ScreenShot
| Created | 2021.06.19 10:01 | Machine | s1_win7_x6401 |
| Filename | kk.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 43 detected (AIDetect, malware2, malicious, high confidence, GenericKD, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, HLKO, PWSX, Zenpak, CLASSIC, A + Troj, DownLoader39, Ranumbot, Racealer, Glupteba, 1JZ87B7, score, MalPE, R426259, ai score=85, Static AI, Malicious PE, ZexaF, ruW@aGxvbvjI, GdSda, susgen) | ||
| md5 | b557a14d15bdb2a1ec7da60784c61ffe | ||
| sha256 | 2a57c4a71119c2c650be88226592aa09b162044c3a6fe1b84fb527ba433bc65e | ||
| ssdeep | 6144:T9tCTfmKF75Vbr61KT6LUZS1OFIFhmyfp7tfDB:nCiKF755r63/FsA1xB | ||
| imphash | 5bc76f4349f7f0afe0c88e229f50d37f | ||
| impfuzzy | 48:9yOBnCCrHyTdNDkJ/8SeqPlpI62OMwaEBcftgJVQX1dzV2fG+1l:9dtCCAW9ekvIZDEBcftgJVQFdzVI | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x432008 GlobalFix
0x43200c GetFileSize
0x432010 OpenFile
0x432014 SetLocalTime
0x432018 SetEndOfFile
0x43201c GetNumberOfConsoleInputEvents
0x432020 FindResourceExW
0x432024 GetCommState
0x432028 InterlockedDecrement
0x43202c ScrollConsoleScreenBufferW
0x432030 GetProfileSectionA
0x432034 WriteConsoleInputA
0x432038 SetComputerNameW
0x43203c GetComputerNameW
0x432040 CallNamedPipeW
0x432044 GetModuleHandleW
0x432048 GetSystemWow64DirectoryA
0x43204c CreateDirectoryExW
0x432050 GetDriveTypeA
0x432054 TlsSetValue
0x432058 GlobalAlloc
0x43205c AddRefActCtx
0x432060 GetVolumeInformationA
0x432064 Sleep
0x432068 ReadFileScatter
0x43206c GetSystemTimeAdjustment
0x432070 GetVersionExW
0x432074 InterlockedPopEntrySList
0x432078 GlobalFlags
0x43207c Beep
0x432080 VerifyVersionInfoA
0x432084 GetBinaryTypeA
0x432088 ReadFile
0x43208c CompareStringW
0x432090 GetACP
0x432094 lstrlenW
0x432098 GlobalUnlock
0x43209c GetConsoleOutputCP
0x4320a0 CreateDirectoryA
0x4320a4 InterlockedExchange
0x4320a8 GetStdHandle
0x4320ac EnumResourceNamesW
0x4320b0 OpenMutexW
0x4320b4 IsDBCSLeadByteEx
0x4320b8 GetProcAddress
0x4320bc SetVolumeLabelW
0x4320c0 WriteProfileSectionA
0x4320c4 FreeUserPhysicalPages
0x4320c8 CreateMemoryResourceNotification
0x4320cc SearchPathA
0x4320d0 GetPrivateProfileStringA
0x4320d4 SetFileApisToOEM
0x4320d8 GetAtomNameA
0x4320dc Process32FirstW
0x4320e0 OpenWaitableTimerW
0x4320e4 IsSystemResumeAutomatic
0x4320e8 GetCommMask
0x4320ec AddAtomA
0x4320f0 GetSystemInfo
0x4320f4 SetSystemTime
0x4320f8 EnumResourceTypesW
0x4320fc SetConsoleCursorInfo
0x432100 CreateIoCompletionPort
0x432104 WaitCommEvent
0x432108 SetConsoleTitleW
0x43210c GetModuleHandleA
0x432110 FreeEnvironmentStringsW
0x432114 GetConsoleTitleW
0x432118 BuildCommDCBA
0x43211c GetCurrentDirectoryA
0x432120 CompareStringA
0x432124 SetCalendarInfoA
0x432128 GetWindowsDirectoryW
0x43212c GetCurrentProcessId
0x432130 SuspendThread
0x432134 LCMapStringW
0x432138 CopyFileExA
