popup

Report - file.exe

Generic Malware Malicious Packer OS Processor Check PE32 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.06.25 15:00 Machine s1_win7_x6402
Filename file.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
2
 Behavior Score
4.2
ZERO API file : clean
VT API (file) 27 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, Generic@ML, RDML, jrsLne2Ra3, 08Cfi3wyU5g, A + Troj, Kryptik, Lockbit, Static AI, Malicious PE, Zenpak, Glupteba, score, BScope, susgen, ZexaF, Xu0@ai3s65fI, confidence, 100%)
md5 3dd3e55d3843d47f8699c1a4e22c7ba2
sha256 2e150d7c07b1e33fec7acafa7c4d556c01ae2a8b41d67a80996bda3e71a312dd
ssdeep 12288:UJR/5KHGRgEl0zieEWuvI9ly7VU/gVb/dYoIxx/sgos+arGoljdcaikT+W/AAlSe:UL55RghyWuADyJUoQxos+arG/L4Qe
imphash 239d0543c3c8f22bd3bf2a0ca25ae8f0
impfuzzy 48:HWbODA+vm83LdVXSEDGk9WIOQWYWaE8fcRhV8hUpeLXvOBY:nEm/pVXhhWIZzE8fcRhV8hSeLXX
  Network IP location

Signature (10cnts)

Level Description
warning File has been identified by 27 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
watch Tries to unhook Windows functions monitored by Cuckoo
notice Allocates read-write-execute memory (usually to unpack itself)
notice Foreign language identified in PE resource
notice Performs some HTTP requests
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed
info The file contains an unknown PE resource name possibly indicative of a packer
info This executable has a PDB path

Rules (5cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (5cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://detectportal.firefox.com/success.txt?ipv4
whois
US GOOGLE 34.107.221.82 clean
prod.detectportal.prod.cloudops.mozgcp.net
whois
US GOOGLE 34.107.221.82 clean
mozilla.org
whois
US AMAZON-02 44.235.246.155 clean
detectportal.firefox.com
whois
US GOOGLE 34.107.221.82 clean
34.107.221.82
whois
US GOOGLE 34.107.221.82 clean

