ScreenShot
| Created | 2021.06.18 17:50 | Machine | s1_win7_x6401 |
| Filename | 5.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | a9b0f21cb30e239e1f3af96eb376a0ba | ||
| sha256 | 18076f163aef93f57db14eece15b18ca68f344da2f4c59a329de178752f14e2c | ||
| ssdeep | 12288:8o1cVSyb3yRoBT8f3DC/QyquN26rizg6hXjceAMJaIkPhq4RRk4Ql6:1ALmq/QyquPKJhXjwRPhq8Rfw6 | ||
| imphash | 0b7d0cfc3cf5ef8b4576040fae638eaf | ||
| impfuzzy | 48:X+eGG9eH3RP8dP5exw1ggWPgycHeUV8u1agmutBg:X+s6WPYiSZDcHeUV8ucgmu8 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x486008 lstrlenA
0x48600c CopyFileExW
0x486010 SetEndOfFile
0x486014 HeapAlloc
0x486018 SetUnhandledExceptionFilter
0x48601c WritePrivateProfileSectionA
0x486020 GetModuleHandleExW
0x486024 GetProfileSectionA
0x486028 SetVolumeMountPointW
0x48602c OpenSemaphoreA
0x486030 EnumTimeFormatsW
0x486034 CreateActCtxW
0x486038 SetProcessPriorityBoost
0x48603c GetDriveTypeA
0x486040 LoadLibraryW
0x486044 TerminateThread
0x486048 ReadConsoleInputA
0x48604c CopyFileW
0x486050 GetPrivateProfileStructW
0x486054 GlobalFlags
0x486058 WritePrivateProfileStructW
0x48605c SetConsoleMode
0x486060 SetTimeZoneInformation
0x486064 VerifyVersionInfoA
0x486068 WriteConsoleW
0x48606c GetBinaryTypeA
0x486070 GetAtomNameW
0x486074 IsDBCSLeadByte
0x486078 ReadFile
0x48607c CreateFileW
0x486080 CompareStringW
0x486084 GetACP
0x486088 CreateDirectoryA
0x48608c InterlockedExchange
0x486090 SetCurrentDirectoryA
0x486094 FindFirstFileA
0x486098 OpenMutexW
0x48609c GlobalFix
0x4860a0 SetLastError
0x4860a4 GetThreadLocale
0x4860a8 GetProcAddress
0x4860ac GetComputerNameExW
0x4860b0 IsValidCodePage
0x4860b4 SetComputerNameA
0x4860b8 GetTempFileNameA
0x4860bc ResetEvent
0x4860c0 OpenWaitableTimerA
0x4860c4 LoadLibraryA
0x4860c8 WriteConsoleA
0x4860cc UnhandledExceptionFilter
0x4860d0 LocalAlloc
0x4860d4 GetFileType
0x4860d8 WriteProfileSectionW
0x4860dc AddAtomA
0x4860e0 SetCommMask
0x4860e4 SetSystemTime
0x4860e8 SetEnvironmentVariableA
0x4860ec GetModuleFileNameA
0x4860f0 SetConsoleCursorInfo
0x4860f4 SetConsoleTitleW
0x4860f8 GetModuleHandleA
0x4860fc DebugBreakProcess
0x486100 FreeEnvironmentStringsW
0x486104 BuildCommDCBA
0x486108 GetCurrentDirectoryA
0x48610c GetCPInfoExA
0x486110 SetCalendarInfoA
0x486114 GetVersionExA
0x486118 ReadConsoleOutputCharacterW
0x48611c TlsFree
0x486120 LCMapStringW
0x486124 GetVolumeInformationW
0x486128 SetStdHandle
0x48612c CloseHandle
0x486130 GetHandleInformation
0x486134 FillConsoleOutputCharacterA
0x486138 GetCommandLineW
0x48613c HeapSetInformation
0x486140 GetStartupInfoW
0x486144 EnterCriticalSection
0x486148 LeaveCriticalSection
0x48614c SetHandleCount
0x486150 GetStdHandle
0x486154 InitializeCriticalSectionAndSpinCount
0x486158 DeleteCriticalSection
0x48615c DecodePointer
0x486160 TerminateProcess
0x486164 GetCurrentProcess
0x486168 IsDebuggerPresent
0x48616c EncodePointer
0x486170 GetModuleFileNameW
0x486174 IsProcessorFeaturePresent
0x486178 QueryPerformanceCounter
0x48617c GetTickCount
0x486180 GetCurrentThreadId
0x486184 GetCurrentProcessId
0x486188 GetSystemTimeAsFileTime
0x48618c InterlockedIncrement
0x486190 InterlockedDecrement
0x486194 GetModuleHandleW
0x486198 ExitProcess
0x48619c GetEnvironmentStringsW
0x4861a0 HeapValidate
0x4861a4 IsBadReadPtr
0x4861a8 TlsAlloc
0x4861ac TlsGetValue
0x4861b0 TlsSetValue
0x4861b4 GetLastError
0x4861b8 HeapCreate
0x4861bc WriteFile
0x4861c0 OutputDebugStringA
0x4861c4 OutputDebugStringW
0x4861c8 RtlUnwind
0x4861cc MultiByteToWideChar
0x4861d0 GetOEMCP
0x4861d4 GetCPInfo
0x4861d8 RaiseException
0x4861dc HeapReAlloc
0x4861e0 HeapSize
0x4861e4 HeapQueryInformation
0x4861e8 HeapFree
0x4861ec FlushFileBuffers
