ScreenShot
| Created | 2021.06.18 09:49 | Machine | s1_win7_x6402 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (malicious, high confidence, Unsafe, Save, ZexaF, UuW@aGjHMwmI, Attribute, HighConfidence, A + Troj, Kryptik, Lockbit, Ranumbot, Racealer, Score, Glupteba, ET#79%, RDMK, cmRtazqVzdHV4IJ2T4tRTMvQBcMa, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | fb4bd33f89ac6417468bb1d4729f8b75 | ||
| sha256 | 3019cbb993e1bbf087a7aaeed07ddf5625ba6d15f28b2120af7d661c42cc7625 | ||
| ssdeep | 12288:GXXnoXm98IqzPZXrlHM8WDweYXJUnv7yY6UPK8MOh/Pl9lSo5eOVbK2ZJwi:SoXmGPZ7ZZWDwbOnv7y3UiwPw0eOpR | ||
| imphash | 5bc76f4349f7f0afe0c88e229f50d37f | ||
| impfuzzy | 48:9yOBnCCrHyTdNDkJ/8SeqPlpI62OMwaEBcftgJVQX1dzV2fG+1l:9dtCCAW9ekvIZDEBcftgJVQFdzVI | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4a5008 GlobalFix
0x4a500c GetFileSize
0x4a5010 OpenFile
0x4a5014 SetLocalTime
0x4a5018 SetEndOfFile
0x4a501c GetNumberOfConsoleInputEvents
0x4a5020 FindResourceExW
0x4a5024 GetCommState
0x4a5028 InterlockedDecrement
0x4a502c ScrollConsoleScreenBufferW
0x4a5030 GetProfileSectionA
0x4a5034 WriteConsoleInputA
0x4a5038 SetComputerNameW
0x4a503c GetComputerNameW
0x4a5040 CallNamedPipeW
0x4a5044 GetModuleHandleW
0x4a5048 GetSystemWow64DirectoryA
0x4a504c CreateDirectoryExW
0x4a5050 GetDriveTypeA
0x4a5054 TlsSetValue
0x4a5058 GlobalAlloc
0x4a505c AddRefActCtx
0x4a5060 GetVolumeInformationA
0x4a5064 Sleep
0x4a5068 ReadFileScatter
0x4a506c GetSystemTimeAdjustment
0x4a5070 GetVersionExW
0x4a5074 InterlockedPopEntrySList
0x4a5078 GlobalFlags
0x4a507c Beep
0x4a5080 VerifyVersionInfoA
0x4a5084 GetBinaryTypeA
0x4a5088 ReadFile
0x4a508c CompareStringW
0x4a5090 GetACP
0x4a5094 lstrlenW
0x4a5098 GlobalUnlock
0x4a509c GetConsoleOutputCP
0x4a50a0 CreateDirectoryA
0x4a50a4 InterlockedExchange
0x4a50a8 GetStdHandle
0x4a50ac EnumResourceNamesW
0x4a50b0 OpenMutexW
0x4a50b4 IsDBCSLeadByteEx
0x4a50b8 GetProcAddress
0x4a50bc SetVolumeLabelW
0x4a50c0 WriteProfileSectionA
0x4a50c4 FreeUserPhysicalPages
0x4a50c8 CreateMemoryResourceNotification
0x4a50cc SearchPathA
0x4a50d0 GetPrivateProfileStringA
0x4a50d4 SetFileApisToOEM
0x4a50d8 GetAtomNameA
0x4a50dc Process32FirstW
0x4a50e0 OpenWaitableTimerW
0x4a50e4 IsSystemResumeAutomatic
0x4a50e8 GetCommMask
0x4a50ec AddAtomA
0x4a50f0 GetSystemInfo
0x4a50f4 SetSystemTime
0x4a50f8 EnumResourceTypesW
0x4a50fc SetConsoleCursorInfo
0x4a5100 CreateIoCompletionPort
0x4a5104 WaitCommEvent
0x4a5108 SetConsoleTitleW
0x4a510c GetModuleHandleA
0x4a5110 FreeEnvironmentStringsW
0x4a5114 GetConsoleTitleW
0x4a5118 BuildCommDCBA
0x4a511c GetCurrentDirectoryA
0x4a5120 CompareStringA
0x4a5124 SetCalendarInfoA
0x4a5128 GetWindowsDirectoryW
0x4a512c GetCurrentProcessId
0x4a5130 SuspendThread
0x4a5134 LCMapStringW
0x4a5138 CopyFileExA
0x4a513c DeleteFileA
0x4a5140 CreateFileA
