ScreenShot
| Created | 2021.06.24 09:06 | Machine | s1_win7_x6401 |
| Filename | 5bff9e596f542e5fe90ad8847f5bd508.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 29 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, ZexaF, Ku0@aCSvnWeQ, Attribute, HighConfidence, Kryptik, HLLD, PWSX, A + Troj, Static AI, Malicious PE, Zenpak, Azorult, score, BScope, CLASSIC, Genetic, confidence, 100%) | ||
| md5 | 2d58dc67350666f9c2ccf6ecb273afcb | ||
| sha256 | 4894737e39bed32d36471801a3169e5b4c8214aefa590823993ed75106b70066 | ||
| ssdeep | 12288:qN2TvjdIRrL71aPFs5Hkzv2HBdKKJXrMFEFC0+/Yv3oTNN8lV:qMvjdIcqlMgBxbxg6 | ||
| imphash | 727fc829aa749656d14688aeebd4d86d | ||
| impfuzzy | 48:9ZRAOvrFp4dlDJTI1TiHPOtaEafnLRhV8hb3VdvOGT:9IOvbQl2qPJEafLRhV8hb3Vdh | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x475000 EnumResourceNamesW
0x475004 SearchPathW
0x475008 FindFirstFileW
0x47500c TlsGetValue
0x475010 GetDriveTypeW
0x475014 GetNumberOfConsoleInputEvents
0x475018 FindResourceExW
0x47501c CallNamedPipeA
0x475020 LoadResource
0x475024 InterlockedIncrement
0x475028 InitializeSListHead
0x47502c GlobalLock
0x475030 SetComputerNameW
0x475034 GetComputerNameW
0x475038 GetCommProperties
0x47503c FreeEnvironmentStringsA
0x475040 SetTapeParameters
0x475044 GetModuleHandleW
0x475048 GenerateConsoleCtrlEvent
0x47504c GetConsoleAliasesLengthA
0x475050 GetPrivateProfileStringW
0x475054 GetConsoleTitleA
0x475058 GetCommandLineA
0x47505c GetSystemWow64DirectoryA
0x475060 CreateDirectoryExW
0x475064 InitializeCriticalSection
0x475068 GlobalAlloc
0x47506c AddRefActCtx
0x475070 GetVolumeInformationA
0x475074 ReadFileScatter
0x475078 GetSystemWindowsDirectoryA
0x47507c GetSystemTimeAdjustment
0x475080 GetVersionExW
0x475084 GlobalFlags
0x475088 GetBinaryTypeA
0x47508c TerminateProcess
0x475090 IsDBCSLeadByte
0x475094 ReadFile
0x475098 CompareStringW
0x47509c lstrlenW
0x4750a0 SetConsoleTitleA
0x4750a4 LCMapStringA
0x4750a8 VerifyVersionInfoW
0x4750ac CreateDirectoryA
0x4750b0 InterlockedExchange
0x4750b4 GetFileSizeEx
0x4750b8 GetCurrentDirectoryW
0x4750bc GetProcAddress
0x4750c0 SetVolumeLabelW
0x4750c4 WriteProfileSectionA
0x4750c8 FreeUserPhysicalPages
0x4750cc BuildCommDCBW
0x4750d0 OpenWaitableTimerA
0x4750d4 GetLocalTime
0x4750d8 LoadLibraryA
0x4750dc Process32FirstW
0x4750e0 OpenMutexA
0x4750e4 SetConsoleOutputCP
0x4750e8 SetFileApisToANSI
0x4750ec AddAtomA
0x4750f0 FindAtomA
0x4750f4 GetTapeParameters
0x4750f8 GetSystemInfo
0x4750fc EnumResourceTypesW
0x475100 CreateIoCompletionPort
0x475104 FreeEnvironmentStringsW
0x475108 FindNextFileW
0x47510c RequestWakeupLatency
0x475110 GetConsoleCursorInfo
0x475114 ScrollConsoleScreenBufferA
0x475118 SetCalendarInfoA
0x47511c GetWindowsDirectoryW
0x475120 GetProfileSectionW
0x475124 CopyFileExA
0x475128 DeleteFileA
