ScreenShot
| Created | 2021.07.09 18:35 | Machine | s1_win7_x6402 |
| Filename | schhosts.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 22 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, Emotet, Eldorado, Lockbit, A + Troj, Kryptik, Static AI, Malicious PE, Glupteba, score, Azorult, susgen, GenKryptik, FHJF, ZexaF, ezW@aqKcyHLG, confidence, QVM10) | ||
| md5 | 2ed8294ecebf96b2271f6f962e8edd66 | ||
| sha256 | 2e1f0420c88884e6089ab90091fd66ea10634955a2b7578399881cc56a5a2537 | ||
| ssdeep | 12288:x4Nk6yrYfAC8wUrZewxT05L3ET8vZgiQJoThlOIwCsNRSq9IDh4xKeUNlwveS55I:Ckf83xn3E+6iOyiNRhsh4g/zowhc0Q | ||
| imphash | c7526db42e721230d7cbdd5375a2b6a4 | ||
| impfuzzy | 48:Y0gKDJya9vxb8Bpo6rJOvaEBcftgJXGHi40N9D:Y0r39pqm6rJbEBcftgJXR40N5 | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4f6000 ExitProcess
0x4f6004 GetFileSize
0x4f6008 GlobalDeleteAtom
0x4f600c SetFilePointer
0x4f6010 lstrlenA
0x4f6014 TlsGetValue
0x4f6018 GetConsoleAliasExesA
0x4f601c SetLocalTime
0x4f6020 CommConfigDialogA
0x4f6024 FreeLibrary
0x4f6028 InterlockedDecrement
0x4f602c SetFirmwareEnvironmentVariableA
0x4f6030 GetNamedPipeHandleStateA
0x4f6034 CreateDirectoryW
0x4f6038 GetProfileSectionA
0x4f603c SetComputerNameW
0x4f6040 GetComputerNameW
0x4f6044 SetTapeParameters
0x4f6048 GetTickCount
0x4f604c CreateNamedPipeW
0x4f6050 GetConsoleAliasesLengthA
0x4f6054 GetPrivateProfileStringW
0x4f6058 WriteFile
0x4f605c FindActCtxSectionStringA
0x4f6060 EnumTimeFormatsW
0x4f6064 CreateDirectoryExW
0x4f6068 SetProcessPriorityBoost
0x4f606c ActivateActCtx
0x4f6070 GetSystemDirectoryW
0x4f6074 LoadLibraryW
0x4f6078 GetConsoleMode
0x4f607c SetCommConfig
0x4f6080 _hread
0x4f6084 SizeofResource
0x4f6088 GetSystemWow64DirectoryW
0x4f608c SetSystemTimeAdjustment
0x4f6090 GetSystemWindowsDirectoryA
0x4f6094 GetVersionExW
0x4f6098 InterlockedPopEntrySList
0x4f609c GlobalFlags
0x4f60a0 ReadFile
0x4f60a4 GetBinaryTypeW
0x4f60a8 GetOverlappedResult
0x4f60ac CompareStringW
0x4f60b0 SetConsoleTitleA
0x4f60b4 GlobalUnlock
0x4f60b8 DeactivateActCtx
0x4f60bc VerifyVersionInfoW
0x4f60c0 ReleaseActCtx
0x4f60c4 GetStartupInfoA
0x4f60c8 GetCurrentDirectoryW
0x4f60cc ReadConsoleOutputCharacterA
0x4f60d0 GetProcessHeaps
0x4f60d4 GetComputerNameExW
0x4f60d8 SetStdHandle
0x4f60dc FreeUserPhysicalPages
0x4f60e0 VerLanguageNameW
0x4f60e4 GetAtomNameA
0x4f60e8 LoadLibraryA
0x4f60ec Process32FirstW
0x4f60f0 CreateSemaphoreW
0x4f60f4 LocalAlloc
0x4f60f8 SetCalendarInfoW
0x4f60fc SetConsoleCtrlHandler
0x4f6100 SetCurrentDirectoryW
0x4f6104 WriteProfileSectionW
0x4f6108 VirtualLock
