ScreenShot
| Created | 2021.06.17 13:45 | Machine | s1_win7_x6401 |
| Filename | gfers.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, ZexaF, yuW@a8eWCyKG, Attribute, HighConfidence, Kryptik, HLKA, PWSX, A + Troj, Ranumbot, Racealer, Azorult, NetSteal, 0MF35T, score, Static AI, Suspicious PE, susgen, confidence, 100%) | ||
| md5 | dbf34c56d244279f0e989540fbd6cda2 | ||
| sha256 | 9d5fcdce98c1941ed2f933cd3aaf579176c02efffd86e99b19bbd3e85ed8326a | ||
| ssdeep | 12288:UORnE20Wj63mL9i+AByvxTltZfs7B5DE:vE201mimvxTh0zE | ||
| imphash | ed103d03110ecdb36297492051b4e917 | ||
| impfuzzy | 48:DLfaOAzP5aEfR8SdPlp6bc2OGEaEafOotgJVvy8dogG+ul:D5AZ59Nv6zlEafrtgJVvy8doL | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44a008 GetFileSize
0x44a00c WriteConsoleInputW
0x44a010 SetLocalTime
0x44a014 GetDriveTypeW
0x44a018 SetEndOfFile
0x44a01c GetNumberOfConsoleInputEvents
0x44a020 FindResourceExW
0x44a024 MapUserPhysicalPages
0x44a028 InterlockedIncrement
0x44a02c GetQueuedCompletionStatus
0x44a030 GetCommState
0x44a034 InterlockedDecrement
0x44a038 ScrollConsoleScreenBufferW
0x44a03c SetComputerNameW
0x44a040 CallNamedPipeW
0x44a044 GetModuleHandleW
0x44a048 GetSystemWow64DirectoryA
0x44a04c WriteFileGather
0x44a050 CreateDirectoryExW
0x44a054 TlsSetValue
0x44a058 GlobalAlloc
0x44a05c GetVolumeInformationA
0x44a060 Sleep
0x44a064 GetSystemTimeAdjustment
0x44a068 GlobalFlags
0x44a06c Beep
0x44a070 VerifyVersionInfoA
0x44a074 IsDBCSLeadByte
0x44a078 ReadFile
0x44a07c CreateFileW
0x44a080 GetBinaryTypeW
0x44a084 CompareStringW
0x44a088 GetACP
0x44a08c lstrlenW
0x44a090 GetConsoleOutputCP
0x44a094 VerifyVersionInfoW
0x44a098 CreateDirectoryA
0x44a09c FindFirstFileA
0x44a0a0 OpenMutexW
0x44a0a4 GetProcAddress
0x44a0a8 GlobalFix
0x44a0ac WriteProfileSectionA
0x44a0b0 ReadFileEx
0x44a0b4 SetStdHandle
0x44a0b8 CreateMemoryResourceNotification
0x44a0bc SearchPathA
0x44a0c0 GetPrivateProfileStringA
0x44a0c4 SetFileApisToOEM
0x44a0c8 GetAtomNameA
0x44a0cc Process32FirstW
0x44a0d0 OpenWaitableTimerW
0x44a0d4 IsSystemResumeAutomatic
0x44a0d8 GetCommMask
0x44a0dc AddAtomA
0x44a0e0 GetSystemInfo
0x44a0e4 SetSystemTime
0x44a0e8 EnumResourceTypesW
0x44a0ec SetConsoleCursorInfo
0x44a0f0 SetConsoleTitleW
0x44a0f4 GetModuleHandleA
0x44a0f8 FreeEnvironmentStringsW
0x44a0fc EnumResourceNamesA
0x44a100 GetConsoleTitleW
0x44a104 BuildCommDCBA
0x44a108 GetCurrentDirectoryA
0x44a10c CompareStringA
0x44a110 SetCalendarInfoA
0x44a114 GetVersionExA
0x44a118 GetWindowsDirectoryW
0x44a11c GetCurrentProcessId
0x44a120 InterlockedPushEntrySList
0x44a124 GetProfileSectionW
0x44a128 SuspendThread
0x44a12c LCMapStringW
0x44a130 CopyFileExA
0x44a134 DeleteFileA
0x44a138 SetVolumeLabelW
0x44a13c GetCommandLineW
0x44a140 GetStartupInfoW
