ScreenShot
| Created | 2021.06.16 09:06 | Machine | s1_win7_x6401 |
| Filename | Canaliculi.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 24 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Hacktool, confidence, 100%, Attribute, HighConfidence, Convagent, Racealer, Score, Azorult, BScope, Sabsik, ET#84%, RDMK, cmRtazp, c8eGX4yGofuKXg0, +Nt0, Static AI, Malicious PE, susgen, ZexaF, yuW@ayAxLQhG) | ||
| md5 | d5598c9448076b1dc59cb57d56a264f4 | ||
| sha256 | fa5f8b919b332f26ad2701cebe0b006cc21fb46eb23ca4e761b19e96c4b87157 | ||
| ssdeep | 6144:f3haLHwCTJW1ecgBKLGZ6Go/x++75HJC5JOySNANnzMXg:f3haLH3JW1ecjGZ6Gg+afqJINQZ | ||
| imphash | 22d54580109f0c9a62e58d52129bb603 | ||
| impfuzzy | 48:dffaOLfRPQEnj8Se8Fs4pXbmwhV2KK9LasqScyzJPBuz:dVDdj9eqXX/hV2KQOsqScyzI | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x442008 WriteConsoleInputW
0x44200c CopyFileExW
0x442010 TlsGetValue
0x442014 SetLocalTime
0x442018 GetDriveTypeW
0x44201c GetNumberOfConsoleInputEvents
0x442020 FindResourceExW
0x442024 MapUserPhysicalPages
0x442028 InterlockedIncrement
0x44202c GetQueuedCompletionStatus
0x442030 GetCommState
0x442034 InterlockedDecrement
0x442038 ScrollConsoleScreenBufferW
0x44203c WritePrivateProfileSectionA
0x442040 QueryDosDeviceA
0x442044 WaitForSingleObject
0x442048 CallNamedPipeW
0x44204c GetModuleHandleW
0x442050 GetPrivateProfileStringW
0x442054 GetConsoleTitleA
0x442058 FindActCtxSectionStringA
0x44205c WriteFileGather
0x442060 CreateDirectoryExW
0x442064 GetVolumeInformationA
0x442068 Sleep
0x44206c GetSystemTimeAdjustment
0x442070 GlobalFlags
0x442074 Beep
0x442078 SetMessageWaitingIndicator
0x44207c IsDBCSLeadByte
0x442080 ReadFile
0x442084 CreateFileW
0x442088 GetBinaryTypeW
0x44208c GetACP
0x442090 lstrlenW
0x442094 VerifyVersionInfoW
0x442098 CreateDirectoryA
0x44209c GetStdHandle
0x4420a0 OpenMutexW
0x4420a4 GetCurrentDirectoryW
0x4420a8 GetProcAddress
0x4420ac FindFirstFileW
0x4420b0 SetVolumeLabelW
0x4420b4 WriteProfileSectionA
0x4420b8 ReadFileEx
0x4420bc SetComputerNameA
0x4420c0 CreateMemoryResourceNotification
0x4420c4 SearchPathA
0x4420c8 GetPrivateProfileStringA
0x4420cc SetFileApisToOEM
0x4420d0 GetAtomNameA
0x4420d4 Process32FirstW
0x4420d8 OpenWaitableTimerW
0x4420dc LocalAlloc
0x4420e0 IsSystemResumeAutomatic
0x4420e4 SetConsoleOutputCP
0x4420e8 AddAtomW
0x4420ec SetCurrentDirectoryW
0x4420f0 SetCommMask
0x4420f4 GetPrivateProfileStructA
0x4420f8 EnumResourceTypesW
0x4420fc SetConsoleCursorInfo
0x442100 GetThreadPriority
0x442104 SetConsoleTitleW
0x442108 GetModuleHandleA
0x44210c FreeEnvironmentStringsW
0x442110 EnumResourceNamesA
0x442114 BuildCommDCBA
0x442118 CompareStringA
0x44211c SetCalendarInfoA
0x442120 OpenSemaphoreW
0x442124 GetVersionExA
0x442128 GetWindowsDirectoryW
