ScreenShot
| Created | 2021.06.18 17:54 | Machine | s1_win7_x6401 |
| Filename | build.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 2f2506f0d7f62f22018c3e69438b7ce0 | ||
| sha256 | 923c862ca56a102b3ac83cfa26630325260dd549e8690a430fb39c15b60d310e | ||
| ssdeep | 24576:94diCuVUTnPAmG7dMVT3yXedakAy6T7lW1:CLrPlcKmBkAy6TJ | ||
| imphash | 0e61e5ee811a73c290e64659dd192375 | ||
| impfuzzy | 48:bOBRQPrswpdR3J/8W9kWPlp5JOqwaEBcltgJVQXhdzV2fG+1z:qfQP1/Zkwv5JJEBcltgJVQxdzVy | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4ba008 SetVolumeLabelA
0x4ba00c OpenFile
0x4ba010 SetLocalTime
0x4ba014 SetEndOfFile
0x4ba018 GetNumberOfConsoleInputEvents
0x4ba01c GetCommState
0x4ba020 InterlockedDecrement
0x4ba024 ScrollConsoleScreenBufferW
0x4ba028 GetProfileSectionA
0x4ba02c WriteConsoleInputA
0x4ba030 SetComputerNameW
0x4ba034 GetComputerNameW
0x4ba038 CreateDirectoryExA
0x4ba03c CallNamedPipeW
0x4ba040 GetModuleHandleW
0x4ba044 GenerateConsoleCtrlEvent
0x4ba048 GetSystemWow64DirectoryA
0x4ba04c EnumResourceTypesA
0x4ba050 GetDriveTypeA
0x4ba054 TlsSetValue
0x4ba058 FindResourceExA
0x4ba05c GlobalAlloc
0x4ba060 AddRefActCtx
0x4ba064 GetVolumeInformationA
0x4ba068 Sleep
0x4ba06c ReadFileScatter
0x4ba070 GetConsoleWindow
0x4ba074 GetSystemTimeAdjustment
0x4ba078 GetVersionExW
0x4ba07c InterlockedPopEntrySList
0x4ba080 GlobalFlags
0x4ba084 Beep
0x4ba088 VerifyVersionInfoA
0x4ba08c GetBinaryTypeA
0x4ba090 TerminateProcess
0x4ba094 ReadFile
0x4ba098 CompareStringW
0x4ba09c lstrlenW
0x4ba0a0 SetConsoleTitleA
0x4ba0a4 GlobalUnlock
0x4ba0a8 GetConsoleOutputCP
0x4ba0ac EnumResourceNamesW
0x4ba0b0 InterlockedExchange
0x4ba0b4 GetFileSizeEx
0x4ba0b8 GetStdHandle
0x4ba0bc FindFirstFileA
0x4ba0c0 IsDBCSLeadByteEx
0x4ba0c4 GetProcAddress
0x4ba0c8 WriteProfileSectionA
0x4ba0cc FreeUserPhysicalPages
0x4ba0d0 CreateMemoryResourceNotification
0x4ba0d4 SearchPathA
0x4ba0d8 GetPrivateProfileStringA
0x4ba0dc SetFileApisToOEM
0x4ba0e0 GetAtomNameA
0x4ba0e4 Process32FirstW
0x4ba0e8 OpenMutexA
0x4ba0ec OpenWaitableTimerW
0x4ba0f0 SetCalendarInfoW
0x4ba0f4 IsSystemResumeAutomatic
0x4ba0f8 GetCommMask
0x4ba0fc AddAtomA
0x4ba100 GetSystemInfo
0x4ba104 GetOEMCP
0x4ba108 SetConsoleCursorInfo
0x4ba10c CreateIoCompletionPort
0x4ba110 WaitCommEvent
0x4ba114 GetModuleHandleA
0x4ba118 FreeEnvironmentStringsW
0x4ba11c GetConsoleTitleW
0x4ba120 BuildCommDCBA
0x4ba124 GetCurrentDirectoryA
0x4ba128 CompareStringA
0x4ba12c GetWindowsDirectoryW
0x4ba130 GetCurrentProcessId
0x4ba134 LCMapStringW
0x4ba138 CopyFileExA
0x4ba13c DeleteFileA
0x4ba140 CreateFileA
0x4ba144 CreateDirectoryA
0x4ba148 GetCommandLineW
0x4ba14c GetLastError
0x4ba150 MoveFileA
0x4ba154 GetStartupInfoW
0x4ba158 HeapValidate
0x4ba15c IsBadReadPtr
0x4ba160 RaiseException