0x4861f0 WideCharToMultiByte
0x4861f4 GetConsoleCP
0x4861f8 GetConsoleMode
0x4861fc GetStringTypeW
0x486200 SetFilePointer
USER32.dll
0x486208 GetMessageTime
0x48620c GetMenuCheckMarkDimensions
ADVAPI32.dll
0x486000 AdjustTokenPrivileges
EAT(Export Address Table) is none
KERNEL32.dll
0x486008 lstrlenA
0x48600c CopyFileExW
0x486010 SetEndOfFile
0x486014 HeapAlloc
0x486018 SetUnhandledExceptionFilter
0x48601c WritePrivateProfileSectionA
0x486020 GetModuleHandleExW
0x486024 GetProfileSectionA
0x486028 SetVolumeMountPointW
0x48602c OpenSemaphoreA
0x486030 EnumTimeFormatsW
0x486034 CreateActCtxW
0x486038 SetProcessPriorityBoost
0x48603c GetDriveTypeA
0x486040 LoadLibraryW
0x486044 TerminateThread
0x486048 ReadConsoleInputA
0x48604c CopyFileW
0x486050 GetPrivateProfileStructW
0x486054 GlobalFlags
0x486058 WritePrivateProfileStructW
0x48605c SetConsoleMode
0x486060 SetTimeZoneInformation
0x486064 VerifyVersionInfoA
0x486068 WriteConsoleW
0x48606c GetBinaryTypeA
0x486070 GetAtomNameW
0x486074 IsDBCSLeadByte
0x486078 ReadFile
0x48607c CreateFileW
0x486080 CompareStringW
0x486084 GetACP
0x486088 CreateDirectoryA
0x48608c InterlockedExchange
0x486090 SetCurrentDirectoryA
0x486094 FindFirstFileA
0x486098 OpenMutexW
0x48609c GlobalFix
0x4860a0 SetLastError
0x4860a4 GetThreadLocale
0x4860a8 GetProcAddress
0x4860ac GetComputerNameExW
0x4860b0 IsValidCodePage
0x4860b4 SetComputerNameA
0x4860b8 GetTempFileNameA
0x4860bc ResetEvent
0x4860c0 OpenWaitableTimerA
0x4860c4 LoadLibraryA
0x4860c8 WriteConsoleA
0x4860cc UnhandledExceptionFilter
0x4860d0 LocalAlloc
0x4860d4 GetFileType
0x4860d8 WriteProfileSectionW
0x4860dc AddAtomA
0x4860e0 SetCommMask
0x4860e4 SetSystemTime
0x4860e8 SetEnvironmentVariableA
0x4860ec GetModuleFileNameA
0x4860f0 SetConsoleCursorInfo
0x4860f4 SetConsoleTitleW
0x4860f8 GetModuleHandleA
0x4860fc DebugBreakProcess
0x486100 FreeEnvironmentStringsW
0x486104 BuildCommDCBA
0x486108 GetCurrentDirectoryA
0x48610c GetCPInfoExA
0x486110 SetCalendarInfoA
0x486114 GetVersionExA
0x486118 ReadConsoleOutputCharacterW
0x48611c TlsFree
0x486120 LCMapStringW
0x486124 GetVolumeInformationW
0x486128 SetStdHandle
0x48612c CloseHandle
0x486130 GetHandleInformation
0x486134 FillConsoleOutputCharacterA
0x486138 GetCommandLineW
0x48613c HeapSetInformation
0x486140 GetStartupInfoW
0x486144 EnterCriticalSection
0x486148 LeaveCriticalSection
0x48614c SetHandleCount
0x486150 GetStdHandle
0x486154 InitializeCriticalSectionAndSpinCount
0x486158 DeleteCriticalSection
0x48615c DecodePointer
0x486160 TerminateProcess
0x486164 GetCurrentProcess
0x486168 IsDebuggerPresent
0x48616c EncodePointer
0x486170 GetModuleFileNameW
0x486174 IsProcessorFeaturePresent
0x486178 QueryPerformanceCounter
0x48617c GetTickCount
0x486180 GetCurrentThreadId
0x486184 GetCurrentProcessId
0x486188 GetSystemTimeAsFileTime
0x48618c InterlockedIncrement
0x486190 InterlockedDecrement
0x486194 GetModuleHandleW
0x486198 ExitProcess
0x48619c GetEnvironmentStringsW
0x4861a0 HeapValidate
0x4861a4 IsBadReadPtr
0x4861a8 TlsAlloc
0x4861ac TlsGetValue
0x4861b0 TlsSetValue
0x4861b4 GetLastError
0x4861b8 HeapCreate
0x4861bc WriteFile
0x4861c0 OutputDebugStringA
0x4861c4 OutputDebugStringW
0x4861c8 RtlUnwind
0x4861cc MultiByteToWideChar
0x4861d0 GetOEMCP
0x4861d4 GetCPInfo
0x4861d8 RaiseException
0x4861dc HeapReAlloc
0x4861e0 HeapSize
0x4861e4 HeapQueryInformation
0x4861e8 HeapFree
0x4861ec FlushFileBuffers
0x4861f0 WideCharToMultiByte
0x4861f4 GetConsoleCP
0x4861f8 GetConsoleMode
0x4861fc GetStringTypeW
0x486200 SetFilePointer
USER32.dll
0x486208 GetMessageTime
0x48620c GetMenuCheckMarkDimensions
ADVAPI32.dll
0x486000 AdjustTokenPrivileges
EAT(Export Address Table) is none