ScreenShot
| Created | 2021.06.21 12:44 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 36 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, Kryptik, HLLC, PWSX, Mokes, CLASSIC, R + Troj, Lockbit, Ranumbot, CryptBot, 1W99MD, Zenpak, kcloud, Azorult, score, BScope, R002H0CFK21, Static AI, Malicious PE, ZexaF, Vu0@ayW4aObQ, Genetic, confidence, 100%, susgen) | ||
| md5 | 58e5562209d50978efd614dd040ef4ca | ||
| sha256 | 530656ad87a4e5c0f07998323ebca34348af7c7a2e585196f2d0c73580832e36 | ||
| ssdeep | 12288:UDUi0OJq6SiVG6nMTr4wUMHmKz3S+0FSjzy5mjfy3okiDc8N2f3JFAnjlqUl:ptOJq6SDlUMHDB6Sy5WUycHi | ||
| imphash | 110e60b2b75791801e1d228265739b22 | ||
| impfuzzy | 48:ZERAirxU4dldTI1Pyv4OIaEafn2tgJV8IhVdaOGT:ZTieQl+e4wEaf2tgJV8IhVdI | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4a4000 EnumResourceNamesW
0x4a4004 SearchPathW
0x4a4008 FindFirstFileW
0x4a400c TlsGetValue
0x4a4010 SetLocalTime
0x4a4014 GetDriveTypeW
0x4a4018 GetNumberOfConsoleInputEvents
0x4a401c FindResourceExW
0x4a4020 CallNamedPipeA
0x4a4024 InterlockedIncrement
0x4a4028 InitializeSListHead
0x4a402c SetComputerNameW
0x4a4030 GetComputerNameW
0x4a4034 CreateDirectoryExA
0x4a4038 GetCommProperties
0x4a403c FreeEnvironmentStringsA
0x4a4040 SetTapeParameters
0x4a4044 GetModuleHandleW
0x4a4048 GenerateConsoleCtrlEvent
0x4a404c GetConsoleAliasesLengthA
0x4a4050 GetPrivateProfileStringW
0x4a4054 GetConsoleTitleA
0x4a4058 GetCommandLineA
0x4a405c GetSystemWow64DirectoryA
0x4a4060 EnumResourceTypesA
0x4a4064 GlobalAlloc
0x4a4068 AddRefActCtx
0x4a406c GetVolumeInformationA
0x4a4070 Sleep
0x4a4074 ReadFileScatter
0x4a4078 GetConsoleWindow
0x4a407c GetSystemTimeAdjustment
0x4a4080 GetVersionExW
0x4a4084 GlobalFlags
0x4a4088 GetBinaryTypeA
0x4a408c TerminateProcess
0x4a4090 IsDBCSLeadByte
0x4a4094 ReadFile
0x4a4098 CompareStringW
0x4a409c lstrlenW
0x4a40a0 SetConsoleTitleA
0x4a40a4 GlobalUnlock
0x4a40a8 LCMapStringA
0x4a40ac VerifyVersionInfoW
0x4a40b0 CreateDirectoryA
0x4a40b4 InterlockedExchange
0x4a40b8 GetFileSizeEx
0x4a40bc GetCurrentDirectoryW
0x4a40c0 GetProcAddress
0x4a40c4 SetVolumeLabelW
0x4a40c8 FreeUserPhysicalPages
0x4a40cc BuildCommDCBW
0x4a40d0 OpenWaitableTimerA
0x4a40d4 LoadLibraryA
0x4a40d8 Process32FirstW
0x4a40dc OpenMutexA
0x4a40e0 SetCalendarInfoW
0x4a40e4 SetConsoleOutputCP
0x4a40e8 AddAtomW
0x4a40ec SetFileApisToANSI
0x4a40f0 WriteProfileSectionW
0x4a40f4 FindAtomA
0x4a40f8 GetTapeParameters
0x4a40fc GetSystemInfo
0x4a4100 GetOEMCP
0x4a4104 CreateIoCompletionPort
0x4a4108 FreeEnvironmentStringsW
0x4a410c FindNextFileW
0x4a4110 RequestWakeupLatency
0x4a4114 GetConsoleCursorInfo
0x4a4118 ScrollConsoleScreenBufferA
0x4a411c GetWindowsDirectoryW
0x4a4120 GetProfileSectionW
0x4a4124 CopyFileExA
0x4a4128 DeleteFileA