0x43213c DeleteFileA
0x432140 CreateFileA
0x432144 FindFirstFileA
0x432148 GetCommandLineW
0x43214c GetLastError
0x432150 MoveFileA
0x432154 GetStartupInfoW
0x432158 HeapValidate
0x43215c IsBadReadPtr
0x432160 RaiseException
0x432164 EnterCriticalSection
0x432168 LeaveCriticalSection
0x43216c TerminateProcess
0x432170 GetCurrentProcess
0x432174 UnhandledExceptionFilter
0x432178 SetUnhandledExceptionFilter
0x43217c IsDebuggerPresent
0x432180 GetModuleFileNameW
0x432184 DeleteCriticalSection
0x432188 QueryPerformanceCounter
0x43218c GetTickCount
0x432190 GetCurrentThreadId
0x432194 GetSystemTimeAsFileTime
0x432198 InterlockedIncrement
0x43219c ExitProcess
0x4321a0 GetEnvironmentStringsW
0x4321a4 SetHandleCount
0x4321a8 GetFileType
0x4321ac GetStartupInfoA
0x4321b0 TlsGetValue
0x4321b4 TlsAlloc
0x4321b8 TlsFree
0x4321bc SetLastError
0x4321c0 HeapDestroy
0x4321c4 HeapCreate
0x4321c8 HeapFree
0x4321cc VirtualFree
0x4321d0 GetModuleFileNameA
0x4321d4 WriteFile
0x4321d8 HeapAlloc
0x4321dc HeapSize
0x4321e0 HeapReAlloc
0x4321e4 VirtualAlloc
0x4321e8 GetOEMCP
0x4321ec GetCPInfo
0x4321f0 IsValidCodePage
0x4321f4 RtlUnwind
0x4321f8 DebugBreak
0x4321fc OutputDebugStringA
0x432200 WriteConsoleW
0x432204 OutputDebugStringW
0x432208 LoadLibraryW
0x43220c MultiByteToWideChar
0x432210 InitializeCriticalSectionAndSpinCount
0x432214 LoadLibraryA
0x432218 WideCharToMultiByte
0x43221c LCMapStringA
0x432220 GetStringTypeA
0x432224 GetStringTypeW
0x432228 GetLocaleInfoA
0x43222c FlushFileBuffers
0x432230 GetConsoleCP
0x432234 GetConsoleMode
0x432238 SetFilePointer
0x43223c CloseHandle
0x432240 SetStdHandle
0x432244 WriteConsoleA
USER32.dll
0x43224c GetMenuBarInfo
0x432250 GetMenuInfo
0x432254 GetComboBoxInfo
0x432258 GetListBoxInfo
ADVAPI32.dll
0x432000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x427160 _futurama@4
KERNEL32.dll
0x432008 GlobalFix
0x43200c GetFileSize
0x432010 OpenFile
0x432014 SetLocalTime
0x432018 SetEndOfFile
0x43201c GetNumberOfConsoleInputEvents
0x432020 FindResourceExW
0x432024 GetCommState
0x432028 InterlockedDecrement
0x43202c ScrollConsoleScreenBufferW
0x432030 GetProfileSectionA
0x432034 WriteConsoleInputA
0x432038 SetComputerNameW
0x43203c GetComputerNameW
0x432040 CallNamedPipeW
0x432044 GetModuleHandleW
0x432048 GetSystemWow64DirectoryA
0x43204c CreateDirectoryExW
0x432050 GetDriveTypeA
0x432054 TlsSetValue
0x432058 GlobalAlloc
0x43205c AddRefActCtx
0x432060 GetVolumeInformationA
0x432064 Sleep
0x432068 ReadFileScatter
0x43206c GetSystemTimeAdjustment
0x432070 GetVersionExW
0x432074 InterlockedPopEntrySList
0x432078 GlobalFlags
0x43207c Beep
0x432080 VerifyVersionInfoA
0x432084 GetBinaryTypeA
0x432088 ReadFile
0x43208c CompareStringW
0x432090 GetACP
0x432094 lstrlenW
0x432098 GlobalUnlock
0x43209c GetConsoleOutputCP
0x4320a0 CreateDirectoryA
