ScreenShot
| Created | 2021.07.01 08:10 | Machine | s1_win7_x6402 |
| Filename | un.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (AIDetect, malware1, malicious, high confidence, Zusy, Unsafe, Kryptik, Save, DelfInject, confidence, 100%, ZexaE, GuW@aeWRoqci, Noon, Eldorado, Attribute, HighConfidence, HLGP, MalwareX, Injects, iwfzfc, Gencirc, MultiPlug, Static AI, Malicious PE, susgen, ai score=87, ASMalwS, score, R426474, GenericRXOV, R002C0DFU21, CLASSIC, KPLSmY6GQUQ, GdSda, QVM10) | ||
| md5 | f72c2ec4d30ac2255660c50ad4f3cb5f | ||
| sha256 | 005cdcb32ac1705413e9dd2049e791a6eb2fb22274ce4fece226f9010b6cff02 | ||
| ssdeep | 12288:yyNiVYDIIYMfVL5Mhej1sMkNvdl+BcO2T6dVc:qSI9wp5MhepAVl+Sx+dC | ||
| imphash | c5061f564a0283b1f0fcad4d9984534d | ||
| impfuzzy | 48:1/KAnBI8yQORla6FJGFCKX/g0W+SAEpTGucAeu7dt7cu:1Hlht6GucAeYdt7cu | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x40d110 DestroyWindow
0x40d114 DefWindowProcW
0x40d118 PostQuitMessage
0x40d11c KillTimer
0x40d120 EnableMenuItem
0x40d124 SetTimer
0x40d128 InvalidateRect
0x40d12c SetClassLongW
0x40d130 CheckMenuItem
0x40d134 SendMessageW
0x40d138 MessageBeep
0x40d13c GetMenu
0x40d140 GetSystemMetrics
0x40d144 DispatchMessageW
0x40d148 TranslateMessage
0x40d14c GetMessageW
0x40d150 UpdateWindow
0x40d154 ShowWindow
0x40d158 CreateWindowExW
0x40d15c MessageBoxW
0x40d160 RegisterClassW
0x40d164 LoadCursorW
0x40d168 LoadIconW
GDI32.dll
0x40d000 GetStockObject
KERNEL32.dll
0x40d008 CloseHandle
0x40d00c WriteConsoleW
0x40d010 SetFilePointerEx
0x40d014 SetStdHandle
0x40d018 GetConsoleMode
0x40d01c GetConsoleCP
0x40d020 FlushFileBuffers
0x40d024 GetStringTypeW
0x40d028 CreateFileW
0x40d02c LoadLibraryW
0x40d030 OutputDebugStringW
0x40d034 HeapReAlloc
0x40d038 LoadLibraryExW
0x40d03c LCMapStringEx
0x40d040 GetFileType
0x40d044 EncodePointer
0x40d048 DecodePointer
0x40d04c GetCommandLineA
0x40d050 RaiseException
0x40d054 RtlUnwind
0x40d058 IsDebuggerPresent
0x40d05c IsProcessorFeaturePresent
0x40d060 GetLastError
0x40d064 SetLastError
0x40d068 InterlockedIncrement
0x40d06c InterlockedDecrement
0x40d070 GetCurrentThreadId
0x40d074 ExitProcess
0x40d078 GetModuleHandleExW
0x40d07c GetProcAddress
0x40d080 MultiByteToWideChar
0x40d084 HeapSize
0x40d088 Sleep
0x40d08c GetStdHandle
0x40d090 WriteFile
0x40d094 GetModuleFileNameW
0x40d098 HeapFree
0x40d09c HeapAlloc
0x40d0a0 GetProcessHeap
0x40d0a4 InitializeCriticalSectionAndSpinCount
0x40d0a8 DeleteCriticalSection
0x40d0ac InitOnceExecuteOnce
0x40d0b0 GetStartupInfoW
0x40d0b4 GetModuleFileNameA
0x40d0b8 QueryPerformanceCounter
0x40d0bc GetSystemTimeAsFileTime
0x40d0c0 GetTickCount64
0x40d0c4 GetEnvironmentStringsW
0x40d0c8 FreeEnvironmentStringsW