0x4a412c GetLastError
0x4a4130 MoveFileA
0x4a4134 GetStartupInfoA
0x4a4138 HeapValidate
0x4a413c IsBadReadPtr
0x4a4140 RaiseException
0x4a4144 LeaveCriticalSection
0x4a4148 EnterCriticalSection
0x4a414c SetStdHandle
0x4a4150 GetFileType
0x4a4154 WriteFile
0x4a4158 WideCharToMultiByte
0x4a415c GetConsoleCP
0x4a4160 GetConsoleMode
0x4a4164 GetCurrentProcess
0x4a4168 UnhandledExceptionFilter
0x4a416c SetUnhandledExceptionFilter
0x4a4170 IsDebuggerPresent
0x4a4174 GetModuleFileNameW
0x4a4178 DeleteCriticalSection
0x4a417c QueryPerformanceCounter
0x4a4180 GetTickCount
0x4a4184 GetCurrentThreadId
0x4a4188 GetCurrentProcessId
0x4a418c GetSystemTimeAsFileTime
0x4a4190 InterlockedDecrement
0x4a4194 ExitProcess
0x4a4198 GetModuleFileNameA
0x4a419c GetEnvironmentStrings
0x4a41a0 GetEnvironmentStringsW
0x4a41a4 SetHandleCount
0x4a41a8 GetStdHandle
0x4a41ac TlsAlloc
0x4a41b0 TlsSetValue
0x4a41b4 TlsFree
0x4a41b8 SetLastError
0x4a41bc HeapDestroy
0x4a41c0 HeapCreate
0x4a41c4 HeapFree
0x4a41c8 VirtualFree
0x4a41cc HeapAlloc
0x4a41d0 HeapSize
0x4a41d4 HeapReAlloc
0x4a41d8 VirtualAlloc
0x4a41dc GetACP
0x4a41e0 GetCPInfo
0x4a41e4 IsValidCodePage
0x4a41e8 InitializeCriticalSectionAndSpinCount
0x4a41ec WriteConsoleA
0x4a41f0 GetConsoleOutputCP
0x4a41f4 WriteConsoleW
0x4a41f8 MultiByteToWideChar
0x4a41fc SetFilePointer
0x4a4200 RtlUnwind
0x4a4204 DebugBreak
0x4a4208 OutputDebugStringA
0x4a420c OutputDebugStringW
0x4a4210 LoadLibraryW
0x4a4214 LCMapStringW
0x4a4218 GetStringTypeA
0x4a421c GetStringTypeW
0x4a4220 GetLocaleInfoA
0x4a4224 CreateFileA
0x4a4228 CloseHandle
0x4a422c FlushFileBuffers
0x4a4230 GetModuleHandleA
USER32.dll
0x4a4238 GetMenuCheckMarkDimensions
0x4a423c GetMenuInfo
0x4a4240 GetMenuBarInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x4a4000 EnumResourceNamesW
0x4a4004 SearchPathW
0x4a4008 FindFirstFileW
0x4a400c TlsGetValue
0x4a4010 SetLocalTime
0x4a4014 GetDriveTypeW
0x4a4018 GetNumberOfConsoleInputEvents
0x4a401c FindResourceExW
0x4a4020 CallNamedPipeA
0x4a4024 InterlockedIncrement
0x4a4028 InitializeSListHead
0x4a402c SetComputerNameW
0x4a4030 GetComputerNameW
0x4a4034 CreateDirectoryExA
0x4a4038 GetCommProperties
0x4a403c FreeEnvironmentStringsA
0x4a4040 SetTapeParameters
0x4a4044 GetModuleHandleW
0x4a4048 GenerateConsoleCtrlEvent
0x4a404c GetConsoleAliasesLengthA
0x4a4050 GetPrivateProfileStringW
0x4a4054 GetConsoleTitleA
0x4a4058 GetCommandLineA
0x4a405c GetSystemWow64DirectoryA
0x4a4060 EnumResourceTypesA
0x4a4064 GlobalAlloc
0x4a4068 AddRefActCtx
0x4a406c GetVolumeInformationA
0x4a4070 Sleep
0x4a4074 ReadFileScatter
0x4a4078 GetConsoleWindow
0x4a407c GetSystemTimeAdjustment
0x4a4080 GetVersionExW
0x4a4084 GlobalFlags
0x4a4088 GetBinaryTypeA
0x4a408c TerminateProcess
