ScreenShot
| Created | 2021.06.21 12:53 | Machine | s1_win7_x6402 |
| Filename | file3s.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (AIDetect, malware2, malicious, high confidence, GenericKD, Unsafe, Save, Glupteba, confidence, 100%, Kryptik, Eldorado, HLKO, Zenpak, PWSX, MulDrop17, A + Troj, Static AI, Malicious PE, Racealer, Score, kcloud, 136Z9KJ, MalPE, ai score=80, CLASSIC, Ranumbot, susgen, GenKryptik, FGQJ, ZexaF, WuX@aO2shVpI, GdSda) | ||
| md5 | 856cf6ed735093f5fe523f0d99e18424 | ||
| sha256 | f47a0c643ec5aa9d2b0302391d39bedfd675abd8892d5a2bd18b66fc303f66f7 | ||
| ssdeep | 24576:0NWmiLgJDj907ktt4lyWi7tzayFhhmWaKlHhZx+:F8Jvelyx7tzaiPmvSBZx+ | ||
| imphash | 5bc76f4349f7f0afe0c88e229f50d37f | ||
| impfuzzy | 48:9yOBnCCrHyTdNDkJ/8SeqPlpI62OMwaEBcftgJVQX1dzV2fG+1l:9dtCCAW9ekvIZDEBcftgJVQFdzVI | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4a9008 GlobalFix
0x4a900c GetFileSize
0x4a9010 OpenFile
0x4a9014 SetLocalTime
0x4a9018 SetEndOfFile
0x4a901c GetNumberOfConsoleInputEvents
0x4a9020 FindResourceExW
0x4a9024 GetCommState
0x4a9028 InterlockedDecrement
0x4a902c ScrollConsoleScreenBufferW
0x4a9030 GetProfileSectionA
0x4a9034 WriteConsoleInputA
0x4a9038 SetComputerNameW
0x4a903c GetComputerNameW
0x4a9040 CallNamedPipeW
0x4a9044 GetModuleHandleW
0x4a9048 GetSystemWow64DirectoryA
0x4a904c CreateDirectoryExW
0x4a9050 GetDriveTypeA
0x4a9054 TlsSetValue
0x4a9058 GlobalAlloc
0x4a905c AddRefActCtx
0x4a9060 GetVolumeInformationA
0x4a9064 Sleep
0x4a9068 ReadFileScatter
0x4a906c GetSystemTimeAdjustment
0x4a9070 GetVersionExW
0x4a9074 InterlockedPopEntrySList
0x4a9078 GlobalFlags
0x4a907c Beep
0x4a9080 VerifyVersionInfoA
0x4a9084 GetBinaryTypeA
0x4a9088 ReadFile
0x4a908c CompareStringW
0x4a9090 GetACP
0x4a9094 lstrlenW
0x4a9098 GlobalUnlock
0x4a909c GetConsoleOutputCP
0x4a90a0 CreateDirectoryA
0x4a90a4 InterlockedExchange
0x4a90a8 GetStdHandle
0x4a90ac EnumResourceNamesW
0x4a90b0 OpenMutexW
0x4a90b4 IsDBCSLeadByteEx
0x4a90b8 GetProcAddress
0x4a90bc SetVolumeLabelW
0x4a90c0 WriteProfileSectionA
0x4a90c4 FreeUserPhysicalPages
0x4a90c8 CreateMemoryResourceNotification
0x4a90cc SearchPathA
0x4a90d0 GetPrivateProfileStringA
0x4a90d4 SetFileApisToOEM
0x4a90d8 GetAtomNameA
0x4a90dc Process32FirstW
0x4a90e0 OpenWaitableTimerW
0x4a90e4 IsSystemResumeAutomatic
0x4a90e8 GetCommMask
0x4a90ec AddAtomA
0x4a90f0 GetSystemInfo
0x4a90f4 SetSystemTime
0x4a90f8 EnumResourceTypesW
0x4a90fc SetConsoleCursorInfo
0x4a9100 CreateIoCompletionPort
0x4a9104 WaitCommEvent
0x4a9108 SetConsoleTitleW
0x4a910c GetModuleHandleA
0x4a9110 FreeEnvironmentStringsW
0x4a9114 GetConsoleTitleW
0x4a9118 BuildCommDCBA
0x4a911c GetCurrentDirectoryA
0x4a9120 CompareStringA
0x4a9124 SetCalendarInfoA
0x4a9128 GetWindowsDirectoryW
0x4a912c GetCurrentProcessId
0x4a9130 SuspendThread
0x4a9134 LCMapStringW
0x4a9138 CopyFileExA
