ScreenShot
| Created | 2021.06.18 10:05 | Machine | s1_win7_x6402 |
| Filename | pub1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, A + Troj, Kryptik, Static AI, Malicious PE, Racealer, Score, Azorult, ET#78%, RDMK, cmRtazr4qRsfqpC7S9aZ620TpdIf, Ranumbot, susgen, ZexaF, ru0@amMN5VnI) | ||
| md5 | 0c7adaaa32d263c051a72555d85323e9 | ||
| sha256 | f8f92ee2b72e37fbb56e5749dad74857eacbb69d87a23029960bcd4c04370692 | ||
| ssdeep | 6144:tqXtRPThxwG7cLI6Kzh3SeLn39s40TUM7Z8tYQD:MTPNxwG7cLITSeLn3950AWKj | ||
| imphash | 789f9b51a4c10931fc3f61b83eea1b25 | ||
| impfuzzy | 48:bOBRQPrswQdR3J/8W9jWPlpIJONwaEBcltgJVQX1dzV2fG+1l:qfQPK/ZjwvIJ2EBcltgJVQFdzVk | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x431008 SetVolumeLabelA
0x43100c OpenFile
0x431010 SetLocalTime
0x431014 SetEndOfFile
0x431018 GetNumberOfConsoleInputEvents
0x43101c GetCommState
0x431020 InterlockedDecrement
0x431024 ScrollConsoleScreenBufferW
0x431028 GetProfileSectionA
0x43102c WriteConsoleInputA
0x431030 SetComputerNameW
0x431034 GetComputerNameW
0x431038 CreateDirectoryExA
0x43103c CallNamedPipeW
0x431040 GetModuleHandleW
0x431044 GenerateConsoleCtrlEvent
0x431048 GetSystemWow64DirectoryA
0x43104c EnumResourceTypesA
0x431050 GetDriveTypeA
0x431054 TlsSetValue
0x431058 FindResourceExA
0x43105c GlobalAlloc
0x431060 AddRefActCtx
0x431064 GetVolumeInformationA
0x431068 Sleep
0x43106c ReadFileScatter
0x431070 GetConsoleWindow
0x431074 GetSystemTimeAdjustment
0x431078 GetVersionExW
0x43107c InterlockedPopEntrySList
0x431080 GlobalFlags
0x431084 Beep
0x431088 VerifyVersionInfoA
0x43108c GetBinaryTypeA
0x431090 TerminateProcess
0x431094 ReadFile
0x431098 CompareStringW
0x43109c GetACP
0x4310a0 lstrlenW
0x4310a4 SetConsoleTitleA
0x4310a8 GlobalUnlock
0x4310ac EnumResourceNamesW
0x4310b0 CreateDirectoryA
0x4310b4 InterlockedExchange
0x4310b8 GetFileSizeEx
0x4310bc GetStdHandle
0x4310c0 FindFirstFileA
0x4310c4 IsDBCSLeadByteEx
0x4310c8 GetProcAddress
0x4310cc WriteProfileSectionA
0x4310d0 FreeUserPhysicalPages
0x4310d4 CreateMemoryResourceNotification
0x4310d8 SearchPathA
0x4310dc GetPrivateProfileStringA
0x4310e0 SetFileApisToOEM
0x4310e4 GetAtomNameA
0x4310e8 Process32FirstW
0x4310ec OpenMutexA
0x4310f0 OpenWaitableTimerW
0x4310f4 IsSystemResumeAutomatic
0x4310f8 GetCommMask
0x4310fc AddAtomA
0x431100 GetSystemInfo
0x431104 SetConsoleCursorInfo
0x431108 CreateIoCompletionPort
0x43110c WaitCommEvent
0x431110 GetModuleHandleA
0x431114 FreeEnvironmentStringsW
0x431118 GetConsoleTitleW
0x43111c BuildCommDCBA
0x431120 GetCurrentDirectoryA
0x431124 CompareStringA
0x431128 SetCalendarInfoA
0x43112c GetWindowsDirectoryW
0x431130 GetCurrentProcessId
0x431134 LCMapStringW
0x431138 CopyFileExA
0x43113c DeleteFileA
0x431140 CreateFileA
0x431144 GetConsoleOutputCP
0x431148 GetCommandLineW
