, Save, Kryptik, Eldorado, Attribute, HighConfidence, HLHU, PWSX, Zenpak, eltfr@0, Siggen2, R + Troj, 119OVG7, Racealer, ai score=99, kcloud, Azorult, score, R425194, BScope, Sabsik, CLASSIC, Static AI, Malicious PE, susgen, GenKryptik, FGKS, ZexaF, zqW@aeYdhFhO, GdSda, confidence, 100%) | ||
| md5 | 2b862c6350557bc32519e55f14a1e3a7 | ||
| sha256 | a9bbb6b83cc3d2aa7d25422179a82d7ecb2c84f41b6ad1067aa46883446900d9 | ||
| ssdeep | 12288:mZlF+gt4Nup7DuGP1gn7brXCadoFuLf3Exiv:mnFhuup7DfsPXCsoELfUxiv | ||
| imphash | d6a36b884bfd01abb7a2c7a46733b09c | ||
| impfuzzy | 48:4f834+Ikq8gIkXF9zeIiH3/pLAZf+fcLadOv5MdzTHSvc3yPO+h:4f8y3XrhiH3hEf+fcOd4MdzTyvc3c | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44f00c CreateFileA
0x44f010 GetFileSize
0x44f014 FindFirstFileW
0x44f018 SetFilePointer
0x44f01c lstrlenA
0x44f020 WritePrivateProfileStructA
0x44f024 SetLocalTime
0x44f028 GetDriveTypeW
0x44f02c CallNamedPipeA
0x44f030 SetUnhandledExceptionFilter
0x44f034 _lwrite
0x44f038 InterlockedDecrement
0x44f03c WritePrivateProfileSectionA
0x44f040 CreateDirectoryW
0x44f044 GlobalLock
0x44f048 GetProfileSectionA
0x44f04c WaitForSingleObject
0x44f050 SetComputerNameW
0x44f054 OpenSemaphoreA
0x44f058 GetModuleHandleW
0x44f05c CreateNamedPipeW
0x44f060 ReadConsoleW
0x44f064 EnumTimeFormatsA
0x44f068 CreateActCtxW
0x44f06c CreateDirectoryExW
0x44f070 GetPriorityClass
0x44f074 GlobalAlloc
0x44f078 GetVolumeInformationA
0x44f07c LoadLibraryW
0x44f080 GetConsoleMode
0x44f084 Sleep
0x44f088 ReadConsoleInputA
0x44f08c CopyFileW
0x44f090 _hread
0x44f094 SetVolumeMountPointA
0x44f098 GetVersionExW
0x44f09c SetConsoleMode
0x44f0a0 Beep
0x44f0a4 SetConsoleCursorPosition
0x44f0a8 TerminateProcess
0x44f0ac ReadFile
0x44f0b0 GetModuleFileNameW
0x44f0b4 GetBinaryTypeW
0x44f0b8 GetACP
0x44f0bc HeapReAlloc
0x44f0c0 VerifyVersionInfoW
0x44f0c4 GlobalUnfix
0x44f0c8 SetThreadLocale
0x44f0cc GetCPInfoExW
0x44f0d0 OpenMutexW
0x44f0d4 GetHandleInformation
0x44f0d8 IsDBCSLeadByteEx
0x44f0dc GetCurrentDirectoryW
0x44f0e0 ReadConsoleOutputCharacterA
0x44f0e4 GetProcAddress
0x44f0e8 GetProcessHeaps
0x44f0ec GetComputerNameExW
0x44f0f0 CopyFileA
0x44f0f4 BuildCommDCBW
0x44f0f8 GetTempFileNameA
0x44f0fc ResetEvent
0x44f100 GetAtomNameA
0x44f104 OpenWaitableTimerW
0x44f108 LocalAlloc
0x44f10c IsSystemResumeAutomatic
0x44f110 SetCurrentDirectoryW
0x44f114 AddAtomA
0x44f118 SetCommMask
0x44f11c GetPrivateProfileStructA
0x44f120 SetEnvironmentVariableA
0x44f124 GetOEMCP
0x44f128 WTSGetActiveConsoleSessionId
0x44f12c CreateIoCompletionPort
0x44f130 FreeEnvironmentStringsW
0x44f134 CompareStringA
0x44f138 SetCalendarInfoA
0x44f13c _lopen
0x44f140 ReadConsoleInputW
0x44f144 LocalSize
0x44f148 InterlockedPushEntrySList
0x44f14c TlsFree
0x44f150 LCMapStringW
0x44f154 CopyFileExA
0x44f158 CloseHandle
0x44f15c CreateFileW
0x44f160 GetUserDefaultLCID
