ScreenShot
| Created | 2021.06.24 19:02 | Machine | s1_win7_x6401 |
| Filename | defi.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 53 detected (AIDetect, malware1, malicious, high confidence, GenericKD, Save, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, HLKK, PWSX, Mokes, Racealer, TrojanPSW, Glupteba, CLASSIC, A + Troj, Siggen12, R01FC0DFK21, susgen, Outbreak, StellarStealer, jdnts, ai score=85, Azorult, 136Z9KJ, score, MalPE, R426260, GdSda, RM4fzZ6SXsA, Static AI, Malicious PE, Unsafe, ZexaF, JuW@aSQ3V1Hc) | ||
| md5 | ee17b850393e1f3cf0704a408378d874 | ||
| sha256 | 847a6ee401f8fabccd33c0e7d72e67f26423ae5cc085d6df9ba575720aec784d | ||
| ssdeep | 12288:YrE9g/lgChDGRgyQWTLJ8Qb/Zj6vTYnwfuRVdQmwgfo:xg/lXqRj6cnwf0VdQ | ||
| imphash | 924d9a2d7cc05ebebcdeae3f0201835c | ||
| impfuzzy | 48:9aOBnCBH5AdN7J/8SeJPlpI62OMwaEBcftgJVQX1dzV2OG+ul:9FtC0X9eZvIZDEBcftgJVQFdzVI | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | NPKI_Zero | File included NPKI | binaries (upload) |
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x478008 GlobalFix
0x47800c GetFileSize
0x478010 SetLocalTime
0x478014 SetEndOfFile
0x478018 GetNumberOfConsoleInputEvents
0x47801c FindResourceExW
0x478020 GetCommState
0x478024 InterlockedDecrement
0x478028 ScrollConsoleScreenBufferW
0x47802c GetProfileSectionA
0x478030 WriteConsoleInputA
0x478034 SetComputerNameW
0x478038 GetComputerNameW
0x47803c CallNamedPipeW
0x478040 GetModuleHandleW
0x478044 GetSystemWow64DirectoryA
0x478048 CreateDirectoryExW
0x47804c GetDriveTypeA
0x478050 TlsSetValue
0x478054 GlobalAlloc
0x478058 GetVolumeInformationA
0x47805c Sleep
0x478060 ReadFileScatter
0x478064 GetSystemTimeAdjustment
0x478068 GetVersionExW
0x47806c InterlockedPopEntrySList
0x478070 GlobalFlags
0x478074 Beep
0x478078 VerifyVersionInfoA
0x47807c IsDBCSLeadByte
0x478080 ReadFile
0x478084 CreateFileW
0x478088 GetBinaryTypeW
0x47808c CompareStringW
0x478090 GetACP
0x478094 lstrlenW
0x478098 GetConsoleOutputCP
0x47809c CreateDirectoryA
0x4780a0 InterlockedExchange
0x4780a4 GetStdHandle
0x4780a8 EnumResourceNamesW
0x4780ac OpenMutexW
0x4780b0 GetProcAddress
0x4780b4 SetVolumeLabelW
0x4780b8 WriteProfileSectionA
0x4780bc FreeUserPhysicalPages
0x4780c0 CreateMemoryResourceNotification
0x4780c4 SearchPathA
0x4780c8 GetPrivateProfileStringA
0x4780cc SetFileApisToOEM
0x4780d0 GetAtomNameA
0x4780d4 Process32FirstW
0x4780d8 OpenWaitableTimerW
0x4780dc IsSystemResumeAutomatic
0x4780e0 GetCommMask
0x4780e4 AddAtomA
0x4780e8 GetSystemInfo
0x4780ec SetSystemTime
0x4780f0 EnumResourceTypesW
0x4780f4 SetConsoleCursorInfo
0x4780f8 CreateIoCompletionPort
0x4780fc SetConsoleTitleW
0x478100 GetModuleHandleA
0x478104 FreeEnvironmentStringsW
0x478108 GetConsoleTitleW
0x47810c BuildCommDCBA
0x478110 GetCurrentDirectoryA
0x478114 CompareStringA
0x478118 SetCalendarInfoA
0x47811c GetWindowsDirectoryW
0x478120 GetCurrentProcessId
