ScreenShot
| Created | 2021.06.24 18:56 | Machine | s1_win7_x6401 |
| Filename | xxxx1_2021-06-22_10-59.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 43 detected (AIDetect, malware1, malicious, high confidence, GenericKDZ, Unsafe, Save, confidence, Starter, ali2000005, TFMQ, Attribute, HighConfidence, Kryptik, HLLP, Stop, PWSX, CLASSIC, Siggen14, Cutwail, munvt, kcloud, score, MalPE, R426946, ZexaF, su0@a0OQJqiG, ai score=86, Static AI, Suspicious PE, susgen, Behavior, GdSda) | ||
| md5 | 75fc5d6c951b284bc1c6b309c7c5fd9e | ||
| sha256 | 9933468292efeb6b2c9d2c8e36bbe818aebe7e46eeb6d7e25a8299b4e90f3ab6 | ||
| ssdeep | 6144:6j+Pyrry/3PXz8T3ZGHqh8OhsoYAmYFVB:6j8+e78T/hYArj | ||
| imphash | 794d44b735ee50031372522aab4383b2 | ||
| impfuzzy | 48:UjYCXCaUieMepJ6x2VG2pcl9gSitdBZBMrz5k:UjYCFUisJ6xyG2pcjgSivrUFk | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4029018 FreeLibrary
0x402901c SystemTimeToTzSpecificLocalTime
0x4029020 SetUnhandledExceptionFilter
0x4029024 InterlockedIncrement
0x4029028 SetMailslotInfo
0x402902c ScrollConsoleScreenBufferW
0x4029030 InitializeSListHead
0x4029034 CancelWaitableTimer
0x4029038 GetTimeFormatA
0x402903c LockFile
0x4029040 ConnectNamedPipe
0x4029044 GetTickCount
0x4029048 FindNextVolumeMountPointA
0x402904c WriteFile
0x4029050 TzSpecificLocalTimeToSystemTime
0x4029054 GetSystemPowerStatus
0x4029058 GetSystemTimeAdjustment
0x402905c HeapDestroy
0x4029060 GetFileAttributesA
0x4029064 GetConsoleAliasW
0x4029068 GetAtomNameW
0x402906c IsDBCSLeadByte
0x4029070 GetModuleFileNameW
0x4029074 SetLocalTime
0x4029078 CreateJobObjectA
0x402907c LCMapStringA
0x4029080 GetConsoleOutputCP
0x4029084 CreateDirectoryA
0x4029088 GetCurrentDirectoryW
0x402908c GetProcAddress
0x4029090 GetProcessHeaps
0x4029094 HeapUnlock
0x4029098 SetFileAttributesA
0x402909c LoadLibraryA
0x40290a0 LocalAlloc
0x40290a4 AddVectoredExceptionHandler
0x40290a8 VirtualLock
0x40290ac FindAtomA
0x40290b0 GetTapeParameters
0x40290b4 GetModuleHandleA
0x40290b8 EraseTape
0x40290bc FreeEnvironmentStringsW
0x40290c0 SetProcessShutdownParameters
0x40290c4 LocalFileTimeToFileTime
0x40290c8 CompareStringW
0x40290cc CompareStringA
0x40290d0 WriteConsoleW
0x40290d4 EnumDateFormatsExW
0x40290d8 WriteConsoleOutputCharacterW
0x40290dc SetFilePointer
0x40290e0 HeapCompact
0x40290e4 GlobalUnlock
0x40290e8 ExitProcess
0x40290ec TerminateProcess
0x40290f0 GetCurrentProcess
0x40290f4 UnhandledExceptionFilter
0x40290f8 IsDebuggerPresent
0x40290fc GetCommandLineA
0x4029100 GetStartupInfoA
0x4029104 RaiseException
0x4029108 RtlUnwind
0x402910c HeapAlloc
0x4029110 GetLastError
0x4029114 HeapFree
0x4029118 GetModuleHandleW
0x402911c TlsGetValue
0x4029120 TlsAlloc
0x4029124 TlsSetValue
