ScreenShot
| Created | 2021.06.14 14:11 | Machine | s1_win7_x6401 |
| Filename | toolspab1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, Hacktool, ZexaF, suW@aK6RZ9oG, Attribute, HighConfidence, PWSX, Mokes, A + Troj, Kryptik, BOGPPI, Score, Caynamer, Artemis, BScope, Sabsik, ET#85%, RDMK, cmRtazpS2, yRqKc5DAJCxiPTPv8w, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | c7b5426c4e04adf6fb05cba342bb5428 | ||
| sha256 | a55613ecc898836e32ed3f7be98525a996f90991fb98ed1d1402ff6399994e30 | ||
| ssdeep | 6144:nugTfnhYrME+d2k4ADM6jTSzSAhzCOlx:17nhY4E+cADM6jW3hzTlx | ||
| imphash | 76567453f097005b8c49393a915ef4ba | ||
| impfuzzy | 48:3+sMcnOOjDwOdPu8M179FEPecAhfpKttdUPuLa2ptBPG+uz:3+YOOoyPuJVOe5fpItdUPuO2ptM | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42d008 SetVolumeLabelA
0x42d00c CreateFileA
0x42d010 GetFileSize
0x42d014 GlobalDeleteAtom
0x42d018 lstrlenA
0x42d01c TlsGetValue
0x42d020 GetStringTypeA
0x42d024 SetLocalTime
0x42d028 GetDriveTypeW
0x42d02c GetNumberOfConsoleInputEvents
0x42d030 MapUserPhysicalPages
0x42d034 InterlockedIncrement
0x42d038 InterlockedDecrement
0x42d03c CreateDirectoryW
0x42d040 WaitForSingleObject
0x42d044 WriteConsoleInputA
0x42d048 SignalObjectAndWait
0x42d04c SetVolumeMountPointW
0x42d050 FreeEnvironmentStringsA
0x42d054 GetModuleHandleW
0x42d058 LocalFlags
0x42d05c GetPrivateProfileStringW
0x42d060 GetConsoleTitleA
0x42d064 GetWindowsDirectoryA
0x42d068 SetCommState
0x42d06c WriteFileGather
0x42d070 CreateDirectoryExW
0x42d074 FindResourceExA
0x42d078 AddRefActCtx
0x42d07c GetPrivateProfileStructW
0x42d080 SetSystemTimeAdjustment
0x42d084 GetComputerNameExA
0x42d088 Beep
0x42d08c SetMessageWaitingIndicator
0x42d090 VerifyVersionInfoA
0x42d094 GetBinaryTypeA
0x42d098 WritePrivateProfileSectionW
0x42d09c GetAtomNameW
0x42d0a0 ReadFile
0x42d0a4 CompareStringW
0x42d0a8 GetACP
0x42d0ac LCMapStringA
0x42d0b0 HeapReAlloc
0x42d0b4 InterlockedExchange
0x42d0b8 SetCurrentDirectoryA
0x42d0bc GetProcAddress
0x42d0c0 CreateNamedPipeA
0x42d0c4 SetStdHandle
0x42d0c8 SetComputerNameA
0x42d0cc CreateMemoryResourceNotification
0x42d0d0 GetPrivateProfileStringA
0x42d0d4 SetFileApisToOEM
0x42d0d8 OpenWaitableTimerA
0x42d0dc Process32FirstW
0x42d0e0 OpenMutexA
0x42d0e4 LocalAlloc
0x42d0e8 SetCalendarInfoW
0x42d0ec SetConsoleOutputCP
0x42d0f0 AddAtomW
0x42d0f4 QueryDosDeviceW
0x42d0f8 WriteProfileSectionW
0x42d0fc GetCommMask
0x42d100 EnumResourceTypesW
0x42d104 GetThreadPriority
0x42d108 SetConsoleTitleW
0x42d10c FindNextFileW
0x42d110 RequestWakeupLatency
0x42d114 BuildCommDCBA
0x42d118 GetCurrentDirectoryA
0x42d11c GetConsoleCursorInfo
0x42d120 ScrollConsoleScreenBufferA
0x42d124 OpenSemaphoreW
0x42d128 GetVersionExA
0x42d12c GetCurrentProcessId
0x42d130 FindActCtxSectionStringW
0x42d134 ReadConsoleOutputCharacterW
0x42d138 InterlockedPushEntrySList
