ScreenShot
Created | 2021.06.25 15:00 | Machine | s1_win7_x6402 |
Filename | file.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 27 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, Generic@ML, RDML, jrsLne2Ra3, 08Cfi3wyU5g, A + Troj, Kryptik, Lockbit, Static AI, Malicious PE, Zenpak, Glupteba, score, BScope, susgen, ZexaF, Xu0@ai3s65fI, confidence, 100%) | ||
md5 | 3dd3e55d3843d47f8699c1a4e22c7ba2 | ||
sha256 | 2e150d7c07b1e33fec7acafa7c4d556c01ae2a8b41d67a80996bda3e71a312dd | ||
ssdeep | 12288:UJR/5KHGRgEl0zieEWuvI9ly7VU/gVb/dYoIxx/sgos+arGoljdcaikT+W/AAlSe:UL55RghyWuADyJUoQxos+arG/L4Qe | ||
imphash | 239d0543c3c8f22bd3bf2a0ca25ae8f0 | ||
impfuzzy | 48:HWbODA+vm83LdVXSEDGk9WIOQWYWaE8fcRhV8hUpeLXvOBY:nEm/pVXhhWIZzE8fcRhV8hSeLXX |
Network IP location
Signature (10cnts)
Level | Description |
---|---|
warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
watch | Communicates with host for which no DNS query was performed |
watch | Tries to unhook Windows functions monitored by Cuckoo |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Foreign language identified in PE resource |
notice | Performs some HTTP requests |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | One or more processes crashed |
info | The file contains an unknown PE resource name possibly indicative of a packer |
info | This executable has a PDB path |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (5cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4a1000 GetComputerNameA
0x4a1004 EnumResourceNamesW
0x4a1008 SearchPathW
0x4a100c WriteConsoleInputW
0x4a1010 CopyFileExW
0x4a1014 TlsGetValue
0x4a1018 SetEndOfFile
0x4a101c FindResourceExW
0x4a1020 MapUserPhysicalPages
0x4a1024 LoadResource
0x4a1028 InterlockedIncrement
0x4a102c ScrollConsoleScreenBufferW
0x4a1030 CreateDirectoryW
0x4a1034 GlobalLock
0x4a1038 GetCommProperties
0x4a103c FreeEnvironmentStringsA
0x4a1040 SetTapeParameters
0x4a1044 GetModuleHandleW
0x4a1048 CreateNamedPipeW
0x4a104c LocalFlags
0x4a1050 GetConsoleAliasesLengthA
0x4a1054 GetPrivateProfileStringW
0x4a1058 GetWindowsDirectoryA
0x4a105c WriteFile
0x4a1060 SetCommState
0x4a1064 GetCommandLineA
0x4a1068 GetSystemWow64DirectoryA
0x4a106c WriteFileGather
0x4a1070 CreateDirectoryExW
0x4a1074 SetProcessPriorityBoost
0x4a1078 InitializeCriticalSection
0x4a107c GlobalAlloc
0x4a1080 LoadLibraryW
0x4a1084 GetConsoleMode
0x4a1088 GetCalendarInfoA
0x4a108c SetSystemTimeAdjustment
0x4a1090 GetSystemWindowsDirectoryA
0x4a1094 TerminateProcess
0x4a1098 IsDBCSLeadByte
0x4a109c GetBinaryTypeW
0x4a10a0 GetOverlappedResult
0x4a10a4 CompareStringW
0x4a10a8 lstrlenW
0x4a10ac LCMapStringA
0x4a10b0 GetConsoleOutputCP
0x4a10b4 VerifyVersionInfoW
0x4a10b8 InterlockedExchange
0x4a10bc ReleaseActCtx
0x4a10c0 GetFileSizeEx
0x4a10c4 SetThreadLocale
0x4a10c8 FindFirstFileA
0x4a10cc OpenMutexW
0x4a10d0 GetCurrentDirectoryW
0x4a10d4 GetProcAddress
0x4a10d8 SetVolumeLabelW
0x4a10dc WriteProfileSectionA
0x4a10e0 SetComputerNameA
0x4a10e4 SearchPathA
0x4a10e8 BuildCommDCBW
0x4a10ec GetLocalTime
0x4a10f0 OpenMutexA
