ScreenShot
| Created | 2021.06.18 17:41 | Machine | s1_win7_x6401 |
| Filename | sefile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, ZexaF, yu0@aqGW0LnI, Kryptik, Eldorado, Attribute, HighConfidence, PWSX, A + Troj, Static AI, Malicious PE, Racealer, Azorult, score, ET#76%, RDMK, cmRtazqdommCCt2ZYdTx, VbuyZ2f, Ranumbot, susgen, confidence, 100%) | ||
| md5 | 06ac95deaa340711db9f10e66642fdb4 | ||
| sha256 | 26fbc6a8864ad5ff42b549a9a7b3dbc4cf6b20d57b4942e010ad637530953ab7 | ||
| ssdeep | 6144:5WNFDH3wvbpb8DM4jgJptYLenYK7AAShi/o7XGWeuAghtZZE6:SFb3wvbpb8DMhQenYKL0/WWe3Eh | ||
| imphash | 0e61e5ee811a73c290e64659dd192375 | ||
| impfuzzy | 48:bOBRQPrswpdR3J/8W9kWPlp5JOqwaEBcltgJVQXhdzV2fG+1z:qfQP1/Zkwv5JJEBcltgJVQxdzVy | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44a008 SetVolumeLabelA
0x44a00c OpenFile
0x44a010 SetLocalTime
0x44a014 SetEndOfFile
0x44a018 GetNumberOfConsoleInputEvents
0x44a01c GetCommState
0x44a020 InterlockedDecrement
0x44a024 ScrollConsoleScreenBufferW
0x44a028 GetProfileSectionA
0x44a02c WriteConsoleInputA
0x44a030 SetComputerNameW
0x44a034 GetComputerNameW
0x44a038 CreateDirectoryExA
0x44a03c CallNamedPipeW
0x44a040 GetModuleHandleW
0x44a044 GenerateConsoleCtrlEvent
0x44a048 GetSystemWow64DirectoryA
0x44a04c EnumResourceTypesA
0x44a050 GetDriveTypeA
0x44a054 TlsSetValue
0x44a058 FindResourceExA
0x44a05c GlobalAlloc
0x44a060 AddRefActCtx
0x44a064 GetVolumeInformationA
0x44a068 Sleep
0x44a06c ReadFileScatter
0x44a070 GetConsoleWindow
0x44a074 GetSystemTimeAdjustment
0x44a078 GetVersionExW
0x44a07c InterlockedPopEntrySList
0x44a080 GlobalFlags
0x44a084 Beep
0x44a088 VerifyVersionInfoA
0x44a08c GetBinaryTypeA
0x44a090 TerminateProcess
0x44a094 ReadFile
0x44a098 CompareStringW
0x44a09c lstrlenW
0x44a0a0 SetConsoleTitleA
0x44a0a4 GlobalUnlock
0x44a0a8 GetConsoleOutputCP
0x44a0ac EnumResourceNamesW
0x44a0b0 InterlockedExchange
0x44a0b4 GetFileSizeEx
0x44a0b8 GetStdHandle
0x44a0bc FindFirstFileA
0x44a0c0 IsDBCSLeadByteEx
0x44a0c4 GetProcAddress
0x44a0c8 WriteProfileSectionA
0x44a0cc FreeUserPhysicalPages
0x44a0d0 CreateMemoryResourceNotification
0x44a0d4 SearchPathA
0x44a0d8 GetPrivateProfileStringA
0x44a0dc SetFileApisToOEM
0x44a0e0 GetAtomNameA
0x44a0e4 Process32FirstW
0x44a0e8 OpenMutexA
0x44a0ec OpenWaitableTimerW
0x44a0f0 SetCalendarInfoW
0x44a0f4 IsSystemResumeAutomatic
0x44a0f8 GetCommMask
0x44a0fc AddAtomA
0x44a100 GetSystemInfo
0x44a104 GetOEMCP
0x44a108 SetConsoleCursorInfo
0x44a10c CreateIoCompletionPort
0x44a110 WaitCommEvent
0x44a114 GetModuleHandleA
0x44a118 FreeEnvironmentStringsW
0x44a11c GetConsoleTitleW
0x44a120 BuildCommDCBA
0x44a124 GetCurrentDirectoryA
0x44a128 CompareStringA
0x44a12c GetWindowsDirectoryW
0x44a130 GetCurrentProcessId
0x44a134 LCMapStringW
0x44a138 CopyFileExA
0x44a13c DeleteFileA
0x44a140 CreateFileA
0x44a144 CreateDirectoryA