0x478124 SuspendThread
0x478128 LCMapStringW
0x47812c CopyFileExA
0x478130 DeleteFileA
0x478134 CreateFileA
0x478138 FindFirstFileA
0x47813c GetCommandLineW
0x478140 GetLastError
0x478144 MoveFileA
0x478148 GetStartupInfoW
0x47814c HeapValidate
0x478150 IsBadReadPtr
0x478154 RaiseException
0x478158 EnterCriticalSection
0x47815c LeaveCriticalSection
0x478160 TerminateProcess
0x478164 GetCurrentProcess
0x478168 UnhandledExceptionFilter
0x47816c SetUnhandledExceptionFilter
0x478170 IsDebuggerPresent
0x478174 GetModuleFileNameW
0x478178 DeleteCriticalSection
0x47817c QueryPerformanceCounter
0x478180 GetTickCount
0x478184 GetCurrentThreadId
0x478188 GetSystemTimeAsFileTime
0x47818c InterlockedIncrement
0x478190 ExitProcess
0x478194 GetEnvironmentStringsW
0x478198 SetHandleCount
0x47819c GetFileType
0x4781a0 GetStartupInfoA
0x4781a4 TlsGetValue
0x4781a8 TlsAlloc
0x4781ac TlsFree
0x4781b0 SetLastError
0x4781b4 HeapDestroy
0x4781b8 HeapCreate
0x4781bc HeapFree
0x4781c0 VirtualFree
0x4781c4 GetModuleFileNameA
0x4781c8 WriteFile
0x4781cc HeapAlloc
0x4781d0 HeapSize
0x4781d4 HeapReAlloc
0x4781d8 VirtualAlloc
0x4781dc GetOEMCP
0x4781e0 GetCPInfo
0x4781e4 IsValidCodePage
0x4781e8 RtlUnwind
0x4781ec DebugBreak
0x4781f0 OutputDebugStringA
0x4781f4 WriteConsoleW
0x4781f8 OutputDebugStringW
0x4781fc LoadLibraryW
0x478200 MultiByteToWideChar
0x478204 InitializeCriticalSectionAndSpinCount
0x478208 LoadLibraryA
0x47820c WideCharToMultiByte
0x478210 LCMapStringA
0x478214 GetStringTypeA
0x478218 GetStringTypeW
0x47821c GetLocaleInfoA
0x478220 FlushFileBuffers
0x478224 GetConsoleCP
0x478228 GetConsoleMode
0x47822c SetFilePointer
0x478230 CloseHandle
0x478234 SetStdHandle
0x478238 WriteConsoleA
USER32.dll
0x478240 GetListBoxInfo
0x478244 GetMenuInfo
0x478248 GetComboBoxInfo
0x47824c GetMenuBarInfo
ADVAPI32.dll
0x478000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x46dc70 _futurama@4
0x46dc60 _hiduk@8
0x46dc50 _regulmoto@4
KERNEL32.dll
0x478008 GlobalFix
0x47800c GetFileSize
0x478010 SetLocalTime
0x478014 SetEndOfFile
0x478018 GetNumberOfConsoleInputEvents
0x47801c FindResourceExW
0x478020 GetCommState
0x478024 InterlockedDecrement
0x478028 ScrollConsoleScreenBufferW
0x47802c GetProfileSectionA
0x478030 WriteConsoleInputA
0x478034 SetComputerNameW
0x478038 GetComputerNameW
0x47803c CallNamedPipeW
0x478040 GetModuleHandleW
0x478044 GetSystemWow64DirectoryA
0x478048 CreateDirectoryExW
0x47804c GetDriveTypeA
0x478050 TlsSetValue
0x478054 GlobalAlloc
0x478058 GetVolumeInformationA
0x47805c Sleep
0x478060 ReadFileScatter
0x478064 GetSystemTimeAdjustment
0x478068 GetVersionExW
0x47806c InterlockedPopEntrySList
0x478070 GlobalFlags
0x478074 Beep
0x478078 VerifyVersionInfoA
0x47807c IsDBCSLeadByte
0x478080 ReadFile
0x478084 CreateFileW
0x478088 GetBinaryTypeW
0x47808c CompareStringW
0x478090 GetACP
0x478094 lstrlenW
0x478098 GetConsoleOutputCP
