ScreenShot
| Created | 2021.07.08 11:03 | Machine | s1_win7_x6401 |
| Filename | air+france+klm+annual+report+2013-RTMD-AMBb5mCGMAAAvhwCAEtSGQASABszRd8A.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 23 detected (malicious, high confidence, Save, Attribute, HighConfidence, PWSX, R + Troj, Kryptik, Lockbit, Azorult, score, BScope, Wacatac, Unsafe, Static AI, Malicious PE, susgen, ZexaF, @xW@aGebX5hG, confidence) | ||
| md5 | 3e5700315f6dad1bb3af6c4baf1c4969 | ||
| sha256 | 925ea29255f08bbde919e80962b2d92af5565debd54854a3afec331bc5d4e75b | ||
| ssdeep | 98304:0sLZo0tvUCLem/7cziWqZcDXxTocRHR246iic5yAaOQHuZ1jhrxsRH+D:tTvUCLeslWqiDb5R5ic5COQo9sRq | ||
| imphash | 4cf03d71ce24719b9e2bc8a697125581 | ||
| impfuzzy | 48:kaCKbxPPkb8zDE6UJVl9OS+fcft2MaEGAtlnlGX3+D:jqWYZVl9j+fcftKEGAtllGXG | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x865000 GetFileSize
0x865004 SetDefaultCommConfigA
0x865008 GetConsoleAliasesLengthW
0x86500c TlsGetValue
0x865010 GetConsoleAliasExesA
0x865014 SetLocalTime
0x865018 CommConfigDialogA
0x86501c GetProcessIoCounters
0x865020 FreeLibrary
0x865024 InterlockedDecrement
0x865028 ZombifyActCtx
0x86502c GetNamedPipeHandleStateA
0x865030 GlobalLock
0x865034 SetConsoleScreenBufferSize
0x865038 SetComputerNameW
0x86503c GetComputerNameW
0x865040 CreateDirectoryExA
0x865044 GetTickCount
0x865048 CreateNamedPipeW
0x86504c GetPrivateProfileStringW
0x865050 WriteFileGather
0x865054 SetProcessPriorityBoost
0x865058 GetSystemDirectoryW
0x86505c GetConsoleMode
0x865060 SetCommConfig
0x865064 SizeofResource
0x865068 GetSystemWow64DirectoryW
0x86506c SetSystemTimeAdjustment
0x865070 GetSystemWindowsDirectoryA
0x865074 GetVersionExW
0x865078 InterlockedPopEntrySList
0x86507c GlobalFlags
0x865080 ReadFile
0x865084 GetBinaryTypeW
0x865088 GetOverlappedResult
0x86508c CompareStringW
0x865090 ExitThread
0x865094 lstrlenW
0x865098 GetStartupInfoW
0x86509c VerifyVersionInfoW
0x8650a0 CreateDirectoryA
0x8650a4 GetProfileIntA
0x8650a8 SetCurrentDirectoryA
0x8650ac OpenMutexW
0x8650b0 GetCurrentDirectoryW
0x8650b4 ReadConsoleOutputCharacterA
0x8650b8 GetProcessHeaps
0x8650bc WriteProfileSectionA
0x8650c0 SetStdHandle
0x8650c4 FreeUserPhysicalPages
0x8650c8 SearchPathA
0x8650cc GetAtomNameA
0x8650d0 LoadLibraryA
0x8650d4 Process32FirstW
0x8650d8 LocalAlloc
0x8650dc SetCalendarInfoW
0x8650e0 SetConsoleCtrlHandler
0x8650e4 VirtualLock
0x8650e8 SetConsoleWindowInfo
0x8650ec GetTapeParameters
0x8650f0 WriteProfileStringA
0x8650f4 WTSGetActiveConsoleSessionId
0x8650f8 SetConsoleTitleW
0x8650fc GetModuleHandleA
0x865100 GetProcessShutdownParameters
0x865104 QueryMemoryResourceNotification
0x865108 CreateMutexA
0x86510c FreeEnvironmentStringsW
0x865110 RequestWakeupLatency
0x865114 VirtualProtect
0x865118 GetCPInfoExA
0x86511c FindAtomW
0x865120 GetWindowsDirectoryW
0x865124 GetVersion
0x865128 GetVolumeNameForVolumeMountPointW
0x86512c GetCurrentProcessId
0x865130 FindActCtxSectionStringW
0x865134 GetProfileSectionW