0x4029128 TlsFree
0x402912c SetLastError
0x4029130 GetCurrentThreadId
0x4029134 InterlockedDecrement
0x4029138 GetCurrentThread
0x402913c EnterCriticalSection
0x4029140 LeaveCriticalSection
0x4029144 Sleep
0x4029148 GetStdHandle
0x402914c GetModuleFileNameA
0x4029150 FreeEnvironmentStringsA
0x4029154 GetEnvironmentStrings
0x4029158 WideCharToMultiByte
0x402915c GetEnvironmentStringsW
0x4029160 SetHandleCount
0x4029164 GetFileType
0x4029168 DeleteCriticalSection
0x402916c HeapCreate
0x4029170 VirtualFree
0x4029174 QueryPerformanceCounter
0x4029178 GetCurrentProcessId
0x402917c GetSystemTimeAsFileTime
0x4029180 FatalAppExitA
0x4029184 VirtualAlloc
0x4029188 HeapReAlloc
0x402918c GetCPInfo
0x4029190 GetACP
0x4029194 GetOEMCP
0x4029198 IsValidCodePage
0x402919c CloseHandle
0x40291a0 CreateFileA
0x40291a4 InitializeCriticalSectionAndSpinCount
0x40291a8 HeapSize
0x40291ac SetConsoleCtrlHandler
0x40291b0 InterlockedExchange
0x40291b4 GetDateFormatA
0x40291b8 GetUserDefaultLCID
0x40291bc GetLocaleInfoA
0x40291c0 EnumSystemLocalesA
0x40291c4 IsValidLocale
0x40291c8 GetStringTypeA
0x40291cc MultiByteToWideChar
0x40291d0 GetStringTypeW
0x40291d4 LCMapStringW
0x40291d8 GetConsoleCP
0x40291dc GetConsoleMode
0x40291e0 FlushFileBuffers
0x40291e4 SetStdHandle
0x40291e8 SetEndOfFile
0x40291ec GetProcessHeap
0x40291f0 ReadFile
0x40291f4 GetLocaleInfoW
0x40291f8 GetTimeZoneInformation
0x40291fc WriteConsoleA
0x4029200 SetEnvironmentVariableA
USER32.dll
0x4029208 GetDesktopWindow
0x402920c GetProcessWindowStation
ADVAPI32.dll
0x4029000 BackupEventLogA
0x4029004 AbortSystemShutdownA
0x4029008 AddAccessDeniedAce
0x402900c EqualPrefixSid
0x4029010 GetLengthSid
EAT(Export Address Table) Library
0x4027ea0 Albus
0x4027eb0 Coffe
0x4027ed0 Super
0x4027ec0 SuspendYourMind
KERNEL32.dll
0x4029018 FreeLibrary
0x402901c SystemTimeToTzSpecificLocalTime
0x4029020 SetUnhandledExceptionFilter
0x4029024 InterlockedIncrement
0x4029028 SetMailslotInfo
0x402902c ScrollConsoleScreenBufferW
0x4029030 InitializeSListHead
0x4029034 CancelWaitableTimer
0x4029038 GetTimeFormatA
0x402903c LockFile
0x4029040 ConnectNamedPipe
0x4029044 GetTickCount
0x4029048 FindNextVolumeMountPointA
0x402904c WriteFile
0x4029050 TzSpecificLocalTimeToSystemTime
0x4029054 GetSystemPowerStatus
0x4029058 GetSystemTimeAdjustment
0x402905c HeapDestroy
0x4029060 GetFileAttributesA
0x4029064 GetConsoleAliasW
0x4029068 GetAtomNameW
0x402906c IsDBCSLeadByte
0x4029070 GetModuleFileNameW
0x4029074 SetLocalTime
0x4029078 CreateJobObjectA
0x402907c LCMapStringA
0x4029080 GetConsoleOutputCP
0x4029084 CreateDirectoryA
0x4029088 GetCurrentDirectoryW
0x402908c GetProcAddress
0x4029090 GetProcessHeaps
0x4029094 HeapUnlock
