ScreenShot
| Created | 2021.07.07 09:33 | Machine | s1_win7_x6402 |
| Filename | zlnch.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 34 detected (AIDetect, malware1, malicious, high confidence, MachineLearning, Anomalous, 100%, Save, confidence, Attribute, HighConfidence, Shelma, FileRepMalware, Ransomware, Outbreak, Unsafe, Score, KVMH008, kcloud, Wacatac, Artemis, F0D1C00G621, Generic@ML, RDML, hR4WiNLIO19w2tWb9CMY1w, Static AI, Malicious PE, susgen, PossibleThreat, PALLASNET, ZexaF, vu0@aeONwnnb, HxQBaOcA) | ||
| md5 | 5de6ec9265f79a31a9845c8a504d28f0 | ||
| sha256 | 32fc03caa22bc3bbf778b04da675e528dd7125a61da6f9fc5e532230745bcd8c | ||
| ssdeep | 6144:wPpBMawV+ebB2QfLkTpNyJUQM+OpolEpxtQPc/rlHYk4xpV/3JDM12zqog/fI3iY:TawdgQjktNaUl+p6r4pN3ZrzWg3iY | ||
| imphash | f09dd27db7b2c002f57b0dee04d67cef | ||
| impfuzzy | 24:qXIRkLm9OAGtOAnzMHvTg8bPujJDtk50m:VyLmIAUzq/r | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x44d008 GetSystemPaletteUse
0x44d00c GetDeviceCaps
0x44d010 GetCharWidthW
0x44d014 GetBitmapBits
0x44d018 GetObjectW
ole32.dll
0x44d0b8 CoFreeUnusedLibrariesEx
ADVAPI32.dll
0x44d000 LookupPrivilegeNameW
USER32.dll
0x44d084 GetWindowRect
0x44d088 GetClipboardFormatNameW
0x44d08c ShowCaret
0x44d090 InsertMenuA
0x44d094 SetCursor
0x44d098 IsWindow
POWRPROF.dll
0x44d078 GetPwrCapabilities
0x44d07c IsPwrHibernateAllowed
msvcrt.dll
0x44d0b0 memset
KERNEL32.dll
0x44d020 SetConsoleOutputCP
0x44d024 HeapWalk
0x44d028 HeapCreate
0x44d02c GetCurrentConsoleFont
0x44d030 LocalFree
0x44d034 GlobalFindAtomA
0x44d038 DeleteVolumeMountPointW
0x44d03c FillConsoleOutputAttribute
0x44d040 EraseTape
0x44d044 LockFile
0x44d048 GetConsoleCursorInfo
0x44d04c EnumSystemLocalesA
0x44d050 GlobalAddAtomW
0x44d054 LoadLibraryExW
0x44d058 GetModuleHandleW
0x44d05c GetModuleHandleA
0x44d060 GetProcAddress
0x44d064 GetLocaleInfoW
0x44d068 FindFirstFileA
0x44d06c GetProcessAffinityMask
0x44d070 SetFileAttributesW
WININET.dll
0x44d0a0 FindNextUrlCacheGroup
WINSPOOL.DRV
0x44d0a8 FindNextPrinterChangeNotification
EAT(Export Address Table) is none
GDI32.dll
0x44d008 GetSystemPaletteUse
0x44d00c GetDeviceCaps
0x44d010 GetCharWidthW
0x44d014 GetBitmapBits
0x44d018 GetObjectW
ole32.dll
0x44d0b8 CoFreeUnusedLibrariesEx
ADVAPI32.dll
0x44d000 LookupPrivilegeNameW
USER32.dll
0x44d084 GetWindowRect
0x44d088 GetClipboardFormatNameW
0x44d08c ShowCaret
0x44d090 InsertMenuA
0x44d094 SetCursor
0x44d098 IsWindow
POWRPROF.dll
0x44d078 GetPwrCapabilities
0x44d07c IsPwrHibernateAllowed
msvcrt.dll
0x44d0b0 memset
KERNEL32.dll
0x44d020 SetConsoleOutputCP
0x44d024 HeapWalk
0x44d028 HeapCreate
0x44d02c GetCurrentConsoleFont
0x44d030 LocalFree
0x44d034 GlobalFindAtomA
0x44d038 DeleteVolumeMountPointW
0x44d03c FillConsoleOutputAttribute
0x44d040 EraseTape
0x44d044 LockFile
0x44d048 GetConsoleCursorInfo
0x44d04c EnumSystemLocalesA
0x44d050 GlobalAddAtomW
0x44d054 LoadLibraryExW
0x44d058 GetModuleHandleW
0x44d05c GetModuleHandleA
0x44d060 GetProcAddress
0x44d064 GetLocaleInfoW
0x44d068 FindFirstFileA
0x44d06c GetProcessAffinityMask
0x44d070 SetFileAttributesW
WININET.dll
0x44d0a0 FindNextUrlCacheGroup
WINSPOOL.DRV
0x44d0a8 FindNextPrinterChangeNotification
EAT(Export Address Table) is none