0x4f610c SetConsoleWindowInfo
0x4f6110 FindAtomA
0x4f6114 WriteProfileStringA
0x4f6118 GetProcessShutdownParameters
0x4f611c QueryMemoryResourceNotification
0x4f6120 FreeEnvironmentStringsW
0x4f6124 VirtualProtect
0x4f6128 GetFileAttributesExW
0x4f612c GetCPInfoExA
0x4f6130 _lopen
0x4f6134 TlsAlloc
0x4f6138 GetWindowsDirectoryW
0x4f613c GetVersion
0x4f6140 GetVolumeNameForVolumeMountPointW
0x4f6144 GetCurrentProcessId
0x4f6148 LCMapStringW
0x4f614c CopyFileExA
0x4f6150 DeleteFileA
0x4f6154 CreateFileA
0x4f6158 GetStartupInfoW
0x4f615c HeapValidate
0x4f6160 IsBadReadPtr
0x4f6164 RaiseException
0x4f6168 EnterCriticalSection
0x4f616c LeaveCriticalSection
0x4f6170 TerminateProcess
0x4f6174 GetCurrentProcess
0x4f6178 UnhandledExceptionFilter
0x4f617c SetUnhandledExceptionFilter
0x4f6180 IsDebuggerPresent
0x4f6184 GetModuleFileNameW
0x4f6188 DeleteCriticalSection
0x4f618c QueryPerformanceCounter
0x4f6190 GetCurrentThreadId
0x4f6194 GetSystemTimeAsFileTime
0x4f6198 GetModuleHandleW
0x4f619c Sleep
0x4f61a0 InterlockedIncrement
0x4f61a4 GetProcAddress
0x4f61a8 GetEnvironmentStringsW
0x4f61ac GetCommandLineW
0x4f61b0 SetHandleCount
0x4f61b4 GetStdHandle
0x4f61b8 GetFileType
0x4f61bc TlsSetValue
0x4f61c0 TlsFree
0x4f61c4 SetLastError
0x4f61c8 GetLastError
0x4f61cc HeapDestroy
0x4f61d0 HeapCreate
0x4f61d4 HeapFree
0x4f61d8 VirtualFree
0x4f61dc GetModuleFileNameA
0x4f61e0 HeapAlloc
0x4f61e4 HeapSize
0x4f61e8 HeapReAlloc
0x4f61ec VirtualAlloc
0x4f61f0 GetACP
0x4f61f4 GetOEMCP
0x4f61f8 GetCPInfo
0x4f61fc IsValidCodePage
0x4f6200 RtlUnwind
0x4f6204 WideCharToMultiByte
0x4f6208 DebugBreak
0x4f620c OutputDebugStringA
0x4f6210 WriteConsoleW
0x4f6214 OutputDebugStringW
0x4f6218 InitializeCriticalSectionAndSpinCount
0x4f621c MultiByteToWideChar
0x4f6220 LCMapStringA
0x4f6224 GetStringTypeA
0x4f6228 GetStringTypeW
0x4f622c GetLocaleInfoA
0x4f6230 FlushFileBuffers
0x4f6234 GetConsoleCP
0x4f6238 CloseHandle
0x4f623c WriteConsoleA
0x4f6240 GetConsoleOutputCP
USER32.dll
0x4f6248 GetCursorInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x4f6000 ExitProcess
0x4f6004 GetFileSize
0x4f6008 GlobalDeleteAtom
0x4f600c SetFilePointer
0x4f6010 lstrlenA
0x4f6014 TlsGetValue
0x4f6018 GetConsoleAliasExesA
0x4f601c SetLocalTime
0x4f6020 CommConfigDialogA
0x4f6024 FreeLibrary
0x4f6028 InterlockedDecrement
0x4f602c SetFirmwareEnvironmentVariableA
0x4f6030 GetNamedPipeHandleStateA
0x4f6034 CreateDirectoryW
0x4f6038 GetProfileSectionA
0x4f603c SetComputerNameW
0x4f6040 GetComputerNameW
0x4f6044 SetTapeParameters
0x4f6048 GetTickCount
