ScreenShot
| Created | 2021.06.15 22:11 | Machine | s1_win7_x6402 |
| Filename | covid.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (AIDetect, malware1, malicious, high confidence, GenericKDZ, Zenpak, Save, Kryptik, Eldorado, Attribute, HighConfidence, HLFW, Azorult, R + Troj, R002C0RF821, Racealer, msnci, ai score=83, score, Glupteba, R424682, BScope, Unsafe, GdSda, CLASSIC, Static AI, Malicious PE, HLFH, ZexaF, qqW@aKlyUefG, DropperX, confidence, 100%, susgen) | ||
| md5 | 74084608256e6e4c3434d17217d0993a | ||
| sha256 | d944f7f322c1ae6f36f76069e6c9351d5b19e108b26460cb903aacd115975dfc | ||
| ssdeep | 6144:+KUTMcenlwyBfnxtBOL+JHKKQz6MFn6bkT:+DTMPnjfnxtBOL7Pz6A6 | ||
| imphash | ef577d56891015e5ade38c9833df8914 | ||
| impfuzzy | 48:X+eGG9eH3RP8dP5exw1ggWPg/GcIe4V8CaMmxPBg:X+s6WPYiSZEGcIe4V8PMmxC | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42d008 lstrlenA
0x42d00c CopyFileExW
0x42d010 SetEndOfFile
0x42d014 HeapAlloc
0x42d018 SetUnhandledExceptionFilter
0x42d01c WritePrivateProfileSectionA
0x42d020 GetModuleHandleExW
0x42d024 GetProfileSectionA
0x42d028 SetVolumeMountPointW
0x42d02c OpenSemaphoreA
0x42d030 EnumTimeFormatsW
0x42d034 CreateActCtxW
0x42d038 SetProcessPriorityBoost
0x42d03c GetDriveTypeA
0x42d040 LoadLibraryW
0x42d044 TerminateThread
0x42d048 ReadConsoleInputA
0x42d04c CopyFileW
0x42d050 GetPrivateProfileStructW
0x42d054 GlobalFlags
0x42d058 WritePrivateProfileStructW
0x42d05c SetConsoleMode
0x42d060 SetTimeZoneInformation
0x42d064 VerifyVersionInfoA
0x42d068 WriteConsoleW
0x42d06c GetBinaryTypeA
0x42d070 GetAtomNameW
0x42d074 IsDBCSLeadByte
0x42d078 ReadFile
0x42d07c CreateFileW
0x42d080 CompareStringW
0x42d084 GetACP
0x42d088 CreateDirectoryA
0x42d08c InterlockedExchange
0x42d090 SetCurrentDirectoryA
0x42d094 FindFirstFileA
0x42d098 OpenMutexW
0x42d09c GlobalFix
0x42d0a0 SetLastError
0x42d0a4 GetThreadLocale
0x42d0a8 GetProcAddress
0x42d0ac GetComputerNameExW
0x42d0b0 IsValidCodePage
0x42d0b4 SetComputerNameA
0x42d0b8 GetTempFileNameA
0x42d0bc ResetEvent
0x42d0c0 OpenWaitableTimerA
0x42d0c4 LoadLibraryA
0x42d0c8 WriteConsoleA
0x42d0cc UnhandledExceptionFilter
0x42d0d0 LocalAlloc
0x42d0d4 GetFileType
0x42d0d8 WriteProfileSectionW
0x42d0dc AddAtomA
0x42d0e0 SetCommMask
0x42d0e4 SetSystemTime
0x42d0e8 SetEnvironmentVariableA
0x42d0ec GetModuleFileNameA
0x42d0f0 SetConsoleCursorInfo
0x42d0f4 SetConsoleTitleW
0x42d0f8 GetModuleHandleA
0x42d0fc DebugBreakProcess
0x42d100 FreeEnvironmentStringsW
0x42d104 BuildCommDCBA
0x42d108 GetCurrentDirectoryA
0x42d10c GetCPInfoExA
0x42d110 SetCalendarInfoA
