ScreenShot
| Created | 2021.06.25 13:31 | Machine | s1_win7_x6401 |
| Filename | run.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 40 detected (AIDetect, malware2, malicious, high confidence, Graftor, Unsafe, Save, Azorult, Attribute, HighConfidence, Kryptik, HLMK, PWSX, Chapak, A + Troj, DownLoader40, Emotet, Static AI, Malicious PE, Racealer, ai score=84, score, BScope, Generic@ML, RDML, GR9KjE7lPn8iIBrtBCFgTA, HLMH, ZexaF, QuW@aesHLwoG, Genetic, confidence, 100%, susgen) | ||
| md5 | 9741304341cff8ef7af404550c8c50f8 | ||
| sha256 | 70e00191cc1dbc4cb2c26e8f57d3da0eddc5dea1cbf3f2f3833429adbb33cc33 | ||
| ssdeep | 12288:VV3X3nM5bt4pdGRiWP1HkHQVxVKnl1mtDk+WDHfRaLlTbUBPOAhbvmBeCPyN:VdnMdt441UMxwnFRDHfuTbUsAhCVaN | ||
| imphash | 4714f79351940b168a490baaf0e169ad | ||
| impfuzzy | 48:RK1VODACmpdbXAZNgmlpoXPOQ9YKOUaE8cRhV8+opeLXvGBg:jEJzbXATgmvoXP+KaE8cRhV8+2eLXB | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x489000 SetVolumeLabelA
0x489004 GetFileSize
0x489008 SearchPathW
0x48900c WriteConsoleInputW
0x489010 TlsGetValue
0x489014 GetProfileIntW
0x489018 MapUserPhysicalPages
0x48901c LoadResource
0x489020 InterlockedIncrement
0x489024 InterlockedDecrement
0x489028 ScrollConsoleScreenBufferW
0x48902c CreateDirectoryW
0x489030 GetComputerNameW
0x489034 GetCommProperties
0x489038 FreeEnvironmentStringsA
0x48903c GetProcessPriorityBoost
0x489040 GetModuleHandleW
0x489044 CreateNamedPipeW
0x489048 LocalFlags
0x48904c GetConsoleAliasesLengthA
0x489050 GetConsoleTitleA
0x489054 GetWindowsDirectoryA
0x489058 WriteFile
0x48905c SetCommState
0x489060 GetCommandLineA
0x489064 GetSystemWow64DirectoryA
0x489068 WriteFileGather
0x48906c CreateDirectoryExW
0x489070 FindResourceExA
0x489074 GlobalAlloc
0x489078 LoadLibraryW
0x48907c GetConsoleMode
0x489080 GetCalendarInfoA
0x489084 SetSystemTimeAdjustment
0x489088 GetSystemWindowsDirectoryA
0x48908c GetVersionExW
0x489090 SetConsoleCursorPosition
0x489094 VerifyVersionInfoA
0x489098 TerminateProcess
0x48909c IsDBCSLeadByte
0x4890a0 GetBinaryTypeW
0x4890a4 GetOverlappedResult
0x4890a8 lstrlenW
0x4890ac SetConsoleTitleA
0x4890b0 GlobalUnlock
0x4890b4 LCMapStringA
0x4890b8 GetConsoleOutputCP
0x4890bc InterlockedExchange
0x4890c0 ReleaseActCtx
0x4890c4 SetThreadLocale
0x4890c8 GetProcAddress
0x4890cc SetComputerNameA
0x4890d0 EnterCriticalSection
0x4890d4 SearchPathA
0x4890d8 BuildCommDCBW
0x4890dc GetPrivateProfileStringA
0x4890e0 GetLocalTime
0x4890e4 OpenWaitableTimerW
0x4890e8 GetConsoleScreenBufferInfo
0x4890ec IsSystemResumeAutomatic
0x4890f0 SetConsoleCtrlHandler
0x4890f4 WriteProfileSectionW
0x4890f8 FindAtomA
0x4890fc GetTapeParameters
0x489100 EnumResourceTypesW
0x489104 SetConsoleCursorInfo
0x489108 GetCurrentDirectoryA
0x48910c CompareStringA
0x489110 GetConsoleCursorInfo
0x489114 SetThreadAffinityMask