0x4029098 SetFileAttributesA
0x402909c LoadLibraryA
0x40290a0 LocalAlloc
0x40290a4 AddVectoredExceptionHandler
0x40290a8 VirtualLock
0x40290ac FindAtomA
0x40290b0 GetTapeParameters
0x40290b4 GetModuleHandleA
0x40290b8 EraseTape
0x40290bc FreeEnvironmentStringsW
0x40290c0 SetProcessShutdownParameters
0x40290c4 LocalFileTimeToFileTime
0x40290c8 CompareStringW
0x40290cc CompareStringA
0x40290d0 WriteConsoleW
0x40290d4 EnumDateFormatsExW
0x40290d8 WriteConsoleOutputCharacterW
0x40290dc SetFilePointer
0x40290e0 HeapCompact
0x40290e4 GlobalUnlock
0x40290e8 ExitProcess
0x40290ec TerminateProcess
0x40290f0 GetCurrentProcess
0x40290f4 UnhandledExceptionFilter
0x40290f8 IsDebuggerPresent
0x40290fc GetCommandLineA
0x4029100 GetStartupInfoA
0x4029104 RaiseException
0x4029108 RtlUnwind
0x402910c HeapAlloc
0x4029110 GetLastError
0x4029114 HeapFree
0x4029118 GetModuleHandleW
0x402911c TlsGetValue
0x4029120 TlsAlloc
0x4029124 TlsSetValue
0x4029128 TlsFree
0x402912c SetLastError
0x4029130 GetCurrentThreadId
0x4029134 InterlockedDecrement
0x4029138 GetCurrentThread
0x402913c EnterCriticalSection
0x4029140 LeaveCriticalSection
0x4029144 Sleep
0x4029148 GetStdHandle
0x402914c GetModuleFileNameA
0x4029150 FreeEnvironmentStringsA
0x4029154 GetEnvironmentStrings
0x4029158 WideCharToMultiByte
0x402915c GetEnvironmentStringsW
0x4029160 SetHandleCount
0x4029164 GetFileType
0x4029168 DeleteCriticalSection
0x402916c HeapCreate
0x4029170 VirtualFree
0x4029174 QueryPerformanceCounter
0x4029178 GetCurrentProcessId
0x402917c GetSystemTimeAsFileTime
0x4029180 FatalAppExitA
0x4029184 VirtualAlloc
0x4029188 HeapReAlloc
0x402918c GetCPInfo
0x4029190 GetACP
0x4029194 GetOEMCP
0x4029198 IsValidCodePage
0x402919c CloseHandle
0x40291a0 CreateFileA
0x40291a4 InitializeCriticalSectionAndSpinCount
0x40291a8 HeapSize
0x40291ac SetConsoleCtrlHandler
0x40291b0 InterlockedExchange
0x40291b4 GetDateFormatA
0x40291b8 GetUserDefaultLCID
0x40291bc GetLocaleInfoA
0x40291c0 EnumSystemLocalesA
0x40291c4 IsValidLocale
0x40291c8 GetStringTypeA
0x40291cc MultiByteToWideChar
0x40291d0 GetStringTypeW
0x40291d4 LCMapStringW
0x40291d8 GetConsoleCP
0x40291dc GetConsoleMode
0x40291e0 FlushFileBuffers
0x40291e4 SetStdHandle
0x40291e8 SetEndOfFile
0x40291ec GetProcessHeap
0x40291f0 ReadFile
0x40291f4 GetLocaleInfoW
0x40291f8 GetTimeZoneInformation
0x40291fc WriteConsoleA
0x4029200 SetEnvironmentVariableA
USER32.dll
0x4029208 GetDesktopWindow
0x402920c GetProcessWindowStation
ADVAPI32.dll
0x4029000 BackupEventLogA
0x4029004 AbortSystemShutdownA
0x4029008 AddAccessDeniedAce
0x402900c EqualPrefixSid
0x4029010 GetLengthSid
EAT(Export Address Table) Library
0x4027ea0 Albus
0x4027eb0 Coffe
0x4027ed0 Super
0x4027ec0 SuspendYourMind