0x4320a4 InterlockedExchange
0x4320a8 GetStdHandle
0x4320ac EnumResourceNamesW
0x4320b0 OpenMutexW
0x4320b4 IsDBCSLeadByteEx
0x4320b8 GetProcAddress
0x4320bc SetVolumeLabelW
0x4320c0 WriteProfileSectionA
0x4320c4 FreeUserPhysicalPages
0x4320c8 CreateMemoryResourceNotification
0x4320cc SearchPathA
0x4320d0 GetPrivateProfileStringA
0x4320d4 SetFileApisToOEM
0x4320d8 GetAtomNameA
0x4320dc Process32FirstW
0x4320e0 OpenWaitableTimerW
0x4320e4 IsSystemResumeAutomatic
0x4320e8 GetCommMask
0x4320ec AddAtomA
0x4320f0 GetSystemInfo
0x4320f4 SetSystemTime
0x4320f8 EnumResourceTypesW
0x4320fc SetConsoleCursorInfo
0x432100 CreateIoCompletionPort
0x432104 WaitCommEvent
0x432108 SetConsoleTitleW
0x43210c GetModuleHandleA
0x432110 FreeEnvironmentStringsW
0x432114 GetConsoleTitleW
0x432118 BuildCommDCBA
0x43211c GetCurrentDirectoryA
0x432120 CompareStringA
0x432124 SetCalendarInfoA
0x432128 GetWindowsDirectoryW
0x43212c GetCurrentProcessId
0x432130 SuspendThread
0x432134 LCMapStringW
0x432138 CopyFileExA
0x43213c DeleteFileA
0x432140 CreateFileA
0x432144 FindFirstFileA
0x432148 GetCommandLineW
0x43214c GetLastError
0x432150 MoveFileA
0x432154 GetStartupInfoW
0x432158 HeapValidate
0x43215c IsBadReadPtr
0x432160 RaiseException
0x432164 EnterCriticalSection
0x432168 LeaveCriticalSection
0x43216c TerminateProcess
0x432170 GetCurrentProcess
0x432174 UnhandledExceptionFilter
0x432178 SetUnhandledExceptionFilter
0x43217c IsDebuggerPresent
0x432180 GetModuleFileNameW
0x432184 DeleteCriticalSection
0x432188 QueryPerformanceCounter
0x43218c GetTickCount
0x432190 GetCurrentThreadId
0x432194 GetSystemTimeAsFileTime
0x432198 InterlockedIncrement
0x43219c ExitProcess
0x4321a0 GetEnvironmentStringsW
0x4321a4 SetHandleCount
0x4321a8 GetFileType
0x4321ac GetStartupInfoA
0x4321b0 TlsGetValue
0x4321b4 TlsAlloc
0x4321b8 TlsFree
0x4321bc SetLastError
0x4321c0 HeapDestroy
0x4321c4 HeapCreate
0x4321c8 HeapFree
0x4321cc VirtualFree
0x4321d0 GetModuleFileNameA
0x4321d4 WriteFile
0x4321d8 HeapAlloc
0x4321dc HeapSize
0x4321e0 HeapReAlloc
0x4321e4 VirtualAlloc
0x4321e8 GetOEMCP
0x4321ec GetCPInfo
0x4321f0 IsValidCodePage
0x4321f4 RtlUnwind
0x4321f8 DebugBreak
0x4321fc OutputDebugStringA
0x432200 WriteConsoleW
0x432204 OutputDebugStringW
0x432208 LoadLibraryW
0x43220c MultiByteToWideChar
0x432210 InitializeCriticalSectionAndSpinCount
0x432214 LoadLibraryA
0x432218 WideCharToMultiByte
0x43221c LCMapStringA
0x432220 GetStringTypeA
0x432224 GetStringTypeW
0x432228 GetLocaleInfoA
0x43222c FlushFileBuffers
0x432230 GetConsoleCP
0x432234 GetConsoleMode
0x432238 SetFilePointer
0x43223c CloseHandle
0x432240 SetStdHandle
0x432244 WriteConsoleA
USER32.dll
0x43224c GetMenuBarInfo
0x432250 GetMenuInfo
0x432254 GetComboBoxInfo
0x432258 GetListBoxInfo
ADVAPI32.dll
0x432000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x427160 _futurama@4