0x42d13c GetProfileSectionW
0x42d140 GetVolumeInformationW
0x42d144 IsProcessorFeaturePresent
0x42d148 FlushFileBuffers
0x42d14c CloseHandle
0x42d150 CreateFileW
0x42d154 HeapFree
0x42d158 VerifyVersionInfoW
0x42d15c FileTimeToDosDateTime
0x42d160 GetLastError
0x42d164 MoveFileA
0x42d168 MultiByteToWideChar
0x42d16c GetCommandLineW
0x42d170 HeapSetInformation
0x42d174 GetStartupInfoW
0x42d178 LeaveCriticalSection
0x42d17c EnterCriticalSection
0x42d180 InitializeCriticalSectionAndSpinCount
0x42d184 GetFileType
0x42d188 WriteFile
0x42d18c WideCharToMultiByte
0x42d190 GetConsoleCP
0x42d194 GetConsoleMode
0x42d198 DecodePointer
0x42d19c TerminateProcess
0x42d1a0 GetCurrentProcess
0x42d1a4 UnhandledExceptionFilter
0x42d1a8 SetUnhandledExceptionFilter
0x42d1ac IsDebuggerPresent
0x42d1b0 EncodePointer
0x42d1b4 GetModuleFileNameW
0x42d1b8 GetOEMCP
0x42d1bc GetCPInfo
0x42d1c0 IsValidCodePage
0x42d1c4 TlsAlloc
0x42d1c8 TlsSetValue
0x42d1cc GetCurrentThreadId
0x42d1d0 TlsFree
0x42d1d4 SetLastError
0x42d1d8 QueryPerformanceCounter
0x42d1dc GetTickCount
0x42d1e0 GetSystemTimeAsFileTime
0x42d1e4 ExitProcess
0x42d1e8 FreeEnvironmentStringsW
0x42d1ec GetEnvironmentStringsW
0x42d1f0 SetHandleCount
0x42d1f4 GetStdHandle
0x42d1f8 DeleteCriticalSection
0x42d1fc HeapValidate
0x42d200 IsBadReadPtr
0x42d204 HeapCreate
0x42d208 WriteConsoleW
0x42d20c SetFilePointer
0x42d210 RtlUnwind
0x42d214 OutputDebugStringA
0x42d218 OutputDebugStringW
0x42d21c LoadLibraryW
0x42d220 GetStringTypeW
0x42d224 LCMapStringW
0x42d228 HeapAlloc
0x42d22c GetModuleFileNameA
0x42d230 HeapSize
0x42d234 HeapQueryInformation
0x42d238 RaiseException
USER32.dll
0x42d240 GetCursorInfo
0x42d244 GetMenuInfo
0x42d248 GetComboBoxInfo
0x42d24c GetMenuBarInfo
ADVAPI32.dll
0x42d000 InitiateSystemShutdownA
EAT(Export Address Table) is none
KERNEL32.dll
0x42d008 SetVolumeLabelA
0x42d00c CreateFileA
0x42d010 GetFileSize
0x42d014 GlobalDeleteAtom
0x42d018 lstrlenA
0x42d01c TlsGetValue
0x42d020 GetStringTypeA
0x42d024 SetLocalTime
0x42d028 GetDriveTypeW
0x42d02c GetNumberOfConsoleInputEvents
0x42d030 MapUserPhysicalPages
0x42d034 InterlockedIncrement
0x42d038 InterlockedDecrement
0x42d03c CreateDirectoryW
0x42d040 WaitForSingleObject
0x42d044 WriteConsoleInputA
0x42d048 SignalObjectAndWait
0x42d04c SetVolumeMountPointW
0x42d050 FreeEnvironmentStringsA
0x42d054 GetModuleHandleW
0x42d058 LocalFlags
0x42d05c GetPrivateProfileStringW
0x42d060 GetConsoleTitleA
0x42d064 GetWindowsDirectoryA
0x42d068 SetCommState
0x42d06c WriteFileGather
0x42d070 CreateDirectoryExW
0x42d074 FindResourceExA
0x42d078 AddRefActCtx
0x42d07c GetPrivateProfileStructW
0x42d080 SetSystemTimeAdjustment
0x42d084 GetComputerNameExA
0x42d088 Beep
0x42d08c SetMessageWaitingIndicator
0x42d090 VerifyVersionInfoA
0x42d094 GetBinaryTypeA
0x42d098 WritePrivateProfileSectionW
0x42d09c GetAtomNameW