0x489118 DeleteFileW
0x48911c InterlockedPushEntrySList
0x489120 GetProfileSectionW
0x489124 CopyFileExA
0x489128 AreFileApisANSI
0x48912c GetVolumeInformationW
0x489130 FlushFileBuffers
0x489134 GetModuleHandleA
0x489138 GetLastError
0x48913c DeleteFileA
0x489140 GetStartupInfoA
0x489144 HeapValidate
0x489148 IsBadReadPtr
0x48914c RaiseException
0x489150 DeleteCriticalSection
0x489154 LeaveCriticalSection
0x489158 GetModuleFileNameW
0x48915c SetUnhandledExceptionFilter
0x489160 QueryPerformanceCounter
0x489164 GetTickCount
0x489168 GetCurrentThreadId
0x48916c GetCurrentProcessId
0x489170 GetSystemTimeAsFileTime
0x489174 Sleep
0x489178 ExitProcess
0x48917c GetModuleFileNameA
0x489180 GetEnvironmentStrings
0x489184 FreeEnvironmentStringsW
0x489188 WideCharToMultiByte
0x48918c GetEnvironmentStringsW
0x489190 SetHandleCount
0x489194 GetStdHandle
0x489198 GetFileType
0x48919c TlsAlloc
0x4891a0 TlsSetValue
0x4891a4 TlsFree
0x4891a8 SetLastError
0x4891ac HeapDestroy
0x4891b0 HeapCreate
0x4891b4 HeapFree
0x4891b8 VirtualFree
0x4891bc HeapAlloc
0x4891c0 GetCurrentProcess
0x4891c4 UnhandledExceptionFilter
0x4891c8 IsDebuggerPresent
0x4891cc HeapSize
0x4891d0 HeapReAlloc
0x4891d4 VirtualAlloc
0x4891d8 GetACP
0x4891dc GetOEMCP
0x4891e0 GetCPInfo
0x4891e4 IsValidCodePage
0x4891e8 RtlUnwind
0x4891ec InitializeCriticalSectionAndSpinCount
0x4891f0 DebugBreak
0x4891f4 OutputDebugStringA
0x4891f8 WriteConsoleW
0x4891fc OutputDebugStringW
0x489200 LoadLibraryA
0x489204 MultiByteToWideChar
0x489208 LCMapStringW
0x48920c GetStringTypeA
0x489210 GetStringTypeW
0x489214 GetLocaleInfoA
0x489218 SetFilePointer
0x48921c GetConsoleCP
0x489220 SetStdHandle
0x489224 WriteConsoleA
0x489228 CreateFileA
0x48922c CloseHandle
USER32.dll
0x489234 GetMenuInfo
0x489238 GetMessageTime
0x48923c GetMenuCheckMarkDimensions
EAT(Export Address Table) Library
0x47efe0 _CallPattern@8
KERNEL32.dll
0x489000 SetVolumeLabelA
0x489004 GetFileSize
0x489008 SearchPathW
0x48900c WriteConsoleInputW
0x489010 TlsGetValue
0x489014 GetProfileIntW
0x489018 MapUserPhysicalPages
0x48901c LoadResource
0x489020 InterlockedIncrement
0x489024 InterlockedDecrement
0x489028 ScrollConsoleScreenBufferW
0x48902c CreateDirectoryW
0x489030 GetComputerNameW
0x489034 GetCommProperties
0x489038 FreeEnvironmentStringsA
0x48903c GetProcessPriorityBoost
0x489040 GetModuleHandleW
0x489044 CreateNamedPipeW
0x489048 LocalFlags
0x48904c GetConsoleAliasesLengthA
0x489050 GetConsoleTitleA
0x489054 GetWindowsDirectoryA
0x489058 WriteFile
0x48905c SetCommState
0x489060 GetCommandLineA
0x489064 GetSystemWow64DirectoryA
0x489068 WriteFileGather
0x48906c CreateDirectoryExW
0x489070 FindResourceExA
0x489074 GlobalAlloc
0x489078 LoadLibraryW
0x48907c GetConsoleMode
0x489080 GetCalendarInfoA
0x489084 SetSystemTimeAdjustment
0x489088 GetSystemWindowsDirectoryA