0x865138 LCMapStringW
0x86513c CopyFileExA
0x865140 DeleteFileA
0x865144 InterlockedIncrement
0x865148 Sleep
0x86514c InitializeCriticalSection
0x865150 DeleteCriticalSection
0x865154 EnterCriticalSection
0x865158 LeaveCriticalSection
0x86515c TerminateProcess
0x865160 GetCurrentProcess
0x865164 UnhandledExceptionFilter
0x865168 SetUnhandledExceptionFilter
0x86516c IsDebuggerPresent
0x865170 GetModuleFileNameW
0x865174 GetCommandLineA
0x865178 GetStartupInfoA
0x86517c HeapValidate
0x865180 IsBadReadPtr
0x865184 RaiseException
0x865188 RtlUnwind
0x86518c GetProcAddress
0x865190 GetModuleHandleW
0x865194 TlsAlloc
0x865198 TlsSetValue
0x86519c GetCurrentThreadId
0x8651a0 TlsFree
0x8651a4 SetLastError
0x8651a8 GetLastError
0x8651ac GetACP
0x8651b0 GetOEMCP
0x8651b4 GetCPInfo
0x8651b8 IsValidCodePage
0x8651bc DebugBreak
0x8651c0 GetStdHandle
0x8651c4 WriteFile
0x8651c8 OutputDebugStringA
0x8651cc WriteConsoleW
0x8651d0 GetFileType
0x8651d4 OutputDebugStringW
0x8651d8 ExitProcess
0x8651dc LoadLibraryW
0x8651e0 QueryPerformanceCounter
0x8651e4 GetSystemTimeAsFileTime
0x8651e8 GetModuleFileNameA
0x8651ec FreeEnvironmentStringsA
0x8651f0 GetEnvironmentStrings
0x8651f4 WideCharToMultiByte
0x8651f8 GetEnvironmentStringsW
0x8651fc SetHandleCount
0x865200 HeapDestroy
0x865204 HeapCreate
0x865208 HeapFree
0x86520c VirtualFree
0x865210 FlushFileBuffers
0x865214 GetConsoleCP
0x865218 HeapAlloc
0x86521c HeapSize
0x865220 HeapReAlloc
0x865224 VirtualAlloc
0x865228 MultiByteToWideChar
0x86522c GetStringTypeA
0x865230 GetStringTypeW
0x865234 GetLocaleInfoA
0x865238 LCMapStringA
0x86523c InitializeCriticalSectionAndSpinCount
0x865240 WriteConsoleA
0x865244 GetConsoleOutputCP
0x865248 SetFilePointer
0x86524c CloseHandle
0x865250 CreateFileA
USER32.dll
0x865258 GetComboBoxInfo
0x86525c GetCursorInfo
EAT(Export Address Table) Library
0x8624b2 _hockey@4
0x8624a9 _kimonu_Lalacer_cuf@8
KERNEL32.dll
0x865000 GetFileSize
0x865004 SetDefaultCommConfigA
0x865008 GetConsoleAliasesLengthW
0x86500c TlsGetValue
0x865010 GetConsoleAliasExesA
0x865014 SetLocalTime
0x865018 CommConfigDialogA
0x86501c GetProcessIoCounters
0x865020 FreeLibrary
0x865024 InterlockedDecrement
0x865028 ZombifyActCtx
0x86502c GetNamedPipeHandleStateA
0x865030 GlobalLock
0x865034 SetConsoleScreenBufferSize
0x865038 SetComputerNameW
0x86503c GetComputerNameW
0x865040 CreateDirectoryExA
0x865044 GetTickCount
0x865048 CreateNamedPipeW
0x86504c GetPrivateProfileStringW
0x865050 WriteFileGather
0x865054 SetProcessPriorityBoost
0x865058 GetSystemDirectoryW
0x86505c GetConsoleMode
0x865060 SetCommConfig
0x865064 SizeofResource
0x865068 GetSystemWow64DirectoryW
0x86506c SetSystemTimeAdjustment
0x865070 GetSystemWindowsDirectoryA
0x865074 GetVersionExW
0x865078 InterlockedPopEntrySList
0x86507c GlobalFlags
0x865080 ReadFile
0x865084 GetBinaryTypeW
0x865088 GetOverlappedResult
0x86508c CompareStringW
0x865090 ExitThread
0x865094 lstrlenW
0x865098 GetStartupInfoW
