ScreenShot
| Created | 2021.06.19 09:04 | Machine | s1_win7_x6401 |
| Filename | g63.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Hacktool, Kryptik, Eldorado, Attribute, HighConfidence, ET#77%, RDMK, cmRtazpoXXvoyK2n8IsRj4WUbD6X, A + Troj, Static AI, Malicious PE, Zenpak, Caynamer, score, BScope, Ranumbot, ZexaF, xu0@aKyaqkpI, confidence, 100%, susgen) | ||
| md5 | 607a1510ce7946e7e5528dee9a6e6e2c | ||
| sha256 | af9417afddd1867732538ff369e917f68407906bef20dfb2e0b99ee8a04664cc | ||
| ssdeep | 6144:c/a+CnhocDMDVMV4HkwXozxdOW6IsusZ5HhLX64CFPZPnheSjY:1+ChocIDVMmHuzxdR6w8FMthNY | ||
| imphash | f38124646e535204cd12e80d37ffde43 | ||
| impfuzzy | 48:C1gydrfUpdUJ6G9WDnPlpfO5MaEBcltgJV8vwml0POG+T:SLdIztaWPvfyEBcltgJV8vdl0i | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x449000 GetCommandLineW
0x449004 EnumResourceNamesW
0x449008 SetVolumeLabelA
0x44900c SearchPathW
0x449010 FindFirstFileW
0x449014 OpenFile
0x449018 SetLocalTime
0x44901c GetDriveTypeW
0x449020 SetEndOfFile
0x449024 GetNumberOfConsoleInputEvents
0x449028 CallNamedPipeA
0x44902c InterlockedIncrement
0x449030 InterlockedDecrement
0x449034 GetProfileStringW
0x449038 GetProfileSectionA
0x44903c GetComputerNameW
0x449040 CreateDirectoryExA
0x449044 GetModuleHandleW
0x449048 GenerateConsoleCtrlEvent
0x44904c GetConsoleTitleA
0x449050 GetWindowsDirectoryA
0x449054 GetSystemWow64DirectoryA
0x449058 EnumResourceTypesA
0x44905c TlsSetValue
0x449060 FindResourceExA
0x449064 GlobalAlloc
0x449068 AddRefActCtx
0x44906c GetVolumeInformationA
0x449070 Sleep
0x449074 ReadFileScatter
0x449078 GetConsoleWindow
0x44907c GetSystemTimeAdjustment
0x449080 GetVersionExW
0x449084 InterlockedPopEntrySList
0x449088 GlobalFlags
0x44908c VerifyVersionInfoA
0x449090 GetBinaryTypeA
0x449094 TerminateProcess
0x449098 ReadFile
0x44909c CompareStringW
0x4490a0 lstrlenW
0x4490a4 SetConsoleTitleA
0x4490a8 GlobalUnlock
0x4490ac LCMapStringA
0x4490b0 GetConsoleOutputCP
0x4490b4 CreateDirectoryA
0x4490b8 InterlockedExchange
0x4490bc GetFileSizeEx
0x4490c0 IsDBCSLeadByteEx
0x4490c4 GetProcAddress
0x4490c8 FreeUserPhysicalPages
0x4490cc SetComputerNameA
0x4490d0 CreateMemoryResourceNotification
0x4490d4 SearchPathA
0x4490d8 GetPrivateProfileStringA
0x4490dc GetAtomNameA
0x4490e0 Process32FirstW
0x4490e4 OpenMutexA
0x4490e8 OpenWaitableTimerW
0x4490ec SetCalendarInfoW
0x4490f0 IsSystemResumeAutomatic
0x4490f4 SetFileApisToANSI
0x4490f8 WriteProfileSectionW
0x4490fc GetCommMask
0x449100 AddAtomA
0x449104 GetTapeParameters
0x449108 GetSystemInfo
0x44910c GetOEMCP
0x449110 FindNextFileA
0x449114 SetConsoleCursorInfo
0x449118 CreateIoCompletionPort
0x44911c WaitCommEvent
0x449120 FreeEnvironmentStringsW
0x449124 BuildCommDCBA
0x449128 GetCurrentDirectoryA
0x44912c CompareStringA
0x449130 ScrollConsoleScreenBufferA
0x449134 CopyFileExA
0x449138 DeleteFileA