0x47512c FlushFileBuffers
0x475130 GetLastError
0x475134 MoveFileA
0x475138 GetStartupInfoA
0x47513c HeapValidate
0x475140 IsBadReadPtr
0x475144 RaiseException
0x475148 LeaveCriticalSection
0x47514c EnterCriticalSection
0x475150 SetStdHandle
0x475154 GetFileType
0x475158 WriteFile
0x47515c WideCharToMultiByte
0x475160 GetConsoleCP
0x475164 GetConsoleMode
0x475168 DeleteCriticalSection
0x47516c GetModuleFileNameW
0x475170 SetUnhandledExceptionFilter
0x475174 QueryPerformanceCounter
0x475178 GetTickCount
0x47517c GetCurrentThreadId
0x475180 GetCurrentProcessId
0x475184 GetSystemTimeAsFileTime
0x475188 Sleep
0x47518c InterlockedDecrement
0x475190 ExitProcess
0x475194 GetModuleFileNameA
0x475198 GetEnvironmentStrings
0x47519c GetEnvironmentStringsW
0x4751a0 SetHandleCount
0x4751a4 GetStdHandle
0x4751a8 TlsAlloc
0x4751ac TlsSetValue
0x4751b0 TlsFree
0x4751b4 SetLastError
0x4751b8 HeapDestroy
0x4751bc HeapCreate
0x4751c0 HeapFree
0x4751c4 VirtualFree
0x4751c8 HeapAlloc
0x4751cc GetCurrentProcess
0x4751d0 UnhandledExceptionFilter
0x4751d4 IsDebuggerPresent
0x4751d8 HeapSize
0x4751dc HeapReAlloc
0x4751e0 VirtualAlloc
0x4751e4 GetACP
0x4751e8 GetOEMCP
0x4751ec GetCPInfo
0x4751f0 IsValidCodePage
0x4751f4 InitializeCriticalSectionAndSpinCount
0x4751f8 WriteConsoleA
0x4751fc GetConsoleOutputCP
0x475200 WriteConsoleW
0x475204 MultiByteToWideChar
0x475208 SetFilePointer
0x47520c RtlUnwind
0x475210 DebugBreak
0x475214 OutputDebugStringA
0x475218 OutputDebugStringW
0x47521c LoadLibraryW
0x475220 LCMapStringW
0x475224 GetStringTypeA
0x475228 GetStringTypeW
0x47522c GetLocaleInfoA
0x475230 CreateFileA
0x475234 CloseHandle
0x475238 GetModuleHandleA
USER32.dll
0x475240 GetMenuCheckMarkDimensions
0x475244 GetMenuInfo
0x475248 GetMenuBarInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x475000 EnumResourceNamesW
0x475004 SearchPathW
0x475008 FindFirstFileW
0x47500c TlsGetValue
0x475010 GetDriveTypeW
0x475014 GetNumberOfConsoleInputEvents
0x475018 FindResourceExW
0x47501c CallNamedPipeA
0x475020 LoadResource
0x475024 InterlockedIncrement
0x475028 InitializeSListHead
0x47502c GlobalLock
0x475030 SetComputerNameW
0x475034 GetComputerNameW
0x475038 GetCommProperties
0x47503c FreeEnvironmentStringsA
0x475040 SetTapeParameters
0x475044 GetModuleHandleW
0x475048 GenerateConsoleCtrlEvent
0x47504c GetConsoleAliasesLengthA
0x475050 GetPrivateProfileStringW
0x475054 GetConsoleTitleA
0x475058 GetCommandLineA
0x47505c GetSystemWow64DirectoryA
0x475060 CreateDirectoryExW
0x475064 InitializeCriticalSection
0x475068 GlobalAlloc
0x47506c AddRefActCtx
0x475070 GetVolumeInformationA
0x475074 ReadFileScatter
0x475078 GetSystemWindowsDirectoryA
0x47507c GetSystemTimeAdjustment
0x475080 GetVersionExW
0x475084 GlobalFlags
0x475088 GetBinaryTypeA
0x47508c TerminateProcess