0x86509c VerifyVersionInfoW
0x8650a0 CreateDirectoryA
0x8650a4 GetProfileIntA
0x8650a8 SetCurrentDirectoryA
0x8650ac OpenMutexW
0x8650b0 GetCurrentDirectoryW
0x8650b4 ReadConsoleOutputCharacterA
0x8650b8 GetProcessHeaps
0x8650bc WriteProfileSectionA
0x8650c0 SetStdHandle
0x8650c4 FreeUserPhysicalPages
0x8650c8 SearchPathA
0x8650cc GetAtomNameA
0x8650d0 LoadLibraryA
0x8650d4 Process32FirstW
0x8650d8 LocalAlloc
0x8650dc SetCalendarInfoW
0x8650e0 SetConsoleCtrlHandler
0x8650e4 VirtualLock
0x8650e8 SetConsoleWindowInfo
0x8650ec GetTapeParameters
0x8650f0 WriteProfileStringA
0x8650f4 WTSGetActiveConsoleSessionId
0x8650f8 SetConsoleTitleW
0x8650fc GetModuleHandleA
0x865100 GetProcessShutdownParameters
0x865104 QueryMemoryResourceNotification
0x865108 CreateMutexA
0x86510c FreeEnvironmentStringsW
0x865110 RequestWakeupLatency
0x865114 VirtualProtect
0x865118 GetCPInfoExA
0x86511c FindAtomW
0x865120 GetWindowsDirectoryW
0x865124 GetVersion
0x865128 GetVolumeNameForVolumeMountPointW
0x86512c GetCurrentProcessId
0x865130 FindActCtxSectionStringW
0x865134 GetProfileSectionW
0x865138 LCMapStringW
0x86513c CopyFileExA
0x865140 DeleteFileA
0x865144 InterlockedIncrement
0x865148 Sleep
0x86514c InitializeCriticalSection
0x865150 DeleteCriticalSection
0x865154 EnterCriticalSection
0x865158 LeaveCriticalSection
0x86515c TerminateProcess
0x865160 GetCurrentProcess
0x865164 UnhandledExceptionFilter
0x865168 SetUnhandledExceptionFilter
0x86516c IsDebuggerPresent
0x865170 GetModuleFileNameW
0x865174 GetCommandLineA
0x865178 GetStartupInfoA
0x86517c HeapValidate
0x865180 IsBadReadPtr
0x865184 RaiseException
0x865188 RtlUnwind
0x86518c GetProcAddress
0x865190 GetModuleHandleW
0x865194 TlsAlloc
0x865198 TlsSetValue
0x86519c GetCurrentThreadId
0x8651a0 TlsFree
0x8651a4 SetLastError
0x8651a8 GetLastError
0x8651ac GetACP
0x8651b0 GetOEMCP
0x8651b4 GetCPInfo
0x8651b8 IsValidCodePage
0x8651bc DebugBreak
0x8651c0 GetStdHandle
0x8651c4 WriteFile
0x8651c8 OutputDebugStringA
0x8651cc WriteConsoleW
0x8651d0 GetFileType
0x8651d4 OutputDebugStringW
0x8651d8 ExitProcess
0x8651dc LoadLibraryW
0x8651e0 QueryPerformanceCounter
0x8651e4 GetSystemTimeAsFileTime
0x8651e8 GetModuleFileNameA
0x8651ec FreeEnvironmentStringsA
0x8651f0 GetEnvironmentStrings
0x8651f4 WideCharToMultiByte
0x8651f8 GetEnvironmentStringsW
0x8651fc SetHandleCount
0x865200 HeapDestroy
0x865204 HeapCreate
0x865208 HeapFree
0x86520c VirtualFree
0x865210 FlushFileBuffers
0x865214 GetConsoleCP
0x865218 HeapAlloc
0x86521c HeapSize
0x865220 HeapReAlloc
0x865224 VirtualAlloc
0x865228 MultiByteToWideChar
0x86522c GetStringTypeA
0x865230 GetStringTypeW
0x865234 GetLocaleInfoA
0x865238 LCMapStringA
0x86523c InitializeCriticalSectionAndSpinCount
0x865240 WriteConsoleA
0x865244 GetConsoleOutputCP
0x865248 SetFilePointer
0x86524c CloseHandle
0x865250 CreateFileA
USER32.dll
0x865258 GetComboBoxInfo
0x86525c GetCursorInfo
EAT(Export Address Table) Library
0x8624b2 _hockey@4
0x8624a9 _kimonu_Lalacer_cuf@8