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x4a1000 GetComputerNameA
 0x4a1004 EnumResourceNamesW
 0x4a1008 SearchPathW
 0x4a100c WriteConsoleInputW
 0x4a1010 CopyFileExW
 0x4a1014 TlsGetValue
 0x4a1018 SetEndOfFile
 0x4a101c FindResourceExW
 0x4a1020 MapUserPhysicalPages
 0x4a1024 LoadResource
 0x4a1028 InterlockedIncrement
 0x4a102c ScrollConsoleScreenBufferW
 0x4a1030 CreateDirectoryW
 0x4a1034 GlobalLock
 0x4a1038 GetCommProperties
 0x4a103c FreeEnvironmentStringsA
 0x4a1040 SetTapeParameters
 0x4a1044 GetModuleHandleW
 0x4a1048 CreateNamedPipeW
 0x4a104c LocalFlags
 0x4a1050 GetConsoleAliasesLengthA
 0x4a1054 GetPrivateProfileStringW
 0x4a1058 GetWindowsDirectoryA
 0x4a105c WriteFile
 0x4a1060 SetCommState
 0x4a1064 GetCommandLineA
 0x4a1068 GetSystemWow64DirectoryA
 0x4a106c WriteFileGather
 0x4a1070 CreateDirectoryExW
 0x4a1074 SetProcessPriorityBoost
 0x4a1078 InitializeCriticalSection
 0x4a107c GlobalAlloc
 0x4a1080 LoadLibraryW
 0x4a1084 GetConsoleMode
 0x4a1088 GetCalendarInfoA
 0x4a108c SetSystemTimeAdjustment
 0x4a1090 GetSystemWindowsDirectoryA
 0x4a1094 TerminateProcess
 0x4a1098 IsDBCSLeadByte
 0x4a109c GetBinaryTypeW
 0x4a10a0 GetOverlappedResult
 0x4a10a4 CompareStringW
 0x4a10a8 lstrlenW
 0x4a10ac LCMapStringA
 0x4a10b0 GetConsoleOutputCP
 0x4a10b4 VerifyVersionInfoW
 0x4a10b8 InterlockedExchange
 0x4a10bc ReleaseActCtx
 0x4a10c0 GetFileSizeEx
 0x4a10c4 SetThreadLocale
 0x4a10c8 FindFirstFileA
 0x4a10cc OpenMutexW
 0x4a10d0 GetCurrentDirectoryW
 0x4a10d4 GetProcAddress
 0x4a10d8 SetVolumeLabelW
 0x4a10dc WriteProfileSectionA
 0x4a10e0 SetComputerNameA
 0x4a10e4 SearchPathA
 0x4a10e8 BuildCommDCBW
 0x4a10ec GetLocalTime
 0x4a10f0 OpenMutexA
 0x4a10f4 OpenWaitableTimerW
 0x4a10f8 GetConsoleScreenBufferInfo
 0x4a10fc SetConsoleCtrlHandler
 0x4a1100 AddAtomW
 0x4a1104 FindAtomA
 0x4a1108 EnumResourceTypesW
 0x4a110c SetConsoleCursorInfo
 0x4a1110 CreateIoCompletionPort
 0x4a1114 SetConsoleTitleW
 0x4a1118 FindNextFileW
 0x4a111c GetConsoleTitleW
 0x4a1120 RequestWakeupLatency
 0x4a1124 GetConsoleCursorInfo
 0x4a1128 GetVersionExA
 0x4a112c DeleteFileW
 0x4a1130 InterlockedPushEntrySList
 0x4a1134 GetProfileSectionW
 0x4a1138 AreFileApisANSI
 0x4a113c GetVolumeInformationW
 0x4a1140 GetModuleHandleA
 0x4a1144 FlushFileBuffers
 0x4a1148 GetStartupInfoA
 0x4a114c HeapValidate
 0x4a1150 IsBadReadPtr
 0x4a1154 RaiseException
 0x4a1158 DeleteCriticalSection
 0x4a115c EnterCriticalSection
 0x4a1160 LeaveCriticalSection
 0x4a1164 GetModuleFileNameW
 0x4a1168 SetUnhandledExceptionFilter
 0x4a116c QueryPerformanceCounter
 0x4a1170 GetTickCount
 0x4a1174 GetCurrentThreadId
 0x4a1178 GetCurrentProcessId
 0x4a117c GetSystemTimeAsFileTime
 0x4a1180 Sleep
 0x4a1184 InterlockedDecrement
 0x4a1188 ExitProcess
 0x4a118c GetModuleFileNameA
 0x4a1190 GetEnvironmentStrings
 0x4a1194 FreeEnvironmentStringsW
 0x4a1198 WideCharToMultiByte
 0x4a119c GetLastError
 0x4a11a0 GetEnvironmentStringsW
 0x4a11a4 SetHandleCount
 0x4a11a8 GetStdHandle
 0x4a11ac GetFileType
 0x4a11b0 TlsAlloc
 0x4a11b4 TlsSetValue
 0x4a11b8 TlsFree
 0x4a11bc SetLastError
 0x4a11c0 HeapDestroy
 0x4a11c4 HeapCreate
 0x4a11c8 HeapFree
 0x4a11cc VirtualFree
 0x4a11d0 HeapAlloc
 0x4a11d4 GetCurrentProcess
 0x4a11d8 UnhandledExceptionFilter
 0x4a11dc IsDebuggerPresent
 0x4a11e0 HeapSize
 0x4a11e4 HeapReAlloc
 0x4a11e8 VirtualAlloc
 0x4a11ec GetACP
 0x4a11f0 GetOEMCP
 0x4a11f4 GetCPInfo
 0x4a11f8 IsValidCodePage
 0x4a11fc RtlUnwind
 0x4a1200 InitializeCriticalSectionAndSpinCount
 0x4a1204 DebugBreak
 0x4a1208 OutputDebugStringA
 0x4a120c WriteConsoleW
 0x4a1210 OutputDebugStringW
 0x4a1214 LoadLibraryA
 0x4a1218 MultiByteToWideChar
 0x4a121c LCMapStringW
 0x4a1220 GetStringTypeA
 0x4a1224 GetStringTypeW
 0x4a1228 GetLocaleInfoA
 0x4a122c SetFilePointer
 0x4a1230 GetConsoleCP
 0x4a1234 SetStdHandle
 0x4a1238 WriteConsoleA
 0x4a123c CreateFileA
 0x4a1240 CloseHandle
USER32.dll
 0x4a1248 GetMenuCheckMarkDimensions
 0x4a124c GetMessageTime
 0x4a1250 GetMenuInfo

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure