ScreenShot
| Created | 2021.06.24 19:35 | Machine | s1_win7_x6402 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 26 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, 100%, ZexaF, Xu0@auQYXFnI, Attribute, HighConfidence, Cryptnot, A + Troj, Kryptik, Lockbit, Zenpak, Azorult, score, BScope, Generic@ML, RDML, JMoNYkVUj1CsescRag, Static AI, Malicious PE, susgen) | ||
| md5 | e77d74abb804fd809d2a4a49b797bb18 | ||
| sha256 | e7c1f3cac6493e83c42b36308d5e4e5ba867aee763c83956224eda72a0bc4df5 | ||
| ssdeep | 24576:9hyySRp/HAyTYfzdnrjNZpbND+YoTrkOThsFe:yZHAEErjNvbND+YukShwe | ||
| imphash | 1e17a996886aa2657a4de6c042170d2c | ||
| impfuzzy | 48:yEbODA+fmpdVXAZI1qlpoX/OQ9YWaE8cRhV8+UpeLXvGBg:WEZzVXAW4voX/+zE8cRhV8+SeLXB | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4a1000 SetVolumeLabelA
0x4a1004 SearchPathW
0x4a1008 WriteConsoleInputW
0x4a100c TlsGetValue
0x4a1010 GetProfileIntW
0x4a1014 MapUserPhysicalPages
0x4a1018 LoadResource
0x4a101c InterlockedIncrement
0x4a1020 InterlockedDecrement
0x4a1024 ScrollConsoleScreenBufferW
0x4a1028 CreateDirectoryW
0x4a102c GetComputerNameW
0x4a1030 GetCommProperties
0x4a1034 FreeEnvironmentStringsA
0x4a1038 GetModuleHandleW
0x4a103c CreateNamedPipeW
0x4a1040 LocalFlags
0x4a1044 GetConsoleAliasesLengthA
0x4a1048 GetPrivateProfileStringW
0x4a104c GetWindowsDirectoryA
0x4a1050 WriteFile
0x4a1054 SetCommState
0x4a1058 GetCommandLineA
0x4a105c GetSystemWow64DirectoryA
0x4a1060 WriteFileGather
0x4a1064 CreateDirectoryExW
0x4a1068 SetProcessPriorityBoost
0x4a106c FindResourceExA
0x4a1070 GlobalAlloc
0x4a1074 LoadLibraryW
0x4a1078 GetConsoleMode
0x4a107c GetCalendarInfoA
0x4a1080 SetSystemTimeAdjustment
0x4a1084 GetSystemWindowsDirectoryA
0x4a1088 SetConsoleCursorPosition
0x4a108c VerifyVersionInfoA
0x4a1090 TerminateProcess
0x4a1094 IsDBCSLeadByte
0x4a1098 GetBinaryTypeW
0x4a109c GetOverlappedResult
0x4a10a0 lstrlenW
0x4a10a4 SetConsoleTitleA
0x4a10a8 GlobalUnlock
0x4a10ac LCMapStringA
0x4a10b0 GetConsoleOutputCP
0x4a10b4 InterlockedExchange
0x4a10b8 ReleaseActCtx
0x4a10bc GetFileSizeEx
0x4a10c0 SetThreadLocale
0x4a10c4 GetProcAddress
0x4a10c8 SetComputerNameA
0x4a10cc EnterCriticalSection
0x4a10d0 SearchPathA
0x4a10d4 BuildCommDCBW
0x4a10d8 OpenWaitableTimerA
0x4a10dc GetLocalTime
0x4a10e0 GetConsoleScreenBufferInfo
0x4a10e4 IsSystemResumeAutomatic
0x4a10e8 SetConsoleCtrlHandler
0x4a10ec WriteProfileSectionW
0x4a10f0 FindAtomA
0x4a10f4 GetTapeParameters
0x4a10f8 EnumResourceTypesW
0x4a10fc SetConsoleCursorInfo
0x4a1100 GetConsoleTitleW
0x4a1104 GetCurrentDirectoryA
0x4a1108 CompareStringA
0x4a110c GetConsoleCursorInfo
0x4a1110 SetThreadAffinityMask
0x4a1114 GetVersionExA
0x4a1118 DeleteFileW
0x4a111c InterlockedPushEntrySList
0x4a1120 GetProfileSectionW