0x42d114 GetVersionExA
0x42d118 ReadConsoleOutputCharacterW
0x42d11c TlsFree
0x42d120 LCMapStringW
0x42d124 GetVolumeInformationW
0x42d128 SetStdHandle
0x42d12c CloseHandle
0x42d130 GetHandleInformation
0x42d134 FillConsoleOutputCharacterA
0x42d138 GetCommandLineW
0x42d13c HeapSetInformation
0x42d140 GetStartupInfoW
0x42d144 InterlockedIncrement
0x42d148 InterlockedDecrement
0x42d14c DecodePointer
0x42d150 GetModuleHandleW
0x42d154 ExitProcess
0x42d158 TerminateProcess
0x42d15c GetCurrentProcess
0x42d160 IsDebuggerPresent
0x42d164 EncodePointer
0x42d168 GetLastError
0x42d16c GetModuleFileNameW
0x42d170 WriteFile
0x42d174 GetStdHandle
0x42d178 EnterCriticalSection
0x42d17c LeaveCriticalSection
0x42d180 SetHandleCount
0x42d184 InitializeCriticalSectionAndSpinCount
0x42d188 DeleteCriticalSection
0x42d18c IsProcessorFeaturePresent
0x42d190 QueryPerformanceCounter
0x42d194 GetTickCount
0x42d198 GetCurrentThreadId
0x42d19c GetCurrentProcessId
0x42d1a0 GetSystemTimeAsFileTime
0x42d1a4 GetEnvironmentStringsW
0x42d1a8 HeapValidate
0x42d1ac IsBadReadPtr
0x42d1b0 TlsAlloc
0x42d1b4 TlsGetValue
0x42d1b8 TlsSetValue
0x42d1bc HeapCreate
0x42d1c0 GetOEMCP
0x42d1c4 GetCPInfo
0x42d1c8 OutputDebugStringA
0x42d1cc OutputDebugStringW
0x42d1d0 RtlUnwind
0x42d1d4 MultiByteToWideChar
0x42d1d8 RaiseException
0x42d1dc HeapReAlloc
0x42d1e0 HeapSize
0x42d1e4 HeapQueryInformation
0x42d1e8 HeapFree
0x42d1ec WideCharToMultiByte
0x42d1f0 GetStringTypeW
0x42d1f4 FlushFileBuffers
0x42d1f8 GetConsoleCP
0x42d1fc GetConsoleMode
0x42d200 SetFilePointer
USER32.dll
0x42d208 GetMessageTime
0x42d20c GetMenuCheckMarkDimensions
ADVAPI32.dll
0x42d000 AdjustTokenPrivileges
EAT(Export Address Table) Library
0x42b470 _CallPattern@8
KERNEL32.dll
0x42d008 lstrlenA
0x42d00c CopyFileExW
0x42d010 SetEndOfFile
0x42d014 HeapAlloc
0x42d018 SetUnhandledExceptionFilter
0x42d01c WritePrivateProfileSectionA
0x42d020 GetModuleHandleExW
0x42d024 GetProfileSectionA
0x42d028 SetVolumeMountPointW
0x42d02c OpenSemaphoreA
0x42d030 EnumTimeFormatsW
0x42d034 CreateActCtxW
0x42d038 SetProcessPriorityBoost
0x42d03c GetDriveTypeA
0x42d040 LoadLibraryW
0x42d044 TerminateThread
0x42d048 ReadConsoleInputA
0x42d04c CopyFileW
0x42d050 GetPrivateProfileStructW
0x42d054 GlobalFlags
0x42d058 WritePrivateProfileStructW
0x42d05c SetConsoleMode
0x42d060 SetTimeZoneInformation
0x42d064 VerifyVersionInfoA
0x42d068 WriteConsoleW
0x42d06c GetBinaryTypeA
0x42d070 GetAtomNameW
0x42d074 IsDBCSLeadByte
0x42d078 ReadFile
0x42d07c CreateFileW
0x42d080 CompareStringW
0x42d084 GetACP
0x42d088 CreateDirectoryA
