ScreenShot
| Created | 2021.06.24 20:14 | Machine | s1_win7_x6401 |
| Filename | system.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 32 detected (GenericKD, Shelma, malicious, JBYL, Artemis, vzrvm, ai score=82, Wacatac, score, Static AI, Suspicious PE, confidence) | ||
| md5 | 7b7ba402f370903873c0dd6bb8dcfb3a | ||
| sha256 | cb948541d3ea253dd2921211c05a42414a9cd537bf847b9bdb0008daa01d40ea | ||
| ssdeep | 384:OulS8EquIf3U0FlbhwInQ/2gGDfTtT62l85uCAStlS6e/cL4af0SYbQ/FMh8ti9E:HM89uIf3UEw3gD8ztlSn/cWRQ3t+E | ||
| imphash | d436d9450bd90861c524284cde9d6442 | ||
| impfuzzy | 24:3Efg1JmncJ8a0meB0MC95XGDZ8kbkoDqoZn:3Efg1ccJLeSzJGV8kbkoqE | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| warning | Generates some ICMP traffic |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
DNSAPI.dll
0x408218 DnsQuery_A
KERNEL32.dll
0x408228 DeleteCriticalSection
0x408230 EnterCriticalSection
0x408238 GetCurrentProcess
0x408240 GetCurrentProcessId
0x408248 GetCurrentThreadId
0x408250 GetLastError
0x408258 GetStartupInfoA
0x408260 GetSystemTimeAsFileTime
0x408268 GetTickCount
0x408270 InitializeCriticalSection
0x408278 LeaveCriticalSection
0x408280 QueryPerformanceCounter
0x408288 RtlAddFunctionTable
0x408290 RtlCaptureContext
0x408298 RtlLookupFunctionEntry
0x4082a0 RtlVirtualUnwind
0x4082a8 SetUnhandledExceptionFilter
0x4082b0 Sleep
0x4082b8 TerminateProcess
0x4082c0 TlsGetValue
0x4082c8 UnhandledExceptionFilter
0x4082d0 VirtualAlloc
0x4082d8 VirtualProtect
0x4082e0 VirtualQuery
msvcrt.dll
0x4082f0 __C_specific_handler
0x4082f8 __dllonexit
0x408300 __getmainargs
0x408308 __initenv
0x408310 __iob_func
0x408318 __lconv_init
0x408320 __set_app_type
0x408328 __setusermatherr
0x408330 _acmdln
0x408338 _amsg_exit
0x408340 _cexit
0x408348 _fmode
0x408350 _initterm
0x408358 _lock
0x408360 _onexit
0x408368 _unlock
0x408370 _vsnprintf
0x408378 abort
0x408380 calloc
0x408388 exit
0x408390 fprintf
0x408398 free
0x4083a0 fwrite
0x4083a8 malloc
0x4083b0 memcpy
0x4083b8 signal
0x4083c0 strlen
0x4083c8 strncmp
0x4083d0 vfprintf
EAT(Export Address Table) is none
DNSAPI.dll
0x408218 DnsQuery_A
KERNEL32.dll
0x408228 DeleteCriticalSection
0x408230 EnterCriticalSection
0x408238 GetCurrentProcess
0x408240 GetCurrentProcessId
0x408248 GetCurrentThreadId
0x408250 GetLastError
0x408258 GetStartupInfoA
0x408260 GetSystemTimeAsFileTime
0x408268 GetTickCount
0x408270 InitializeCriticalSection
0x408278 LeaveCriticalSection
0x408280 QueryPerformanceCounter
0x408288 RtlAddFunctionTable
0x408290 RtlCaptureContext
0x408298 RtlLookupFunctionEntry
0x4082a0 RtlVirtualUnwind
0x4082a8 SetUnhandledExceptionFilter
0x4082b0 Sleep
0x4082b8 TerminateProcess
0x4082c0 TlsGetValue
0x4082c8 UnhandledExceptionFilter
0x4082d0 VirtualAlloc
0x4082d8 VirtualProtect
0x4082e0 VirtualQuery
msvcrt.dll
0x4082f0 __C_specific_handler
0x4082f8 __dllonexit
0x408300 __getmainargs
0x408308 __initenv
0x408310 __iob_func
0x408318 __lconv_init
0x408320 __set_app_type
0x408328 __setusermatherr
0x408330 _acmdln
0x408338 _amsg_exit
0x408340 _cexit
0x408348 _fmode
0x408350 _initterm
0x408358 _lock
0x408360 _onexit
0x408368 _unlock
0x408370 _vsnprintf
0x408378 abort
0x408380 calloc
0x408388 exit
0x408390 fprintf
0x408398 free
0x4083a0 fwrite
0x4083a8 malloc
0x4083b0 memcpy
0x4083b8 signal
0x4083c0 strlen
0x4083c8 strncmp
0x4083d0 vfprintf
EAT(Export Address Table) is none