ScreenShot
| Created | 2021.06.22 10:18 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 33 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, Kryptik, HLLI, PWSX, CLASSIC, R + Troj, Lockbit, Static AI, Suspicious PE, Zenpak, PSWTroj, kcloud, Caynamer, ERN5DV, score, CryptBot, BScope, susgen, HLLD, ZexaF, Xu0@aaVbBUhQ, confidence, 100%) | ||
| md5 | e0c4171c0bb82cf52647b0ccbfd6f3e3 | ||
| sha256 | ce1bbaa73449eddc1391614810a6045ce48d90e4d89b0441b7371a709a31fc1c | ||
| ssdeep | 12288:T0X6061Odenw6nmR8ohDOTUG6mCPvxGa9Fm7Cq4iP+PKsFb7S0Lpx08xbGl:c60611GBEIJ13xGa9Fm2q3+PKAHxvZb | ||
| imphash | f24ed3cba0284e946897971a6b672b10 | ||
| impfuzzy | 48:fLcmAOfrJxdlRyL9sJfYHOjaEafXARhV8hb3VdaGOGT:fqOfllksuHVEafwRhV8hb3VdaU | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4a1000 GetComputerNameA
0x4a1004 SearchPathW
0x4a1008 FindFirstFileW
0x4a100c CopyFileExW
0x4a1010 GetDriveTypeW
0x4a1014 SetEndOfFile
0x4a1018 GetNumberOfConsoleInputEvents
0x4a101c FindResourceExW
0x4a1020 MapUserPhysicalPages
0x4a1024 LoadResource
0x4a1028 InterlockedIncrement
0x4a102c CreateDirectoryW
0x4a1030 GlobalLock
0x4a1034 WriteConsoleInputA
0x4a1038 GetCommProperties
0x4a103c FreeEnvironmentStringsA
0x4a1040 SetTapeParameters
0x4a1044 GetModuleHandleW
0x4a1048 GetConsoleAliasesLengthA
0x4a104c GetPrivateProfileStringW
0x4a1050 WriteFile
0x4a1054 GetCommandLineA
0x4a1058 GetSystemWow64DirectoryA
0x4a105c CreateDirectoryExW
0x4a1060 InitializeCriticalSection
0x4a1064 TlsSetValue
0x4a1068 GlobalAlloc
0x4a106c AddRefActCtx
0x4a1070 GetVolumeInformationA
0x4a1074 LoadLibraryW
0x4a1078 ReadFileScatter
0x4a107c SetSystemTimeAdjustment
0x4a1080 GetSystemWindowsDirectoryA
0x4a1084 GetVersionExW
0x4a1088 GlobalFlags
0x4a108c TerminateProcess
0x4a1090 IsDBCSLeadByte
0x4a1094 GetBinaryTypeW
0x4a1098 CompareStringW
0x4a109c lstrlenW
0x4a10a0 SetConsoleTitleA
0x4a10a4 VerifyVersionInfoW
0x4a10a8 InterlockedExchange
0x4a10ac GetFileSizeEx
0x4a10b0 GetCurrentDirectoryW
0x4a10b4 GetProcAddress
0x4a10b8 CreateNamedPipeA
0x4a10bc SetVolumeLabelW
0x4a10c0 WriteProfileSectionA
0x4a10c4 SetComputerNameA
0x4a10c8 BuildCommDCBW
0x4a10cc GetLocalTime
0x4a10d0 Process32FirstW
0x4a10d4 OpenMutexA
0x4a10d8 OpenWaitableTimerW
0x4a10dc SetConsoleCtrlHandler
0x4a10e0 SetConsoleOutputCP
0x4a10e4 AddAtomA
0x4a10e8 FindAtomA
0x4a10ec GetSystemInfo
0x4a10f0 EnumResourceTypesW
0x4a10f4 CreateIoCompletionPort
0x4a10f8 FreeEnvironmentStringsW
0x4a10fc EnumResourceNamesA
0x4a1100 FindNextFileW
0x4a1104 GetConsoleTitleW
0x4a1108 RequestWakeupLatency
0x4a110c GetConsoleCursorInfo
0x4a1110 ScrollConsoleScreenBufferA
0x4a1114 SetCalendarInfoA
0x4a1118 GetWindowsDirectoryW
0x4a111c InterlockedPushEntrySList
0x4a1120 GetProfileSectionW
0x4a1124 LCMapStringW
0x4a1128 AreFileApisANSI
