ScreenShot
| Created | 2021.06.17 17:51 | Machine | s1_win7_x6401 |
| Filename | g63.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, ZexaF, yuW@ayhxyrTc, Attribute, HighConfidence, Mokes, A + Troj, Kryptik, Ranumbot, Racealer, Azorult, score, Static AI, Suspicious PE, susgen, confidence, 100%) | ||
| md5 | 33b25300e8911b7d280c7f91d27b4c6d | ||
| sha256 | 0d5c3f624b4b07fbf3720815913d7c4aaa5bae13b004cb28b8cadad519ce726d | ||
| ssdeep | 12288:Up0UhOdxADZFoJd5dpiQuKLUZez2qxFqb:qhOdxzpiZKLz9u | ||
| imphash | 2efdead0abc218f741ed3cdf2ff53455 | ||
| impfuzzy | 48:mLROcFN59e8G8SeFPlp6B2ON8aEafnotgJVv38dogPO+ul:mMcyx9eVv6MCEafotgJVv38doT | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44a008 GetFileSize
0x44a00c SetLocalTime
0x44a010 GetDriveTypeW
0x44a014 SetEndOfFile
0x44a018 GetNumberOfConsoleInputEvents
0x44a01c FindResourceExW
0x44a020 MapUserPhysicalPages
0x44a024 InterlockedIncrement
0x44a028 GetCommState
0x44a02c InterlockedDecrement
0x44a030 ScrollConsoleScreenBufferW
0x44a034 WriteConsoleInputA
0x44a038 SetComputerNameW
0x44a03c GetComputerNameW
0x44a040 CallNamedPipeW
0x44a044 GetModuleHandleW
0x44a048 GetSystemWow64DirectoryA
0x44a04c CreateDirectoryExW
0x44a050 TlsSetValue
0x44a054 GlobalAlloc
0x44a058 GetVolumeInformationA
0x44a05c Sleep
0x44a060 ReadFileScatter
0x44a064 GetSystemTimeAdjustment
0x44a068 InterlockedPopEntrySList
0x44a06c GlobalFlags
0x44a070 Beep
0x44a074 VerifyVersionInfoA
0x44a078 IsDBCSLeadByte
0x44a07c ReadFile
0x44a080 CreateFileW
0x44a084 GetBinaryTypeW
0x44a088 CompareStringW
0x44a08c GetACP
0x44a090 lstrlenW
0x44a094 GetConsoleOutputCP
0x44a098 CreateDirectoryA
0x44a09c GetStdHandle
0x44a0a0 FindFirstFileA
0x44a0a4 OpenMutexW
0x44a0a8 GlobalFix
0x44a0ac SetVolumeLabelW
0x44a0b0 WriteProfileSectionA
0x44a0b4 ReadFileEx
0x44a0b8 CreateMemoryResourceNotification
0x44a0bc SearchPathA
0x44a0c0 GetPrivateProfileStringA
0x44a0c4 SetFileApisToOEM
0x44a0c8 GetAtomNameA
0x44a0cc Process32FirstW
0x44a0d0 OpenWaitableTimerW
0x44a0d4 IsSystemResumeAutomatic
0x44a0d8 GetCommMask
0x44a0dc AddAtomA
0x44a0e0 GetSystemInfo
0x44a0e4 SetSystemTime
0x44a0e8 EnumResourceTypesW
0x44a0ec SetConsoleCursorInfo
0x44a0f0 CreateIoCompletionPort
0x44a0f4 SetConsoleTitleW
0x44a0f8 GetModuleHandleA
0x44a0fc FreeEnvironmentStringsW
0x44a100 EnumResourceNamesA
0x44a104 GetConsoleTitleW
0x44a108 BuildCommDCBA
0x44a10c GetCurrentDirectoryA
0x44a110 CompareStringA
0x44a114 SetCalendarInfoA
0x44a118 GetVersionExA
0x44a11c GetWindowsDirectoryW
0x44a120 GetCurrentProcessId
0x44a124 GetProfileSectionW
0x44a128 SuspendThread
0x44a12c LCMapStringW
0x44a130 CopyFileExA
0x44a134 DeleteFileA
0x44a138 GetProcAddress
0x44a13c GetCommandLineW
0x44a140 GetLastError
0x44a144 GetStartupInfoW
