ScreenShot
| Created | 2021.07.09 09:30 | Machine | s1_win7_x6402 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 31 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, confidence, ZexaF, VuW@aCcIFDkG, Kryptik, Eldorado, Attribute, HighConfidence, GenKryptik, FHID, PWSX, Lockbit, A + Troj, Hynamer, score, BScope, Wacatac, Generic@ML, RDML, 3E0pA2p58WsBLm5N0umvdw, Static AI, Malicious PE, susgen, HLQC) | ||
| md5 | 9e2521860ebdce53dbe422612566d4ea | ||
| sha256 | 2afd735ca5d2ad8a8478c4832e4827b150e30d5f0b7c1dc174ce934017ee1d76 | ||
| ssdeep | 12288:4mxD6ymQskvInWCO7UqCRFyQdDB91kWAravG3HjFPVelfqShZ9k7yY:V6ympWBERQIDBIWZG3HjFPVO5 | ||
| imphash | 1805ee8d5911749b9c03ec2fc15f679b | ||
| impfuzzy | 48:yVTb6Or1VPlkN8zDEo2UmeO2+fcft2MaEGAtlnlcEX3+D:2lxUwYbeJ+fcftKEGAtllcEXG | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4a5000 GetFileSize
0x4a5004 SearchPathW
0x4a5008 WritePrivateProfileStructA
0x4a500c GetConsoleAliasesLengthW
0x4a5010 TlsGetValue
0x4a5014 SetLocalTime
0x4a5018 CommConfigDialogA
0x4a501c FindResourceExW
0x4a5020 GetProcessIoCounters
0x4a5024 FreeLibrary
0x4a5028 CallNamedPipeA
0x4a502c GetCommState
0x4a5030 InterlockedDecrement
0x4a5034 ZombifyActCtx
0x4a5038 ScrollConsoleScreenBufferW
0x4a503c SetDefaultCommConfigW
0x4a5040 GetSystemWindowsDirectoryW
0x4a5044 GetNamedPipeHandleStateA
0x4a5048 GlobalLock
0x4a504c SetConsoleScreenBufferSize
0x4a5050 SetComputerNameW
0x4a5054 GetComputerNameW
0x4a5058 CreateDirectoryExA
0x4a505c CreateNamedPipeW
0x4a5060 GetPrivateProfileStringW
0x4a5064 WriteFileGather
0x4a5068 SetProcessPriorityBoost
0x4a506c GetSystemDirectoryW
0x4a5070 GetConsoleMode
0x4a5074 SetCommConfig
0x4a5078 SizeofResource
0x4a507c GetSystemWow64DirectoryW
0x4a5080 GetSystemTimeAdjustment
0x4a5084 InterlockedPopEntrySList
0x4a5088 GlobalFlags
0x4a508c ReadFile
0x4a5090 GetBinaryTypeW
0x4a5094 GetOverlappedResult
0x4a5098 CompareStringW
0x4a509c ExitThread
0x4a50a0 lstrlenW
0x4a50a4 GetStartupInfoW
0x4a50a8 VerifyVersionInfoW
0x4a50ac CreateDirectoryA
0x4a50b0 GetProfileIntA
0x4a50b4 SetCurrentDirectoryA
0x4a50b8 OpenMutexW
0x4a50bc GetCurrentDirectoryW
0x4a50c0 GetThreadLocale
0x4a50c4 ReadConsoleOutputCharacterA
0x4a50c8 GetProcessHeaps
0x4a50cc SetVolumeLabelW
0x4a50d0 WriteProfileSectionA
0x4a50d4 SetStdHandle
0x4a50d8 FreeUserPhysicalPages
0x4a50dc GetAtomNameA
0x4a50e0 LoadLibraryA
0x4a50e4 LocalAlloc
0x4a50e8 SetCalendarInfoW
0x4a50ec SetConsoleCtrlHandler
0x4a50f0 SetConsoleWindowInfo
0x4a50f4 GetTapeParameters
0x4a50f8 WTSGetActiveConsoleSessionId
0x4a50fc SetConsoleTitleW
0x4a5100 GetModuleHandleA
0x4a5104 GetProcessShutdownParameters
0x4a5108 CreateMutexA
0x4a510c FreeEnvironmentStringsW
0x4a5110 RequestWakeupLatency
0x4a5114 VirtualProtect
0x4a5118 GetCPInfoExA
0x4a511c GetVersionExA
0x4a5120 FindAtomW
0x4a5124 GetWindowsDirectoryW
0x4a5128 GetVersion
0x4a512c GetVolumeNameForVolumeMountPointW
0x4a5130 DeleteFileW
0x4a5134 FindActCtxSectionStringW
0x4a5138 GetProfileSectionW