0x4a112c DeleteFileA
0x4a1130 FlushFileBuffers
0x4a1134 GetStartupInfoA
0x4a1138 HeapValidate
0x4a113c IsBadReadPtr
0x4a1140 RaiseException
0x4a1144 LeaveCriticalSection
0x4a1148 EnterCriticalSection
0x4a114c SetStdHandle
0x4a1150 GetLastError
0x4a1154 GetFileType
0x4a1158 WideCharToMultiByte
0x4a115c GetConsoleCP
0x4a1160 GetConsoleMode
0x4a1164 DeleteCriticalSection
0x4a1168 GetModuleFileNameW
0x4a116c SetUnhandledExceptionFilter
0x4a1170 QueryPerformanceCounter
0x4a1174 GetTickCount
0x4a1178 GetCurrentThreadId
0x4a117c GetCurrentProcessId
0x4a1180 GetSystemTimeAsFileTime
0x4a1184 Sleep
0x4a1188 InterlockedDecrement
0x4a118c ExitProcess
0x4a1190 GetModuleFileNameA
0x4a1194 GetEnvironmentStrings
0x4a1198 GetEnvironmentStringsW
0x4a119c SetHandleCount
0x4a11a0 GetStdHandle
0x4a11a4 TlsGetValue
0x4a11a8 TlsAlloc
0x4a11ac TlsFree
0x4a11b0 SetLastError
0x4a11b4 HeapDestroy
0x4a11b8 HeapCreate
0x4a11bc HeapFree
0x4a11c0 VirtualFree
0x4a11c4 HeapAlloc
0x4a11c8 GetCurrentProcess
0x4a11cc UnhandledExceptionFilter
0x4a11d0 IsDebuggerPresent
0x4a11d4 HeapSize
0x4a11d8 HeapReAlloc
0x4a11dc VirtualAlloc
0x4a11e0 GetACP
0x4a11e4 GetOEMCP
0x4a11e8 GetCPInfo
0x4a11ec IsValidCodePage
0x4a11f0 InitializeCriticalSectionAndSpinCount
0x4a11f4 WriteConsoleA
0x4a11f8 GetConsoleOutputCP
0x4a11fc WriteConsoleW
0x4a1200 MultiByteToWideChar
0x4a1204 SetFilePointer
0x4a1208 RtlUnwind
0x4a120c DebugBreak
0x4a1210 OutputDebugStringA
0x4a1214 OutputDebugStringW
0x4a1218 LoadLibraryA
0x4a121c LCMapStringA
0x4a1220 GetStringTypeA
0x4a1224 GetStringTypeW
0x4a1228 GetLocaleInfoA
0x4a122c CreateFileA
0x4a1230 CloseHandle
0x4a1234 GetModuleHandleA
USER32.dll
0x4a123c GetMenuCheckMarkDimensions
0x4a1240 GetMenuInfo
0x4a1244 GetMenuBarInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x4a1000 GetComputerNameA
0x4a1004 SearchPathW
0x4a1008 FindFirstFileW
0x4a100c CopyFileExW
0x4a1010 GetDriveTypeW
0x4a1014 SetEndOfFile
0x4a1018 GetNumberOfConsoleInputEvents
0x4a101c FindResourceExW
0x4a1020 MapUserPhysicalPages
0x4a1024 LoadResource
0x4a1028 InterlockedIncrement
0x4a102c CreateDirectoryW
0x4a1030 GlobalLock
0x4a1034 WriteConsoleInputA
0x4a1038 GetCommProperties
0x4a103c FreeEnvironmentStringsA
0x4a1040 SetTapeParameters
0x4a1044 GetModuleHandleW
0x4a1048 GetConsoleAliasesLengthA
0x4a104c GetPrivateProfileStringW
0x4a1050 WriteFile
0x4a1054 GetCommandLineA
0x4a1058 GetSystemWow64DirectoryA
0x4a105c CreateDirectoryExW
0x4a1060 InitializeCriticalSection
0x4a1064 TlsSetValue
0x4a1068 GlobalAlloc
0x4a106c AddRefActCtx
0x4a1070 GetVolumeInformationA
0x4a1074 LoadLibraryW
0x4a1078 ReadFileScatter
0x4a107c SetSystemTimeAdjustment
0x4a1080 GetSystemWindowsDirectoryA
0x4a1084 GetVersionExW
0x4a1088 GlobalFlags
0x4a108c TerminateProcess
0x4a1090 IsDBCSLeadByte