0x4a1124 CopyFileExA
0x4a1128 AreFileApisANSI
0x4a112c GetVolumeInformationW
0x4a1130 GetModuleHandleA
0x4a1134 FlushFileBuffers
0x4a1138 GetStartupInfoA
0x4a113c HeapValidate
0x4a1140 IsBadReadPtr
0x4a1144 RaiseException
0x4a1148 DeleteCriticalSection
0x4a114c LeaveCriticalSection
0x4a1150 GetModuleFileNameW
0x4a1154 SetUnhandledExceptionFilter
0x4a1158 QueryPerformanceCounter
0x4a115c GetTickCount
0x4a1160 GetCurrentThreadId
0x4a1164 GetCurrentProcessId
0x4a1168 GetSystemTimeAsFileTime
0x4a116c Sleep
0x4a1170 ExitProcess
0x4a1174 GetModuleFileNameA
0x4a1178 GetEnvironmentStrings
0x4a117c FreeEnvironmentStringsW
0x4a1180 WideCharToMultiByte
0x4a1184 GetLastError
0x4a1188 GetEnvironmentStringsW
0x4a118c SetHandleCount
0x4a1190 GetStdHandle
0x4a1194 GetFileType
0x4a1198 TlsAlloc
0x4a119c TlsSetValue
0x4a11a0 TlsFree
0x4a11a4 SetLastError
0x4a11a8 HeapDestroy
0x4a11ac HeapCreate
0x4a11b0 HeapFree
0x4a11b4 VirtualFree
0x4a11b8 HeapAlloc
0x4a11bc GetCurrentProcess
0x4a11c0 UnhandledExceptionFilter
0x4a11c4 IsDebuggerPresent
0x4a11c8 HeapSize
0x4a11cc HeapReAlloc
0x4a11d0 VirtualAlloc
0x4a11d4 GetACP
0x4a11d8 GetOEMCP
0x4a11dc GetCPInfo
0x4a11e0 IsValidCodePage
0x4a11e4 RtlUnwind
0x4a11e8 InitializeCriticalSectionAndSpinCount
0x4a11ec DebugBreak
0x4a11f0 OutputDebugStringA
0x4a11f4 WriteConsoleW
0x4a11f8 OutputDebugStringW
0x4a11fc LoadLibraryA
0x4a1200 MultiByteToWideChar
0x4a1204 LCMapStringW
0x4a1208 GetStringTypeA
0x4a120c GetStringTypeW
0x4a1210 GetLocaleInfoA
0x4a1214 SetFilePointer
0x4a1218 GetConsoleCP
0x4a121c SetStdHandle
0x4a1220 WriteConsoleA
0x4a1224 CreateFileA
0x4a1228 CloseHandle
USER32.dll
0x4a1230 GetMenuInfo
0x4a1234 GetMessageTime
0x4a1238 GetMenuCheckMarkDimensions
EAT(Export Address Table) Library
0x497080 _CallPattern@8
KERNEL32.dll
0x4a1000 SetVolumeLabelA
0x4a1004 SearchPathW
0x4a1008 WriteConsoleInputW
0x4a100c TlsGetValue
0x4a1010 GetProfileIntW
0x4a1014 MapUserPhysicalPages
0x4a1018 LoadResource
0x4a101c InterlockedIncrement
0x4a1020 InterlockedDecrement
0x4a1024 ScrollConsoleScreenBufferW
0x4a1028 CreateDirectoryW
0x4a102c GetComputerNameW
0x4a1030 GetCommProperties
0x4a1034 FreeEnvironmentStringsA
0x4a1038 GetModuleHandleW
0x4a103c CreateNamedPipeW
0x4a1040 LocalFlags
0x4a1044 GetConsoleAliasesLengthA
0x4a1048 GetPrivateProfileStringW
0x4a104c GetWindowsDirectoryA
0x4a1050 WriteFile
0x4a1054 SetCommState
0x4a1058 GetCommandLineA
0x4a105c GetSystemWow64DirectoryA
0x4a1060 WriteFileGather
0x4a1064 CreateDirectoryExW
0x4a1068 SetProcessPriorityBoost
0x4a106c FindResourceExA
0x4a1070 GlobalAlloc
0x4a1074 LoadLibraryW
0x4a1078 GetConsoleMode
0x4a107c GetCalendarInfoA
0x4a1080 SetSystemTimeAdjustment
0x4a1084 GetSystemWindowsDirectoryA
0x4a1088 SetConsoleCursorPosition
0x4a108c VerifyVersionInfoA