0x44212c GetCurrentProcessId
0x442130 InterlockedPushEntrySList
0x442134 GetProfileSectionW
0x442138 ResumeThread
0x44213c LCMapStringW
0x442140 CloseHandle
0x442144 SetStdHandle
0x442148 GetConsoleMode
0x44214c GetConsoleCP
0x442150 GetComputerNameExW
0x442154 GetFileSize
0x442158 GetCommandLineW
0x44215c HeapSetInformation
0x442160 GetStartupInfoW
0x442164 SetUnhandledExceptionFilter
0x442168 QueryPerformanceCounter
0x44216c GetTickCount
0x442170 GetCurrentThreadId
0x442174 GetSystemTimeAsFileTime
0x442178 DecodePointer
0x44217c ExitProcess
0x442180 GetModuleFileNameW
0x442184 GetEnvironmentStringsW
0x442188 SetHandleCount
0x44218c InitializeCriticalSectionAndSpinCount
0x442190 GetFileType
0x442194 DeleteCriticalSection
0x442198 HeapValidate
0x44219c IsBadReadPtr
0x4421a0 EncodePointer
0x4421a4 TlsAlloc
0x4421a8 TlsSetValue
0x4421ac TlsFree
0x4421b0 SetLastError
0x4421b4 GetLastError
0x4421b8 HeapCreate
0x4421bc WriteFile
0x4421c0 TerminateProcess
0x4421c4 GetCurrentProcess
0x4421c8 UnhandledExceptionFilter
0x4421cc IsDebuggerPresent
0x4421d0 RtlUnwind
0x4421d4 GetOEMCP
0x4421d8 GetCPInfo
0x4421dc IsValidCodePage
0x4421e0 EnterCriticalSection
0x4421e4 LeaveCriticalSection
0x4421e8 LoadLibraryW
0x4421ec HeapAlloc
0x4421f0 GetModuleFileNameA
0x4421f4 HeapReAlloc
0x4421f8 HeapSize
0x4421fc HeapQueryInformation
0x442200 HeapFree
0x442204 GetStringTypeW
0x442208 MultiByteToWideChar
0x44220c OutputDebugStringA
0x442210 WriteConsoleW
0x442214 OutputDebugStringW
0x442218 WideCharToMultiByte
0x44221c IsProcessorFeaturePresent
0x442220 RaiseException
0x442224 SetFilePointer
0x442228 FlushFileBuffers
USER32.dll
0x442230 GetCursorInfo
0x442234 GetMessageTime
0x442238 GetMenuBarInfo
ADVAPI32.dll
0x442000 InitiateSystemShutdownA
EAT(Export Address Table) is none
KERNEL32.dll
0x442008 WriteConsoleInputW
0x44200c CopyFileExW
0x442010 TlsGetValue
0x442014 SetLocalTime
0x442018 GetDriveTypeW
0x44201c GetNumberOfConsoleInputEvents
0x442020 FindResourceExW
0x442024 MapUserPhysicalPages
0x442028 InterlockedIncrement
0x44202c GetQueuedCompletionStatus
0x442030 GetCommState
0x442034 InterlockedDecrement
0x442038 ScrollConsoleScreenBufferW
0x44203c WritePrivateProfileSectionA
0x442040 QueryDosDeviceA
0x442044 WaitForSingleObject
0x442048 CallNamedPipeW
0x44204c GetModuleHandleW
0x442050 GetPrivateProfileStringW
0x442054 GetConsoleTitleA
0x442058 FindActCtxSectionStringA
0x44205c WriteFileGather
0x442060 CreateDirectoryExW
0x442064 GetVolumeInformationA
0x442068 Sleep
0x44206c GetSystemTimeAdjustment
0x442070 GlobalFlags
0x442074 Beep
0x442078 SetMessageWaitingIndicator
0x44207c IsDBCSLeadByte
0x442080 ReadFile
0x442084 CreateFileW
0x442088 GetBinaryTypeW
0x44208c GetACP
0x442090 lstrlenW
0x442094 VerifyVersionInfoW
