ScreenShot
| Created | 2021.06.17 13:47 | Machine | s1_win7_x6402 |
| Filename | infostati.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, Stralo, Static AI, Malicious PE, Racealer, susgen, Azorult, score, MalPe, R419177, Artemis, ET#79%, RDMK, cmRtazomFPFJ0Cr6X824kYvWmdZu, Ranumbot, confidence) | ||
| md5 | 00ca5d98e8244569f3e07def869fb291 | ||
| sha256 | 37d16eee1bab30bb7c04c701033c8163905455457286698e266165315a73fcff | ||
| ssdeep | 12288:MgXvOGbRmly7UJJoLIa+GBkriHIvo3/M9xBNzucqDd36idrPCrg/3BDUGlyUvXs8:/OGbkoLIa+GO5vDBNvqR6idrPCrg5DUp | ||
| imphash | ed103d03110ecdb36297492051b4e917 | ||
| impfuzzy | 48:DLfaOAzP5aEfR8SdPlp6bc2OGEaEafOotgJVvy8dogG+ul:D5AZ59Nv6zlEafrtgJVvy8doL | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (5cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x495008 GetFileSize
0x49500c WriteConsoleInputW
0x495010 SetLocalTime
0x495014 GetDriveTypeW
0x495018 SetEndOfFile
0x49501c GetNumberOfConsoleInputEvents
0x495020 FindResourceExW
0x495024 MapUserPhysicalPages
0x495028 InterlockedIncrement
0x49502c GetQueuedCompletionStatus
0x495030 GetCommState
0x495034 InterlockedDecrement
0x495038 ScrollConsoleScreenBufferW
0x49503c SetComputerNameW
0x495040 CallNamedPipeW
0x495044 GetModuleHandleW
0x495048 GetSystemWow64DirectoryA
0x49504c WriteFileGather
0x495050 CreateDirectoryExW
0x495054 TlsSetValue
0x495058 GlobalAlloc
0x49505c GetVolumeInformationA
0x495060 Sleep
0x495064 GetSystemTimeAdjustment
0x495068 GlobalFlags
0x49506c Beep
0x495070 VerifyVersionInfoA
0x495074 IsDBCSLeadByte
0x495078 ReadFile
0x49507c CreateFileW
0x495080 GetBinaryTypeW
0x495084 CompareStringW
0x495088 GetACP
0x49508c lstrlenW
0x495090 GetConsoleOutputCP
0x495094 VerifyVersionInfoW
0x495098 CreateDirectoryA
0x49509c FindFirstFileA
0x4950a0 OpenMutexW
0x4950a4 GetProcAddress
0x4950a8 GlobalFix
0x4950ac WriteProfileSectionA
0x4950b0 ReadFileEx
0x4950b4 SetStdHandle
0x4950b8 CreateMemoryResourceNotification
0x4950bc SearchPathA
0x4950c0 GetPrivateProfileStringA
0x4950c4 SetFileApisToOEM
0x4950c8 GetAtomNameA
0x4950cc Process32FirstW
0x4950d0 OpenWaitableTimerW
0x4950d4 IsSystemResumeAutomatic
0x4950d8 GetCommMask
0x4950dc AddAtomA
0x4950e0 GetSystemInfo
0x4950e4 SetSystemTime
0x4950e8 EnumResourceTypesW
0x4950ec SetConsoleCursorInfo
0x4950f0 SetConsoleTitleW
0x4950f4 GetModuleHandleA
0x4950f8 FreeEnvironmentStringsW
0x4950fc EnumResourceNamesA
0x495100 GetConsoleTitleW
0x495104 BuildCommDCBA
0x495108 GetCurrentDirectoryA
0x49510c CompareStringA
0x495110 SetCalendarInfoA
0x495114 GetVersionExA
0x495118 GetWindowsDirectoryW
0x49511c GetCurrentProcessId
0x495120 InterlockedPushEntrySList
0x495124 GetProfileSectionW
0x495128 SuspendThread
0x49512c LCMapStringW
0x495130 CopyFileExA
0x495134 DeleteFileA
0x495138 SetVolumeLabelW