0x4a5144 FindFirstFileA
0x4a5148 GetCommandLineW
0x4a514c GetLastError
0x4a5150 MoveFileA
0x4a5154 GetStartupInfoW
0x4a5158 HeapValidate
0x4a515c IsBadReadPtr
0x4a5160 RaiseException
0x4a5164 EnterCriticalSection
0x4a5168 LeaveCriticalSection
0x4a516c TerminateProcess
0x4a5170 GetCurrentProcess
0x4a5174 UnhandledExceptionFilter
0x4a5178 SetUnhandledExceptionFilter
0x4a517c IsDebuggerPresent
0x4a5180 GetModuleFileNameW
0x4a5184 DeleteCriticalSection
0x4a5188 QueryPerformanceCounter
0x4a518c GetTickCount
0x4a5190 GetCurrentThreadId
0x4a5194 GetSystemTimeAsFileTime
0x4a5198 InterlockedIncrement
0x4a519c ExitProcess
0x4a51a0 GetEnvironmentStringsW
0x4a51a4 SetHandleCount
0x4a51a8 GetFileType
0x4a51ac GetStartupInfoA
0x4a51b0 TlsGetValue
0x4a51b4 TlsAlloc
0x4a51b8 TlsFree
0x4a51bc SetLastError
0x4a51c0 HeapDestroy
0x4a51c4 HeapCreate
0x4a51c8 HeapFree
0x4a51cc VirtualFree
0x4a51d0 GetModuleFileNameA
0x4a51d4 WriteFile
0x4a51d8 HeapAlloc
0x4a51dc HeapSize
0x4a51e0 HeapReAlloc
0x4a51e4 VirtualAlloc
0x4a51e8 GetOEMCP
0x4a51ec GetCPInfo
0x4a51f0 IsValidCodePage
0x4a51f4 RtlUnwind
0x4a51f8 DebugBreak
0x4a51fc OutputDebugStringA
0x4a5200 WriteConsoleW
0x4a5204 OutputDebugStringW
0x4a5208 LoadLibraryW
0x4a520c MultiByteToWideChar
0x4a5210 InitializeCriticalSectionAndSpinCount
0x4a5214 LoadLibraryA
0x4a5218 WideCharToMultiByte
0x4a521c LCMapStringA
0x4a5220 GetStringTypeA
0x4a5224 GetStringTypeW
0x4a5228 GetLocaleInfoA
0x4a522c FlushFileBuffers
0x4a5230 GetConsoleCP
0x4a5234 GetConsoleMode
0x4a5238 SetFilePointer
0x4a523c CloseHandle
0x4a5240 SetStdHandle
0x4a5244 WriteConsoleA
USER32.dll
0x4a524c GetMenuBarInfo
0x4a5250 GetMenuInfo
0x4a5254 GetComboBoxInfo
0x4a5258 GetListBoxInfo
ADVAPI32.dll
0x4a5000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x49aa70 _futurama@4
KERNEL32.dll
0x4a5008 GlobalFix
0x4a500c GetFileSize
0x4a5010 OpenFile
0x4a5014 SetLocalTime
0x4a5018 SetEndOfFile
0x4a501c GetNumberOfConsoleInputEvents
0x4a5020 FindResourceExW
0x4a5024 GetCommState
0x4a5028 InterlockedDecrement
0x4a502c ScrollConsoleScreenBufferW
0x4a5030 GetProfileSectionA
0x4a5034 WriteConsoleInputA
0x4a5038 SetComputerNameW
0x4a503c GetComputerNameW
0x4a5040 CallNamedPipeW
0x4a5044 GetModuleHandleW
0x4a5048 GetSystemWow64DirectoryA
0x4a504c CreateDirectoryExW
0x4a5050 GetDriveTypeA
0x4a5054 TlsSetValue
0x4a5058 GlobalAlloc
0x4a505c AddRefActCtx
0x4a5060 GetVolumeInformationA
0x4a5064 Sleep
0x4a5068 ReadFileScatter
0x4a506c GetSystemTimeAdjustment
0x4a5070 GetVersionExW
0x4a5074 InterlockedPopEntrySList
0x4a5078 GlobalFlags
0x4a507c Beep
0x4a5080 VerifyVersionInfoA
0x4a5084 GetBinaryTypeA
0x4a5088 ReadFile
0x4a508c CompareStringW
0x4a5090 GetACP
0x4a5094 lstrlenW
0x4a5098 GlobalUnlock
0x4a509c GetConsoleOutputCP
0x4a50a0 CreateDirectoryA
0x4a50a4 InterlockedExchange
