ScreenShot
| Created | 2021.06.16 09:45 | Machine | s1_win7_x6401 |
| Filename | updatetes.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (AIDetect, malware1, malicious, high confidence, Graftor, Unsafe, Save, None, Kryptik, Eldorado, Attribute, HighConfidence, HLIZ, PWSX, Zenpak, Siggen3, R002C0DFF21, susgen, ai score=81, kcloud, Azorult, NetSteal, CXT1WY, score, R425830, GenericRXAA, BScope, Sabsik, CLASSIC, Static AI, Malicious PE, ZexaE, vuW@aSlgdegG, GdSda, confidence) | ||
| md5 | a4f1f7fe9de324bf060f44976d1e0d17 | ||
| sha256 | 2fb6bf1f605b4441037e7870f0060ad5e5bdcfd9b8ad065a42dc953be5c8d321 | ||
| ssdeep | 6144:PIXuxqHbApdbj/WCrrPY22E0QHYW5n+RZKXpuLVRB:PIXuxwApdbj/BPQ22E0anUZwp6B | ||
| imphash | b0d3854c557fd79a46b820c312bd2709 | ||
| impfuzzy | 48:FfNaOVSkPW4d7zSGjFF9Plp6bO6whV22eLaAqSc7ZJPGuz:FrkdQqU3tv6ahV22eOAqSc7Zz | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x442008 TlsGetValue
0x44200c GetStringTypeA
0x442010 SetLocalTime
0x442014 GetDriveTypeW
0x442018 GetNumberOfConsoleInputEvents
0x44201c FindResourceExW
0x442020 MapUserPhysicalPages
0x442024 CallNamedPipeA
0x442028 InterlockedIncrement
0x44202c GetQueuedCompletionStatus
0x442030 GetCommState
0x442034 InterlockedDecrement
0x442038 ScrollConsoleScreenBufferW
0x44203c QueryDosDeviceA
0x442040 WaitForSingleObject
0x442044 OpenSemaphoreA
0x442048 CreateDirectoryExA
0x44204c FreeEnvironmentStringsA
0x442050 GetModuleHandleW
0x442054 GetPrivateProfileStringW
0x442058 GetConsoleTitleA
0x44205c FindActCtxSectionStringA
0x442060 WriteFileGather
0x442064 GetVolumeInformationA
0x442068 Sleep
0x44206c SetVolumeMountPointA
0x442070 GetSystemTimeAdjustment
0x442074 GlobalFlags
0x442078 Beep
0x44207c SetMessageWaitingIndicator
0x442080 VerifyVersionInfoA
0x442084 GetBinaryTypeA
0x442088 WritePrivateProfileSectionW
0x44208c CreateFileW
0x442090 GetACP
0x442094 lstrlenW
0x442098 LCMapStringA
0x44209c VerifyVersionInfoW
0x4420a0 CreateDirectoryA
0x4420a4 InterlockedExchange
0x4420a8 GetStdHandle
0x4420ac OpenMutexW
0x4420b0 WriteConsoleInputW
0x4420b4 GetProcAddress
0x4420b8 GetProcessHeaps
0x4420bc GetComputerNameExW
0x4420c0 SetVolumeLabelW
0x4420c4 ReadFileEx
0x4420c8 SetComputerNameA
0x4420cc CreateMemoryResourceNotification
0x4420d0 SetFileApisToOEM
0x4420d4 GetAtomNameA
0x4420d8 Process32FirstW
0x4420dc OpenWaitableTimerW
0x4420e0 LocalAlloc
0x4420e4 GetFileType
0x4420e8 SetConsoleOutputCP
0x4420ec SetCurrentDirectoryW
0x4420f0 WriteProfileSectionW
0x4420f4 GetCommMask
0x4420f8 AddAtomA
0x4420fc SetCommMask
0x442100 GetPrivateProfileStructA
0x442104 EnumResourceTypesW
0x442108 SetConsoleCursorInfo
0x44210c GetThreadPriority
0x442110 SetConsoleTitleW
0x442114 GetModuleHandleA
0x442118 EnumResourceNamesA
0x44211c FindNextFileW
0x442120 RequestWakeupLatency
0x442124 BuildCommDCBA
0x442128 GetCurrentDirectoryA
0x44212c CompareStringA
