ScreenShot
| Created | 2021.06.24 20:46 | Machine | s1_win7_x6401 |
| Filename | 21_Atualizador.GourmetSA.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 16 detected (Heur3, @pKfaKtADdmSb, Artemis, ai score=89, R06CH09FJ21, susgen, malicious) | ||
| md5 | 28db2e73f6e4c8b6106a6826cabe31c7 | ||
| sha256 | e68fda286eefe045c2cbd33461be3b893b2fe0e79572ca07a16734dec3686cee | ||
| ssdeep | 98304:x6MO+EywUhv1BN6f9X2jEm1qA882673uqNYn3XT:x6MUtUhvfwfmZ26Ty | ||
| imphash | 33e8debb2f04bb3865dd59ced94311d1 | ||
| impfuzzy | 12:VA/DzqYOZ9X49rgZJ9+LwLGbtITQhrelCMX+O:V0DBa9XIOfiwLGbtbhW3 | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x15baa4c LoadLibraryA
0x15baa50 GetProcAddress
0x15baa54 VirtualProtect
0x15baa58 VirtualAlloc
0x15baa5c VirtualFree
0x15baa60 ExitProcess
advapi32.dll
0x15baa68 RegSaveKeyW
comctl32.dll
0x15baa70 ImageList_Add
comdlg32.dll
0x15baa78 GetSaveFileNameW
gdi32.dll
0x15baa80 Pie
gdiplus.dll
0x15baa88 GdipFree
msvcrt.dll
0x15baa90 atol
netapi32.dll
0x15baa98 NetWkstaGetInfo
ole32.dll
0x15baaa0 DoDragDrop
oleaut32.dll
0x15baaa8 LoadTypeLib
shell32.dll
0x15baab0 SHGetMalloc
SHFolder.dll
0x15baab8 SHGetFolderPathW
user32.dll
0x15baac0 GetDC
version.dll
0x15baac8 VerQueryValueW
winhttp.dll
0x15baad0 WinHttpOpen
wininet.dll
0x15baad8 InternetOpenW
winmm.dll
0x15baae0 timeGetTime
winspool.drv
0x15baae8 ClosePrinter
EAT(Export Address Table) is none
KERNEL32.DLL
0x15baa4c LoadLibraryA
0x15baa50 GetProcAddress
0x15baa54 VirtualProtect
0x15baa58 VirtualAlloc
0x15baa5c VirtualFree
0x15baa60 ExitProcess
advapi32.dll
0x15baa68 RegSaveKeyW
comctl32.dll
0x15baa70 ImageList_Add
comdlg32.dll
0x15baa78 GetSaveFileNameW
gdi32.dll
0x15baa80 Pie
gdiplus.dll
0x15baa88 GdipFree
msvcrt.dll
0x15baa90 atol
netapi32.dll
0x15baa98 NetWkstaGetInfo
ole32.dll
0x15baaa0 DoDragDrop
oleaut32.dll
0x15baaa8 LoadTypeLib
shell32.dll
0x15baab0 SHGetMalloc
SHFolder.dll
0x15baab8 SHGetFolderPathW
user32.dll
0x15baac0 GetDC
version.dll
0x15baac8 VerQueryValueW
winhttp.dll
0x15baad0 WinHttpOpen
wininet.dll
0x15baad8 InternetOpenW
winmm.dll
0x15baae0 timeGetTime
winspool.drv
0x15baae8 ClosePrinter
EAT(Export Address Table) is none