0x49513c GetCommandLineW
0x495140 GetStartupInfoW
0x495144 HeapValidate
0x495148 IsBadReadPtr
0x49514c RaiseException
0x495150 LeaveCriticalSection
0x495154 EnterCriticalSection
0x495158 GetLastError
0x49515c GetFileType
0x495160 WriteFile
0x495164 WideCharToMultiByte
0x495168 GetConsoleCP
0x49516c GetConsoleMode
0x495170 TerminateProcess
0x495174 GetCurrentProcess
0x495178 UnhandledExceptionFilter
0x49517c SetUnhandledExceptionFilter
0x495180 IsDebuggerPresent
0x495184 GetModuleFileNameW
0x495188 DeleteCriticalSection
0x49518c QueryPerformanceCounter
0x495190 GetTickCount
0x495194 GetCurrentThreadId
0x495198 GetSystemTimeAsFileTime
0x49519c ExitProcess
0x4951a0 GetEnvironmentStringsW
0x4951a4 SetHandleCount
0x4951a8 GetStdHandle
0x4951ac GetStartupInfoA
0x4951b0 TlsGetValue
0x4951b4 TlsAlloc
0x4951b8 TlsFree
0x4951bc SetLastError
0x4951c0 HeapDestroy
0x4951c4 HeapCreate
0x4951c8 HeapFree
0x4951cc VirtualFree
0x4951d0 GetModuleFileNameA
0x4951d4 HeapAlloc
0x4951d8 HeapSize
0x4951dc HeapReAlloc
0x4951e0 VirtualAlloc
0x4951e4 GetOEMCP
0x4951e8 GetCPInfo
0x4951ec IsValidCodePage
0x4951f0 InitializeCriticalSectionAndSpinCount
0x4951f4 WriteConsoleA
0x4951f8 WriteConsoleW
0x4951fc MultiByteToWideChar
0x495200 SetFilePointer
0x495204 RtlUnwind
0x495208 DebugBreak
0x49520c OutputDebugStringA
0x495210 OutputDebugStringW
0x495214 LoadLibraryW
0x495218 LoadLibraryA
0x49521c LCMapStringA
0x495220 GetStringTypeA
0x495224 GetStringTypeW
0x495228 GetLocaleInfoA
0x49522c CreateFileA
0x495230 CloseHandle
0x495234 FlushFileBuffers
USER32.dll
0x49523c GetMenuInfo
0x495240 GetComboBoxInfo
0x495244 GetMenuBarInfo
ADVAPI32.dll
0x495000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x48a4f0 _CallPattern@8
0x48a4d0 _futurama@4
0x48a4c0 _hiduk@8
0x48a4e0 _zabiray@8
KERNEL32.dll
0x495008 GetFileSize
0x49500c WriteConsoleInputW
0x495010 SetLocalTime
0x495014 GetDriveTypeW
0x495018 SetEndOfFile
0x49501c GetNumberOfConsoleInputEvents
0x495020 FindResourceExW
0x495024 MapUserPhysicalPages
0x495028 InterlockedIncrement
0x49502c GetQueuedCompletionStatus
0x495030 GetCommState
0x495034 InterlockedDecrement
0x495038 ScrollConsoleScreenBufferW
0x49503c SetComputerNameW
0x495040 CallNamedPipeW
0x495044 GetModuleHandleW
0x495048 GetSystemWow64DirectoryA
0x49504c WriteFileGather
0x495050 CreateDirectoryExW
0x495054 TlsSetValue
0x495058 GlobalAlloc
0x49505c GetVolumeInformationA
0x495060 Sleep
0x495064 GetSystemTimeAdjustment
0x495068 GlobalFlags
0x49506c Beep
0x495070 VerifyVersionInfoA
0x495074 IsDBCSLeadByte
0x495078 ReadFile
0x49507c CreateFileW
0x495080 GetBinaryTypeW
0x495084 CompareStringW
0x495088 GetACP
0x49508c lstrlenW
0x495090 GetConsoleOutputCP
0x495094 VerifyVersionInfoW
0x495098 CreateDirectoryA
0x49509c FindFirstFileA
0x4950a0 OpenMutexW
