ScreenShot
| Created | 2021.07.01 13:54 | Machine | s1_win7_x6402 |
| Filename | file2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, GandCrab, PWSX, Azorult, Hacktool, score, Artemis, InstallCore, Generic@ML, RDML, Hu1vla9jAkdvhrZxOICDag, Static AI, Malicious PE, Kryptik, HLOG, susgen, confidence, 100%, QVM10) | ||
| md5 | be23958ce4cb7c999dddca276120d276 | ||
| sha256 | 7084f1ae45733b1311a449d2a33202b5ca93363755fc6a746b37ed934b8fa9c9 | ||
| ssdeep | 3072:QnZGBiNW5OCcUlRE1BnSyjKGTTMowq0yTD9rk55syRSAvxQVEDvzFbX:QgBi0calS7KGTT8hK9rSsBAbvB | ||
| imphash | 56277425cc4e9198f16e54164d30a11e | ||
| impfuzzy | 24:jkrkRVKxC0Nr6Zja2ScrY/3k2+fcft0GhNOovTcDoJ3uaQFQ8Ryv0T4sl9osmQ:kU+xr6b8Z+fcft0GOQ530csUi | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401008 GetConsoleAliasesLengthA
0x40100c CreateActCtxW
0x401010 WriteConsoleInputA
0x401014 QueryDepthSList
0x401018 SetCriticalSectionSpinCount
0x40101c OpenEventA
0x401020 HeapAlloc
0x401024 GetUserDefaultLangID
0x401028 VirtualAlloc
0x40102c HeapQueryInformation
0x401030 GetOEMCP
0x401034 EnumDateFormatsA
0x401038 WaitForSingleObject
0x40103c lstrlenW
0x401040 GetModuleHandleW
0x401044 LocalAlloc
0x401048 SetMailslotInfo
0x40104c GetFileAttributesExW
0x401050 SetCalendarInfoA
0x401054 CommConfigDialogA
0x401058 GetConsoleWindow
0x40105c CancelTimerQueueTimer
0x401060 CreateJobObjectA
0x401064 GetTempPathA
0x401068 GetProcessHeap
0x40106c CompareStringW
0x401070 CreateMutexW
0x401074 InitializeSListHead
0x401078 InterlockedIncrement
0x40107c InterlockedDecrement
0x401080 Sleep
0x401084 InitializeCriticalSection
0x401088 DeleteCriticalSection
0x40108c EnterCriticalSection
0x401090 LeaveCriticalSection
0x401094 TerminateProcess
0x401098 GetCurrentProcess
0x40109c UnhandledExceptionFilter
0x4010a0 SetUnhandledExceptionFilter
0x4010a4 IsDebuggerPresent
0x4010a8 RaiseException
0x4010ac RtlUnwind
0x4010b0 GetLastError
0x4010b4 HeapReAlloc
0x4010b8 GetCommandLineA
0x4010bc GetStartupInfoA
0x4010c0 HeapFree
0x4010c4 GetProcAddress
0x4010c8 GetModuleHandleA
0x4010cc TlsGetValue
0x4010d0 TlsAlloc
0x4010d4 TlsSetValue
0x4010d8 TlsFree
0x4010dc SetLastError
0x4010e0 GetCurrentThreadId
0x4010e4 HeapCreate
0x4010e8 VirtualFree
0x4010ec ExitProcess
0x4010f0 WriteFile
0x4010f4 GetStdHandle
0x4010f8 GetModuleFileNameA
0x4010fc FreeEnvironmentStringsA
0x401100 GetEnvironmentStrings
0x401104 FreeEnvironmentStringsW
0x401108 WideCharToMultiByte
0x40110c GetEnvironmentStringsW
0x401110 SetHandleCount
0x401114 GetFileType
0x401118 QueryPerformanceCounter
0x40111c GetTickCount
0x401120 GetCurrentProcessId
0x401124 GetSystemTimeAsFileTime
0x401128 HeapSize
0x40112c GetCPInfo
0x401130 GetACP