0x44913c GetModuleHandleA
0x449140 CreateFileA
0x449144 GetLastError
0x449148 MoveFileA
0x44914c GetCommandLineA
0x449150 GetStartupInfoA
0x449154 HeapValidate
0x449158 IsBadReadPtr
0x44915c RaiseException
0x449160 EnterCriticalSection
0x449164 LeaveCriticalSection
0x449168 GetCurrentProcess
0x44916c UnhandledExceptionFilter
0x449170 SetUnhandledExceptionFilter
0x449174 IsDebuggerPresent
0x449178 GetModuleFileNameW
0x44917c DeleteCriticalSection
0x449180 QueryPerformanceCounter
0x449184 GetTickCount
0x449188 GetCurrentThreadId
0x44918c GetCurrentProcessId
0x449190 GetSystemTimeAsFileTime
0x449194 ExitProcess
0x449198 GetModuleFileNameA
0x44919c FreeEnvironmentStringsA
0x4491a0 GetEnvironmentStrings
0x4491a4 WideCharToMultiByte
0x4491a8 GetEnvironmentStringsW
0x4491ac SetHandleCount
0x4491b0 GetStdHandle
0x4491b4 GetFileType
0x4491b8 TlsGetValue
0x4491bc TlsAlloc
0x4491c0 TlsFree
0x4491c4 SetLastError
0x4491c8 HeapDestroy
0x4491cc HeapCreate
0x4491d0 HeapFree
0x4491d4 VirtualFree
0x4491d8 WriteFile
0x4491dc HeapAlloc
0x4491e0 HeapSize
0x4491e4 HeapReAlloc
0x4491e8 VirtualAlloc
0x4491ec GetACP
0x4491f0 GetCPInfo
0x4491f4 IsValidCodePage
0x4491f8 DebugBreak
0x4491fc OutputDebugStringA
0x449200 WriteConsoleW
0x449204 OutputDebugStringW
0x449208 LoadLibraryW
0x44920c RtlUnwind
0x449210 MultiByteToWideChar
0x449214 InitializeCriticalSectionAndSpinCount
0x449218 LoadLibraryA
0x44921c LCMapStringW
0x449220 GetStringTypeA
0x449224 GetStringTypeW
0x449228 GetLocaleInfoA
0x44922c FlushFileBuffers
0x449230 GetConsoleCP
0x449234 GetConsoleMode
0x449238 SetFilePointer
0x44923c CloseHandle
0x449240 SetStdHandle
0x449244 WriteConsoleA
USER32.dll
0x44924c GetMenuCheckMarkDimensions
0x449250 GetMenuInfo
0x449254 GetComboBoxInfo
0x449258 GetMenuBarInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x449000 GetCommandLineW
0x449004 EnumResourceNamesW
0x449008 SetVolumeLabelA
0x44900c SearchPathW
0x449010 FindFirstFileW
0x449014 OpenFile
0x449018 SetLocalTime
0x44901c GetDriveTypeW
0x449020 SetEndOfFile
0x449024 GetNumberOfConsoleInputEvents
0x449028 CallNamedPipeA
0x44902c InterlockedIncrement
0x449030 InterlockedDecrement
0x449034 GetProfileStringW
0x449038 GetProfileSectionA
0x44903c GetComputerNameW
0x449040 CreateDirectoryExA
0x449044 GetModuleHandleW
0x449048 GenerateConsoleCtrlEvent
0x44904c GetConsoleTitleA
0x449050 GetWindowsDirectoryA
0x449054 GetSystemWow64DirectoryA
0x449058 EnumResourceTypesA
0x44905c TlsSetValue
0x449060 FindResourceExA
0x449064 GlobalAlloc
0x449068 AddRefActCtx
0x44906c GetVolumeInformationA
0x449070 Sleep
0x449074 ReadFileScatter
0x449078 GetConsoleWindow
0x44907c GetSystemTimeAdjustment
0x449080 GetVersionExW
0x449084 InterlockedPopEntrySList
0x449088 GlobalFlags
0x44908c VerifyVersionInfoA
0x449090 GetBinaryTypeA
0x449094 TerminateProcess
0x449098 ReadFile
