ScreenShot
| Created | 2021.06.21 12:45 | Machine | s1_win7_x6402 |
| Filename | ferrari.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetect, malware1, malicious, high confidence, GenericKD, Azorult, Generic PWS, Unsafe, Save, Kryptik, Eldorado, HLKY, BotX, Stop, CLASSIC, Siggen3, R + Troj, Static AI, Malicious PE, Racealer, dzwga, Score, kcloud, 1EJKTWW, ai score=99, susgen, ZexaF, xu0@a4sjesjI, GdSda, confidence, 100%) | ||
| md5 | d7cf6a60f9b30ae5ae5e0124b88f5b90 | ||
| sha256 | 7cc6774c306823daed0ec0a51b281899f7dfe62227f5450d59153cbfe5336e1e | ||
| ssdeep | 6144:1w7NDGHgDc+PipHKAFwYlCm9zls7nCbwVHM1u2pa0QeXm2gO9vXdguSqVMxyEm:kDGHgDc4ipl+YHzlYnaA2pnP2pkt | ||
| imphash | ae019a60d5bfddacd24fbe52033b970c | ||
| impfuzzy | 48:CJYyvrKU7dUJ+z9TsnPlpfO7MaELt46c+JcvvMllNOG+T:0jvVZDhAPvfMELt46c+JcvElls | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x449000 GetCommandLineW
0x449004 EnumResourceNamesW
0x449008 SetVolumeLabelA
0x44900c SearchPathW
0x449010 FindFirstFileW
0x449014 OpenFile
0x449018 TlsGetValue
0x44901c SetLocalTime
0x449020 GetDriveTypeW
0x449024 SetEndOfFile
0x449028 GetNumberOfConsoleInputEvents
0x44902c CallNamedPipeA
0x449030 InterlockedIncrement
0x449034 InterlockedDecrement
0x449038 InitializeSListHead
0x44903c GetProfileSectionA
0x449040 GetComputerNameW
0x449044 CreateDirectoryExA
0x449048 GetModuleHandleW
0x44904c GenerateConsoleCtrlEvent
0x449050 GetConsoleTitleA
0x449054 GetWindowsDirectoryA
0x449058 GetSystemWow64DirectoryA
0x44905c EnumResourceTypesA
0x449060 FindResourceExA
0x449064 GlobalAlloc
0x449068 AddRefActCtx
0x44906c GetVolumeInformationA
0x449070 Sleep
0x449074 ReadFileScatter
0x449078 GetConsoleWindow
0x44907c GetSystemTimeAdjustment
0x449080 GetVersionExW
0x449084 GlobalFlags
0x449088 GetBinaryTypeA
0x44908c TerminateProcess
0x449090 GetAtomNameW
0x449094 ReadFile
0x449098 CompareStringW
0x44909c lstrlenW
0x4490a0 SetConsoleTitleA
0x4490a4 GlobalUnlock
0x4490a8 LCMapStringA
0x4490ac GetConsoleOutputCP
0x4490b0 VerifyVersionInfoW
0x4490b4 CreateDirectoryA
0x4490b8 InterlockedExchange
0x4490bc GetFileSizeEx
0x4490c0 IsDBCSLeadByteEx
0x4490c4 GetProcAddress
0x4490c8 FreeUserPhysicalPages
0x4490cc SetComputerNameA
0x4490d0 CreateMemoryResourceNotification
0x4490d4 GetPrivateProfileStringA
0x4490d8 Process32FirstW
0x4490dc OpenMutexA
0x4490e0 OpenWaitableTimerW
0x4490e4 SetCalendarInfoW
0x4490e8 IsSystemResumeAutomatic
0x4490ec AddAtomW
0x4490f0 SetFileApisToANSI
0x4490f4 WriteProfileSectionW
0x4490f8 GetCommMask
0x4490fc GetTapeParameters
0x449100 GetSystemInfo
0x449104 GetOEMCP
0x449108 FindNextFileA
0x44910c SetConsoleCursorInfo
0x449110 CreateIoCompletionPort
0x449114 WaitCommEvent
0x449118 FreeEnvironmentStringsW
0x44911c BuildCommDCBA
0x449120 GetCurrentDirectoryA
0x449124 CompareStringA
0x449128 ScrollConsoleScreenBufferA