0x44a144 HeapValidate
0x44a148 IsBadReadPtr
0x44a14c RaiseException
0x44a150 LeaveCriticalSection
0x44a154 EnterCriticalSection
0x44a158 GetLastError
0x44a15c GetFileType
0x44a160 WriteFile
0x44a164 WideCharToMultiByte
0x44a168 GetConsoleCP
0x44a16c GetConsoleMode
0x44a170 TerminateProcess
0x44a174 GetCurrentProcess
0x44a178 UnhandledExceptionFilter
0x44a17c SetUnhandledExceptionFilter
0x44a180 IsDebuggerPresent
0x44a184 GetModuleFileNameW
0x44a188 DeleteCriticalSection
0x44a18c QueryPerformanceCounter
0x44a190 GetTickCount
0x44a194 GetCurrentThreadId
0x44a198 GetSystemTimeAsFileTime
0x44a19c ExitProcess
0x44a1a0 GetEnvironmentStringsW
0x44a1a4 SetHandleCount
0x44a1a8 GetStdHandle
0x44a1ac GetStartupInfoA
0x44a1b0 TlsGetValue
0x44a1b4 TlsAlloc
0x44a1b8 TlsFree
0x44a1bc SetLastError
0x44a1c0 HeapDestroy
0x44a1c4 HeapCreate
0x44a1c8 HeapFree
0x44a1cc VirtualFree
0x44a1d0 GetModuleFileNameA
0x44a1d4 HeapAlloc
0x44a1d8 HeapSize
0x44a1dc HeapReAlloc
0x44a1e0 VirtualAlloc
0x44a1e4 GetOEMCP
0x44a1e8 GetCPInfo
0x44a1ec IsValidCodePage
0x44a1f0 InitializeCriticalSectionAndSpinCount
0x44a1f4 WriteConsoleA
0x44a1f8 WriteConsoleW
0x44a1fc MultiByteToWideChar
0x44a200 SetFilePointer
0x44a204 RtlUnwind
0x44a208 DebugBreak
0x44a20c OutputDebugStringA
0x44a210 OutputDebugStringW
0x44a214 LoadLibraryW
0x44a218 LoadLibraryA
0x44a21c LCMapStringA
0x44a220 GetStringTypeA
0x44a224 GetStringTypeW
0x44a228 GetLocaleInfoA
0x44a22c CreateFileA
0x44a230 CloseHandle
0x44a234 FlushFileBuffers
USER32.dll
0x44a23c GetMenuInfo
0x44a240 GetComboBoxInfo
0x44a244 GetMenuBarInfo
ADVAPI32.dll
0x44a000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x43fb00 _CallPattern@8
0x43fae0 _futurama@4
0x43fad0 _hiduk@8
0x43faf0 _zabiray@8
KERNEL32.dll
0x44a008 GetFileSize
0x44a00c WriteConsoleInputW
0x44a010 SetLocalTime
0x44a014 GetDriveTypeW
0x44a018 SetEndOfFile
0x44a01c GetNumberOfConsoleInputEvents
0x44a020 FindResourceExW
0x44a024 MapUserPhysicalPages
0x44a028 InterlockedIncrement
0x44a02c GetQueuedCompletionStatus
0x44a030 GetCommState
0x44a034 InterlockedDecrement
0x44a038 ScrollConsoleScreenBufferW
0x44a03c SetComputerNameW
0x44a040 CallNamedPipeW
0x44a044 GetModuleHandleW
0x44a048 GetSystemWow64DirectoryA
0x44a04c WriteFileGather
0x44a050 CreateDirectoryExW
0x44a054 TlsSetValue
0x44a058 GlobalAlloc
0x44a05c GetVolumeInformationA
0x44a060 Sleep
0x44a064 GetSystemTimeAdjustment
0x44a068 GlobalFlags
0x44a06c Beep
0x44a070 VerifyVersionInfoA
0x44a074 IsDBCSLeadByte
0x44a078 ReadFile
0x44a07c CreateFileW
0x44a080 GetBinaryTypeW
0x44a084 CompareStringW
0x44a088 GetACP
0x44a08c lstrlenW
0x44a090 GetConsoleOutputCP
0x44a094 VerifyVersionInfoW
0x44a098 CreateDirectoryA
0x44a09c FindFirstFileA
0x44a0a0 OpenMutexW
0x44a0a4 GetProcAddress