0x47809c CreateDirectoryA
0x4780a0 InterlockedExchange
0x4780a4 GetStdHandle
0x4780a8 EnumResourceNamesW
0x4780ac OpenMutexW
0x4780b0 GetProcAddress
0x4780b4 SetVolumeLabelW
0x4780b8 WriteProfileSectionA
0x4780bc FreeUserPhysicalPages
0x4780c0 CreateMemoryResourceNotification
0x4780c4 SearchPathA
0x4780c8 GetPrivateProfileStringA
0x4780cc SetFileApisToOEM
0x4780d0 GetAtomNameA
0x4780d4 Process32FirstW
0x4780d8 OpenWaitableTimerW
0x4780dc IsSystemResumeAutomatic
0x4780e0 GetCommMask
0x4780e4 AddAtomA
0x4780e8 GetSystemInfo
0x4780ec SetSystemTime
0x4780f0 EnumResourceTypesW
0x4780f4 SetConsoleCursorInfo
0x4780f8 CreateIoCompletionPort
0x4780fc SetConsoleTitleW
0x478100 GetModuleHandleA
0x478104 FreeEnvironmentStringsW
0x478108 GetConsoleTitleW
0x47810c BuildCommDCBA
0x478110 GetCurrentDirectoryA
0x478114 CompareStringA
0x478118 SetCalendarInfoA
0x47811c GetWindowsDirectoryW
0x478120 GetCurrentProcessId
0x478124 SuspendThread
0x478128 LCMapStringW
0x47812c CopyFileExA
0x478130 DeleteFileA
0x478134 CreateFileA
0x478138 FindFirstFileA
0x47813c GetCommandLineW
0x478140 GetLastError
0x478144 MoveFileA
0x478148 GetStartupInfoW
0x47814c HeapValidate
0x478150 IsBadReadPtr
0x478154 RaiseException
0x478158 EnterCriticalSection
0x47815c LeaveCriticalSection
0x478160 TerminateProcess
0x478164 GetCurrentProcess
0x478168 UnhandledExceptionFilter
0x47816c SetUnhandledExceptionFilter
0x478170 IsDebuggerPresent
0x478174 GetModuleFileNameW
0x478178 DeleteCriticalSection
0x47817c QueryPerformanceCounter
0x478180 GetTickCount
0x478184 GetCurrentThreadId
0x478188 GetSystemTimeAsFileTime
0x47818c InterlockedIncrement
0x478190 ExitProcess
0x478194 GetEnvironmentStringsW
0x478198 SetHandleCount
0x47819c GetFileType
0x4781a0 GetStartupInfoA
0x4781a4 TlsGetValue
0x4781a8 TlsAlloc
0x4781ac TlsFree
0x4781b0 SetLastError
0x4781b4 HeapDestroy
0x4781b8 HeapCreate
0x4781bc HeapFree
0x4781c0 VirtualFree
0x4781c4 GetModuleFileNameA
0x4781c8 WriteFile
0x4781cc HeapAlloc
0x4781d0 HeapSize
0x4781d4 HeapReAlloc
0x4781d8 VirtualAlloc
0x4781dc GetOEMCP
0x4781e0 GetCPInfo
0x4781e4 IsValidCodePage
0x4781e8 RtlUnwind
0x4781ec DebugBreak
0x4781f0 OutputDebugStringA
0x4781f4 WriteConsoleW
0x4781f8 OutputDebugStringW
0x4781fc LoadLibraryW
0x478200 MultiByteToWideChar
0x478204 InitializeCriticalSectionAndSpinCount
0x478208 LoadLibraryA
0x47820c WideCharToMultiByte
0x478210 LCMapStringA
0x478214 GetStringTypeA
0x478218 GetStringTypeW
0x47821c GetLocaleInfoA
0x478220 FlushFileBuffers
0x478224 GetConsoleCP
0x478228 GetConsoleMode
0x47822c SetFilePointer
0x478230 CloseHandle
0x478234 SetStdHandle
0x478238 WriteConsoleA
USER32.dll
0x478240 GetListBoxInfo
0x478244 GetMenuInfo
0x478248 GetComboBoxInfo
0x47824c GetMenuBarInfo
ADVAPI32.dll
0x478000 InitiateSystemShutdownW
EAT(Export Address Table) Library
0x46dc70 _futurama@4
0x46dc60 _hiduk@8
0x46dc50 _regulmoto@4