0x4a50a8 GetStdHandle
0x4a50ac EnumResourceNamesW
0x4a50b0 OpenMutexW
0x4a50b4 IsDBCSLeadByteEx
0x4a50b8 GetProcAddress
0x4a50bc SetVolumeLabelW
0x4a50c0 WriteProfileSectionA
0x4a50c4 FreeUserPhysicalPages
0x4a50c8 CreateMemoryResourceNotification
0x4a50cc SearchPathA
0x4a50d0 GetPrivateProfileStringA
0x4a50d4 SetFileApisToOEM
0x4a50d8 GetAtomNameA
0x4a50dc Process32FirstW
0x4a50e0 OpenWaitableTimerW
0x4a50e4 IsSystemResumeAutomatic
0x4a50e8 GetCommMask
0x4a50ec AddAtomA
0x4a50f0 GetSystemInfo
0x4a50f4 SetSystemTime
0x4a50f8 EnumResourceTypesW
0x4a50fc SetConsoleCursorInfo
0x4a5100 CreateIoCompletionPort
0x4a5104 WaitCommEvent
0x4a5108 SetConsoleTitleW
0x4a510c GetModuleHandleA
0x4a5110 FreeEnvironmentStringsW
0x4a5114 GetConsoleTitleW
0x4a5118 BuildCommDCBA
0x4a511c GetCurrentDirectoryA
0x4a5120 CompareStringA
0x4a5124 SetCalendarInfoA
0x4a5128 GetWindowsDirectoryW
0x4a512c GetCurrentProcessId
0x4a5130 SuspendThread
0x4a5134 LCMapStringW
0x4a5138 CopyFileExA
0x4a513c DeleteFileA
0x4a5140 CreateFileA
0x4a5144 FindFirstFileA
0x4a5148 GetCommandLineW
0x4a514c GetLastError
0x4a5150 MoveFileA
0x4a5154 GetStartupInfoW
0x4a5158 HeapValidate
0x4a515c IsBadReadPtr
0x4a5160 RaiseException
0x4a5164 EnterCriticalSection
0x4a5168 LeaveCriticalSection
0x4a516c TerminateProcess
0x4a5170 GetCurrentProcess
0x4a5174 UnhandledExceptionFilter
0x4a5178 SetUnhandledExceptionFilter
0x4a517c IsDebuggerPresent
0x4a5180 GetModuleFileNameW
0x4a5184 DeleteCriticalSection
0x4a5188 QueryPerformanceCounter
0x4a518c GetTickCount
0x4a5190 GetCurrentThreadId
0x4a5194 GetSystemTimeAsFileTime
0x4a5198 InterlockedIncrement
0x4a519c ExitProcess
0x4a51a0 GetEnvironmentStringsW
0x4a51a4 SetHandleCount
0x4a51a8 GetFileType
0x4a51ac GetStartupInfoA
0x4a51b0 TlsGetValue
0x4a51b4 TlsAlloc
0x4a51b8 TlsFree
0x4a51bc SetLastError
0x4a51c0 HeapDestroy
0x4a51c4 HeapCreate
0x4a51c8 HeapFree
0x4a51cc VirtualFree
0x4a51d0 GetModuleFileNameA
0x4a51d4 WriteFile
0x4a51d8 HeapAlloc
0x4a51dc HeapSize
0x4a51e0 HeapReAlloc
0x4a51e4 VirtualAlloc
0x4a51e8 GetOEMCP
0x4a51ec GetCPInfo
0x4a51f0 IsValidCodePage
0x4a51f4 RtlUnwind
0x4a51f8 DebugBreak
0x4a51fc OutputDebugStringA
0x4a5200 WriteConsoleW
0x4a5204 OutputDebugStringW
0x4a5208 LoadLibraryW
0x4a520c MultiByteToWideChar
0x4a5210 InitializeCriticalSectionAndSpinCount
0x4a5214 LoadLibraryA
0x4a5218 WideCharToMultiByte
0x4a521c LCMapStringA
0x4a5220 GetStringTypeA
0x4a5224 GetStringTypeW
0x4a5228 GetLocaleInfoA
0x4a522c FlushFileBuffers
0x4a5230 GetConsoleCP
0x4a5234 GetConsoleMode
0x4a5238 SetFilePointer
0x4a523c CloseHandle
0x4a5240 SetStdHandle
0x4a5244 WriteConsoleA
USER32.dll
0x4a524c GetMenuBarInfo
0x4a5250 GetMenuInfo
0x4a5254 GetComboBoxInfo
0x4a5258 GetListBoxInfo
ADVAPI32.dll
0x4a5000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x49aa70 _futurama@4