0x43114c GetLastError
0x431150 MoveFileA
0x431154 GetStartupInfoW
0x431158 HeapValidate
0x43115c IsBadReadPtr
0x431160 RaiseException
0x431164 EnterCriticalSection
0x431168 LeaveCriticalSection
0x43116c GetCurrentProcess
0x431170 UnhandledExceptionFilter
0x431174 SetUnhandledExceptionFilter
0x431178 IsDebuggerPresent
0x43117c GetModuleFileNameW
0x431180 DeleteCriticalSection
0x431184 QueryPerformanceCounter
0x431188 GetTickCount
0x43118c GetCurrentThreadId
0x431190 GetSystemTimeAsFileTime
0x431194 InterlockedIncrement
0x431198 ExitProcess
0x43119c GetEnvironmentStringsW
0x4311a0 SetHandleCount
0x4311a4 GetFileType
0x4311a8 GetStartupInfoA
0x4311ac TlsGetValue
0x4311b0 TlsAlloc
0x4311b4 TlsFree
0x4311b8 SetLastError
0x4311bc HeapDestroy
0x4311c0 HeapCreate
0x4311c4 HeapFree
0x4311c8 VirtualFree
0x4311cc GetModuleFileNameA
0x4311d0 WriteFile
0x4311d4 HeapAlloc
0x4311d8 HeapSize
0x4311dc HeapReAlloc
0x4311e0 VirtualAlloc
0x4311e4 GetOEMCP
0x4311e8 GetCPInfo
0x4311ec IsValidCodePage
0x4311f0 RtlUnwind
0x4311f4 DebugBreak
0x4311f8 OutputDebugStringA
0x4311fc WriteConsoleW
0x431200 OutputDebugStringW
0x431204 LoadLibraryW
0x431208 MultiByteToWideChar
0x43120c InitializeCriticalSectionAndSpinCount
0x431210 LoadLibraryA
0x431214 WideCharToMultiByte
0x431218 LCMapStringA
0x43121c GetStringTypeA
0x431220 GetStringTypeW
0x431224 GetLocaleInfoA
0x431228 FlushFileBuffers
0x43122c GetConsoleCP
0x431230 GetConsoleMode
0x431234 SetFilePointer
0x431238 CloseHandle
0x43123c SetStdHandle
0x431240 WriteConsoleA
USER32.dll
0x431248 GetMenuBarInfo
0x43124c GetMenuInfo
0x431250 GetComboBoxInfo
0x431254 GetMenuCheckMarkDimensions
ADVAPI32.dll
0x431000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x426f50 _futurama@4
KERNEL32.dll
0x431008 SetVolumeLabelA
0x43100c OpenFile
0x431010 SetLocalTime
0x431014 SetEndOfFile
0x431018 GetNumberOfConsoleInputEvents
0x43101c GetCommState
0x431020 InterlockedDecrement
0x431024 ScrollConsoleScreenBufferW
0x431028 GetProfileSectionA
0x43102c WriteConsoleInputA
0x431030 SetComputerNameW
0x431034 GetComputerNameW
0x431038 CreateDirectoryExA
0x43103c CallNamedPipeW
0x431040 GetModuleHandleW
0x431044 GenerateConsoleCtrlEvent
0x431048 GetSystemWow64DirectoryA
0x43104c EnumResourceTypesA
0x431050 GetDriveTypeA
0x431054 TlsSetValue
0x431058 FindResourceExA
0x43105c GlobalAlloc
0x431060 AddRefActCtx
0x431064 GetVolumeInformationA
0x431068 Sleep
0x43106c ReadFileScatter
0x431070 GetConsoleWindow
0x431074 GetSystemTimeAdjustment
0x431078 GetVersionExW
0x43107c InterlockedPopEntrySList
0x431080 GlobalFlags
0x431084 Beep
0x431088 VerifyVersionInfoA
0x43108c GetBinaryTypeA
0x431090 TerminateProcess
0x431094 ReadFile
0x431098 CompareStringW
0x43109c GetACP
0x4310a0 lstrlenW
0x4310a4 SetConsoleTitleA
0x4310a8 GlobalUnlock