0x401134 IsValidCodePage
0x401138 GetLocaleInfoA
0x40113c GetStringTypeA
0x401140 MultiByteToWideChar
0x401144 GetStringTypeW
0x401148 InitializeCriticalSectionAndSpinCount
0x40114c LoadLibraryA
0x401150 LCMapStringA
0x401154 LCMapStringW
ADVAPI32.dll
0x401000 BackupEventLogA
WINHTTP.dll
0x40115c WinHttpQueryOption
EAT(Export Address Table) Library
0x423992 @GetSecondVice@0
KERNEL32.dll
0x401008 GetConsoleAliasesLengthA
0x40100c CreateActCtxW
0x401010 WriteConsoleInputA
0x401014 QueryDepthSList
0x401018 SetCriticalSectionSpinCount
0x40101c OpenEventA
0x401020 HeapAlloc
0x401024 GetUserDefaultLangID
0x401028 VirtualAlloc
0x40102c HeapQueryInformation
0x401030 GetOEMCP
0x401034 EnumDateFormatsA
0x401038 WaitForSingleObject
0x40103c lstrlenW
0x401040 GetModuleHandleW
0x401044 LocalAlloc
0x401048 SetMailslotInfo
0x40104c GetFileAttributesExW
0x401050 SetCalendarInfoA
0x401054 CommConfigDialogA
0x401058 GetConsoleWindow
0x40105c CancelTimerQueueTimer
0x401060 CreateJobObjectA
0x401064 GetTempPathA
0x401068 GetProcessHeap
0x40106c CompareStringW
0x401070 CreateMutexW
0x401074 InitializeSListHead
0x401078 InterlockedIncrement
0x40107c InterlockedDecrement
0x401080 Sleep
0x401084 InitializeCriticalSection
0x401088 DeleteCriticalSection
0x40108c EnterCriticalSection
0x401090 LeaveCriticalSection
0x401094 TerminateProcess
0x401098 GetCurrentProcess
0x40109c UnhandledExceptionFilter
0x4010a0 SetUnhandledExceptionFilter
0x4010a4 IsDebuggerPresent
0x4010a8 RaiseException
0x4010ac RtlUnwind
0x4010b0 GetLastError
0x4010b4 HeapReAlloc
0x4010b8 GetCommandLineA
0x4010bc GetStartupInfoA
0x4010c0 HeapFree
0x4010c4 GetProcAddress
0x4010c8 GetModuleHandleA
0x4010cc TlsGetValue
0x4010d0 TlsAlloc
0x4010d4 TlsSetValue
0x4010d8 TlsFree
0x4010dc SetLastError
0x4010e0 GetCurrentThreadId
0x4010e4 HeapCreate
0x4010e8 VirtualFree
0x4010ec ExitProcess
0x4010f0 WriteFile
0x4010f4 GetStdHandle
0x4010f8 GetModuleFileNameA
0x4010fc FreeEnvironmentStringsA
0x401100 GetEnvironmentStrings
0x401104 FreeEnvironmentStringsW
0x401108 WideCharToMultiByte
0x40110c GetEnvironmentStringsW
0x401110 SetHandleCount
0x401114 GetFileType
0x401118 QueryPerformanceCounter
0x40111c GetTickCount
0x401120 GetCurrentProcessId
0x401124 GetSystemTimeAsFileTime
0x401128 HeapSize
0x40112c GetCPInfo
0x401130 GetACP
0x401134 IsValidCodePage
0x401138 GetLocaleInfoA
0x40113c GetStringTypeA
0x401140 MultiByteToWideChar
0x401144 GetStringTypeW
0x401148 InitializeCriticalSectionAndSpinCount
0x40114c LoadLibraryA
0x401150 LCMapStringA
0x401154 LCMapStringW
ADVAPI32.dll
0x401000 BackupEventLogA
WINHTTP.dll
0x40115c WinHttpQueryOption
EAT(Export Address Table) Library
0x423992 @GetSecondVice@0