0x44a148 HeapValidate
0x44a14c IsBadReadPtr
0x44a150 RaiseException
0x44a154 LeaveCriticalSection
0x44a158 EnterCriticalSection
0x44a15c SetStdHandle
0x44a160 GetFileType
0x44a164 WriteFile
0x44a168 WideCharToMultiByte
0x44a16c GetConsoleCP
0x44a170 GetConsoleMode
0x44a174 TerminateProcess
0x44a178 GetCurrentProcess
0x44a17c UnhandledExceptionFilter
0x44a180 SetUnhandledExceptionFilter
0x44a184 IsDebuggerPresent
0x44a188 GetModuleFileNameW
0x44a18c DeleteCriticalSection
0x44a190 QueryPerformanceCounter
0x44a194 GetTickCount
0x44a198 GetCurrentThreadId
0x44a19c GetSystemTimeAsFileTime
0x44a1a0 ExitProcess
0x44a1a4 GetEnvironmentStringsW
0x44a1a8 SetHandleCount
0x44a1ac GetStartupInfoA
0x44a1b0 TlsGetValue
0x44a1b4 TlsAlloc
0x44a1b8 TlsFree
0x44a1bc SetLastError
0x44a1c0 HeapDestroy
0x44a1c4 HeapCreate
0x44a1c8 HeapFree
0x44a1cc VirtualFree
0x44a1d0 GetModuleFileNameA
0x44a1d4 HeapAlloc
0x44a1d8 HeapSize
0x44a1dc HeapReAlloc
0x44a1e0 VirtualAlloc
0x44a1e4 GetOEMCP
0x44a1e8 GetCPInfo
0x44a1ec IsValidCodePage
0x44a1f0 InitializeCriticalSectionAndSpinCount
0x44a1f4 WriteConsoleA
0x44a1f8 WriteConsoleW
0x44a1fc MultiByteToWideChar
0x44a200 SetFilePointer
0x44a204 RtlUnwind
0x44a208 DebugBreak
0x44a20c OutputDebugStringA
0x44a210 OutputDebugStringW
0x44a214 LoadLibraryW
0x44a218 LoadLibraryA
0x44a21c LCMapStringA
0x44a220 GetStringTypeA
0x44a224 GetStringTypeW
0x44a228 GetLocaleInfoA
0x44a22c CreateFileA
0x44a230 CloseHandle
0x44a234 FlushFileBuffers
USER32.dll
0x44a23c GetCursorInfo
0x44a240 GetListBoxInfo
0x44a244 GetComboBoxInfo
0x44a248 GetMenuBarInfo
ADVAPI32.dll
0x44a000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x43f970 _futurama@4
0x43f960 _hiduk@8
0x43f950 _regulmoto@4
KERNEL32.dll
0x44a008 GetFileSize
0x44a00c SetLocalTime
0x44a010 GetDriveTypeW
0x44a014 SetEndOfFile
0x44a018 GetNumberOfConsoleInputEvents
0x44a01c FindResourceExW
0x44a020 MapUserPhysicalPages
0x44a024 InterlockedIncrement
0x44a028 GetCommState
0x44a02c InterlockedDecrement
0x44a030 ScrollConsoleScreenBufferW
0x44a034 WriteConsoleInputA
0x44a038 SetComputerNameW
0x44a03c GetComputerNameW
0x44a040 CallNamedPipeW
0x44a044 GetModuleHandleW
0x44a048 GetSystemWow64DirectoryA
0x44a04c CreateDirectoryExW
0x44a050 TlsSetValue
0x44a054 GlobalAlloc
0x44a058 GetVolumeInformationA
0x44a05c Sleep
0x44a060 ReadFileScatter
0x44a064 GetSystemTimeAdjustment
0x44a068 InterlockedPopEntrySList
0x44a06c GlobalFlags
0x44a070 Beep
0x44a074 VerifyVersionInfoA
0x44a078 IsDBCSLeadByte
0x44a07c ReadFile
0x44a080 CreateFileW
0x44a084 GetBinaryTypeW
0x44a088 CompareStringW
0x44a08c GetACP
0x44a090 lstrlenW
0x44a094 GetConsoleOutputCP
0x44a098 CreateDirectoryA
0x44a09c GetStdHandle
0x44a0a0 FindFirstFileA
0x44a0a4 OpenMutexW
0x44a0a8 GlobalFix