0x44912c CopyFileExA
0x449130 DeleteFileA
0x449134 CreateFileA
0x449138 GetModuleHandleA
0x44913c GetLastError
0x449140 WideCharToMultiByte
0x449144 MoveFileA
0x449148 MultiByteToWideChar
0x44914c GetCommandLineA
0x449150 GetStartupInfoA
0x449154 HeapValidate
0x449158 IsBadReadPtr
0x44915c RaiseException
0x449160 GetCurrentProcess
0x449164 UnhandledExceptionFilter
0x449168 SetUnhandledExceptionFilter
0x44916c IsDebuggerPresent
0x449170 GetModuleFileNameW
0x449174 GetACP
0x449178 GetCPInfo
0x44917c IsValidCodePage
0x449180 TlsAlloc
0x449184 TlsSetValue
0x449188 GetCurrentThreadId
0x44918c TlsFree
0x449190 SetLastError
0x449194 EnterCriticalSection
0x449198 LeaveCriticalSection
0x44919c DeleteCriticalSection
0x4491a0 QueryPerformanceCounter
0x4491a4 GetTickCount
0x4491a8 GetCurrentProcessId
0x4491ac GetSystemTimeAsFileTime
0x4491b0 ExitProcess
0x4491b4 GetModuleFileNameA
0x4491b8 FreeEnvironmentStringsA
0x4491bc GetEnvironmentStrings
0x4491c0 GetEnvironmentStringsW
0x4491c4 SetHandleCount
0x4491c8 GetStdHandle
0x4491cc GetFileType
0x4491d0 HeapDestroy
0x4491d4 HeapCreate
0x4491d8 HeapFree
0x4491dc VirtualFree
0x4491e0 WriteFile
0x4491e4 HeapAlloc
0x4491e8 HeapSize
0x4491ec HeapReAlloc
0x4491f0 VirtualAlloc
0x4491f4 DebugBreak
0x4491f8 OutputDebugStringA
0x4491fc WriteConsoleW
0x449200 OutputDebugStringW
0x449204 LoadLibraryW
0x449208 RtlUnwind
0x44920c LCMapStringW
0x449210 GetStringTypeA
0x449214 GetStringTypeW
0x449218 GetLocaleInfoA
0x44921c InitializeCriticalSectionAndSpinCount
0x449220 LoadLibraryA
0x449224 FlushFileBuffers
0x449228 GetConsoleCP
0x44922c GetConsoleMode
0x449230 SetFilePointer
0x449234 CloseHandle
0x449238 SetStdHandle
0x44923c WriteConsoleA
USER32.dll
0x449244 GetMenuCheckMarkDimensions
0x449248 GetMenuInfo
0x44924c GetComboBoxInfo
0x449250 GetMenuBarInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x449000 GetCommandLineW
0x449004 EnumResourceNamesW
0x449008 SetVolumeLabelA
0x44900c SearchPathW
0x449010 FindFirstFileW
0x449014 OpenFile
0x449018 TlsGetValue
0x44901c SetLocalTime
0x449020 GetDriveTypeW
0x449024 SetEndOfFile
0x449028 GetNumberOfConsoleInputEvents
0x44902c CallNamedPipeA
0x449030 InterlockedIncrement
0x449034 InterlockedDecrement
0x449038 InitializeSListHead
0x44903c GetProfileSectionA
0x449040 GetComputerNameW
0x449044 CreateDirectoryExA
0x449048 GetModuleHandleW
0x44904c GenerateConsoleCtrlEvent
0x449050 GetConsoleTitleA
0x449054 GetWindowsDirectoryA
0x449058 GetSystemWow64DirectoryA
0x44905c EnumResourceTypesA
0x449060 FindResourceExA
0x449064 GlobalAlloc
0x449068 AddRefActCtx
0x44906c GetVolumeInformationA
0x449070 Sleep
0x449074 ReadFileScatter
0x449078 GetConsoleWindow
0x44907c GetSystemTimeAdjustment
0x449080 GetVersionExW
0x449084 GlobalFlags
0x449088 GetBinaryTypeA
0x44908c TerminateProcess
0x449090 GetAtomNameW
0x449094 ReadFile
