ScreenShot
| Created | 2021.06.24 19:27 | Machine | s1_win7_x6401 |
| Filename | Regnator.exe | ||
| Type | MS-DOS executable, MZ for MS-DOS | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 11 detected (AIDetect, malware2, Unsafe, Attribute, HighConfidence, Malicious, Wacapew, score, R424526, ET#92%, RDMK, cmRtazp43aroHneaFtEoveIlCN9w, 100%) | ||
| md5 | da1beec86fb22f7e885ce7d96704998a | ||
| sha256 | 16f2eb22571035050b2a31f1e5061777845a311c690aff9076c8e4249ab45a5f | ||
| ssdeep | 98304:GpWR17HfgQF1jn9nDwYlepHBltorSvP6icsTNzv2RHmtDRDUGI4tTX6UuO1GYKVf:Gp41UI1jndwdHJsGP6iTR/tDRDUiOdWM | ||
| imphash | 74fb0fb5cc8747d17f53763f4900c12e | ||
| impfuzzy | 12:EcDh+eUDRRLEX2X7RgQ023EnSWdaFGmn2SYaqtQiHJ1I4+J9ALB:7Dh+e8RRLEXw7H0GEnSWdTSDY+iJr+u | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 11 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x219d2bc GetModuleHandleA
0x219d2c0 GetProcAddress
WINMM.dll
0x219d2c8 PlaySoundA
MSVCP140.dll
0x219d2d0 _Mbrtowc
ole32.dll
0x219d2d8 OleRun
mfc140.dll
0x219d2e0 None
USER32.dll
0x219d2e8 GetDC
GDI32.dll
0x219d2f0 Arc
MSIMG32.dll
0x219d2f8 GradientFill
WINSPOOL.DRV
0x219d300 None
ADVAPI32.dll
0x219d308 RegCloseKey
SHELL32.dll
0x219d310 ShellExecuteA
COMCTL32.dll
0x219d318 None
SHLWAPI.dll
0x219d320 UrlEscapeA
OLEAUT32.dll
0x219d328 VariantCopy
urlmon.dll
0x219d330 URLDownloadToFileA
ODBC32.dll
0x219d338 None
gdiplus.dll
0x219d340 GdipFree
WS2_32.dll
0x219d348 ntohl
IPHLPAPI.DLL
0x219d350 IcmpSendEcho2
WININET.dll
0x219d358 InternetOpenA
VCRUNTIME140.dll
0x219d360 wcsstr
api-ms-win-crt-runtime-l1-1-0.dll
0x219d368 exit
api-ms-win-crt-string-l1-1-0.dll
0x219d370 strcmp
api-ms-win-crt-heap-l1-1-0.dll
0x219d378 free
api-ms-win-crt-convert-l1-1-0.dll
0x219d380 atof
api-ms-win-crt-stdio-l1-1-0.dll
0x219d388 feof
api-ms-win-crt-filesystem-l1-1-0.dll
0x219d390 remove
api-ms-win-crt-utility-l1-1-0.dll
0x219d398 rand
api-ms-win-crt-time-l1-1-0.dll
0x219d3a0 _time64
api-ms-win-crt-math-l1-1-0.dll
0x219d3a8 modf
api-ms-win-crt-multibyte-l1-1-0.dll
0x219d3b0 _mbscmp
api-ms-win-crt-locale-l1-1-0.dll
0x219d3b8 _setmbcp
api-ms-win-crt-environment-l1-1-0.dll
0x219d3c0 getenv
CRYPT32.dll
0x219d3c8 CertOpenStore
EAT(Export Address Table) is none
KERNEL32.DLL
0x219d2bc GetModuleHandleA
0x219d2c0 GetProcAddress
WINMM.dll
0x219d2c8 PlaySoundA
MSVCP140.dll
0x219d2d0 _Mbrtowc
ole32.dll
0x219d2d8 OleRun
mfc140.dll
0x219d2e0 None
USER32.dll
0x219d2e8 GetDC
GDI32.dll
0x219d2f0 Arc
MSIMG32.dll
0x219d2f8 GradientFill
WINSPOOL.DRV
0x219d300 None
ADVAPI32.dll
0x219d308 RegCloseKey
SHELL32.dll
0x219d310 ShellExecuteA
COMCTL32.dll
0x219d318 None
SHLWAPI.dll
0x219d320 UrlEscapeA
OLEAUT32.dll
0x219d328 VariantCopy
urlmon.dll
0x219d330 URLDownloadToFileA
ODBC32.dll
0x219d338 None
gdiplus.dll
0x219d340 GdipFree
WS2_32.dll
0x219d348 ntohl
IPHLPAPI.DLL
0x219d350 IcmpSendEcho2
WININET.dll
0x219d358 InternetOpenA
VCRUNTIME140.dll
0x219d360 wcsstr
api-ms-win-crt-runtime-l1-1-0.dll
0x219d368 exit
api-ms-win-crt-string-l1-1-0.dll
0x219d370 strcmp
api-ms-win-crt-heap-l1-1-0.dll
0x219d378 free
api-ms-win-crt-convert-l1-1-0.dll
0x219d380 atof
api-ms-win-crt-stdio-l1-1-0.dll
0x219d388 feof
api-ms-win-crt-filesystem-l1-1-0.dll
0x219d390 remove
api-ms-win-crt-utility-l1-1-0.dll
0x219d398 rand
api-ms-win-crt-time-l1-1-0.dll
0x219d3a0 _time64
api-ms-win-crt-math-l1-1-0.dll
0x219d3a8 modf
api-ms-win-crt-multibyte-l1-1-0.dll
0x219d3b0 _mbscmp
api-ms-win-crt-locale-l1-1-0.dll
0x219d3b8 _setmbcp
api-ms-win-crt-environment-l1-1-0.dll
0x219d3c0 getenv
CRYPT32.dll
0x219d3c8 CertOpenStore
EAT(Export Address Table) is none