0x44f164 EnumSystemLocalesA
0x44f168 EnumResourceNamesW
0x44f16c SetConsoleTitleA
0x44f170 FillConsoleOutputCharacterA
0x44f174 InterlockedIncrement
0x44f178 EncodePointer
0x44f17c DecodePointer
0x44f180 InitializeCriticalSection
0x44f184 DeleteCriticalSection
0x44f188 EnterCriticalSection
0x44f18c LeaveCriticalSection
0x44f190 HeapValidate
0x44f194 IsBadReadPtr
0x44f198 GetLastError
0x44f19c DeleteFileA
0x44f1a0 GetCommandLineW
0x44f1a4 HeapSetInformation
0x44f1a8 GetStartupInfoW
0x44f1ac RtlUnwind
0x44f1b0 RaiseException
0x44f1b4 WideCharToMultiByte
0x44f1b8 MultiByteToWideChar
0x44f1bc GetCPInfo
0x44f1c0 ExitProcess
0x44f1c4 GetCurrentProcess
0x44f1c8 UnhandledExceptionFilter
0x44f1cc IsDebuggerPresent
0x44f1d0 WriteFile
0x44f1d4 GetStdHandle
0x44f1d8 InitializeCriticalSectionAndSpinCount
0x44f1dc SetStdHandle
0x44f1e0 GetFileType
0x44f1e4 GetConsoleCP
0x44f1e8 HeapAlloc
0x44f1ec GetModuleFileNameA
0x44f1f0 HeapSize
0x44f1f4 HeapQueryInformation
0x44f1f8 HeapFree
0x44f1fc HeapCreate
0x44f200 IsValidCodePage
0x44f204 TlsAlloc
0x44f208 TlsGetValue
0x44f20c TlsSetValue
0x44f210 GetCurrentThreadId
0x44f214 SetLastError
0x44f218 QueryPerformanceCounter
0x44f21c GetTickCount
0x44f220 GetCurrentProcessId
0x44f224 GetSystemTimeAsFileTime
0x44f228 GetEnvironmentStringsW
0x44f22c SetHandleCount
0x44f230 GetLocaleInfoW
0x44f234 IsProcessorFeaturePresent
0x44f238 OutputDebugStringA
0x44f23c WriteConsoleW
0x44f240 OutputDebugStringW
0x44f244 GetStringTypeW
0x44f248 GetLocaleInfoA
0x44f24c IsValidLocale
0x44f250 FlushFileBuffers
USER32.dll
0x44f258 GetCursorInfo
0x44f25c GetListBoxInfo
0x44f260 GetComboBoxInfo
0x44f264 GetMenuBarInfo
ADVAPI32.dll
0x44f000 IsTextUnicode
0x44f004 AdjustTokenPrivileges
EAT(Export Address Table) is none
KERNEL32.dll
0x44f00c CreateFileA
0x44f010 GetFileSize
0x44f014 FindFirstFileW
0x44f018 SetFilePointer
0x44f01c lstrlenA
0x44f020 WritePrivateProfileStructA
0x44f024 SetLocalTime
0x44f028 GetDriveTypeW
0x44f02c CallNamedPipeA
0x44f030 SetUnhandledExceptionFilter
0x44f034 _lwrite
0x44f038 InterlockedDecrement
0x44f03c WritePrivateProfileSectionA
0x44f040 CreateDirectoryW
0x44f044 GlobalLock
0x44f048 GetProfileSectionA
0x44f04c WaitForSingleObject
0x44f050 SetComputerNameW
0x44f054 OpenSemaphoreA
0x44f058 GetModuleHandleW
0x44f05c CreateNamedPipeW
0x44f060 ReadConsoleW
0x44f064 EnumTimeFormatsA
0x44f068 CreateActCtxW
0x44f06c CreateDirectoryExW
0x44f070 GetPriorityClass
0x44f074 GlobalAlloc
0x44f078 GetVolumeInformationA
0x44f07c LoadLibraryW
0x44f080 GetConsoleMode
0x44f084 Sleep
0x44f088 ReadConsoleInputA
0x44f08c CopyFileW
0x44f090 _hread
0x44f094 SetVolumeMountPointA
0x44f098 GetVersionExW
0x44f09c SetConsoleMode
0x44f0a0 Beep
0x44f0a4 SetConsoleCursorPosition
0x44f0a8 TerminateProcess
0x44f0ac ReadFile
0x44f0b0 GetModuleFileNameW
0x44f0b4 GetBinaryTypeW