0x44a148 GetCommandLineW
0x44a14c GetLastError
0x44a150 MoveFileA
0x44a154 GetStartupInfoW
0x44a158 HeapValidate
0x44a15c IsBadReadPtr
0x44a160 RaiseException
0x44a164 EnterCriticalSection
0x44a168 LeaveCriticalSection
0x44a16c GetCurrentProcess
0x44a170 UnhandledExceptionFilter
0x44a174 SetUnhandledExceptionFilter
0x44a178 IsDebuggerPresent
0x44a17c GetModuleFileNameW
0x44a180 DeleteCriticalSection
0x44a184 QueryPerformanceCounter
0x44a188 GetTickCount
0x44a18c GetCurrentThreadId
0x44a190 GetSystemTimeAsFileTime
0x44a194 InterlockedIncrement
0x44a198 ExitProcess
0x44a19c GetEnvironmentStringsW
0x44a1a0 SetHandleCount
0x44a1a4 GetFileType
0x44a1a8 GetStartupInfoA
0x44a1ac TlsGetValue
0x44a1b0 TlsAlloc
0x44a1b4 TlsFree
0x44a1b8 SetLastError
0x44a1bc HeapDestroy
0x44a1c0 HeapCreate
0x44a1c4 HeapFree
0x44a1c8 VirtualFree
0x44a1cc GetModuleFileNameA
0x44a1d0 WriteFile
0x44a1d4 HeapAlloc
0x44a1d8 HeapSize
0x44a1dc HeapReAlloc
0x44a1e0 VirtualAlloc
0x44a1e4 GetACP
0x44a1e8 GetCPInfo
0x44a1ec IsValidCodePage
0x44a1f0 RtlUnwind
0x44a1f4 DebugBreak
0x44a1f8 OutputDebugStringA
0x44a1fc WriteConsoleW
0x44a200 OutputDebugStringW
0x44a204 LoadLibraryW
0x44a208 MultiByteToWideChar
0x44a20c InitializeCriticalSectionAndSpinCount
0x44a210 LoadLibraryA
0x44a214 WideCharToMultiByte
0x44a218 LCMapStringA
0x44a21c GetStringTypeA
0x44a220 GetStringTypeW
0x44a224 GetLocaleInfoA
0x44a228 FlushFileBuffers
0x44a22c GetConsoleCP
0x44a230 GetConsoleMode
0x44a234 SetFilePointer
0x44a238 CloseHandle
0x44a23c SetStdHandle
0x44a240 WriteConsoleA
USER32.dll
0x44a248 GetMenuBarInfo
0x44a24c GetMenuInfo
0x44a250 GetComboBoxInfo
0x44a254 GetMenuCheckMarkDimensions
ADVAPI32.dll
0x44a000 InitiateSystemShutdownA
EAT(Export Address Table) Library
0x43f770 _CallPattern@8
0x43f750 _futurama@4
0x43f760 _zabiray@8
KERNEL32.dll
0x44a008 SetVolumeLabelA
0x44a00c OpenFile
0x44a010 SetLocalTime
0x44a014 SetEndOfFile
0x44a018 GetNumberOfConsoleInputEvents
0x44a01c GetCommState
0x44a020 InterlockedDecrement
0x44a024 ScrollConsoleScreenBufferW
0x44a028 GetProfileSectionA
0x44a02c WriteConsoleInputA
0x44a030 SetComputerNameW
0x44a034 GetComputerNameW
0x44a038 CreateDirectoryExA
0x44a03c CallNamedPipeW
0x44a040 GetModuleHandleW
0x44a044 GenerateConsoleCtrlEvent
0x44a048 GetSystemWow64DirectoryA
0x44a04c EnumResourceTypesA
0x44a050 GetDriveTypeA
0x44a054 TlsSetValue
0x44a058 FindResourceExA
0x44a05c GlobalAlloc
0x44a060 AddRefActCtx
0x44a064 GetVolumeInformationA
0x44a068 Sleep
0x44a06c ReadFileScatter
0x44a070 GetConsoleWindow
0x44a074 GetSystemTimeAdjustment
0x44a078 GetVersionExW
0x44a07c InterlockedPopEntrySList
0x44a080 GlobalFlags
0x44a084 Beep
0x44a088 VerifyVersionInfoA
0x44a08c GetBinaryTypeA
0x44a090 TerminateProcess
0x44a094 ReadFile
0x44a098 CompareStringW
0x44a09c lstrlenW
0x44a0a0 SetConsoleTitleA
0x44a0a4 GlobalUnlock
