ScreenShot
| Created | 2021.06.25 10:52 | Machine | s1_win7_x6402 |
| Filename | Suasive.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 46 detected (AIDetect, malware1, malicious, high confidence, GenericKD, Unsafe, Save, Attribute, HighConfidence, Kryptik, HLME, RansomX, Zenpak, R + Troj, wtvtg@0, Siggen3, Score, ai score=83, Azorult, Glupteba, R427279, BScope, R002H07FN21, Generic@ML, RDML, 34sa3bFY3nNUDhlbHuBh4w, Static AI, Malicious PE, susgen, HLMH, ZexaF, Au0@aWSI4YjI, Genetic, confidence, 100%) | ||
| md5 | 43dd23c802f0b3765ac64c155ff9b528 | ||
| sha256 | f01d974e0ce17ce7e72234ac8a5d5edde46d8b03bba6100f1f5b9aa783509e48 | ||
| ssdeep | 12288:iiEHhyDwA8aC1lsAUIyiCh/GwRp8Ck5QiTve:iisyDwA8BlOwCh/Gwn8Ck/e | ||
| imphash | 239d0543c3c8f22bd3bf2a0ca25ae8f0 | ||
| impfuzzy | 48:HWbODA+vm83LdVXSEDGk9WIOQWYWaE8fcRhV8hUpeLXvOBY:nEm/pVXhhWIZzE8fcRhV8hSeLXX | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x446000 GetComputerNameA
0x446004 EnumResourceNamesW
0x446008 SearchPathW
0x44600c WriteConsoleInputW
0x446010 CopyFileExW
0x446014 TlsGetValue
0x446018 SetEndOfFile
0x44601c FindResourceExW
0x446020 MapUserPhysicalPages
0x446024 LoadResource
0x446028 InterlockedIncrement
0x44602c ScrollConsoleScreenBufferW
0x446030 CreateDirectoryW
0x446034 GlobalLock
0x446038 GetCommProperties
0x44603c FreeEnvironmentStringsA
0x446040 SetTapeParameters
0x446044 GetModuleHandleW
0x446048 CreateNamedPipeW
0x44604c LocalFlags
0x446050 GetConsoleAliasesLengthA
0x446054 GetPrivateProfileStringW
0x446058 GetWindowsDirectoryA
0x44605c WriteFile
0x446060 SetCommState
0x446064 GetCommandLineA
0x446068 GetSystemWow64DirectoryA
0x44606c WriteFileGather
0x446070 CreateDirectoryExW
0x446074 SetProcessPriorityBoost
0x446078 InitializeCriticalSection
0x44607c GlobalAlloc
0x446080 LoadLibraryW
0x446084 GetConsoleMode
0x446088 GetCalendarInfoA
0x44608c SetSystemTimeAdjustment
0x446090 GetSystemWindowsDirectoryA
0x446094 TerminateProcess
0x446098 IsDBCSLeadByte
0x44609c GetBinaryTypeW
0x4460a0 GetOverlappedResult
0x4460a4 CompareStringW
0x4460a8 lstrlenW
0x4460ac LCMapStringA
0x4460b0 GetConsoleOutputCP
0x4460b4 VerifyVersionInfoW
0x4460b8 InterlockedExchange
0x4460bc ReleaseActCtx
0x4460c0 GetFileSizeEx
0x4460c4 SetThreadLocale
0x4460c8 FindFirstFileA
0x4460cc OpenMutexW
0x4460d0 GetCurrentDirectoryW
0x4460d4 GetProcAddress
0x4460d8 SetVolumeLabelW
0x4460dc WriteProfileSectionA
0x4460e0 SetComputerNameA
0x4460e4 SearchPathA
0x4460e8 BuildCommDCBW
0x4460ec GetLocalTime
0x4460f0 OpenMutexA
0x4460f4 OpenWaitableTimerW
0x4460f8 GetConsoleScreenBufferInfo
0x4460fc SetConsoleCtrlHandler
0x446100 AddAtomW
0x446104 FindAtomA
0x446108 EnumResourceTypesW
0x44610c SetConsoleCursorInfo
0x446110 CreateIoCompletionPort
0x446114 SetConsoleTitleW
0x446118 FindNextFileW
0x44611c GetConsoleTitleW
0x446120 RequestWakeupLatency
0x446124 GetConsoleCursorInfo
0x446128 GetVersionExA
0x44612c DeleteFileW
0x446130 InterlockedPushEntrySList
0x446134 GetProfileSectionW
0x446138 AreFileApisANSI
0x44613c GetVolumeInformationW
0x446140 GetModuleHandleA
0x446144 FlushFileBuffers
0x446148 GetStartupInfoA
0x44614c HeapValidate
0x446150 IsBadReadPtr
0x446154 RaiseException
0x446158 DeleteCriticalSection
0x44615c EnterCriticalSection
0x446160 LeaveCriticalSection
0x446164 GetModuleFileNameW
0x446168 SetUnhandledExceptionFilter
0x44616c QueryPerformanceCounter
0x446170 GetTickCount
0x446174 GetCurrentThreadId
0x446178 GetCurrentProcessId
0x44617c GetSystemTimeAsFileTime
0x446180 Sleep
0x446184 InterlockedDecrement
0x446188 ExitProcess
0x44618c GetModuleFileNameA
0x446190 GetEnvironmentStrings
0x446194 FreeEnvironmentStringsW
0x446198 WideCharToMultiByte
0x44619c GetLastError
0x4461a0 GetEnvironmentStringsW
0x4461a4 SetHandleCount
0x4461a8 GetStdHandle
0x4461ac GetFileType
0x4461b0 TlsAlloc
0x4461b4 TlsSetValue
0x4461b8 TlsFree
0x4461bc SetLastError
0x4461c0 HeapDestroy
0x4461c4 HeapCreate
0x4461c8 HeapFree
0x4461cc VirtualFree
0x4461d0 HeapAlloc
0x4461d4 GetCurrentProcess
0x4461d8 UnhandledExceptionFilter
0x4461dc IsDebuggerPresent
0x4461e0 HeapSize
0x4461e4 HeapReAlloc
0x4461e8 VirtualAlloc
0x4461ec GetACP
0x4461f0 GetOEMCP
0x4461f4 GetCPInfo
0x4461f8 IsValidCodePage
0x4461fc RtlUnwind
0x446200 InitializeCriticalSectionAndSpinCount
0x446204 DebugBreak
0x446208 OutputDebugStringA
0x44620c WriteConsoleW
0x446210 OutputDebugStringW
0x446214 LoadLibraryA
0x446218 MultiByteToWideChar
0x44621c LCMapStringW
0x446220 GetStringTypeA
0x446224 GetStringTypeW
0x446228 GetLocaleInfoA
0x44622c SetFilePointer
0x446230 GetConsoleCP
0x446234 SetStdHandle
0x446238 WriteConsoleA
0x44623c CreateFileA
0x446240 CloseHandle
USER32.dll
0x446248 GetMenuCheckMarkDimensions
0x44624c GetMessageTime
0x446250 GetMenuInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x446000 GetComputerNameA
0x446004 EnumResourceNamesW
0x446008 SearchPathW
0x44600c WriteConsoleInputW
0x446010 CopyFileExW
0x446014 TlsGetValue
0x446018 SetEndOfFile
0x44601c FindResourceExW
0x446020 MapUserPhysicalPages
0x446024 LoadResource
0x446028 InterlockedIncrement
0x44602c ScrollConsoleScreenBufferW
0x446030 CreateDirectoryW
0x446034 GlobalLock
0x446038 GetCommProperties
0x44603c FreeEnvironmentStringsA
0x446040 SetTapeParameters
0x446044 GetModuleHandleW
0x446048 CreateNamedPipeW
0x44604c LocalFlags
0x446050 GetConsoleAliasesLengthA
0x446054 GetPrivateProfileStringW
0x446058 GetWindowsDirectoryA
0x44605c WriteFile
0x446060 SetCommState
0x446064 GetCommandLineA
0x446068 GetSystemWow64DirectoryA
0x44606c WriteFileGather
0x446070 CreateDirectoryExW
0x446074 SetProcessPriorityBoost
0x446078 InitializeCriticalSection
0x44607c GlobalAlloc
0x446080 LoadLibraryW
0x446084 GetConsoleMode
0x446088 GetCalendarInfoA
0x44608c SetSystemTimeAdjustment
0x446090 GetSystemWindowsDirectoryA
0x446094 TerminateProcess
0x446098 IsDBCSLeadByte
0x44609c GetBinaryTypeW
0x4460a0 GetOverlappedResult
0x4460a4 CompareStringW
0x4460a8 lstrlenW
0x4460ac LCMapStringA
0x4460b0 GetConsoleOutputCP
0x4460b4 VerifyVersionInfoW
0x4460b8 InterlockedExchange
0x4460bc ReleaseActCtx
0x4460c0 GetFileSizeEx
0x4460c4 SetThreadLocale
0x4460c8 FindFirstFileA
0x4460cc OpenMutexW
0x4460d0 GetCurrentDirectoryW
0x4460d4 GetProcAddress
0x4460d8 SetVolumeLabelW
0x4460dc WriteProfileSectionA
0x4460e0 SetComputerNameA
0x4460e4 SearchPathA
0x4460e8 BuildCommDCBW
0x4460ec GetLocalTime
0x4460f0 OpenMutexA
0x4460f4 OpenWaitableTimerW
0x4460f8 GetConsoleScreenBufferInfo
0x4460fc SetConsoleCtrlHandler
0x446100 AddAtomW
0x446104 FindAtomA
0x446108 EnumResourceTypesW
0x44610c SetConsoleCursorInfo
0x446110 CreateIoCompletionPort
0x446114 SetConsoleTitleW
0x446118 FindNextFileW
0x44611c GetConsoleTitleW
0x446120 RequestWakeupLatency
0x446124 GetConsoleCursorInfo
0x446128 GetVersionExA
0x44612c DeleteFileW
0x446130 InterlockedPushEntrySList
0x446134 GetProfileSectionW
0x446138 AreFileApisANSI
0x44613c GetVolumeInformationW
0x446140 GetModuleHandleA
0x446144 FlushFileBuffers
0x446148 GetStartupInfoA
0x44614c HeapValidate
0x446150 IsBadReadPtr
0x446154 RaiseException
0x446158 DeleteCriticalSection
0x44615c EnterCriticalSection
0x446160 LeaveCriticalSection
0x446164 GetModuleFileNameW
0x446168 SetUnhandledExceptionFilter
0x44616c QueryPerformanceCounter
0x446170 GetTickCount
0x446174 GetCurrentThreadId
0x446178 GetCurrentProcessId
0x44617c GetSystemTimeAsFileTime
0x446180 Sleep
0x446184 InterlockedDecrement
0x446188 ExitProcess
0x44618c GetModuleFileNameA
0x446190 GetEnvironmentStrings
0x446194 FreeEnvironmentStringsW
0x446198 WideCharToMultiByte
0x44619c GetLastError
0x4461a0 GetEnvironmentStringsW
0x4461a4 SetHandleCount
0x4461a8 GetStdHandle
0x4461ac GetFileType
0x4461b0 TlsAlloc
0x4461b4 TlsSetValue
0x4461b8 TlsFree
0x4461bc SetLastError
0x4461c0 HeapDestroy
0x4461c4 HeapCreate
0x4461c8 HeapFree
0x4461cc VirtualFree
0x4461d0 HeapAlloc
0x4461d4 GetCurrentProcess
0x4461d8 UnhandledExceptionFilter
0x4461dc IsDebuggerPresent
0x4461e0 HeapSize
0x4461e4 HeapReAlloc
0x4461e8 VirtualAlloc
0x4461ec GetACP
0x4461f0 GetOEMCP
0x4461f4 GetCPInfo
0x4461f8 IsValidCodePage
0x4461fc RtlUnwind
0x446200 InitializeCriticalSectionAndSpinCount
0x446204 DebugBreak
0x446208 OutputDebugStringA
0x44620c WriteConsoleW
0x446210 OutputDebugStringW
0x446214 LoadLibraryA
0x446218 MultiByteToWideChar
0x44621c LCMapStringW
0x446220 GetStringTypeA
0x446224 GetStringTypeW
0x446228 GetLocaleInfoA
0x44622c SetFilePointer
0x446230 GetConsoleCP
0x446234 SetStdHandle
0x446238 WriteConsoleA
0x44623c CreateFileA
0x446240 CloseHandle
USER32.dll
0x446248 GetMenuCheckMarkDimensions
0x44624c GetMessageTime
0x446250 GetMenuInfo
EAT(Export Address Table) is none