0x44f0b8 GetACP
0x44f0bc HeapReAlloc
0x44f0c0 VerifyVersionInfoW
0x44f0c4 GlobalUnfix
0x44f0c8 SetThreadLocale
0x44f0cc GetCPInfoExW
0x44f0d0 OpenMutexW
0x44f0d4 GetHandleInformation
0x44f0d8 IsDBCSLeadByteEx
0x44f0dc GetCurrentDirectoryW
0x44f0e0 ReadConsoleOutputCharacterA
0x44f0e4 GetProcAddress
0x44f0e8 GetProcessHeaps
0x44f0ec GetComputerNameExW
0x44f0f0 CopyFileA
0x44f0f4 BuildCommDCBW
0x44f0f8 GetTempFileNameA
0x44f0fc ResetEvent
0x44f100 GetAtomNameA
0x44f104 OpenWaitableTimerW
0x44f108 LocalAlloc
0x44f10c IsSystemResumeAutomatic
0x44f110 SetCurrentDirectoryW
0x44f114 AddAtomA
0x44f118 SetCommMask
0x44f11c GetPrivateProfileStructA
0x44f120 SetEnvironmentVariableA
0x44f124 GetOEMCP
0x44f128 WTSGetActiveConsoleSessionId
0x44f12c CreateIoCompletionPort
0x44f130 FreeEnvironmentStringsW
0x44f134 CompareStringA
0x44f138 SetCalendarInfoA
0x44f13c _lopen
0x44f140 ReadConsoleInputW
0x44f144 LocalSize
0x44f148 InterlockedPushEntrySList
0x44f14c TlsFree
0x44f150 LCMapStringW
0x44f154 CopyFileExA
0x44f158 CloseHandle
0x44f15c CreateFileW
0x44f160 GetUserDefaultLCID
0x44f164 EnumSystemLocalesA
0x44f168 EnumResourceNamesW
0x44f16c SetConsoleTitleA
0x44f170 FillConsoleOutputCharacterA
0x44f174 InterlockedIncrement
0x44f178 EncodePointer
0x44f17c DecodePointer
0x44f180 InitializeCriticalSection
0x44f184 DeleteCriticalSection
0x44f188 EnterCriticalSection
0x44f18c LeaveCriticalSection
0x44f190 HeapValidate
0x44f194 IsBadReadPtr
0x44f198 GetLastError
0x44f19c DeleteFileA
0x44f1a0 GetCommandLineW
0x44f1a4 HeapSetInformation
0x44f1a8 GetStartupInfoW
0x44f1ac RtlUnwind
0x44f1b0 RaiseException
0x44f1b4 WideCharToMultiByte
0x44f1b8 MultiByteToWideChar
0x44f1bc GetCPInfo
0x44f1c0 ExitProcess
0x44f1c4 GetCurrentProcess
0x44f1c8 UnhandledExceptionFilter
0x44f1cc IsDebuggerPresent
0x44f1d0 WriteFile
0x44f1d4 GetStdHandle
0x44f1d8 InitializeCriticalSectionAndSpinCount
0x44f1dc SetStdHandle
0x44f1e0 GetFileType
0x44f1e4 GetConsoleCP
0x44f1e8 HeapAlloc
0x44f1ec GetModuleFileNameA
0x44f1f0 HeapSize
0x44f1f4 HeapQueryInformation
0x44f1f8 HeapFree
0x44f1fc HeapCreate
0x44f200 IsValidCodePage
0x44f204 TlsAlloc
0x44f208 TlsGetValue
0x44f20c TlsSetValue
0x44f210 GetCurrentThreadId
0x44f214 SetLastError
0x44f218 QueryPerformanceCounter
0x44f21c GetTickCount
0x44f220 GetCurrentProcessId
0x44f224 GetSystemTimeAsFileTime
0x44f228 GetEnvironmentStringsW
0x44f22c SetHandleCount
0x44f230 GetLocaleInfoW
0x44f234 IsProcessorFeaturePresent
0x44f238 OutputDebugStringA
0x44f23c WriteConsoleW
0x44f240 OutputDebugStringW
0x44f244 GetStringTypeW
0x44f248 GetLocaleInfoA
0x44f24c IsValidLocale
0x44f250 FlushFileBuffers
USER32.dll
0x44f258 GetCursorInfo
0x44f25c GetListBoxInfo
0x44f260 GetComboBoxInfo
0x44f264 GetMenuBarInfo
ADVAPI32.dll
0x44f000 IsTextUnicode
0x44f004 AdjustTokenPrivileges
EAT(Export Address Table) is none