0x42d08c InterlockedExchange
0x42d090 SetCurrentDirectoryA
0x42d094 FindFirstFileA
0x42d098 OpenMutexW
0x42d09c GlobalFix
0x42d0a0 SetLastError
0x42d0a4 GetThreadLocale
0x42d0a8 GetProcAddress
0x42d0ac GetComputerNameExW
0x42d0b0 IsValidCodePage
0x42d0b4 SetComputerNameA
0x42d0b8 GetTempFileNameA
0x42d0bc ResetEvent
0x42d0c0 OpenWaitableTimerA
0x42d0c4 LoadLibraryA
0x42d0c8 WriteConsoleA
0x42d0cc UnhandledExceptionFilter
0x42d0d0 LocalAlloc
0x42d0d4 GetFileType
0x42d0d8 WriteProfileSectionW
0x42d0dc AddAtomA
0x42d0e0 SetCommMask
0x42d0e4 SetSystemTime
0x42d0e8 SetEnvironmentVariableA
0x42d0ec GetModuleFileNameA
0x42d0f0 SetConsoleCursorInfo
0x42d0f4 SetConsoleTitleW
0x42d0f8 GetModuleHandleA
0x42d0fc DebugBreakProcess
0x42d100 FreeEnvironmentStringsW
0x42d104 BuildCommDCBA
0x42d108 GetCurrentDirectoryA
0x42d10c GetCPInfoExA
0x42d110 SetCalendarInfoA
0x42d114 GetVersionExA
0x42d118 ReadConsoleOutputCharacterW
0x42d11c TlsFree
0x42d120 LCMapStringW
0x42d124 GetVolumeInformationW
0x42d128 SetStdHandle
0x42d12c CloseHandle
0x42d130 GetHandleInformation
0x42d134 FillConsoleOutputCharacterA
0x42d138 GetCommandLineW
0x42d13c HeapSetInformation
0x42d140 GetStartupInfoW
0x42d144 InterlockedIncrement
0x42d148 InterlockedDecrement
0x42d14c DecodePointer
0x42d150 GetModuleHandleW
0x42d154 ExitProcess
0x42d158 TerminateProcess
0x42d15c GetCurrentProcess
0x42d160 IsDebuggerPresent
0x42d164 EncodePointer
0x42d168 GetLastError
0x42d16c GetModuleFileNameW
0x42d170 WriteFile
0x42d174 GetStdHandle
0x42d178 EnterCriticalSection
0x42d17c LeaveCriticalSection
0x42d180 SetHandleCount
0x42d184 InitializeCriticalSectionAndSpinCount
0x42d188 DeleteCriticalSection
0x42d18c IsProcessorFeaturePresent
0x42d190 QueryPerformanceCounter
0x42d194 GetTickCount
0x42d198 GetCurrentThreadId
0x42d19c GetCurrentProcessId
0x42d1a0 GetSystemTimeAsFileTime
0x42d1a4 GetEnvironmentStringsW
0x42d1a8 HeapValidate
0x42d1ac IsBadReadPtr
0x42d1b0 TlsAlloc
0x42d1b4 TlsGetValue
0x42d1b8 TlsSetValue
0x42d1bc HeapCreate
0x42d1c0 GetOEMCP
0x42d1c4 GetCPInfo
0x42d1c8 OutputDebugStringA
0x42d1cc OutputDebugStringW
0x42d1d0 RtlUnwind
0x42d1d4 MultiByteToWideChar
0x42d1d8 RaiseException
0x42d1dc HeapReAlloc
0x42d1e0 HeapSize
0x42d1e4 HeapQueryInformation
0x42d1e8 HeapFree
0x42d1ec WideCharToMultiByte
0x42d1f0 GetStringTypeW
0x42d1f4 FlushFileBuffers
0x42d1f8 GetConsoleCP
0x42d1fc GetConsoleMode
0x42d200 SetFilePointer
USER32.dll
0x42d208 GetMessageTime
0x42d20c GetMenuCheckMarkDimensions
ADVAPI32.dll
0x42d000 AdjustTokenPrivileges
EAT(Export Address Table) Library
0x42b470 _CallPattern@8