0x4a513c LCMapStringW
0x4a5140 CopyFileExA
0x4a5144 InterlockedIncrement
0x4a5148 Sleep
0x4a514c InitializeCriticalSection
0x4a5150 DeleteCriticalSection
0x4a5154 EnterCriticalSection
0x4a5158 LeaveCriticalSection
0x4a515c TerminateProcess
0x4a5160 GetCurrentProcess
0x4a5164 UnhandledExceptionFilter
0x4a5168 SetUnhandledExceptionFilter
0x4a516c IsDebuggerPresent
0x4a5170 GetModuleFileNameW
0x4a5174 GetCommandLineA
0x4a5178 GetStartupInfoA
0x4a517c HeapValidate
0x4a5180 IsBadReadPtr
0x4a5184 RaiseException
0x4a5188 RtlUnwind
0x4a518c GetProcAddress
0x4a5190 GetModuleHandleW
0x4a5194 TlsAlloc
0x4a5198 TlsSetValue
0x4a519c GetCurrentThreadId
0x4a51a0 TlsFree
0x4a51a4 SetLastError
0x4a51a8 GetLastError
0x4a51ac GetACP
0x4a51b0 GetOEMCP
0x4a51b4 GetCPInfo
0x4a51b8 IsValidCodePage
0x4a51bc DebugBreak
0x4a51c0 GetStdHandle
0x4a51c4 WriteFile
0x4a51c8 OutputDebugStringA
0x4a51cc WriteConsoleW
0x4a51d0 GetFileType
0x4a51d4 OutputDebugStringW
0x4a51d8 ExitProcess
0x4a51dc LoadLibraryW
0x4a51e0 QueryPerformanceCounter
0x4a51e4 GetTickCount
0x4a51e8 GetCurrentProcessId
0x4a51ec GetSystemTimeAsFileTime
0x4a51f0 GetModuleFileNameA
0x4a51f4 FreeEnvironmentStringsA
0x4a51f8 GetEnvironmentStrings
0x4a51fc WideCharToMultiByte
0x4a5200 GetEnvironmentStringsW
0x4a5204 SetHandleCount
0x4a5208 HeapDestroy
0x4a520c HeapCreate
0x4a5210 HeapFree
0x4a5214 VirtualFree
0x4a5218 FlushFileBuffers
0x4a521c GetConsoleCP
0x4a5220 HeapAlloc
0x4a5224 HeapSize
0x4a5228 HeapReAlloc
0x4a522c VirtualAlloc
0x4a5230 MultiByteToWideChar
0x4a5234 GetStringTypeA
0x4a5238 GetStringTypeW
0x4a523c GetLocaleInfoA
0x4a5240 LCMapStringA
0x4a5244 InitializeCriticalSectionAndSpinCount
0x4a5248 WriteConsoleA
0x4a524c GetConsoleOutputCP
0x4a5250 SetFilePointer
0x4a5254 CloseHandle
0x4a5258 CreateFileA
USER32.dll
0x4a5260 GetComboBoxInfo
0x4a5264 GetCursorInfo
EAT(Export Address Table) Library
0x4a2962 _hockey@4
0x4a2959 _hyppo@4
KERNEL32.dll
0x4a5000 GetFileSize
0x4a5004 SearchPathW
0x4a5008 WritePrivateProfileStructA
0x4a500c GetConsoleAliasesLengthW
0x4a5010 TlsGetValue
0x4a5014 SetLocalTime
0x4a5018 CommConfigDialogA
0x4a501c FindResourceExW
0x4a5020 GetProcessIoCounters
0x4a5024 FreeLibrary
0x4a5028 CallNamedPipeA
0x4a502c GetCommState
0x4a5030 InterlockedDecrement
0x4a5034 ZombifyActCtx
0x4a5038 ScrollConsoleScreenBufferW
0x4a503c SetDefaultCommConfigW
0x4a5040 GetSystemWindowsDirectoryW
0x4a5044 GetNamedPipeHandleStateA
0x4a5048 GlobalLock
0x4a504c SetConsoleScreenBufferSize
0x4a5050 SetComputerNameW
0x4a5054 GetComputerNameW
0x4a5058 CreateDirectoryExA
0x4a505c CreateNamedPipeW
0x4a5060 GetPrivateProfileStringW
0x4a5064 WriteFileGather
0x4a5068 SetProcessPriorityBoost
0x4a506c GetSystemDirectoryW
0x4a5070 GetConsoleMode
0x4a5074 SetCommConfig
0x4a5078 SizeofResource
0x4a507c GetSystemWow64DirectoryW
0x4a5080 GetSystemTimeAdjustment
0x4a5084 InterlockedPopEntrySList
0x4a5088 GlobalFlags
0x4a508c ReadFile
0x4a5090 GetBinaryTypeW
0x4a5094 GetOverlappedResult
0x4a5098 CompareStringW