0x48908c GetVersionExW
0x489090 SetConsoleCursorPosition
0x489094 VerifyVersionInfoA
0x489098 TerminateProcess
0x48909c IsDBCSLeadByte
0x4890a0 GetBinaryTypeW
0x4890a4 GetOverlappedResult
0x4890a8 lstrlenW
0x4890ac SetConsoleTitleA
0x4890b0 GlobalUnlock
0x4890b4 LCMapStringA
0x4890b8 GetConsoleOutputCP
0x4890bc InterlockedExchange
0x4890c0 ReleaseActCtx
0x4890c4 SetThreadLocale
0x4890c8 GetProcAddress
0x4890cc SetComputerNameA
0x4890d0 EnterCriticalSection
0x4890d4 SearchPathA
0x4890d8 BuildCommDCBW
0x4890dc GetPrivateProfileStringA
0x4890e0 GetLocalTime
0x4890e4 OpenWaitableTimerW
0x4890e8 GetConsoleScreenBufferInfo
0x4890ec IsSystemResumeAutomatic
0x4890f0 SetConsoleCtrlHandler
0x4890f4 WriteProfileSectionW
0x4890f8 FindAtomA
0x4890fc GetTapeParameters
0x489100 EnumResourceTypesW
0x489104 SetConsoleCursorInfo
0x489108 GetCurrentDirectoryA
0x48910c CompareStringA
0x489110 GetConsoleCursorInfo
0x489114 SetThreadAffinityMask
0x489118 DeleteFileW
0x48911c InterlockedPushEntrySList
0x489120 GetProfileSectionW
0x489124 CopyFileExA
0x489128 AreFileApisANSI
0x48912c GetVolumeInformationW
0x489130 FlushFileBuffers
0x489134 GetModuleHandleA
0x489138 GetLastError
0x48913c DeleteFileA
0x489140 GetStartupInfoA
0x489144 HeapValidate
0x489148 IsBadReadPtr
0x48914c RaiseException
0x489150 DeleteCriticalSection
0x489154 LeaveCriticalSection
0x489158 GetModuleFileNameW
0x48915c SetUnhandledExceptionFilter
0x489160 QueryPerformanceCounter
0x489164 GetTickCount
0x489168 GetCurrentThreadId
0x48916c GetCurrentProcessId
0x489170 GetSystemTimeAsFileTime
0x489174 Sleep
0x489178 ExitProcess
0x48917c GetModuleFileNameA
0x489180 GetEnvironmentStrings
0x489184 FreeEnvironmentStringsW
0x489188 WideCharToMultiByte
0x48918c GetEnvironmentStringsW
0x489190 SetHandleCount
0x489194 GetStdHandle
0x489198 GetFileType
0x48919c TlsAlloc
0x4891a0 TlsSetValue
0x4891a4 TlsFree
0x4891a8 SetLastError
0x4891ac HeapDestroy
0x4891b0 HeapCreate
0x4891b4 HeapFree
0x4891b8 VirtualFree
0x4891bc HeapAlloc
0x4891c0 GetCurrentProcess
0x4891c4 UnhandledExceptionFilter
0x4891c8 IsDebuggerPresent
0x4891cc HeapSize
0x4891d0 HeapReAlloc
0x4891d4 VirtualAlloc
0x4891d8 GetACP
0x4891dc GetOEMCP
0x4891e0 GetCPInfo
0x4891e4 IsValidCodePage
0x4891e8 RtlUnwind
0x4891ec InitializeCriticalSectionAndSpinCount
0x4891f0 DebugBreak
0x4891f4 OutputDebugStringA
0x4891f8 WriteConsoleW
0x4891fc OutputDebugStringW
0x489200 LoadLibraryA
0x489204 MultiByteToWideChar
0x489208 LCMapStringW
0x48920c GetStringTypeA
0x489210 GetStringTypeW
0x489214 GetLocaleInfoA
0x489218 SetFilePointer
0x48921c GetConsoleCP
0x489220 SetStdHandle
0x489224 WriteConsoleA
0x489228 CreateFileA
0x48922c CloseHandle
USER32.dll
0x489234 GetMenuInfo
0x489238 GetMessageTime
0x48923c GetMenuCheckMarkDimensions
EAT(Export Address Table) Library
0x47efe0 _CallPattern@8