0x4ba164 EnterCriticalSection
0x4ba168 LeaveCriticalSection
0x4ba16c GetCurrentProcess
0x4ba170 UnhandledExceptionFilter
0x4ba174 SetUnhandledExceptionFilter
0x4ba178 IsDebuggerPresent
0x4ba17c GetModuleFileNameW
0x4ba180 DeleteCriticalSection
0x4ba184 QueryPerformanceCounter
0x4ba188 GetTickCount
0x4ba18c GetCurrentThreadId
0x4ba190 GetSystemTimeAsFileTime
0x4ba194 InterlockedIncrement
0x4ba198 ExitProcess
0x4ba19c GetEnvironmentStringsW
0x4ba1a0 SetHandleCount
0x4ba1a4 GetFileType
0x4ba1a8 GetStartupInfoA
0x4ba1ac TlsGetValue
0x4ba1b0 TlsAlloc
0x4ba1b4 TlsFree
0x4ba1b8 SetLastError
0x4ba1bc HeapDestroy
0x4ba1c0 HeapCreate
0x4ba1c4 HeapFree
0x4ba1c8 VirtualFree
0x4ba1cc GetModuleFileNameA
0x4ba1d0 WriteFile
0x4ba1d4 HeapAlloc
0x4ba1d8 HeapSize
0x4ba1dc HeapReAlloc
0x4ba1e0 VirtualAlloc
0x4ba1e4 GetACP
0x4ba1e8 GetCPInfo
0x4ba1ec IsValidCodePage
0x4ba1f0 RtlUnwind
0x4ba1f4 DebugBreak
0x4ba1f8 OutputDebugStringA
0x4ba1fc WriteConsoleW
0x4ba200 OutputDebugStringW
0x4ba204 LoadLibraryW
0x4ba208 MultiByteToWideChar
0x4ba20c InitializeCriticalSectionAndSpinCount
0x4ba210 LoadLibraryA
0x4ba214 WideCharToMultiByte
0x4ba218 LCMapStringA
0x4ba21c GetStringTypeA
0x4ba220 GetStringTypeW
0x4ba224 GetLocaleInfoA
0x4ba228 FlushFileBuffers
0x4ba22c GetConsoleCP
0x4ba230 GetConsoleMode
0x4ba234 SetFilePointer
0x4ba238 CloseHandle
0x4ba23c SetStdHandle
0x4ba240 WriteConsoleA
USER32.dll
0x4ba248 GetMenuBarInfo
0x4ba24c GetMenuInfo
0x4ba250 GetComboBoxInfo
0x4ba254 GetMenuCheckMarkDimensions
ADVAPI32.dll
0x4ba000 InitiateSystemShutdownA
EAT(Export Address Table) Library
0x4aff60 _CallPattern@8
0x4aff40 _futurama@4
0x4aff50 _zabiray@8
KERNEL32.dll
0x4ba008 SetVolumeLabelA
0x4ba00c OpenFile
0x4ba010 SetLocalTime
0x4ba014 SetEndOfFile
0x4ba018 GetNumberOfConsoleInputEvents
0x4ba01c GetCommState
0x4ba020 InterlockedDecrement
0x4ba024 ScrollConsoleScreenBufferW
0x4ba028 GetProfileSectionA
0x4ba02c WriteConsoleInputA
0x4ba030 SetComputerNameW
0x4ba034 GetComputerNameW
0x4ba038 CreateDirectoryExA
0x4ba03c CallNamedPipeW
0x4ba040 GetModuleHandleW
0x4ba044 GenerateConsoleCtrlEvent
0x4ba048 GetSystemWow64DirectoryA
0x4ba04c EnumResourceTypesA
0x4ba050 GetDriveTypeA
0x4ba054 TlsSetValue
0x4ba058 FindResourceExA
0x4ba05c GlobalAlloc
0x4ba060 AddRefActCtx
0x4ba064 GetVolumeInformationA
0x4ba068 Sleep
0x4ba06c ReadFileScatter
0x4ba070 GetConsoleWindow
0x4ba074 GetSystemTimeAdjustment
0x4ba078 GetVersionExW
0x4ba07c InterlockedPopEntrySList
0x4ba080 GlobalFlags
0x4ba084 Beep
0x4ba088 VerifyVersionInfoA
0x4ba08c GetBinaryTypeA
0x4ba090 TerminateProcess
0x4ba094 ReadFile
0x4ba098 CompareStringW
0x4ba09c lstrlenW
0x4ba0a0 SetConsoleTitleA
0x4ba0a4 GlobalUnlock
0x4ba0a8 GetConsoleOutputCP
0x4ba0ac EnumResourceNamesW
0x4ba0b0 InterlockedExchange