0x4a1090 TerminateProcess
0x4a1094 IsDBCSLeadByte
0x4a1098 GetBinaryTypeW
0x4a109c GetOverlappedResult
0x4a10a0 lstrlenW
0x4a10a4 SetConsoleTitleA
0x4a10a8 GlobalUnlock
0x4a10ac LCMapStringA
0x4a10b0 GetConsoleOutputCP
0x4a10b4 InterlockedExchange
0x4a10b8 ReleaseActCtx
0x4a10bc GetFileSizeEx
0x4a10c0 SetThreadLocale
0x4a10c4 GetProcAddress
0x4a10c8 SetComputerNameA
0x4a10cc EnterCriticalSection
0x4a10d0 SearchPathA
0x4a10d4 BuildCommDCBW
0x4a10d8 OpenWaitableTimerA
0x4a10dc GetLocalTime
0x4a10e0 GetConsoleScreenBufferInfo
0x4a10e4 IsSystemResumeAutomatic
0x4a10e8 SetConsoleCtrlHandler
0x4a10ec WriteProfileSectionW
0x4a10f0 FindAtomA
0x4a10f4 GetTapeParameters
0x4a10f8 EnumResourceTypesW
0x4a10fc SetConsoleCursorInfo
0x4a1100 GetConsoleTitleW
0x4a1104 GetCurrentDirectoryA
0x4a1108 CompareStringA
0x4a110c GetConsoleCursorInfo
0x4a1110 SetThreadAffinityMask
0x4a1114 GetVersionExA
0x4a1118 DeleteFileW
0x4a111c InterlockedPushEntrySList
0x4a1120 GetProfileSectionW
0x4a1124 CopyFileExA
0x4a1128 AreFileApisANSI
0x4a112c GetVolumeInformationW
0x4a1130 GetModuleHandleA
0x4a1134 FlushFileBuffers
0x4a1138 GetStartupInfoA
0x4a113c HeapValidate
0x4a1140 IsBadReadPtr
0x4a1144 RaiseException
0x4a1148 DeleteCriticalSection
0x4a114c LeaveCriticalSection
0x4a1150 GetModuleFileNameW
0x4a1154 SetUnhandledExceptionFilter
0x4a1158 QueryPerformanceCounter
0x4a115c GetTickCount
0x4a1160 GetCurrentThreadId
0x4a1164 GetCurrentProcessId
0x4a1168 GetSystemTimeAsFileTime
0x4a116c Sleep
0x4a1170 ExitProcess
0x4a1174 GetModuleFileNameA
0x4a1178 GetEnvironmentStrings
0x4a117c FreeEnvironmentStringsW
0x4a1180 WideCharToMultiByte
0x4a1184 GetLastError
0x4a1188 GetEnvironmentStringsW
0x4a118c SetHandleCount
0x4a1190 GetStdHandle
0x4a1194 GetFileType
0x4a1198 TlsAlloc
0x4a119c TlsSetValue
0x4a11a0 TlsFree
0x4a11a4 SetLastError
0x4a11a8 HeapDestroy
0x4a11ac HeapCreate
0x4a11b0 HeapFree
0x4a11b4 VirtualFree
0x4a11b8 HeapAlloc
0x4a11bc GetCurrentProcess
0x4a11c0 UnhandledExceptionFilter
0x4a11c4 IsDebuggerPresent
0x4a11c8 HeapSize
0x4a11cc HeapReAlloc
0x4a11d0 VirtualAlloc
0x4a11d4 GetACP
0x4a11d8 GetOEMCP
0x4a11dc GetCPInfo
0x4a11e0 IsValidCodePage
0x4a11e4 RtlUnwind
0x4a11e8 InitializeCriticalSectionAndSpinCount
0x4a11ec DebugBreak
0x4a11f0 OutputDebugStringA
0x4a11f4 WriteConsoleW
0x4a11f8 OutputDebugStringW
0x4a11fc LoadLibraryA
0x4a1200 MultiByteToWideChar
0x4a1204 LCMapStringW
0x4a1208 GetStringTypeA
0x4a120c GetStringTypeW
0x4a1210 GetLocaleInfoA
0x4a1214 SetFilePointer
0x4a1218 GetConsoleCP
0x4a121c SetStdHandle
0x4a1220 WriteConsoleA
0x4a1224 CreateFileA
0x4a1228 CloseHandle
USER32.dll
0x4a1230 GetMenuInfo
0x4a1234 GetMessageTime
0x4a1238 GetMenuCheckMarkDimensions
EAT(Export Address Table) Library
0x497080 _CallPattern@8