0x4310ac EnumResourceNamesW
0x4310b0 CreateDirectoryA
0x4310b4 InterlockedExchange
0x4310b8 GetFileSizeEx
0x4310bc GetStdHandle
0x4310c0 FindFirstFileA
0x4310c4 IsDBCSLeadByteEx
0x4310c8 GetProcAddress
0x4310cc WriteProfileSectionA
0x4310d0 FreeUserPhysicalPages
0x4310d4 CreateMemoryResourceNotification
0x4310d8 SearchPathA
0x4310dc GetPrivateProfileStringA
0x4310e0 SetFileApisToOEM
0x4310e4 GetAtomNameA
0x4310e8 Process32FirstW
0x4310ec OpenMutexA
0x4310f0 OpenWaitableTimerW
0x4310f4 IsSystemResumeAutomatic
0x4310f8 GetCommMask
0x4310fc AddAtomA
0x431100 GetSystemInfo
0x431104 SetConsoleCursorInfo
0x431108 CreateIoCompletionPort
0x43110c WaitCommEvent
0x431110 GetModuleHandleA
0x431114 FreeEnvironmentStringsW
0x431118 GetConsoleTitleW
0x43111c BuildCommDCBA
0x431120 GetCurrentDirectoryA
0x431124 CompareStringA
0x431128 SetCalendarInfoA
0x43112c GetWindowsDirectoryW
0x431130 GetCurrentProcessId
0x431134 LCMapStringW
0x431138 CopyFileExA
0x43113c DeleteFileA
0x431140 CreateFileA
0x431144 GetConsoleOutputCP
0x431148 GetCommandLineW
0x43114c GetLastError
0x431150 MoveFileA
0x431154 GetStartupInfoW
0x431158 HeapValidate
0x43115c IsBadReadPtr
0x431160 RaiseException
0x431164 EnterCriticalSection
0x431168 LeaveCriticalSection
0x43116c GetCurrentProcess
0x431170 UnhandledExceptionFilter
0x431174 SetUnhandledExceptionFilter
0x431178 IsDebuggerPresent
0x43117c GetModuleFileNameW
0x431180 DeleteCriticalSection
0x431184 QueryPerformanceCounter
0x431188 GetTickCount
0x43118c GetCurrentThreadId
0x431190 GetSystemTimeAsFileTime
0x431194 InterlockedIncrement
0x431198 ExitProcess
0x43119c GetEnvironmentStringsW
0x4311a0 SetHandleCount
0x4311a4 GetFileType
0x4311a8 GetStartupInfoA
0x4311ac TlsGetValue
0x4311b0 TlsAlloc
0x4311b4 TlsFree
0x4311b8 SetLastError
0x4311bc HeapDestroy
0x4311c0 HeapCreate
0x4311c4 HeapFree
0x4311c8 VirtualFree
0x4311cc GetModuleFileNameA
0x4311d0 WriteFile
0x4311d4 HeapAlloc
0x4311d8 HeapSize
0x4311dc HeapReAlloc
0x4311e0 VirtualAlloc
0x4311e4 GetOEMCP
0x4311e8 GetCPInfo
0x4311ec IsValidCodePage
0x4311f0 RtlUnwind
0x4311f4 DebugBreak
0x4311f8 OutputDebugStringA
0x4311fc WriteConsoleW
0x431200 OutputDebugStringW
0x431204 LoadLibraryW
0x431208 MultiByteToWideChar
0x43120c InitializeCriticalSectionAndSpinCount
0x431210 LoadLibraryA
0x431214 WideCharToMultiByte
0x431218 LCMapStringA
0x43121c GetStringTypeA
0x431220 GetStringTypeW
0x431224 GetLocaleInfoA
0x431228 FlushFileBuffers
0x43122c GetConsoleCP
0x431230 GetConsoleMode
0x431234 SetFilePointer
0x431238 CloseHandle
0x43123c SetStdHandle
0x431240 WriteConsoleA
USER32.dll
0x431248 GetMenuBarInfo
0x43124c GetMenuInfo
0x431250 GetComboBoxInfo
0x431254 GetMenuCheckMarkDimensions
ADVAPI32.dll
0x431000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x426f50 _futurama@4