ScreenShot
| Created | 2021.06.16 09:11 | Machine | s1_win7_x6402 |
| Filename | app.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (AIDetect, malware1, Save, Malicious, FileRepMetagen, Static AI, Suspicious PE, Racealer, Unsafe, Score, Azorult, Artemis, BScope, Sabsik, susgen, ZexaF, @xX@aOXiQ5kG, Genetic) | ||
| md5 | 4da006c3ae2c486c41f3007a2b7f4782 | ||
| sha256 | f454ea9fa15b20582eb0311beea5cc20e03e643a0a87b7c4e3fb848148873acf | ||
| ssdeep | 98304:aDYM9XRrFXIaO2HHcZhIIBxAQiM6wEKxg+oIXcy+wONr:ETBrFXI5gmeFM6wQ/IXP+w6r | ||
| imphash | 22d54580109f0c9a62e58d52129bb603 | ||
| impfuzzy | 48:dffaOLfRPQEnj8Se8Fs4pXbmwhV2KK9LasqScyzJPBuz:dVDdj9eqXX/hV2KQOsqScyzI | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | NPKI_Zero | File included NPKI | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x85d008 WriteConsoleInputW
0x85d00c CopyFileExW
0x85d010 TlsGetValue
0x85d014 SetLocalTime
0x85d018 GetDriveTypeW
0x85d01c GetNumberOfConsoleInputEvents
0x85d020 FindResourceExW
0x85d024 MapUserPhysicalPages
0x85d028 InterlockedIncrement
0x85d02c GetQueuedCompletionStatus
0x85d030 GetCommState
0x85d034 InterlockedDecrement
0x85d038 ScrollConsoleScreenBufferW
0x85d03c WritePrivateProfileSectionA
0x85d040 QueryDosDeviceA
0x85d044 WaitForSingleObject
0x85d048 CallNamedPipeW
0x85d04c GetModuleHandleW
0x85d050 GetPrivateProfileStringW
0x85d054 GetConsoleTitleA
0x85d058 FindActCtxSectionStringA
0x85d05c WriteFileGather
0x85d060 CreateDirectoryExW
0x85d064 GetVolumeInformationA
0x85d068 Sleep
0x85d06c GetSystemTimeAdjustment
0x85d070 GlobalFlags
0x85d074 Beep
0x85d078 SetMessageWaitingIndicator
0x85d07c IsDBCSLeadByte
0x85d080 ReadFile
0x85d084 CreateFileW
0x85d088 GetBinaryTypeW
0x85d08c GetACP
0x85d090 lstrlenW
0x85d094 VerifyVersionInfoW
0x85d098 CreateDirectoryA
0x85d09c GetStdHandle
0x85d0a0 OpenMutexW
0x85d0a4 GetCurrentDirectoryW
0x85d0a8 GetProcAddress
0x85d0ac FindFirstFileW
0x85d0b0 SetVolumeLabelW
0x85d0b4 WriteProfileSectionA
0x85d0b8 ReadFileEx
0x85d0bc SetComputerNameA
0x85d0c0 CreateMemoryResourceNotification
0x85d0c4 SearchPathA
0x85d0c8 GetPrivateProfileStringA
0x85d0cc SetFileApisToOEM
0x85d0d0 GetAtomNameA
0x85d0d4 Process32FirstW
0x85d0d8 OpenWaitableTimerW
0x85d0dc LocalAlloc
0x85d0e0 IsSystemResumeAutomatic
0x85d0e4 SetConsoleOutputCP
0x85d0e8 AddAtomW
0x85d0ec SetCurrentDirectoryW
0x85d0f0 SetCommMask
0x85d0f4 GetPrivateProfileStructA
0x85d0f8 EnumResourceTypesW
0x85d0fc SetConsoleCursorInfo
0x85d100 GetThreadPriority
0x85d104 SetConsoleTitleW
0x85d108 GetModuleHandleA
0x85d10c FreeEnvironmentStringsW
0x85d110 EnumResourceNamesA
0x85d114 BuildCommDCBA
0x85d118 CompareStringA
0x85d11c SetCalendarInfoA
0x85d120 OpenSemaphoreW
0x85d124 GetVersionExA
0x85d128 GetWindowsDirectoryW