0x442098 CreateDirectoryA
0x44209c GetStdHandle
0x4420a0 OpenMutexW
0x4420a4 GetCurrentDirectoryW
0x4420a8 GetProcAddress
0x4420ac FindFirstFileW
0x4420b0 SetVolumeLabelW
0x4420b4 WriteProfileSectionA
0x4420b8 ReadFileEx
0x4420bc SetComputerNameA
0x4420c0 CreateMemoryResourceNotification
0x4420c4 SearchPathA
0x4420c8 GetPrivateProfileStringA
0x4420cc SetFileApisToOEM
0x4420d0 GetAtomNameA
0x4420d4 Process32FirstW
0x4420d8 OpenWaitableTimerW
0x4420dc LocalAlloc
0x4420e0 IsSystemResumeAutomatic
0x4420e4 SetConsoleOutputCP
0x4420e8 AddAtomW
0x4420ec SetCurrentDirectoryW
0x4420f0 SetCommMask
0x4420f4 GetPrivateProfileStructA
0x4420f8 EnumResourceTypesW
0x4420fc SetConsoleCursorInfo
0x442100 GetThreadPriority
0x442104 SetConsoleTitleW
0x442108 GetModuleHandleA
0x44210c FreeEnvironmentStringsW
0x442110 EnumResourceNamesA
0x442114 BuildCommDCBA
0x442118 CompareStringA
0x44211c SetCalendarInfoA
0x442120 OpenSemaphoreW
0x442124 GetVersionExA
0x442128 GetWindowsDirectoryW
0x44212c GetCurrentProcessId
0x442130 InterlockedPushEntrySList
0x442134 GetProfileSectionW
0x442138 ResumeThread
0x44213c LCMapStringW
0x442140 CloseHandle
0x442144 SetStdHandle
0x442148 GetConsoleMode
0x44214c GetConsoleCP
0x442150 GetComputerNameExW
0x442154 GetFileSize
0x442158 GetCommandLineW
0x44215c HeapSetInformation
0x442160 GetStartupInfoW
0x442164 SetUnhandledExceptionFilter
0x442168 QueryPerformanceCounter
0x44216c GetTickCount
0x442170 GetCurrentThreadId
0x442174 GetSystemTimeAsFileTime
0x442178 DecodePointer
0x44217c ExitProcess
0x442180 GetModuleFileNameW
0x442184 GetEnvironmentStringsW
0x442188 SetHandleCount
0x44218c InitializeCriticalSectionAndSpinCount
0x442190 GetFileType
0x442194 DeleteCriticalSection
0x442198 HeapValidate
0x44219c IsBadReadPtr
0x4421a0 EncodePointer
0x4421a4 TlsAlloc
0x4421a8 TlsSetValue
0x4421ac TlsFree
0x4421b0 SetLastError
0x4421b4 GetLastError
0x4421b8 HeapCreate
0x4421bc WriteFile
0x4421c0 TerminateProcess
0x4421c4 GetCurrentProcess
0x4421c8 UnhandledExceptionFilter
0x4421cc IsDebuggerPresent
0x4421d0 RtlUnwind
0x4421d4 GetOEMCP
0x4421d8 GetCPInfo
0x4421dc IsValidCodePage
0x4421e0 EnterCriticalSection
0x4421e4 LeaveCriticalSection
0x4421e8 LoadLibraryW
0x4421ec HeapAlloc
0x4421f0 GetModuleFileNameA
0x4421f4 HeapReAlloc
0x4421f8 HeapSize
0x4421fc HeapQueryInformation
0x442200 HeapFree
0x442204 GetStringTypeW
0x442208 MultiByteToWideChar
0x44220c OutputDebugStringA
0x442210 WriteConsoleW
0x442214 OutputDebugStringW
0x442218 WideCharToMultiByte
0x44221c IsProcessorFeaturePresent
0x442220 RaiseException
0x442224 SetFilePointer
0x442228 FlushFileBuffers
USER32.dll
0x442230 GetCursorInfo
0x442234 GetMessageTime
0x442238 GetMenuBarInfo
ADVAPI32.dll
0x442000 InitiateSystemShutdownA
EAT(Export Address Table) is none