0x44a0ac SetVolumeLabelW
0x44a0b0 WriteProfileSectionA
0x44a0b4 ReadFileEx
0x44a0b8 CreateMemoryResourceNotification
0x44a0bc SearchPathA
0x44a0c0 GetPrivateProfileStringA
0x44a0c4 SetFileApisToOEM
0x44a0c8 GetAtomNameA
0x44a0cc Process32FirstW
0x44a0d0 OpenWaitableTimerW
0x44a0d4 IsSystemResumeAutomatic
0x44a0d8 GetCommMask
0x44a0dc AddAtomA
0x44a0e0 GetSystemInfo
0x44a0e4 SetSystemTime
0x44a0e8 EnumResourceTypesW
0x44a0ec SetConsoleCursorInfo
0x44a0f0 CreateIoCompletionPort
0x44a0f4 SetConsoleTitleW
0x44a0f8 GetModuleHandleA
0x44a0fc FreeEnvironmentStringsW
0x44a100 EnumResourceNamesA
0x44a104 GetConsoleTitleW
0x44a108 BuildCommDCBA
0x44a10c GetCurrentDirectoryA
0x44a110 CompareStringA
0x44a114 SetCalendarInfoA
0x44a118 GetVersionExA
0x44a11c GetWindowsDirectoryW
0x44a120 GetCurrentProcessId
0x44a124 GetProfileSectionW
0x44a128 SuspendThread
0x44a12c LCMapStringW
0x44a130 CopyFileExA
0x44a134 DeleteFileA
0x44a138 GetProcAddress
0x44a13c GetCommandLineW
0x44a140 GetLastError
0x44a144 GetStartupInfoW
0x44a148 HeapValidate
0x44a14c IsBadReadPtr
0x44a150 RaiseException
0x44a154 LeaveCriticalSection
0x44a158 EnterCriticalSection
0x44a15c SetStdHandle
0x44a160 GetFileType
0x44a164 WriteFile
0x44a168 WideCharToMultiByte
0x44a16c GetConsoleCP
0x44a170 GetConsoleMode
0x44a174 TerminateProcess
0x44a178 GetCurrentProcess
0x44a17c UnhandledExceptionFilter
0x44a180 SetUnhandledExceptionFilter
0x44a184 IsDebuggerPresent
0x44a188 GetModuleFileNameW
0x44a18c DeleteCriticalSection
0x44a190 QueryPerformanceCounter
0x44a194 GetTickCount
0x44a198 GetCurrentThreadId
0x44a19c GetSystemTimeAsFileTime
0x44a1a0 ExitProcess
0x44a1a4 GetEnvironmentStringsW
0x44a1a8 SetHandleCount
0x44a1ac GetStartupInfoA
0x44a1b0 TlsGetValue
0x44a1b4 TlsAlloc
0x44a1b8 TlsFree
0x44a1bc SetLastError
0x44a1c0 HeapDestroy
0x44a1c4 HeapCreate
0x44a1c8 HeapFree
0x44a1cc VirtualFree
0x44a1d0 GetModuleFileNameA
0x44a1d4 HeapAlloc
0x44a1d8 HeapSize
0x44a1dc HeapReAlloc
0x44a1e0 VirtualAlloc
0x44a1e4 GetOEMCP
0x44a1e8 GetCPInfo
0x44a1ec IsValidCodePage
0x44a1f0 InitializeCriticalSectionAndSpinCount
0x44a1f4 WriteConsoleA
0x44a1f8 WriteConsoleW
0x44a1fc MultiByteToWideChar
0x44a200 SetFilePointer
0x44a204 RtlUnwind
0x44a208 DebugBreak
0x44a20c OutputDebugStringA
0x44a210 OutputDebugStringW
0x44a214 LoadLibraryW
0x44a218 LoadLibraryA
0x44a21c LCMapStringA
0x44a220 GetStringTypeA
0x44a224 GetStringTypeW
0x44a228 GetLocaleInfoA
0x44a22c CreateFileA
0x44a230 CloseHandle
0x44a234 FlushFileBuffers
USER32.dll
0x44a23c GetCursorInfo
0x44a240 GetListBoxInfo
0x44a244 GetComboBoxInfo
0x44a248 GetMenuBarInfo
ADVAPI32.dll
0x44a000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x43f970 _futurama@4
0x43f960 _hiduk@8
0x43f950 _regulmoto@4