0x4a4090 IsDBCSLeadByte
0x4a4094 ReadFile
0x4a4098 CompareStringW
0x4a409c lstrlenW
0x4a40a0 SetConsoleTitleA
0x4a40a4 GlobalUnlock
0x4a40a8 LCMapStringA
0x4a40ac VerifyVersionInfoW
0x4a40b0 CreateDirectoryA
0x4a40b4 InterlockedExchange
0x4a40b8 GetFileSizeEx
0x4a40bc GetCurrentDirectoryW
0x4a40c0 GetProcAddress
0x4a40c4 SetVolumeLabelW
0x4a40c8 FreeUserPhysicalPages
0x4a40cc BuildCommDCBW
0x4a40d0 OpenWaitableTimerA
0x4a40d4 LoadLibraryA
0x4a40d8 Process32FirstW
0x4a40dc OpenMutexA
0x4a40e0 SetCalendarInfoW
0x4a40e4 SetConsoleOutputCP
0x4a40e8 AddAtomW
0x4a40ec SetFileApisToANSI
0x4a40f0 WriteProfileSectionW
0x4a40f4 FindAtomA
0x4a40f8 GetTapeParameters
0x4a40fc GetSystemInfo
0x4a4100 GetOEMCP
0x4a4104 CreateIoCompletionPort
0x4a4108 FreeEnvironmentStringsW
0x4a410c FindNextFileW
0x4a4110 RequestWakeupLatency
0x4a4114 GetConsoleCursorInfo
0x4a4118 ScrollConsoleScreenBufferA
0x4a411c GetWindowsDirectoryW
0x4a4120 GetProfileSectionW
0x4a4124 CopyFileExA
0x4a4128 DeleteFileA
0x4a412c GetLastError
0x4a4130 MoveFileA
0x4a4134 GetStartupInfoA
0x4a4138 HeapValidate
0x4a413c IsBadReadPtr
0x4a4140 RaiseException
0x4a4144 LeaveCriticalSection
0x4a4148 EnterCriticalSection
0x4a414c SetStdHandle
0x4a4150 GetFileType
0x4a4154 WriteFile
0x4a4158 WideCharToMultiByte
0x4a415c GetConsoleCP
0x4a4160 GetConsoleMode
0x4a4164 GetCurrentProcess
0x4a4168 UnhandledExceptionFilter
0x4a416c SetUnhandledExceptionFilter
0x4a4170 IsDebuggerPresent
0x4a4174 GetModuleFileNameW
0x4a4178 DeleteCriticalSection
0x4a417c QueryPerformanceCounter
0x4a4180 GetTickCount
0x4a4184 GetCurrentThreadId
0x4a4188 GetCurrentProcessId
0x4a418c GetSystemTimeAsFileTime
0x4a4190 InterlockedDecrement
0x4a4194 ExitProcess
0x4a4198 GetModuleFileNameA
0x4a419c GetEnvironmentStrings
0x4a41a0 GetEnvironmentStringsW
0x4a41a4 SetHandleCount
0x4a41a8 GetStdHandle
0x4a41ac TlsAlloc
0x4a41b0 TlsSetValue
0x4a41b4 TlsFree
0x4a41b8 SetLastError
0x4a41bc HeapDestroy
0x4a41c0 HeapCreate
0x4a41c4 HeapFree
0x4a41c8 VirtualFree
0x4a41cc HeapAlloc
0x4a41d0 HeapSize
0x4a41d4 HeapReAlloc
0x4a41d8 VirtualAlloc
0x4a41dc GetACP
0x4a41e0 GetCPInfo
0x4a41e4 IsValidCodePage
0x4a41e8 InitializeCriticalSectionAndSpinCount
0x4a41ec WriteConsoleA
0x4a41f0 GetConsoleOutputCP
0x4a41f4 WriteConsoleW
0x4a41f8 MultiByteToWideChar
0x4a41fc SetFilePointer
0x4a4200 RtlUnwind
0x4a4204 DebugBreak
0x4a4208 OutputDebugStringA
0x4a420c OutputDebugStringW
0x4a4210 LoadLibraryW
0x4a4214 LCMapStringW
0x4a4218 GetStringTypeA
0x4a421c GetStringTypeW
0x4a4220 GetLocaleInfoA
0x4a4224 CreateFileA
0x4a4228 CloseHandle
0x4a422c FlushFileBuffers
0x4a4230 GetModuleHandleA
USER32.dll
0x4a4238 GetMenuCheckMarkDimensions
0x4a423c GetMenuInfo
0x4a4240 GetMenuBarInfo
EAT(Export Address Table) is none