0x44a0a8 GlobalFix
0x44a0ac WriteProfileSectionA
0x44a0b0 ReadFileEx
0x44a0b4 SetStdHandle
0x44a0b8 CreateMemoryResourceNotification
0x44a0bc SearchPathA
0x44a0c0 GetPrivateProfileStringA
0x44a0c4 SetFileApisToOEM
0x44a0c8 GetAtomNameA
0x44a0cc Process32FirstW
0x44a0d0 OpenWaitableTimerW
0x44a0d4 IsSystemResumeAutomatic
0x44a0d8 GetCommMask
0x44a0dc AddAtomA
0x44a0e0 GetSystemInfo
0x44a0e4 SetSystemTime
0x44a0e8 EnumResourceTypesW
0x44a0ec SetConsoleCursorInfo
0x44a0f0 SetConsoleTitleW
0x44a0f4 GetModuleHandleA
0x44a0f8 FreeEnvironmentStringsW
0x44a0fc EnumResourceNamesA
0x44a100 GetConsoleTitleW
0x44a104 BuildCommDCBA
0x44a108 GetCurrentDirectoryA
0x44a10c CompareStringA
0x44a110 SetCalendarInfoA
0x44a114 GetVersionExA
0x44a118 GetWindowsDirectoryW
0x44a11c GetCurrentProcessId
0x44a120 InterlockedPushEntrySList
0x44a124 GetProfileSectionW
0x44a128 SuspendThread
0x44a12c LCMapStringW
0x44a130 CopyFileExA
0x44a134 DeleteFileA
0x44a138 SetVolumeLabelW
0x44a13c GetCommandLineW
0x44a140 GetStartupInfoW
0x44a144 HeapValidate
0x44a148 IsBadReadPtr
0x44a14c RaiseException
0x44a150 LeaveCriticalSection
0x44a154 EnterCriticalSection
0x44a158 GetLastError
0x44a15c GetFileType
0x44a160 WriteFile
0x44a164 WideCharToMultiByte
0x44a168 GetConsoleCP
0x44a16c GetConsoleMode
0x44a170 TerminateProcess
0x44a174 GetCurrentProcess
0x44a178 UnhandledExceptionFilter
0x44a17c SetUnhandledExceptionFilter
0x44a180 IsDebuggerPresent
0x44a184 GetModuleFileNameW
0x44a188 DeleteCriticalSection
0x44a18c QueryPerformanceCounter
0x44a190 GetTickCount
0x44a194 GetCurrentThreadId
0x44a198 GetSystemTimeAsFileTime
0x44a19c ExitProcess
0x44a1a0 GetEnvironmentStringsW
0x44a1a4 SetHandleCount
0x44a1a8 GetStdHandle
0x44a1ac GetStartupInfoA
0x44a1b0 TlsGetValue
0x44a1b4 TlsAlloc
0x44a1b8 TlsFree
0x44a1bc SetLastError
0x44a1c0 HeapDestroy
0x44a1c4 HeapCreate
0x44a1c8 HeapFree
0x44a1cc VirtualFree
0x44a1d0 GetModuleFileNameA
0x44a1d4 HeapAlloc
0x44a1d8 HeapSize
0x44a1dc HeapReAlloc
0x44a1e0 VirtualAlloc
0x44a1e4 GetOEMCP
0x44a1e8 GetCPInfo
0x44a1ec IsValidCodePage
0x44a1f0 InitializeCriticalSectionAndSpinCount
0x44a1f4 WriteConsoleA
0x44a1f8 WriteConsoleW
0x44a1fc MultiByteToWideChar
0x44a200 SetFilePointer
0x44a204 RtlUnwind
0x44a208 DebugBreak
0x44a20c OutputDebugStringA
0x44a210 OutputDebugStringW
0x44a214 LoadLibraryW
0x44a218 LoadLibraryA
0x44a21c LCMapStringA
0x44a220 GetStringTypeA
0x44a224 GetStringTypeW
0x44a228 GetLocaleInfoA
0x44a22c CreateFileA
0x44a230 CloseHandle
0x44a234 FlushFileBuffers
USER32.dll
0x44a23c GetMenuInfo
0x44a240 GetComboBoxInfo
0x44a244 GetMenuBarInfo
ADVAPI32.dll
0x44a000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x43fb00 _CallPattern@8
0x43fae0 _futurama@4
0x43fad0 _hiduk@8
0x43faf0 _zabiray@8