0x4a913c DeleteFileA
0x4a9140 CreateFileA
0x4a9144 FindFirstFileA
0x4a9148 GetCommandLineW
0x4a914c GetLastError
0x4a9150 MoveFileA
0x4a9154 GetStartupInfoW
0x4a9158 HeapValidate
0x4a915c IsBadReadPtr
0x4a9160 RaiseException
0x4a9164 EnterCriticalSection
0x4a9168 LeaveCriticalSection
0x4a916c TerminateProcess
0x4a9170 GetCurrentProcess
0x4a9174 UnhandledExceptionFilter
0x4a9178 SetUnhandledExceptionFilter
0x4a917c IsDebuggerPresent
0x4a9180 GetModuleFileNameW
0x4a9184 DeleteCriticalSection
0x4a9188 QueryPerformanceCounter
0x4a918c GetTickCount
0x4a9190 GetCurrentThreadId
0x4a9194 GetSystemTimeAsFileTime
0x4a9198 InterlockedIncrement
0x4a919c ExitProcess
0x4a91a0 GetEnvironmentStringsW
0x4a91a4 SetHandleCount
0x4a91a8 GetFileType
0x4a91ac GetStartupInfoA
0x4a91b0 TlsGetValue
0x4a91b4 TlsAlloc
0x4a91b8 TlsFree
0x4a91bc SetLastError
0x4a91c0 HeapDestroy
0x4a91c4 HeapCreate
0x4a91c8 HeapFree
0x4a91cc VirtualFree
0x4a91d0 GetModuleFileNameA
0x4a91d4 WriteFile
0x4a91d8 HeapAlloc
0x4a91dc HeapSize
0x4a91e0 HeapReAlloc
0x4a91e4 VirtualAlloc
0x4a91e8 GetOEMCP
0x4a91ec GetCPInfo
0x4a91f0 IsValidCodePage
0x4a91f4 RtlUnwind
0x4a91f8 DebugBreak
0x4a91fc OutputDebugStringA
0x4a9200 WriteConsoleW
0x4a9204 OutputDebugStringW
0x4a9208 LoadLibraryW
0x4a920c MultiByteToWideChar
0x4a9210 InitializeCriticalSectionAndSpinCount
0x4a9214 LoadLibraryA
0x4a9218 WideCharToMultiByte
0x4a921c LCMapStringA
0x4a9220 GetStringTypeA
0x4a9224 GetStringTypeW
0x4a9228 GetLocaleInfoA
0x4a922c FlushFileBuffers
0x4a9230 GetConsoleCP
0x4a9234 GetConsoleMode
0x4a9238 SetFilePointer
0x4a923c CloseHandle
0x4a9240 SetStdHandle
0x4a9244 WriteConsoleA
USER32.dll
0x4a924c GetMenuBarInfo
0x4a9250 GetMenuInfo
0x4a9254 GetComboBoxInfo
0x4a9258 GetListBoxInfo
ADVAPI32.dll
0x4a9000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x49f020 _futurama@4
KERNEL32.dll
0x4a9008 GlobalFix
0x4a900c GetFileSize
0x4a9010 OpenFile
0x4a9014 SetLocalTime
0x4a9018 SetEndOfFile
0x4a901c GetNumberOfConsoleInputEvents
0x4a9020 FindResourceExW
0x4a9024 GetCommState
0x4a9028 InterlockedDecrement
0x4a902c ScrollConsoleScreenBufferW
0x4a9030 GetProfileSectionA
0x4a9034 WriteConsoleInputA
0x4a9038 SetComputerNameW
0x4a903c GetComputerNameW
0x4a9040 CallNamedPipeW
0x4a9044 GetModuleHandleW
0x4a9048 GetSystemWow64DirectoryA
0x4a904c CreateDirectoryExW
0x4a9050 GetDriveTypeA
0x4a9054 TlsSetValue
0x4a9058 GlobalAlloc
0x4a905c AddRefActCtx
0x4a9060 GetVolumeInformationA
0x4a9064 Sleep
0x4a9068 ReadFileScatter
0x4a906c GetSystemTimeAdjustment
0x4a9070 GetVersionExW
0x4a9074 InterlockedPopEntrySList
0x4a9078 GlobalFlags
0x4a907c Beep
0x4a9080 VerifyVersionInfoA
0x4a9084 GetBinaryTypeA
0x4a9088 ReadFile
0x4a908c CompareStringW
0x4a9090 GetACP
0x4a9094 lstrlenW
0x4a9098 GlobalUnlock
0x4a909c GetConsoleOutputCP
0x4a90a0 CreateDirectoryA