0x475090 IsDBCSLeadByte
0x475094 ReadFile
0x475098 CompareStringW
0x47509c lstrlenW
0x4750a0 SetConsoleTitleA
0x4750a4 LCMapStringA
0x4750a8 VerifyVersionInfoW
0x4750ac CreateDirectoryA
0x4750b0 InterlockedExchange
0x4750b4 GetFileSizeEx
0x4750b8 GetCurrentDirectoryW
0x4750bc GetProcAddress
0x4750c0 SetVolumeLabelW
0x4750c4 WriteProfileSectionA
0x4750c8 FreeUserPhysicalPages
0x4750cc BuildCommDCBW
0x4750d0 OpenWaitableTimerA
0x4750d4 GetLocalTime
0x4750d8 LoadLibraryA
0x4750dc Process32FirstW
0x4750e0 OpenMutexA
0x4750e4 SetConsoleOutputCP
0x4750e8 SetFileApisToANSI
0x4750ec AddAtomA
0x4750f0 FindAtomA
0x4750f4 GetTapeParameters
0x4750f8 GetSystemInfo
0x4750fc EnumResourceTypesW
0x475100 CreateIoCompletionPort
0x475104 FreeEnvironmentStringsW
0x475108 FindNextFileW
0x47510c RequestWakeupLatency
0x475110 GetConsoleCursorInfo
0x475114 ScrollConsoleScreenBufferA
0x475118 SetCalendarInfoA
0x47511c GetWindowsDirectoryW
0x475120 GetProfileSectionW
0x475124 CopyFileExA
0x475128 DeleteFileA
0x47512c FlushFileBuffers
0x475130 GetLastError
0x475134 MoveFileA
0x475138 GetStartupInfoA
0x47513c HeapValidate
0x475140 IsBadReadPtr
0x475144 RaiseException
0x475148 LeaveCriticalSection
0x47514c EnterCriticalSection
0x475150 SetStdHandle
0x475154 GetFileType
0x475158 WriteFile
0x47515c WideCharToMultiByte
0x475160 GetConsoleCP
0x475164 GetConsoleMode
0x475168 DeleteCriticalSection
0x47516c GetModuleFileNameW
0x475170 SetUnhandledExceptionFilter
0x475174 QueryPerformanceCounter
0x475178 GetTickCount
0x47517c GetCurrentThreadId
0x475180 GetCurrentProcessId
0x475184 GetSystemTimeAsFileTime
0x475188 Sleep
0x47518c InterlockedDecrement
0x475190 ExitProcess
0x475194 GetModuleFileNameA
0x475198 GetEnvironmentStrings
0x47519c GetEnvironmentStringsW
0x4751a0 SetHandleCount
0x4751a4 GetStdHandle
0x4751a8 TlsAlloc
0x4751ac TlsSetValue
0x4751b0 TlsFree
0x4751b4 SetLastError
0x4751b8 HeapDestroy
0x4751bc HeapCreate
0x4751c0 HeapFree
0x4751c4 VirtualFree
0x4751c8 HeapAlloc
0x4751cc GetCurrentProcess
0x4751d0 UnhandledExceptionFilter
0x4751d4 IsDebuggerPresent
0x4751d8 HeapSize
0x4751dc HeapReAlloc
0x4751e0 VirtualAlloc
0x4751e4 GetACP
0x4751e8 GetOEMCP
0x4751ec GetCPInfo
0x4751f0 IsValidCodePage
0x4751f4 InitializeCriticalSectionAndSpinCount
0x4751f8 WriteConsoleA
0x4751fc GetConsoleOutputCP
0x475200 WriteConsoleW
0x475204 MultiByteToWideChar
0x475208 SetFilePointer
0x47520c RtlUnwind
0x475210 DebugBreak
0x475214 OutputDebugStringA
0x475218 OutputDebugStringW
0x47521c LoadLibraryW
0x475220 LCMapStringW
0x475224 GetStringTypeA
0x475228 GetStringTypeW
0x47522c GetLocaleInfoA
0x475230 CreateFileA
0x475234 CloseHandle
0x475238 GetModuleHandleA
USER32.dll
0x475240 GetMenuCheckMarkDimensions
0x475244 GetMenuInfo
0x475248 GetMenuBarInfo
EAT(Export Address Table) is none