0x4a509c ExitThread
0x4a50a0 lstrlenW
0x4a50a4 GetStartupInfoW
0x4a50a8 VerifyVersionInfoW
0x4a50ac CreateDirectoryA
0x4a50b0 GetProfileIntA
0x4a50b4 SetCurrentDirectoryA
0x4a50b8 OpenMutexW
0x4a50bc GetCurrentDirectoryW
0x4a50c0 GetThreadLocale
0x4a50c4 ReadConsoleOutputCharacterA
0x4a50c8 GetProcessHeaps
0x4a50cc SetVolumeLabelW
0x4a50d0 WriteProfileSectionA
0x4a50d4 SetStdHandle
0x4a50d8 FreeUserPhysicalPages
0x4a50dc GetAtomNameA
0x4a50e0 LoadLibraryA
0x4a50e4 LocalAlloc
0x4a50e8 SetCalendarInfoW
0x4a50ec SetConsoleCtrlHandler
0x4a50f0 SetConsoleWindowInfo
0x4a50f4 GetTapeParameters
0x4a50f8 WTSGetActiveConsoleSessionId
0x4a50fc SetConsoleTitleW
0x4a5100 GetModuleHandleA
0x4a5104 GetProcessShutdownParameters
0x4a5108 CreateMutexA
0x4a510c FreeEnvironmentStringsW
0x4a5110 RequestWakeupLatency
0x4a5114 VirtualProtect
0x4a5118 GetCPInfoExA
0x4a511c GetVersionExA
0x4a5120 FindAtomW
0x4a5124 GetWindowsDirectoryW
0x4a5128 GetVersion
0x4a512c GetVolumeNameForVolumeMountPointW
0x4a5130 DeleteFileW
0x4a5134 FindActCtxSectionStringW
0x4a5138 GetProfileSectionW
0x4a513c LCMapStringW
0x4a5140 CopyFileExA
0x4a5144 InterlockedIncrement
0x4a5148 Sleep
0x4a514c InitializeCriticalSection
0x4a5150 DeleteCriticalSection
0x4a5154 EnterCriticalSection
0x4a5158 LeaveCriticalSection
0x4a515c TerminateProcess
0x4a5160 GetCurrentProcess
0x4a5164 UnhandledExceptionFilter
0x4a5168 SetUnhandledExceptionFilter
0x4a516c IsDebuggerPresent
0x4a5170 GetModuleFileNameW
0x4a5174 GetCommandLineA
0x4a5178 GetStartupInfoA
0x4a517c HeapValidate
0x4a5180 IsBadReadPtr
0x4a5184 RaiseException
0x4a5188 RtlUnwind
0x4a518c GetProcAddress
0x4a5190 GetModuleHandleW
0x4a5194 TlsAlloc
0x4a5198 TlsSetValue
0x4a519c GetCurrentThreadId
0x4a51a0 TlsFree
0x4a51a4 SetLastError
0x4a51a8 GetLastError
0x4a51ac GetACP
0x4a51b0 GetOEMCP
0x4a51b4 GetCPInfo
0x4a51b8 IsValidCodePage
0x4a51bc DebugBreak
0x4a51c0 GetStdHandle
0x4a51c4 WriteFile
0x4a51c8 OutputDebugStringA
0x4a51cc WriteConsoleW
0x4a51d0 GetFileType
0x4a51d4 OutputDebugStringW
0x4a51d8 ExitProcess
0x4a51dc LoadLibraryW
0x4a51e0 QueryPerformanceCounter
0x4a51e4 GetTickCount
0x4a51e8 GetCurrentProcessId
0x4a51ec GetSystemTimeAsFileTime
0x4a51f0 GetModuleFileNameA
0x4a51f4 FreeEnvironmentStringsA
0x4a51f8 GetEnvironmentStrings
0x4a51fc WideCharToMultiByte
0x4a5200 GetEnvironmentStringsW
0x4a5204 SetHandleCount
0x4a5208 HeapDestroy
0x4a520c HeapCreate
0x4a5210 HeapFree
0x4a5214 VirtualFree
0x4a5218 FlushFileBuffers
0x4a521c GetConsoleCP
0x4a5220 HeapAlloc
0x4a5224 HeapSize
0x4a5228 HeapReAlloc
0x4a522c VirtualAlloc
0x4a5230 MultiByteToWideChar
0x4a5234 GetStringTypeA
0x4a5238 GetStringTypeW
0x4a523c GetLocaleInfoA
0x4a5240 LCMapStringA
0x4a5244 InitializeCriticalSectionAndSpinCount
0x4a5248 WriteConsoleA
0x4a524c GetConsoleOutputCP
0x4a5250 SetFilePointer
0x4a5254 CloseHandle
0x4a5258 CreateFileA
USER32.dll
0x4a5260 GetComboBoxInfo
0x4a5264 GetCursorInfo
EAT(Export Address Table) Library
0x4a2962 _hockey@4
0x4a2959 _hyppo@4