0x442130 SetCalendarInfoA
0x442134 GetVersionExA
0x442138 GetWindowsDirectoryW
0x44213c GetCurrentProcessId
0x442140 InterlockedPushEntrySList
0x442144 GetProfileSectionW
0x442148 ResumeThread
0x44214c CloseHandle
0x442150 SetStdHandle
0x442154 GetConsoleMode
0x442158 GetConsoleCP
0x44215c IsDBCSLeadByteEx
0x442160 FindFirstFileW
0x442164 GetLastError
0x442168 MoveFileA
0x44216c GetCommandLineW
0x442170 HeapSetInformation
0x442174 GetStartupInfoW
0x442178 SetUnhandledExceptionFilter
0x44217c QueryPerformanceCounter
0x442180 GetTickCount
0x442184 GetCurrentThreadId
0x442188 GetSystemTimeAsFileTime
0x44218c DecodePointer
0x442190 ExitProcess
0x442194 GetModuleFileNameW
0x442198 FreeEnvironmentStringsW
0x44219c GetEnvironmentStringsW
0x4421a0 SetHandleCount
0x4421a4 InitializeCriticalSectionAndSpinCount
0x4421a8 DeleteCriticalSection
0x4421ac HeapValidate
0x4421b0 IsBadReadPtr
0x4421b4 EncodePointer
0x4421b8 TlsAlloc
0x4421bc TlsSetValue
0x4421c0 TlsFree
0x4421c4 SetLastError
0x4421c8 HeapCreate
0x4421cc WriteFile
0x4421d0 TerminateProcess
0x4421d4 GetCurrentProcess
0x4421d8 UnhandledExceptionFilter
0x4421dc IsDebuggerPresent
0x4421e0 RtlUnwind
0x4421e4 GetOEMCP
0x4421e8 GetCPInfo
0x4421ec IsValidCodePage
0x4421f0 EnterCriticalSection
0x4421f4 LeaveCriticalSection
0x4421f8 LoadLibraryW
0x4421fc HeapAlloc
0x442200 GetModuleFileNameA
0x442204 HeapReAlloc
0x442208 HeapSize
0x44220c HeapQueryInformation
0x442210 HeapFree
0x442214 OutputDebugStringA
0x442218 WriteConsoleW
0x44221c OutputDebugStringW
0x442220 GetStringTypeW
0x442224 MultiByteToWideChar
0x442228 WideCharToMultiByte
0x44222c LCMapStringW
0x442230 IsProcessorFeaturePresent
0x442234 RaiseException
0x442238 SetFilePointer
0x44223c FlushFileBuffers
USER32.dll
0x442244 GetCursorInfo
0x442248 GetMenuInfo
0x44224c GetMenuBarInfo
ADVAPI32.dll
0x442000 InitiateSystemShutdownA
EAT(Export Address Table) is none
KERNEL32.dll
0x442008 TlsGetValue
0x44200c GetStringTypeA
0x442010 SetLocalTime
0x442014 GetDriveTypeW
0x442018 GetNumberOfConsoleInputEvents
0x44201c FindResourceExW
0x442020 MapUserPhysicalPages
0x442024 CallNamedPipeA
0x442028 InterlockedIncrement
0x44202c GetQueuedCompletionStatus
0x442030 GetCommState
0x442034 InterlockedDecrement
0x442038 ScrollConsoleScreenBufferW
0x44203c QueryDosDeviceA
0x442040 WaitForSingleObject
0x442044 OpenSemaphoreA
0x442048 CreateDirectoryExA
0x44204c FreeEnvironmentStringsA
0x442050 GetModuleHandleW
0x442054 GetPrivateProfileStringW
0x442058 GetConsoleTitleA
0x44205c FindActCtxSectionStringA
0x442060 WriteFileGather
0x442064 GetVolumeInformationA
0x442068 Sleep
0x44206c SetVolumeMountPointA
0x442070 GetSystemTimeAdjustment
0x442074 GlobalFlags
0x442078 Beep
0x44207c SetMessageWaitingIndicator
0x442080 VerifyVersionInfoA
0x442084 GetBinaryTypeA
0x442088 WritePrivateProfileSectionW
0x44208c CreateFileW
0x442090 GetACP
0x442094 lstrlenW