0x4a90a4 InterlockedExchange
0x4a90a8 GetStdHandle
0x4a90ac EnumResourceNamesW
0x4a90b0 OpenMutexW
0x4a90b4 IsDBCSLeadByteEx
0x4a90b8 GetProcAddress
0x4a90bc SetVolumeLabelW
0x4a90c0 WriteProfileSectionA
0x4a90c4 FreeUserPhysicalPages
0x4a90c8 CreateMemoryResourceNotification
0x4a90cc SearchPathA
0x4a90d0 GetPrivateProfileStringA
0x4a90d4 SetFileApisToOEM
0x4a90d8 GetAtomNameA
0x4a90dc Process32FirstW
0x4a90e0 OpenWaitableTimerW
0x4a90e4 IsSystemResumeAutomatic
0x4a90e8 GetCommMask
0x4a90ec AddAtomA
0x4a90f0 GetSystemInfo
0x4a90f4 SetSystemTime
0x4a90f8 EnumResourceTypesW
0x4a90fc SetConsoleCursorInfo
0x4a9100 CreateIoCompletionPort
0x4a9104 WaitCommEvent
0x4a9108 SetConsoleTitleW
0x4a910c GetModuleHandleA
0x4a9110 FreeEnvironmentStringsW
0x4a9114 GetConsoleTitleW
0x4a9118 BuildCommDCBA
0x4a911c GetCurrentDirectoryA
0x4a9120 CompareStringA
0x4a9124 SetCalendarInfoA
0x4a9128 GetWindowsDirectoryW
0x4a912c GetCurrentProcessId
0x4a9130 SuspendThread
0x4a9134 LCMapStringW
0x4a9138 CopyFileExA
0x4a913c DeleteFileA
0x4a9140 CreateFileA
0x4a9144 FindFirstFileA
0x4a9148 GetCommandLineW
0x4a914c GetLastError
0x4a9150 MoveFileA
0x4a9154 GetStartupInfoW
0x4a9158 HeapValidate
0x4a915c IsBadReadPtr
0x4a9160 RaiseException
0x4a9164 EnterCriticalSection
0x4a9168 LeaveCriticalSection
0x4a916c TerminateProcess
0x4a9170 GetCurrentProcess
0x4a9174 UnhandledExceptionFilter
0x4a9178 SetUnhandledExceptionFilter
0x4a917c IsDebuggerPresent
0x4a9180 GetModuleFileNameW
0x4a9184 DeleteCriticalSection
0x4a9188 QueryPerformanceCounter
0x4a918c GetTickCount
0x4a9190 GetCurrentThreadId
0x4a9194 GetSystemTimeAsFileTime
0x4a9198 InterlockedIncrement
0x4a919c ExitProcess
0x4a91a0 GetEnvironmentStringsW
0x4a91a4 SetHandleCount
0x4a91a8 GetFileType
0x4a91ac GetStartupInfoA
0x4a91b0 TlsGetValue
0x4a91b4 TlsAlloc
0x4a91b8 TlsFree
0x4a91bc SetLastError
0x4a91c0 HeapDestroy
0x4a91c4 HeapCreate
0x4a91c8 HeapFree
0x4a91cc VirtualFree
0x4a91d0 GetModuleFileNameA
0x4a91d4 WriteFile
0x4a91d8 HeapAlloc
0x4a91dc HeapSize
0x4a91e0 HeapReAlloc
0x4a91e4 VirtualAlloc
0x4a91e8 GetOEMCP
0x4a91ec GetCPInfo
0x4a91f0 IsValidCodePage
0x4a91f4 RtlUnwind
0x4a91f8 DebugBreak
0x4a91fc OutputDebugStringA
0x4a9200 WriteConsoleW
0x4a9204 OutputDebugStringW
0x4a9208 LoadLibraryW
0x4a920c MultiByteToWideChar
0x4a9210 InitializeCriticalSectionAndSpinCount
0x4a9214 LoadLibraryA
0x4a9218 WideCharToMultiByte
0x4a921c LCMapStringA
0x4a9220 GetStringTypeA
0x4a9224 GetStringTypeW
0x4a9228 GetLocaleInfoA
0x4a922c FlushFileBuffers
0x4a9230 GetConsoleCP
0x4a9234 GetConsoleMode
0x4a9238 SetFilePointer
0x4a923c CloseHandle
0x4a9240 SetStdHandle
0x4a9244 WriteConsoleA
USER32.dll
0x4a924c GetMenuBarInfo
0x4a9250 GetMenuInfo
0x4a9254 GetComboBoxInfo
0x4a9258 GetListBoxInfo
ADVAPI32.dll
0x4a9000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x49f020 _futurama@4