0x42d0a0 ReadFile
0x42d0a4 CompareStringW
0x42d0a8 GetACP
0x42d0ac LCMapStringA
0x42d0b0 HeapReAlloc
0x42d0b4 InterlockedExchange
0x42d0b8 SetCurrentDirectoryA
0x42d0bc GetProcAddress
0x42d0c0 CreateNamedPipeA
0x42d0c4 SetStdHandle
0x42d0c8 SetComputerNameA
0x42d0cc CreateMemoryResourceNotification
0x42d0d0 GetPrivateProfileStringA
0x42d0d4 SetFileApisToOEM
0x42d0d8 OpenWaitableTimerA
0x42d0dc Process32FirstW
0x42d0e0 OpenMutexA
0x42d0e4 LocalAlloc
0x42d0e8 SetCalendarInfoW
0x42d0ec SetConsoleOutputCP
0x42d0f0 AddAtomW
0x42d0f4 QueryDosDeviceW
0x42d0f8 WriteProfileSectionW
0x42d0fc GetCommMask
0x42d100 EnumResourceTypesW
0x42d104 GetThreadPriority
0x42d108 SetConsoleTitleW
0x42d10c FindNextFileW
0x42d110 RequestWakeupLatency
0x42d114 BuildCommDCBA
0x42d118 GetCurrentDirectoryA
0x42d11c GetConsoleCursorInfo
0x42d120 ScrollConsoleScreenBufferA
0x42d124 OpenSemaphoreW
0x42d128 GetVersionExA
0x42d12c GetCurrentProcessId
0x42d130 FindActCtxSectionStringW
0x42d134 ReadConsoleOutputCharacterW
0x42d138 InterlockedPushEntrySList
0x42d13c GetProfileSectionW
0x42d140 GetVolumeInformationW
0x42d144 IsProcessorFeaturePresent
0x42d148 FlushFileBuffers
0x42d14c CloseHandle
0x42d150 CreateFileW
0x42d154 HeapFree
0x42d158 VerifyVersionInfoW
0x42d15c FileTimeToDosDateTime
0x42d160 GetLastError
0x42d164 MoveFileA
0x42d168 MultiByteToWideChar
0x42d16c GetCommandLineW
0x42d170 HeapSetInformation
0x42d174 GetStartupInfoW
0x42d178 LeaveCriticalSection
0x42d17c EnterCriticalSection
0x42d180 InitializeCriticalSectionAndSpinCount
0x42d184 GetFileType
0x42d188 WriteFile
0x42d18c WideCharToMultiByte
0x42d190 GetConsoleCP
0x42d194 GetConsoleMode
0x42d198 DecodePointer
0x42d19c TerminateProcess
0x42d1a0 GetCurrentProcess
0x42d1a4 UnhandledExceptionFilter
0x42d1a8 SetUnhandledExceptionFilter
0x42d1ac IsDebuggerPresent
0x42d1b0 EncodePointer
0x42d1b4 GetModuleFileNameW
0x42d1b8 GetOEMCP
0x42d1bc GetCPInfo
0x42d1c0 IsValidCodePage
0x42d1c4 TlsAlloc
0x42d1c8 TlsSetValue
0x42d1cc GetCurrentThreadId
0x42d1d0 TlsFree
0x42d1d4 SetLastError
0x42d1d8 QueryPerformanceCounter
0x42d1dc GetTickCount
0x42d1e0 GetSystemTimeAsFileTime
0x42d1e4 ExitProcess
0x42d1e8 FreeEnvironmentStringsW
0x42d1ec GetEnvironmentStringsW
0x42d1f0 SetHandleCount
0x42d1f4 GetStdHandle
0x42d1f8 DeleteCriticalSection
0x42d1fc HeapValidate
0x42d200 IsBadReadPtr
0x42d204 HeapCreate
0x42d208 WriteConsoleW
0x42d20c SetFilePointer
0x42d210 RtlUnwind
0x42d214 OutputDebugStringA
0x42d218 OutputDebugStringW
0x42d21c LoadLibraryW
0x42d220 GetStringTypeW
0x42d224 LCMapStringW
0x42d228 HeapAlloc
0x42d22c GetModuleFileNameA
0x42d230 HeapSize
0x42d234 HeapQueryInformation
0x42d238 RaiseException
USER32.dll
0x42d240 GetCursorInfo
0x42d244 GetMenuInfo
0x42d248 GetComboBoxInfo
0x42d24c GetMenuBarInfo
ADVAPI32.dll
0x42d000 InitiateSystemShutdownA
EAT(Export Address Table) is none