0x44909c CompareStringW
0x4490a0 lstrlenW
0x4490a4 SetConsoleTitleA
0x4490a8 GlobalUnlock
0x4490ac LCMapStringA
0x4490b0 GetConsoleOutputCP
0x4490b4 CreateDirectoryA
0x4490b8 InterlockedExchange
0x4490bc GetFileSizeEx
0x4490c0 IsDBCSLeadByteEx
0x4490c4 GetProcAddress
0x4490c8 FreeUserPhysicalPages
0x4490cc SetComputerNameA
0x4490d0 CreateMemoryResourceNotification
0x4490d4 SearchPathA
0x4490d8 GetPrivateProfileStringA
0x4490dc GetAtomNameA
0x4490e0 Process32FirstW
0x4490e4 OpenMutexA
0x4490e8 OpenWaitableTimerW
0x4490ec SetCalendarInfoW
0x4490f0 IsSystemResumeAutomatic
0x4490f4 SetFileApisToANSI
0x4490f8 WriteProfileSectionW
0x4490fc GetCommMask
0x449100 AddAtomA
0x449104 GetTapeParameters
0x449108 GetSystemInfo
0x44910c GetOEMCP
0x449110 FindNextFileA
0x449114 SetConsoleCursorInfo
0x449118 CreateIoCompletionPort
0x44911c WaitCommEvent
0x449120 FreeEnvironmentStringsW
0x449124 BuildCommDCBA
0x449128 GetCurrentDirectoryA
0x44912c CompareStringA
0x449130 ScrollConsoleScreenBufferA
0x449134 CopyFileExA
0x449138 DeleteFileA
0x44913c GetModuleHandleA
0x449140 CreateFileA
0x449144 GetLastError
0x449148 MoveFileA
0x44914c GetCommandLineA
0x449150 GetStartupInfoA
0x449154 HeapValidate
0x449158 IsBadReadPtr
0x44915c RaiseException
0x449160 EnterCriticalSection
0x449164 LeaveCriticalSection
0x449168 GetCurrentProcess
0x44916c UnhandledExceptionFilter
0x449170 SetUnhandledExceptionFilter
0x449174 IsDebuggerPresent
0x449178 GetModuleFileNameW
0x44917c DeleteCriticalSection
0x449180 QueryPerformanceCounter
0x449184 GetTickCount
0x449188 GetCurrentThreadId
0x44918c GetCurrentProcessId
0x449190 GetSystemTimeAsFileTime
0x449194 ExitProcess
0x449198 GetModuleFileNameA
0x44919c FreeEnvironmentStringsA
0x4491a0 GetEnvironmentStrings
0x4491a4 WideCharToMultiByte
0x4491a8 GetEnvironmentStringsW
0x4491ac SetHandleCount
0x4491b0 GetStdHandle
0x4491b4 GetFileType
0x4491b8 TlsGetValue
0x4491bc TlsAlloc
0x4491c0 TlsFree
0x4491c4 SetLastError
0x4491c8 HeapDestroy
0x4491cc HeapCreate
0x4491d0 HeapFree
0x4491d4 VirtualFree
0x4491d8 WriteFile
0x4491dc HeapAlloc
0x4491e0 HeapSize
0x4491e4 HeapReAlloc
0x4491e8 VirtualAlloc
0x4491ec GetACP
0x4491f0 GetCPInfo
0x4491f4 IsValidCodePage
0x4491f8 DebugBreak
0x4491fc OutputDebugStringA
0x449200 WriteConsoleW
0x449204 OutputDebugStringW
0x449208 LoadLibraryW
0x44920c RtlUnwind
0x449210 MultiByteToWideChar
0x449214 InitializeCriticalSectionAndSpinCount
0x449218 LoadLibraryA
0x44921c LCMapStringW
0x449220 GetStringTypeA
0x449224 GetStringTypeW
0x449228 GetLocaleInfoA
0x44922c FlushFileBuffers
0x449230 GetConsoleCP
0x449234 GetConsoleMode
0x449238 SetFilePointer
0x44923c CloseHandle
0x449240 SetStdHandle
0x449244 WriteConsoleA
USER32.dll
0x44924c GetMenuCheckMarkDimensions
0x449250 GetMenuInfo
0x449254 GetComboBoxInfo
0x449258 GetMenuBarInfo
EAT(Export Address Table) is none