0x4a10f4 OpenWaitableTimerW
0x4a10f8 GetConsoleScreenBufferInfo
0x4a10fc SetConsoleCtrlHandler
0x4a1100 AddAtomW
0x4a1104 FindAtomA
0x4a1108 EnumResourceTypesW
0x4a110c SetConsoleCursorInfo
0x4a1110 CreateIoCompletionPort
0x4a1114 SetConsoleTitleW
0x4a1118 FindNextFileW
0x4a111c GetConsoleTitleW
0x4a1120 RequestWakeupLatency
0x4a1124 GetConsoleCursorInfo
0x4a1128 GetVersionExA
0x4a112c DeleteFileW
0x4a1130 InterlockedPushEntrySList
0x4a1134 GetProfileSectionW
0x4a1138 AreFileApisANSI
0x4a113c GetVolumeInformationW
0x4a1140 GetModuleHandleA
0x4a1144 FlushFileBuffers
0x4a1148 GetStartupInfoA
0x4a114c HeapValidate
0x4a1150 IsBadReadPtr
0x4a1154 RaiseException
0x4a1158 DeleteCriticalSection
0x4a115c EnterCriticalSection
0x4a1160 LeaveCriticalSection
0x4a1164 GetModuleFileNameW
0x4a1168 SetUnhandledExceptionFilter
0x4a116c QueryPerformanceCounter
0x4a1170 GetTickCount
0x4a1174 GetCurrentThreadId
0x4a1178 GetCurrentProcessId
0x4a117c GetSystemTimeAsFileTime
0x4a1180 Sleep
0x4a1184 InterlockedDecrement
0x4a1188 ExitProcess
0x4a118c GetModuleFileNameA
0x4a1190 GetEnvironmentStrings
0x4a1194 FreeEnvironmentStringsW
0x4a1198 WideCharToMultiByte
0x4a119c GetLastError
0x4a11a0 GetEnvironmentStringsW
0x4a11a4 SetHandleCount
0x4a11a8 GetStdHandle
0x4a11ac GetFileType
0x4a11b0 TlsAlloc
0x4a11b4 TlsSetValue
0x4a11b8 TlsFree
0x4a11bc SetLastError
0x4a11c0 HeapDestroy
0x4a11c4 HeapCreate
0x4a11c8 HeapFree
0x4a11cc VirtualFree
0x4a11d0 HeapAlloc
0x4a11d4 GetCurrentProcess
0x4a11d8 UnhandledExceptionFilter
0x4a11dc IsDebuggerPresent
0x4a11e0 HeapSize
0x4a11e4 HeapReAlloc
0x4a11e8 VirtualAlloc
0x4a11ec GetACP
0x4a11f0 GetOEMCP
0x4a11f4 GetCPInfo
0x4a11f8 IsValidCodePage
0x4a11fc RtlUnwind
0x4a1200 InitializeCriticalSectionAndSpinCount
0x4a1204 DebugBreak
0x4a1208 OutputDebugStringA
0x4a120c WriteConsoleW
0x4a1210 OutputDebugStringW
0x4a1214 LoadLibraryA
0x4a1218 MultiByteToWideChar
0x4a121c LCMapStringW
0x4a1220 GetStringTypeA
0x4a1224 GetStringTypeW
0x4a1228 GetLocaleInfoA
0x4a122c SetFilePointer
0x4a1230 GetConsoleCP
0x4a1234 SetStdHandle
0x4a1238 WriteConsoleA
0x4a123c CreateFileA
0x4a1240 CloseHandle
USER32.dll
0x4a1248 GetMenuCheckMarkDimensions
0x4a124c GetMessageTime
0x4a1250 GetMenuInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x4a1000 GetComputerNameA
0x4a1004 EnumResourceNamesW
0x4a1008 SearchPathW
0x4a100c WriteConsoleInputW
0x4a1010 CopyFileExW
0x4a1014 TlsGetValue
0x4a1018 SetEndOfFile
0x4a101c FindResourceExW
0x4a1020 MapUserPhysicalPages
0x4a1024 LoadResource
0x4a1028 InterlockedIncrement
0x4a102c ScrollConsoleScreenBufferW
0x4a1030 CreateDirectoryW
0x4a1034 GlobalLock
0x4a1038 GetCommProperties
0x4a103c FreeEnvironmentStringsA
0x4a1040 SetTapeParameters
0x4a1044 GetModuleHandleW
0x4a1048 CreateNamedPipeW
0x4a104c LocalFlags
0x4a1050 GetConsoleAliasesLengthA
0x4a1054 GetPrivateProfileStringW
0x4a1058 GetWindowsDirectoryA
0x4a105c WriteFile
0x4a1060 SetCommState
0x4a1064 GetCommandLineA
0x4a1068 GetSystemWow64DirectoryA
0x4a106c WriteFileGather
0x4a1070 CreateDirectoryExW