0x442098 LCMapStringA
0x44209c VerifyVersionInfoW
0x4420a0 CreateDirectoryA
0x4420a4 InterlockedExchange
0x4420a8 GetStdHandle
0x4420ac OpenMutexW
0x4420b0 WriteConsoleInputW
0x4420b4 GetProcAddress
0x4420b8 GetProcessHeaps
0x4420bc GetComputerNameExW
0x4420c0 SetVolumeLabelW
0x4420c4 ReadFileEx
0x4420c8 SetComputerNameA
0x4420cc CreateMemoryResourceNotification
0x4420d0 SetFileApisToOEM
0x4420d4 GetAtomNameA
0x4420d8 Process32FirstW
0x4420dc OpenWaitableTimerW
0x4420e0 LocalAlloc
0x4420e4 GetFileType
0x4420e8 SetConsoleOutputCP
0x4420ec SetCurrentDirectoryW
0x4420f0 WriteProfileSectionW
0x4420f4 GetCommMask
0x4420f8 AddAtomA
0x4420fc SetCommMask
0x442100 GetPrivateProfileStructA
0x442104 EnumResourceTypesW
0x442108 SetConsoleCursorInfo
0x44210c GetThreadPriority
0x442110 SetConsoleTitleW
0x442114 GetModuleHandleA
0x442118 EnumResourceNamesA
0x44211c FindNextFileW
0x442120 RequestWakeupLatency
0x442124 BuildCommDCBA
0x442128 GetCurrentDirectoryA
0x44212c CompareStringA
0x442130 SetCalendarInfoA
0x442134 GetVersionExA
0x442138 GetWindowsDirectoryW
0x44213c GetCurrentProcessId
0x442140 InterlockedPushEntrySList
0x442144 GetProfileSectionW
0x442148 ResumeThread
0x44214c CloseHandle
0x442150 SetStdHandle
0x442154 GetConsoleMode
0x442158 GetConsoleCP
0x44215c IsDBCSLeadByteEx
0x442160 FindFirstFileW
0x442164 GetLastError
0x442168 MoveFileA
0x44216c GetCommandLineW
0x442170 HeapSetInformation
0x442174 GetStartupInfoW
0x442178 SetUnhandledExceptionFilter
0x44217c QueryPerformanceCounter
0x442180 GetTickCount
0x442184 GetCurrentThreadId
0x442188 GetSystemTimeAsFileTime
0x44218c DecodePointer
0x442190 ExitProcess
0x442194 GetModuleFileNameW
0x442198 FreeEnvironmentStringsW
0x44219c GetEnvironmentStringsW
0x4421a0 SetHandleCount
0x4421a4 InitializeCriticalSectionAndSpinCount
0x4421a8 DeleteCriticalSection
0x4421ac HeapValidate
0x4421b0 IsBadReadPtr
0x4421b4 EncodePointer
0x4421b8 TlsAlloc
0x4421bc TlsSetValue
0x4421c0 TlsFree
0x4421c4 SetLastError
0x4421c8 HeapCreate
0x4421cc WriteFile
0x4421d0 TerminateProcess
0x4421d4 GetCurrentProcess
0x4421d8 UnhandledExceptionFilter
0x4421dc IsDebuggerPresent
0x4421e0 RtlUnwind
0x4421e4 GetOEMCP
0x4421e8 GetCPInfo
0x4421ec IsValidCodePage
0x4421f0 EnterCriticalSection
0x4421f4 LeaveCriticalSection
0x4421f8 LoadLibraryW
0x4421fc HeapAlloc
0x442200 GetModuleFileNameA
0x442204 HeapReAlloc
0x442208 HeapSize
0x44220c HeapQueryInformation
0x442210 HeapFree
0x442214 OutputDebugStringA
0x442218 WriteConsoleW
0x44221c OutputDebugStringW
0x442220 GetStringTypeW
0x442224 MultiByteToWideChar
0x442228 WideCharToMultiByte
0x44222c LCMapStringW
0x442230 IsProcessorFeaturePresent
0x442234 RaiseException
0x442238 SetFilePointer
0x44223c FlushFileBuffers
USER32.dll
0x442244 GetCursorInfo
0x442248 GetMenuInfo
0x44224c GetMenuBarInfo
ADVAPI32.dll
0x442000 InitiateSystemShutdownA
EAT(Export Address Table) is none