0x4a1094 GetBinaryTypeW
0x4a1098 CompareStringW
0x4a109c lstrlenW
0x4a10a0 SetConsoleTitleA
0x4a10a4 VerifyVersionInfoW
0x4a10a8 InterlockedExchange
0x4a10ac GetFileSizeEx
0x4a10b0 GetCurrentDirectoryW
0x4a10b4 GetProcAddress
0x4a10b8 CreateNamedPipeA
0x4a10bc SetVolumeLabelW
0x4a10c0 WriteProfileSectionA
0x4a10c4 SetComputerNameA
0x4a10c8 BuildCommDCBW
0x4a10cc GetLocalTime
0x4a10d0 Process32FirstW
0x4a10d4 OpenMutexA
0x4a10d8 OpenWaitableTimerW
0x4a10dc SetConsoleCtrlHandler
0x4a10e0 SetConsoleOutputCP
0x4a10e4 AddAtomA
0x4a10e8 FindAtomA
0x4a10ec GetSystemInfo
0x4a10f0 EnumResourceTypesW
0x4a10f4 CreateIoCompletionPort
0x4a10f8 FreeEnvironmentStringsW
0x4a10fc EnumResourceNamesA
0x4a1100 FindNextFileW
0x4a1104 GetConsoleTitleW
0x4a1108 RequestWakeupLatency
0x4a110c GetConsoleCursorInfo
0x4a1110 ScrollConsoleScreenBufferA
0x4a1114 SetCalendarInfoA
0x4a1118 GetWindowsDirectoryW
0x4a111c InterlockedPushEntrySList
0x4a1120 GetProfileSectionW
0x4a1124 LCMapStringW
0x4a1128 AreFileApisANSI
0x4a112c DeleteFileA
0x4a1130 FlushFileBuffers
0x4a1134 GetStartupInfoA
0x4a1138 HeapValidate
0x4a113c IsBadReadPtr
0x4a1140 RaiseException
0x4a1144 LeaveCriticalSection
0x4a1148 EnterCriticalSection
0x4a114c SetStdHandle
0x4a1150 GetLastError
0x4a1154 GetFileType
0x4a1158 WideCharToMultiByte
0x4a115c GetConsoleCP
0x4a1160 GetConsoleMode
0x4a1164 DeleteCriticalSection
0x4a1168 GetModuleFileNameW
0x4a116c SetUnhandledExceptionFilter
0x4a1170 QueryPerformanceCounter
0x4a1174 GetTickCount
0x4a1178 GetCurrentThreadId
0x4a117c GetCurrentProcessId
0x4a1180 GetSystemTimeAsFileTime
0x4a1184 Sleep
0x4a1188 InterlockedDecrement
0x4a118c ExitProcess
0x4a1190 GetModuleFileNameA
0x4a1194 GetEnvironmentStrings
0x4a1198 GetEnvironmentStringsW
0x4a119c SetHandleCount
0x4a11a0 GetStdHandle
0x4a11a4 TlsGetValue
0x4a11a8 TlsAlloc
0x4a11ac TlsFree
0x4a11b0 SetLastError
0x4a11b4 HeapDestroy
0x4a11b8 HeapCreate
0x4a11bc HeapFree
0x4a11c0 VirtualFree
0x4a11c4 HeapAlloc
0x4a11c8 GetCurrentProcess
0x4a11cc UnhandledExceptionFilter
0x4a11d0 IsDebuggerPresent
0x4a11d4 HeapSize
0x4a11d8 HeapReAlloc
0x4a11dc VirtualAlloc
0x4a11e0 GetACP
0x4a11e4 GetOEMCP
0x4a11e8 GetCPInfo
0x4a11ec IsValidCodePage
0x4a11f0 InitializeCriticalSectionAndSpinCount
0x4a11f4 WriteConsoleA
0x4a11f8 GetConsoleOutputCP
0x4a11fc WriteConsoleW
0x4a1200 MultiByteToWideChar
0x4a1204 SetFilePointer
0x4a1208 RtlUnwind
0x4a120c DebugBreak
0x4a1210 OutputDebugStringA
0x4a1214 OutputDebugStringW
0x4a1218 LoadLibraryA
0x4a121c LCMapStringA
0x4a1220 GetStringTypeA
0x4a1224 GetStringTypeW
0x4a1228 GetLocaleInfoA
0x4a122c CreateFileA
0x4a1230 CloseHandle
0x4a1234 GetModuleHandleA
USER32.dll
0x4a123c GetMenuCheckMarkDimensions
0x4a1240 GetMenuInfo
0x4a1244 GetMenuBarInfo
EAT(Export Address Table) is none