0x85d12c GetCurrentProcessId
0x85d130 InterlockedPushEntrySList
0x85d134 GetProfileSectionW
0x85d138 ResumeThread
0x85d13c LCMapStringW
0x85d140 CloseHandle
0x85d144 SetStdHandle
0x85d148 GetConsoleMode
0x85d14c GetConsoleCP
0x85d150 GetComputerNameExW
0x85d154 GetFileSize
0x85d158 GetCommandLineW
0x85d15c HeapSetInformation
0x85d160 GetStartupInfoW
0x85d164 SetUnhandledExceptionFilter
0x85d168 QueryPerformanceCounter
0x85d16c GetTickCount
0x85d170 GetCurrentThreadId
0x85d174 GetSystemTimeAsFileTime
0x85d178 DecodePointer
0x85d17c ExitProcess
0x85d180 GetModuleFileNameW
0x85d184 GetEnvironmentStringsW
0x85d188 SetHandleCount
0x85d18c InitializeCriticalSectionAndSpinCount
0x85d190 GetFileType
0x85d194 DeleteCriticalSection
0x85d198 HeapValidate
0x85d19c IsBadReadPtr
0x85d1a0 EncodePointer
0x85d1a4 TlsAlloc
0x85d1a8 TlsSetValue
0x85d1ac TlsFree
0x85d1b0 SetLastError
0x85d1b4 GetLastError
0x85d1b8 HeapCreate
0x85d1bc WriteFile
0x85d1c0 TerminateProcess
0x85d1c4 GetCurrentProcess
0x85d1c8 UnhandledExceptionFilter
0x85d1cc IsDebuggerPresent
0x85d1d0 RtlUnwind
0x85d1d4 GetOEMCP
0x85d1d8 GetCPInfo
0x85d1dc IsValidCodePage
0x85d1e0 EnterCriticalSection
0x85d1e4 LeaveCriticalSection
0x85d1e8 LoadLibraryW
0x85d1ec HeapAlloc
0x85d1f0 GetModuleFileNameA
0x85d1f4 HeapReAlloc
0x85d1f8 HeapSize
0x85d1fc HeapQueryInformation
0x85d200 HeapFree
0x85d204 GetStringTypeW
0x85d208 MultiByteToWideChar
0x85d20c OutputDebugStringA
0x85d210 WriteConsoleW
0x85d214 OutputDebugStringW
0x85d218 WideCharToMultiByte
0x85d21c IsProcessorFeaturePresent
0x85d220 RaiseException
0x85d224 SetFilePointer
0x85d228 FlushFileBuffers
USER32.dll
0x85d230 GetCursorInfo
0x85d234 GetMessageTime
0x85d238 GetMenuBarInfo
ADVAPI32.dll
0x85d000 InitiateSystemShutdownA
EAT(Export Address Table) is none
KERNEL32.dll
0x85d008 WriteConsoleInputW
0x85d00c CopyFileExW
0x85d010 TlsGetValue
0x85d014 SetLocalTime
0x85d018 GetDriveTypeW
0x85d01c GetNumberOfConsoleInputEvents
0x85d020 FindResourceExW
0x85d024 MapUserPhysicalPages
0x85d028 InterlockedIncrement
0x85d02c GetQueuedCompletionStatus
0x85d030 GetCommState
0x85d034 InterlockedDecrement
0x85d038 ScrollConsoleScreenBufferW
0x85d03c WritePrivateProfileSectionA
0x85d040 QueryDosDeviceA
0x85d044 WaitForSingleObject
0x85d048 CallNamedPipeW
0x85d04c GetModuleHandleW
0x85d050 GetPrivateProfileStringW
0x85d054 GetConsoleTitleA
0x85d058 FindActCtxSectionStringA
0x85d05c WriteFileGather
0x85d060 CreateDirectoryExW
0x85d064 GetVolumeInformationA
0x85d068 Sleep
0x85d06c GetSystemTimeAdjustment
0x85d070 GlobalFlags
0x85d074 Beep
0x85d078 SetMessageWaitingIndicator
0x85d07c IsDBCSLeadByte
0x85d080 ReadFile
0x85d084 CreateFileW
0x85d088 GetBinaryTypeW
0x85d08c GetACP
0x85d090 lstrlenW
0x85d094 VerifyVersionInfoW