0x4ba0b4 GetFileSizeEx
0x4ba0b8 GetStdHandle
0x4ba0bc FindFirstFileA
0x4ba0c0 IsDBCSLeadByteEx
0x4ba0c4 GetProcAddress
0x4ba0c8 WriteProfileSectionA
0x4ba0cc FreeUserPhysicalPages
0x4ba0d0 CreateMemoryResourceNotification
0x4ba0d4 SearchPathA
0x4ba0d8 GetPrivateProfileStringA
0x4ba0dc SetFileApisToOEM
0x4ba0e0 GetAtomNameA
0x4ba0e4 Process32FirstW
0x4ba0e8 OpenMutexA
0x4ba0ec OpenWaitableTimerW
0x4ba0f0 SetCalendarInfoW
0x4ba0f4 IsSystemResumeAutomatic
0x4ba0f8 GetCommMask
0x4ba0fc AddAtomA
0x4ba100 GetSystemInfo
0x4ba104 GetOEMCP
0x4ba108 SetConsoleCursorInfo
0x4ba10c CreateIoCompletionPort
0x4ba110 WaitCommEvent
0x4ba114 GetModuleHandleA
0x4ba118 FreeEnvironmentStringsW
0x4ba11c GetConsoleTitleW
0x4ba120 BuildCommDCBA
0x4ba124 GetCurrentDirectoryA
0x4ba128 CompareStringA
0x4ba12c GetWindowsDirectoryW
0x4ba130 GetCurrentProcessId
0x4ba134 LCMapStringW
0x4ba138 CopyFileExA
0x4ba13c DeleteFileA
0x4ba140 CreateFileA
0x4ba144 CreateDirectoryA
0x4ba148 GetCommandLineW
0x4ba14c GetLastError
0x4ba150 MoveFileA
0x4ba154 GetStartupInfoW
0x4ba158 HeapValidate
0x4ba15c IsBadReadPtr
0x4ba160 RaiseException
0x4ba164 EnterCriticalSection
0x4ba168 LeaveCriticalSection
0x4ba16c GetCurrentProcess
0x4ba170 UnhandledExceptionFilter
0x4ba174 SetUnhandledExceptionFilter
0x4ba178 IsDebuggerPresent
0x4ba17c GetModuleFileNameW
0x4ba180 DeleteCriticalSection
0x4ba184 QueryPerformanceCounter
0x4ba188 GetTickCount
0x4ba18c GetCurrentThreadId
0x4ba190 GetSystemTimeAsFileTime
0x4ba194 InterlockedIncrement
0x4ba198 ExitProcess
0x4ba19c GetEnvironmentStringsW
0x4ba1a0 SetHandleCount
0x4ba1a4 GetFileType
0x4ba1a8 GetStartupInfoA
0x4ba1ac TlsGetValue
0x4ba1b0 TlsAlloc
0x4ba1b4 TlsFree
0x4ba1b8 SetLastError
0x4ba1bc HeapDestroy
0x4ba1c0 HeapCreate
0x4ba1c4 HeapFree
0x4ba1c8 VirtualFree
0x4ba1cc GetModuleFileNameA
0x4ba1d0 WriteFile
0x4ba1d4 HeapAlloc
0x4ba1d8 HeapSize
0x4ba1dc HeapReAlloc
0x4ba1e0 VirtualAlloc
0x4ba1e4 GetACP
0x4ba1e8 GetCPInfo
0x4ba1ec IsValidCodePage
0x4ba1f0 RtlUnwind
0x4ba1f4 DebugBreak
0x4ba1f8 OutputDebugStringA
0x4ba1fc WriteConsoleW
0x4ba200 OutputDebugStringW
0x4ba204 LoadLibraryW
0x4ba208 MultiByteToWideChar
0x4ba20c InitializeCriticalSectionAndSpinCount
0x4ba210 LoadLibraryA
0x4ba214 WideCharToMultiByte
0x4ba218 LCMapStringA
0x4ba21c GetStringTypeA
0x4ba220 GetStringTypeW
0x4ba224 GetLocaleInfoA
0x4ba228 FlushFileBuffers
0x4ba22c GetConsoleCP
0x4ba230 GetConsoleMode
0x4ba234 SetFilePointer
0x4ba238 CloseHandle
0x4ba23c SetStdHandle
0x4ba240 WriteConsoleA
USER32.dll
0x4ba248 GetMenuBarInfo
0x4ba24c GetMenuInfo
0x4ba250 GetComboBoxInfo
0x4ba254 GetMenuCheckMarkDimensions
ADVAPI32.dll
0x4ba000 InitiateSystemShutdownA
EAT(Export Address Table) Library
0x4aff60 _CallPattern@8
0x4aff40 _futurama@4
0x4aff50 _zabiray@8