0x4a1074 SetProcessPriorityBoost
0x4a1078 InitializeCriticalSection
0x4a107c GlobalAlloc
0x4a1080 LoadLibraryW
0x4a1084 GetConsoleMode
0x4a1088 GetCalendarInfoA
0x4a108c SetSystemTimeAdjustment
0x4a1090 GetSystemWindowsDirectoryA
0x4a1094 TerminateProcess
0x4a1098 IsDBCSLeadByte
0x4a109c GetBinaryTypeW
0x4a10a0 GetOverlappedResult
0x4a10a4 CompareStringW
0x4a10a8 lstrlenW
0x4a10ac LCMapStringA
0x4a10b0 GetConsoleOutputCP
0x4a10b4 VerifyVersionInfoW
0x4a10b8 InterlockedExchange
0x4a10bc ReleaseActCtx
0x4a10c0 GetFileSizeEx
0x4a10c4 SetThreadLocale
0x4a10c8 FindFirstFileA
0x4a10cc OpenMutexW
0x4a10d0 GetCurrentDirectoryW
0x4a10d4 GetProcAddress
0x4a10d8 SetVolumeLabelW
0x4a10dc WriteProfileSectionA
0x4a10e0 SetComputerNameA
0x4a10e4 SearchPathA
0x4a10e8 BuildCommDCBW
0x4a10ec GetLocalTime
0x4a10f0 OpenMutexA
0x4a10f4 OpenWaitableTimerW
0x4a10f8 GetConsoleScreenBufferInfo
0x4a10fc SetConsoleCtrlHandler
0x4a1100 AddAtomW
0x4a1104 FindAtomA
0x4a1108 EnumResourceTypesW
0x4a110c SetConsoleCursorInfo
0x4a1110 CreateIoCompletionPort
0x4a1114 SetConsoleTitleW
0x4a1118 FindNextFileW
0x4a111c GetConsoleTitleW
0x4a1120 RequestWakeupLatency
0x4a1124 GetConsoleCursorInfo
0x4a1128 GetVersionExA
0x4a112c DeleteFileW
0x4a1130 InterlockedPushEntrySList
0x4a1134 GetProfileSectionW
0x4a1138 AreFileApisANSI
0x4a113c GetVolumeInformationW
0x4a1140 GetModuleHandleA
0x4a1144 FlushFileBuffers
0x4a1148 GetStartupInfoA
0x4a114c HeapValidate
0x4a1150 IsBadReadPtr
0x4a1154 RaiseException
0x4a1158 DeleteCriticalSection
0x4a115c EnterCriticalSection
0x4a1160 LeaveCriticalSection
0x4a1164 GetModuleFileNameW
0x4a1168 SetUnhandledExceptionFilter
0x4a116c QueryPerformanceCounter
0x4a1170 GetTickCount
0x4a1174 GetCurrentThreadId
0x4a1178 GetCurrentProcessId
0x4a117c GetSystemTimeAsFileTime
0x4a1180 Sleep
0x4a1184 InterlockedDecrement
0x4a1188 ExitProcess
0x4a118c GetModuleFileNameA
0x4a1190 GetEnvironmentStrings
0x4a1194 FreeEnvironmentStringsW
0x4a1198 WideCharToMultiByte
0x4a119c GetLastError
0x4a11a0 GetEnvironmentStringsW
0x4a11a4 SetHandleCount
0x4a11a8 GetStdHandle
0x4a11ac GetFileType
0x4a11b0 TlsAlloc
0x4a11b4 TlsSetValue
0x4a11b8 TlsFree
0x4a11bc SetLastError
0x4a11c0 HeapDestroy
0x4a11c4 HeapCreate
0x4a11c8 HeapFree
0x4a11cc VirtualFree
0x4a11d0 HeapAlloc
0x4a11d4 GetCurrentProcess
0x4a11d8 UnhandledExceptionFilter
0x4a11dc IsDebuggerPresent
0x4a11e0 HeapSize
0x4a11e4 HeapReAlloc
0x4a11e8 VirtualAlloc
0x4a11ec GetACP
0x4a11f0 GetOEMCP
0x4a11f4 GetCPInfo
0x4a11f8 IsValidCodePage
0x4a11fc RtlUnwind
0x4a1200 InitializeCriticalSectionAndSpinCount
0x4a1204 DebugBreak
0x4a1208 OutputDebugStringA
0x4a120c WriteConsoleW
0x4a1210 OutputDebugStringW
0x4a1214 LoadLibraryA
0x4a1218 MultiByteToWideChar
0x4a121c LCMapStringW
0x4a1220 GetStringTypeA
0x4a1224 GetStringTypeW
0x4a1228 GetLocaleInfoA
0x4a122c SetFilePointer
0x4a1230 GetConsoleCP
0x4a1234 SetStdHandle
0x4a1238 WriteConsoleA
0x4a123c CreateFileA
0x4a1240 CloseHandle
USER32.dll
0x4a1248 GetMenuCheckMarkDimensions
0x4a124c GetMessageTime
0x4a1250 GetMenuInfo
EAT(Export Address Table) is none