0x85d098 CreateDirectoryA
0x85d09c GetStdHandle
0x85d0a0 OpenMutexW
0x85d0a4 GetCurrentDirectoryW
0x85d0a8 GetProcAddress
0x85d0ac FindFirstFileW
0x85d0b0 SetVolumeLabelW
0x85d0b4 WriteProfileSectionA
0x85d0b8 ReadFileEx
0x85d0bc SetComputerNameA
0x85d0c0 CreateMemoryResourceNotification
0x85d0c4 SearchPathA
0x85d0c8 GetPrivateProfileStringA
0x85d0cc SetFileApisToOEM
0x85d0d0 GetAtomNameA
0x85d0d4 Process32FirstW
0x85d0d8 OpenWaitableTimerW
0x85d0dc LocalAlloc
0x85d0e0 IsSystemResumeAutomatic
0x85d0e4 SetConsoleOutputCP
0x85d0e8 AddAtomW
0x85d0ec SetCurrentDirectoryW
0x85d0f0 SetCommMask
0x85d0f4 GetPrivateProfileStructA
0x85d0f8 EnumResourceTypesW
0x85d0fc SetConsoleCursorInfo
0x85d100 GetThreadPriority
0x85d104 SetConsoleTitleW
0x85d108 GetModuleHandleA
0x85d10c FreeEnvironmentStringsW
0x85d110 EnumResourceNamesA
0x85d114 BuildCommDCBA
0x85d118 CompareStringA
0x85d11c SetCalendarInfoA
0x85d120 OpenSemaphoreW
0x85d124 GetVersionExA
0x85d128 GetWindowsDirectoryW
0x85d12c GetCurrentProcessId
0x85d130 InterlockedPushEntrySList
0x85d134 GetProfileSectionW
0x85d138 ResumeThread
0x85d13c LCMapStringW
0x85d140 CloseHandle
0x85d144 SetStdHandle
0x85d148 GetConsoleMode
0x85d14c GetConsoleCP
0x85d150 GetComputerNameExW
0x85d154 GetFileSize
0x85d158 GetCommandLineW
0x85d15c HeapSetInformation
0x85d160 GetStartupInfoW
0x85d164 SetUnhandledExceptionFilter
0x85d168 QueryPerformanceCounter
0x85d16c GetTickCount
0x85d170 GetCurrentThreadId
0x85d174 GetSystemTimeAsFileTime
0x85d178 DecodePointer
0x85d17c ExitProcess
0x85d180 GetModuleFileNameW
0x85d184 GetEnvironmentStringsW
0x85d188 SetHandleCount
0x85d18c InitializeCriticalSectionAndSpinCount
0x85d190 GetFileType
0x85d194 DeleteCriticalSection
0x85d198 HeapValidate
0x85d19c IsBadReadPtr
0x85d1a0 EncodePointer
0x85d1a4 TlsAlloc
0x85d1a8 TlsSetValue
0x85d1ac TlsFree
0x85d1b0 SetLastError
0x85d1b4 GetLastError
0x85d1b8 HeapCreate
0x85d1bc WriteFile
0x85d1c0 TerminateProcess
0x85d1c4 GetCurrentProcess
0x85d1c8 UnhandledExceptionFilter
0x85d1cc IsDebuggerPresent
0x85d1d0 RtlUnwind
0x85d1d4 GetOEMCP
0x85d1d8 GetCPInfo
0x85d1dc IsValidCodePage
0x85d1e0 EnterCriticalSection
0x85d1e4 LeaveCriticalSection
0x85d1e8 LoadLibraryW
0x85d1ec HeapAlloc
0x85d1f0 GetModuleFileNameA
0x85d1f4 HeapReAlloc
0x85d1f8 HeapSize
0x85d1fc HeapQueryInformation
0x85d200 HeapFree
0x85d204 GetStringTypeW
0x85d208 MultiByteToWideChar
0x85d20c OutputDebugStringA
0x85d210 WriteConsoleW
0x85d214 OutputDebugStringW
0x85d218 WideCharToMultiByte
0x85d21c IsProcessorFeaturePresent
0x85d220 RaiseException
0x85d224 SetFilePointer
0x85d228 FlushFileBuffers
USER32.dll
0x85d230 GetCursorInfo
0x85d234 GetMessageTime
0x85d238 GetMenuBarInfo
ADVAPI32.dll
0x85d000 InitiateSystemShutdownA
EAT(Export Address Table) is none