0x40d0cc WideCharToMultiByte
0x40d0d0 UnhandledExceptionFilter
0x40d0d4 SetUnhandledExceptionFilter
0x40d0d8 FlsAlloc
0x40d0dc FlsGetValue
0x40d0e0 FlsSetValue
0x40d0e4 FlsFree
0x40d0e8 GetCurrentProcess
0x40d0ec TerminateProcess
0x40d0f0 GetModuleHandleW
0x40d0f4 EnterCriticalSection
0x40d0f8 LeaveCriticalSection
0x40d0fc IsValidCodePage
0x40d100 GetACP
0x40d104 GetOEMCP
0x40d108 GetCPInfo
EAT(Export Address Table) is none
USER32.dll
0x40d110 DestroyWindow
0x40d114 DefWindowProcW
0x40d118 PostQuitMessage
0x40d11c KillTimer
0x40d120 EnableMenuItem
0x40d124 SetTimer
0x40d128 InvalidateRect
0x40d12c SetClassLongW
0x40d130 CheckMenuItem
0x40d134 SendMessageW
0x40d138 MessageBeep
0x40d13c GetMenu
0x40d140 GetSystemMetrics
0x40d144 DispatchMessageW
0x40d148 TranslateMessage
0x40d14c GetMessageW
0x40d150 UpdateWindow
0x40d154 ShowWindow
0x40d158 CreateWindowExW
0x40d15c MessageBoxW
0x40d160 RegisterClassW
0x40d164 LoadCursorW
0x40d168 LoadIconW
GDI32.dll
0x40d000 GetStockObject
KERNEL32.dll
0x40d008 CloseHandle
0x40d00c WriteConsoleW
0x40d010 SetFilePointerEx
0x40d014 SetStdHandle
0x40d018 GetConsoleMode
0x40d01c GetConsoleCP
0x40d020 FlushFileBuffers
0x40d024 GetStringTypeW
0x40d028 CreateFileW
0x40d02c LoadLibraryW
0x40d030 OutputDebugStringW
0x40d034 HeapReAlloc
0x40d038 LoadLibraryExW
0x40d03c LCMapStringEx
0x40d040 GetFileType
0x40d044 EncodePointer
0x40d048 DecodePointer
0x40d04c GetCommandLineA
0x40d050 RaiseException
0x40d054 RtlUnwind
0x40d058 IsDebuggerPresent
0x40d05c IsProcessorFeaturePresent
0x40d060 GetLastError
0x40d064 SetLastError
0x40d068 InterlockedIncrement
0x40d06c InterlockedDecrement
0x40d070 GetCurrentThreadId
0x40d074 ExitProcess
0x40d078 GetModuleHandleExW
0x40d07c GetProcAddress
0x40d080 MultiByteToWideChar
0x40d084 HeapSize
0x40d088 Sleep
0x40d08c GetStdHandle
0x40d090 WriteFile
0x40d094 GetModuleFileNameW
0x40d098 HeapFree
0x40d09c HeapAlloc
0x40d0a0 GetProcessHeap
0x40d0a4 InitializeCriticalSectionAndSpinCount
0x40d0a8 DeleteCriticalSection
0x40d0ac InitOnceExecuteOnce
0x40d0b0 GetStartupInfoW
0x40d0b4 GetModuleFileNameA
0x40d0b8 QueryPerformanceCounter
0x40d0bc GetSystemTimeAsFileTime
0x40d0c0 GetTickCount64
0x40d0c4 GetEnvironmentStringsW
0x40d0c8 FreeEnvironmentStringsW
0x40d0cc WideCharToMultiByte
0x40d0d0 UnhandledExceptionFilter
0x40d0d4 SetUnhandledExceptionFilter
0x40d0d8 FlsAlloc
0x40d0dc FlsGetValue
0x40d0e0 FlsSetValue
0x40d0e4 FlsFree
0x40d0e8 GetCurrentProcess
0x40d0ec TerminateProcess
0x40d0f0 GetModuleHandleW
0x40d0f4 EnterCriticalSection
0x40d0f8 LeaveCriticalSection
0x40d0fc IsValidCodePage
0x40d100 GetACP
0x40d104 GetOEMCP
0x40d108 GetCPInfo
EAT(Export Address Table) is none