ScreenShot
| Created | 2021.06.25 10:19 | Machine | s1_win7_x6401 |
| Filename | proxy-IRXC-setup.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 33 detected (malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, PWSX, Generic@ML, RDML, gRVcOYG7gul943CPFOirKg, R + Troj, Kryptik, Emotet, susgen, Static AI, Suspicious PE, Racealer, kcloud, Glupteba, score, Artemis, BScope, GenKryptik, FGWL, ZexaF, @x0@aCINzmjO, confidence, 100%) | ||
| md5 | 2a862b1187df98c5bdc36dabb514987a | ||
| sha256 | b3900e7d10944980b22a99300b754fc68a4e03e243233ffa73e35cc354f1eb31 | ||
| ssdeep | 98304:LHOJ7HVtZseuoSBFd/Wp6gJo6zMhk9ItDHAVcb31XfLSbuC+u0KMzZiz:LHONZseuosuzSUmk9iLAVcr1PWbuOs1 | ||
| imphash | 5623df6c548fad12f71d235627729e47 | ||
| impfuzzy | 48:YM1/JKUVODuYpdrXlbPNUQlpoXvKYHO3aEZtqFdcJcuZ/XlOGp:YqCyGrXx1UQvoXhHVEZtqFdcJcA/XJ | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x861000 ExitProcess
0x861004 SetVolumeLabelA
0x861008 GetFileSize
0x86100c CreateMutexW
0x861010 SearchPathW
0x861014 WriteConsoleInputW
0x861018 CopyFileExW
0x86101c GetProfileIntW
0x861020 GetDefaultCommConfigW
0x861024 LoadResource
0x861028 InterlockedIncrement
0x86102c InterlockedDecrement
0x861030 ZombifyActCtx
0x861034 ScrollConsoleScreenBufferW
0x861038 GetNamedPipeHandleStateA
0x86103c CreateDirectoryW
0x861040 GetProfileSectionA
0x861044 SetComputerNameW
0x861048 GetComputerNameW
0x86104c GetCommProperties
0x861050 FreeEnvironmentStringsA
0x861054 GetProcessPriorityBoost
0x861058 LocalFlags
0x86105c GetConsoleAliasesLengthA
0x861060 GetConsoleTitleA
0x861064 GetWindowsDirectoryA
0x861068 WriteFile
0x86106c SetCommState
0x861070 GetCommandLineA
0x861074 WriteFileGather
0x861078 EnumResourceTypesA
0x86107c CreateDirectoryExW
0x861080 TlsSetValue
0x861084 FindResourceExA
0x861088 GlobalAlloc
0x86108c LoadLibraryW
0x861090 GetConsoleMode
0x861094 GetCalendarInfoA
0x861098 GetSystemWow64DirectoryW
0x86109c SetSystemTimeAdjustment
0x8610a0 GetSystemWindowsDirectoryA
0x8610a4 GetVersionExW
0x8610a8 SetConsoleCursorPosition
0x8610ac VerifyVersionInfoA
0x8610b0 GetBinaryTypeA
0x8610b4 GetAtomNameW
0x8610b8 IsDBCSLeadByte
0x8610bc GetBinaryTypeW
0x8610c0 GetOverlappedResult
0x8610c4 lstrlenW
0x8610c8 SetConsoleTitleA
0x8610cc GlobalUnlock
0x8610d0 GetConsoleOutputCP
0x8610d4 InterlockedExchange
0x8610d8 SetThreadLocale
0x8610dc FreeUserPhysicalPages
0x8610e0 EnterCriticalSection
0x8610e4 BuildCommDCBW
0x8610e8 GetPrivateProfileStringA
0x8610ec GetLocalTime
0x8610f0 LoadLibraryA
0x8610f4 OpenWaitableTimerW
0x8610f8 GetConsoleScreenBufferInfo
0x8610fc IsSystemResumeAutomatic
0x861100 SetConsoleCtrlHandler
0x861104 WriteProfileSectionW
0x861108 FindAtomA
0x86110c GetTapeParameters
0x861110 SetConsoleCursorInfo
0x861114 GetModuleHandleA
0x861118 VirtualProtect
0x86111c GetCurrentDirectoryA
0x861120 CompareStringA
0x861124 GetConsoleCursorInfo
0x861128 SetThreadAffinityMask
0x86112c FileTimeToLocalFileTime
0x861130 InterlockedPushEntrySList
0x861134 LCMapStringW
0x861138 AreFileApisANSI
0x86113c DeleteFileA
0x861140 FlushFileBuffers
0x861144 GetLastError
0x861148 GetStartupInfoA
0x86114c HeapValidate
0x861150 IsBadReadPtr
0x861154 RaiseException
0x861158 TerminateProcess
0x86115c GetCurrentProcess
0x861160 UnhandledExceptionFilter
0x861164 SetUnhandledExceptionFilter
0x861168 IsDebuggerPresent
0x86116c GetModuleFileNameW
0x861170 RtlUnwind
0x861174 GetACP
0x861178 GetOEMCP
0x86117c GetCPInfo
0x861180 IsValidCodePage
0x861184 GetProcAddress
0x861188 TlsGetValue
0x86118c GetModuleHandleW
0x861190 TlsAlloc
0x861194 GetCurrentThreadId
0x861198 TlsFree
0x86119c SetLastError
0x8611a0 DeleteCriticalSection
0x8611a4 LeaveCriticalSection
0x8611a8 QueryPerformanceCounter
0x8611ac GetTickCount
0x8611b0 GetCurrentProcessId
0x8611b4 GetSystemTimeAsFileTime
0x8611b8 Sleep
0x8611bc GetModuleFileNameA
0x8611c0 GetEnvironmentStrings
0x8611c4 FreeEnvironmentStringsW
0x8611c8 WideCharToMultiByte
0x8611cc GetEnvironmentStringsW
0x8611d0 SetHandleCount
0x8611d4 GetStdHandle
0x8611d8 GetFileType
0x8611dc HeapDestroy
0x8611e0 HeapCreate
0x8611e4 HeapFree
0x8611e8 VirtualFree
0x8611ec HeapAlloc
0x8611f0 HeapSize
0x8611f4 HeapReAlloc
0x8611f8 VirtualAlloc
0x8611fc MultiByteToWideChar
0x861200 GetStringTypeA
0x861204 GetStringTypeW
0x861208 GetLocaleInfoA
0x86120c DebugBreak
0x861210 OutputDebugStringA
0x861214 WriteConsoleW
0x861218 OutputDebugStringW
0x86121c LCMapStringA
0x861220 InitializeCriticalSectionAndSpinCount
0x861224 SetFilePointer
0x861228 GetConsoleCP
0x86122c SetStdHandle
0x861230 WriteConsoleA
0x861234 CreateFileA
0x861238 CloseHandle
USER32.dll
0x861240 GetMenuCheckMarkDimensions
0x861244 GetMenuInfo
0x861248 GetMessageTime
EAT(Export Address Table) Library
0x8573d0 _CallPattern@8
0x8573c0 _zabiray@8
KERNEL32.dll
0x861000 ExitProcess
0x861004 SetVolumeLabelA
0x861008 GetFileSize
0x86100c CreateMutexW
0x861010 SearchPathW
0x861014 WriteConsoleInputW
0x861018 CopyFileExW
0x86101c GetProfileIntW
0x861020 GetDefaultCommConfigW
0x861024 LoadResource
0x861028 InterlockedIncrement
0x86102c InterlockedDecrement
0x861030 ZombifyActCtx
0x861034 ScrollConsoleScreenBufferW
0x861038 GetNamedPipeHandleStateA
0x86103c CreateDirectoryW
0x861040 GetProfileSectionA
0x861044 SetComputerNameW
0x861048 GetComputerNameW
0x86104c GetCommProperties
0x861050 FreeEnvironmentStringsA
0x861054 GetProcessPriorityBoost
0x861058 LocalFlags
0x86105c GetConsoleAliasesLengthA
0x861060 GetConsoleTitleA
0x861064 GetWindowsDirectoryA
0x861068 WriteFile
0x86106c SetCommState
0x861070 GetCommandLineA
0x861074 WriteFileGather
0x861078 EnumResourceTypesA
0x86107c CreateDirectoryExW
0x861080 TlsSetValue
0x861084 FindResourceExA
0x861088 GlobalAlloc
0x86108c LoadLibraryW
0x861090 GetConsoleMode
0x861094 GetCalendarInfoA
0x861098 GetSystemWow64DirectoryW
0x86109c SetSystemTimeAdjustment
0x8610a0 GetSystemWindowsDirectoryA
0x8610a4 GetVersionExW
0x8610a8 SetConsoleCursorPosition
0x8610ac VerifyVersionInfoA
0x8610b0 GetBinaryTypeA
0x8610b4 GetAtomNameW
0x8610b8 IsDBCSLeadByte
0x8610bc GetBinaryTypeW
0x8610c0 GetOverlappedResult
0x8610c4 lstrlenW
0x8610c8 SetConsoleTitleA
0x8610cc GlobalUnlock
0x8610d0 GetConsoleOutputCP
0x8610d4 InterlockedExchange
0x8610d8 SetThreadLocale
0x8610dc FreeUserPhysicalPages
0x8610e0 EnterCriticalSection
0x8610e4 BuildCommDCBW
0x8610e8 GetPrivateProfileStringA
0x8610ec GetLocalTime
0x8610f0 LoadLibraryA
0x8610f4 OpenWaitableTimerW
0x8610f8 GetConsoleScreenBufferInfo
0x8610fc IsSystemResumeAutomatic
0x861100 SetConsoleCtrlHandler
0x861104 WriteProfileSectionW
0x861108 FindAtomA
0x86110c GetTapeParameters
0x861110 SetConsoleCursorInfo
0x861114 GetModuleHandleA
0x861118 VirtualProtect
0x86111c GetCurrentDirectoryA
0x861120 CompareStringA
0x861124 GetConsoleCursorInfo
0x861128 SetThreadAffinityMask
0x86112c FileTimeToLocalFileTime
0x861130 InterlockedPushEntrySList
0x861134 LCMapStringW
0x861138 AreFileApisANSI
0x86113c DeleteFileA
0x861140 FlushFileBuffers
0x861144 GetLastError
0x861148 GetStartupInfoA
0x86114c HeapValidate
0x861150 IsBadReadPtr
0x861154 RaiseException
0x861158 TerminateProcess
0x86115c GetCurrentProcess
0x861160 UnhandledExceptionFilter
0x861164 SetUnhandledExceptionFilter
0x861168 IsDebuggerPresent
0x86116c GetModuleFileNameW
0x861170 RtlUnwind
0x861174 GetACP
0x861178 GetOEMCP
0x86117c GetCPInfo
0x861180 IsValidCodePage
0x861184 GetProcAddress
0x861188 TlsGetValue
0x86118c GetModuleHandleW
0x861190 TlsAlloc
0x861194 GetCurrentThreadId
0x861198 TlsFree
0x86119c SetLastError
0x8611a0 DeleteCriticalSection
0x8611a4 LeaveCriticalSection
0x8611a8 QueryPerformanceCounter
0x8611ac GetTickCount
0x8611b0 GetCurrentProcessId
0x8611b4 GetSystemTimeAsFileTime
0x8611b8 Sleep
0x8611bc GetModuleFileNameA
0x8611c0 GetEnvironmentStrings
0x8611c4 FreeEnvironmentStringsW
0x8611c8 WideCharToMultiByte
0x8611cc GetEnvironmentStringsW
0x8611d0 SetHandleCount
0x8611d4 GetStdHandle
0x8611d8 GetFileType
0x8611dc HeapDestroy
0x8611e0 HeapCreate
0x8611e4 HeapFree
0x8611e8 VirtualFree
0x8611ec HeapAlloc
0x8611f0 HeapSize
0x8611f4 HeapReAlloc
0x8611f8 VirtualAlloc
0x8611fc MultiByteToWideChar
0x861200 GetStringTypeA
0x861204 GetStringTypeW
0x861208 GetLocaleInfoA
0x86120c DebugBreak
0x861210 OutputDebugStringA
0x861214 WriteConsoleW
0x861218 OutputDebugStringW
0x86121c LCMapStringA
0x861220 InitializeCriticalSectionAndSpinCount
0x861224 SetFilePointer
0x861228 GetConsoleCP
0x86122c SetStdHandle
0x861230 WriteConsoleA
0x861234 CreateFileA
0x861238 CloseHandle
USER32.dll
0x861240 GetMenuCheckMarkDimensions
0x861244 GetMenuInfo
0x861248 GetMessageTime
EAT(Export Address Table) Library
0x8573d0 _CallPattern@8
0x8573c0 _zabiray@8