0x449098 CompareStringW
0x44909c lstrlenW
0x4490a0 SetConsoleTitleA
0x4490a4 GlobalUnlock
0x4490a8 LCMapStringA
0x4490ac GetConsoleOutputCP
0x4490b0 VerifyVersionInfoW
0x4490b4 CreateDirectoryA
0x4490b8 InterlockedExchange
0x4490bc GetFileSizeEx
0x4490c0 IsDBCSLeadByteEx
0x4490c4 GetProcAddress
0x4490c8 FreeUserPhysicalPages
0x4490cc SetComputerNameA
0x4490d0 CreateMemoryResourceNotification
0x4490d4 GetPrivateProfileStringA
0x4490d8 Process32FirstW
0x4490dc OpenMutexA
0x4490e0 OpenWaitableTimerW
0x4490e4 SetCalendarInfoW
0x4490e8 IsSystemResumeAutomatic
0x4490ec AddAtomW
0x4490f0 SetFileApisToANSI
0x4490f4 WriteProfileSectionW
0x4490f8 GetCommMask
0x4490fc GetTapeParameters
0x449100 GetSystemInfo
0x449104 GetOEMCP
0x449108 FindNextFileA
0x44910c SetConsoleCursorInfo
0x449110 CreateIoCompletionPort
0x449114 WaitCommEvent
0x449118 FreeEnvironmentStringsW
0x44911c BuildCommDCBA
0x449120 GetCurrentDirectoryA
0x449124 CompareStringA
0x449128 ScrollConsoleScreenBufferA
0x44912c CopyFileExA
0x449130 DeleteFileA
0x449134 CreateFileA
0x449138 GetModuleHandleA
0x44913c GetLastError
0x449140 WideCharToMultiByte
0x449144 MoveFileA
0x449148 MultiByteToWideChar
0x44914c GetCommandLineA
0x449150 GetStartupInfoA
0x449154 HeapValidate
0x449158 IsBadReadPtr
0x44915c RaiseException
0x449160 GetCurrentProcess
0x449164 UnhandledExceptionFilter
0x449168 SetUnhandledExceptionFilter
0x44916c IsDebuggerPresent
0x449170 GetModuleFileNameW
0x449174 GetACP
0x449178 GetCPInfo
0x44917c IsValidCodePage
0x449180 TlsAlloc
0x449184 TlsSetValue
0x449188 GetCurrentThreadId
0x44918c TlsFree
0x449190 SetLastError
0x449194 EnterCriticalSection
0x449198 LeaveCriticalSection
0x44919c DeleteCriticalSection
0x4491a0 QueryPerformanceCounter
0x4491a4 GetTickCount
0x4491a8 GetCurrentProcessId
0x4491ac GetSystemTimeAsFileTime
0x4491b0 ExitProcess
0x4491b4 GetModuleFileNameA
0x4491b8 FreeEnvironmentStringsA
0x4491bc GetEnvironmentStrings
0x4491c0 GetEnvironmentStringsW
0x4491c4 SetHandleCount
0x4491c8 GetStdHandle
0x4491cc GetFileType
0x4491d0 HeapDestroy
0x4491d4 HeapCreate
0x4491d8 HeapFree
0x4491dc VirtualFree
0x4491e0 WriteFile
0x4491e4 HeapAlloc
0x4491e8 HeapSize
0x4491ec HeapReAlloc
0x4491f0 VirtualAlloc
0x4491f4 DebugBreak
0x4491f8 OutputDebugStringA
0x4491fc WriteConsoleW
0x449200 OutputDebugStringW
0x449204 LoadLibraryW
0x449208 RtlUnwind
0x44920c LCMapStringW
0x449210 GetStringTypeA
0x449214 GetStringTypeW
0x449218 GetLocaleInfoA
0x44921c InitializeCriticalSectionAndSpinCount
0x449220 LoadLibraryA
0x449224 FlushFileBuffers
0x449228 GetConsoleCP
0x44922c GetConsoleMode
0x449230 SetFilePointer
0x449234 CloseHandle
0x449238 SetStdHandle
0x44923c WriteConsoleA
USER32.dll
0x449244 GetMenuCheckMarkDimensions
0x449248 GetMenuInfo
0x44924c GetComboBoxInfo
0x449250 GetMenuBarInfo
EAT(Export Address Table) is none