0x4950a4 GetProcAddress
0x4950a8 GlobalFix
0x4950ac WriteProfileSectionA
0x4950b0 ReadFileEx
0x4950b4 SetStdHandle
0x4950b8 CreateMemoryResourceNotification
0x4950bc SearchPathA
0x4950c0 GetPrivateProfileStringA
0x4950c4 SetFileApisToOEM
0x4950c8 GetAtomNameA
0x4950cc Process32FirstW
0x4950d0 OpenWaitableTimerW
0x4950d4 IsSystemResumeAutomatic
0x4950d8 GetCommMask
0x4950dc AddAtomA
0x4950e0 GetSystemInfo
0x4950e4 SetSystemTime
0x4950e8 EnumResourceTypesW
0x4950ec SetConsoleCursorInfo
0x4950f0 SetConsoleTitleW
0x4950f4 GetModuleHandleA
0x4950f8 FreeEnvironmentStringsW
0x4950fc EnumResourceNamesA
0x495100 GetConsoleTitleW
0x495104 BuildCommDCBA
0x495108 GetCurrentDirectoryA
0x49510c CompareStringA
0x495110 SetCalendarInfoA
0x495114 GetVersionExA
0x495118 GetWindowsDirectoryW
0x49511c GetCurrentProcessId
0x495120 InterlockedPushEntrySList
0x495124 GetProfileSectionW
0x495128 SuspendThread
0x49512c LCMapStringW
0x495130 CopyFileExA
0x495134 DeleteFileA
0x495138 SetVolumeLabelW
0x49513c GetCommandLineW
0x495140 GetStartupInfoW
0x495144 HeapValidate
0x495148 IsBadReadPtr
0x49514c RaiseException
0x495150 LeaveCriticalSection
0x495154 EnterCriticalSection
0x495158 GetLastError
0x49515c GetFileType
0x495160 WriteFile
0x495164 WideCharToMultiByte
0x495168 GetConsoleCP
0x49516c GetConsoleMode
0x495170 TerminateProcess
0x495174 GetCurrentProcess
0x495178 UnhandledExceptionFilter
0x49517c SetUnhandledExceptionFilter
0x495180 IsDebuggerPresent
0x495184 GetModuleFileNameW
0x495188 DeleteCriticalSection
0x49518c QueryPerformanceCounter
0x495190 GetTickCount
0x495194 GetCurrentThreadId
0x495198 GetSystemTimeAsFileTime
0x49519c ExitProcess
0x4951a0 GetEnvironmentStringsW
0x4951a4 SetHandleCount
0x4951a8 GetStdHandle
0x4951ac GetStartupInfoA
0x4951b0 TlsGetValue
0x4951b4 TlsAlloc
0x4951b8 TlsFree
0x4951bc SetLastError
0x4951c0 HeapDestroy
0x4951c4 HeapCreate
0x4951c8 HeapFree
0x4951cc VirtualFree
0x4951d0 GetModuleFileNameA
0x4951d4 HeapAlloc
0x4951d8 HeapSize
0x4951dc HeapReAlloc
0x4951e0 VirtualAlloc
0x4951e4 GetOEMCP
0x4951e8 GetCPInfo
0x4951ec IsValidCodePage
0x4951f0 InitializeCriticalSectionAndSpinCount
0x4951f4 WriteConsoleA
0x4951f8 WriteConsoleW
0x4951fc MultiByteToWideChar
0x495200 SetFilePointer
0x495204 RtlUnwind
0x495208 DebugBreak
0x49520c OutputDebugStringA
0x495210 OutputDebugStringW
0x495214 LoadLibraryW
0x495218 LoadLibraryA
0x49521c LCMapStringA
0x495220 GetStringTypeA
0x495224 GetStringTypeW
0x495228 GetLocaleInfoA
0x49522c CreateFileA
0x495230 CloseHandle
0x495234 FlushFileBuffers
USER32.dll
0x49523c GetMenuInfo
0x495240 GetComboBoxInfo
0x495244 GetMenuBarInfo
ADVAPI32.dll
0x495000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x48a4f0 _CallPattern@8
0x48a4d0 _futurama@4
0x48a4c0 _hiduk@8
0x48a4e0 _zabiray@8