0x44a0a8 GetConsoleOutputCP
0x44a0ac EnumResourceNamesW
0x44a0b0 InterlockedExchange
0x44a0b4 GetFileSizeEx
0x44a0b8 GetStdHandle
0x44a0bc FindFirstFileA
0x44a0c0 IsDBCSLeadByteEx
0x44a0c4 GetProcAddress
0x44a0c8 WriteProfileSectionA
0x44a0cc FreeUserPhysicalPages
0x44a0d0 CreateMemoryResourceNotification
0x44a0d4 SearchPathA
0x44a0d8 GetPrivateProfileStringA
0x44a0dc SetFileApisToOEM
0x44a0e0 GetAtomNameA
0x44a0e4 Process32FirstW
0x44a0e8 OpenMutexA
0x44a0ec OpenWaitableTimerW
0x44a0f0 SetCalendarInfoW
0x44a0f4 IsSystemResumeAutomatic
0x44a0f8 GetCommMask
0x44a0fc AddAtomA
0x44a100 GetSystemInfo
0x44a104 GetOEMCP
0x44a108 SetConsoleCursorInfo
0x44a10c CreateIoCompletionPort
0x44a110 WaitCommEvent
0x44a114 GetModuleHandleA
0x44a118 FreeEnvironmentStringsW
0x44a11c GetConsoleTitleW
0x44a120 BuildCommDCBA
0x44a124 GetCurrentDirectoryA
0x44a128 CompareStringA
0x44a12c GetWindowsDirectoryW
0x44a130 GetCurrentProcessId
0x44a134 LCMapStringW
0x44a138 CopyFileExA
0x44a13c DeleteFileA
0x44a140 CreateFileA
0x44a144 CreateDirectoryA
0x44a148 GetCommandLineW
0x44a14c GetLastError
0x44a150 MoveFileA
0x44a154 GetStartupInfoW
0x44a158 HeapValidate
0x44a15c IsBadReadPtr
0x44a160 RaiseException
0x44a164 EnterCriticalSection
0x44a168 LeaveCriticalSection
0x44a16c GetCurrentProcess
0x44a170 UnhandledExceptionFilter
0x44a174 SetUnhandledExceptionFilter
0x44a178 IsDebuggerPresent
0x44a17c GetModuleFileNameW
0x44a180 DeleteCriticalSection
0x44a184 QueryPerformanceCounter
0x44a188 GetTickCount
0x44a18c GetCurrentThreadId
0x44a190 GetSystemTimeAsFileTime
0x44a194 InterlockedIncrement
0x44a198 ExitProcess
0x44a19c GetEnvironmentStringsW
0x44a1a0 SetHandleCount
0x44a1a4 GetFileType
0x44a1a8 GetStartupInfoA
0x44a1ac TlsGetValue
0x44a1b0 TlsAlloc
0x44a1b4 TlsFree
0x44a1b8 SetLastError
0x44a1bc HeapDestroy
0x44a1c0 HeapCreate
0x44a1c4 HeapFree
0x44a1c8 VirtualFree
0x44a1cc GetModuleFileNameA
0x44a1d0 WriteFile
0x44a1d4 HeapAlloc
0x44a1d8 HeapSize
0x44a1dc HeapReAlloc
0x44a1e0 VirtualAlloc
0x44a1e4 GetACP
0x44a1e8 GetCPInfo
0x44a1ec IsValidCodePage
0x44a1f0 RtlUnwind
0x44a1f4 DebugBreak
0x44a1f8 OutputDebugStringA
0x44a1fc WriteConsoleW
0x44a200 OutputDebugStringW
0x44a204 LoadLibraryW
0x44a208 MultiByteToWideChar
0x44a20c InitializeCriticalSectionAndSpinCount
0x44a210 LoadLibraryA
0x44a214 WideCharToMultiByte
0x44a218 LCMapStringA
0x44a21c GetStringTypeA
0x44a220 GetStringTypeW
0x44a224 GetLocaleInfoA
0x44a228 FlushFileBuffers
0x44a22c GetConsoleCP
0x44a230 GetConsoleMode
0x44a234 SetFilePointer
0x44a238 CloseHandle
0x44a23c SetStdHandle
0x44a240 WriteConsoleA
USER32.dll
0x44a248 GetMenuBarInfo
0x44a24c GetMenuInfo
0x44a250 GetComboBoxInfo
0x44a254 GetMenuCheckMarkDimensions
ADVAPI32.dll
0x44a000 InitiateSystemShutdownA
EAT(Export Address Table) Library
0x43f770 _CallPattern@8
0x43f750 _futurama@4
0x43f760 _zabiray@8