0x4f604c CreateNamedPipeW
0x4f6050 GetConsoleAliasesLengthA
0x4f6054 GetPrivateProfileStringW
0x4f6058 WriteFile
0x4f605c FindActCtxSectionStringA
0x4f6060 EnumTimeFormatsW
0x4f6064 CreateDirectoryExW
0x4f6068 SetProcessPriorityBoost
0x4f606c ActivateActCtx
0x4f6070 GetSystemDirectoryW
0x4f6074 LoadLibraryW
0x4f6078 GetConsoleMode
0x4f607c SetCommConfig
0x4f6080 _hread
0x4f6084 SizeofResource
0x4f6088 GetSystemWow64DirectoryW
0x4f608c SetSystemTimeAdjustment
0x4f6090 GetSystemWindowsDirectoryA
0x4f6094 GetVersionExW
0x4f6098 InterlockedPopEntrySList
0x4f609c GlobalFlags
0x4f60a0 ReadFile
0x4f60a4 GetBinaryTypeW
0x4f60a8 GetOverlappedResult
0x4f60ac CompareStringW
0x4f60b0 SetConsoleTitleA
0x4f60b4 GlobalUnlock
0x4f60b8 DeactivateActCtx
0x4f60bc VerifyVersionInfoW
0x4f60c0 ReleaseActCtx
0x4f60c4 GetStartupInfoA
0x4f60c8 GetCurrentDirectoryW
0x4f60cc ReadConsoleOutputCharacterA
0x4f60d0 GetProcessHeaps
0x4f60d4 GetComputerNameExW
0x4f60d8 SetStdHandle
0x4f60dc FreeUserPhysicalPages
0x4f60e0 VerLanguageNameW
0x4f60e4 GetAtomNameA
0x4f60e8 LoadLibraryA
0x4f60ec Process32FirstW
0x4f60f0 CreateSemaphoreW
0x4f60f4 LocalAlloc
0x4f60f8 SetCalendarInfoW
0x4f60fc SetConsoleCtrlHandler
0x4f6100 SetCurrentDirectoryW
0x4f6104 WriteProfileSectionW
0x4f6108 VirtualLock
0x4f610c SetConsoleWindowInfo
0x4f6110 FindAtomA
0x4f6114 WriteProfileStringA
0x4f6118 GetProcessShutdownParameters
0x4f611c QueryMemoryResourceNotification
0x4f6120 FreeEnvironmentStringsW
0x4f6124 VirtualProtect
0x4f6128 GetFileAttributesExW
0x4f612c GetCPInfoExA
0x4f6130 _lopen
0x4f6134 TlsAlloc
0x4f6138 GetWindowsDirectoryW
0x4f613c GetVersion
0x4f6140 GetVolumeNameForVolumeMountPointW
0x4f6144 GetCurrentProcessId
0x4f6148 LCMapStringW
0x4f614c CopyFileExA
0x4f6150 DeleteFileA
0x4f6154 CreateFileA
0x4f6158 GetStartupInfoW
0x4f615c HeapValidate
0x4f6160 IsBadReadPtr
0x4f6164 RaiseException
0x4f6168 EnterCriticalSection
0x4f616c LeaveCriticalSection
0x4f6170 TerminateProcess
0x4f6174 GetCurrentProcess
0x4f6178 UnhandledExceptionFilter
0x4f617c SetUnhandledExceptionFilter
0x4f6180 IsDebuggerPresent
0x4f6184 GetModuleFileNameW
0x4f6188 DeleteCriticalSection
0x4f618c QueryPerformanceCounter
0x4f6190 GetCurrentThreadId
0x4f6194 GetSystemTimeAsFileTime
0x4f6198 GetModuleHandleW
0x4f619c Sleep
0x4f61a0 InterlockedIncrement
0x4f61a4 GetProcAddress
0x4f61a8 GetEnvironmentStringsW
0x4f61ac GetCommandLineW
0x4f61b0 SetHandleCount
0x4f61b4 GetStdHandle
0x4f61b8 GetFileType
0x4f61bc TlsSetValue
0x4f61c0 TlsFree
0x4f61c4 SetLastError
0x4f61c8 GetLastError
0x4f61cc HeapDestroy
0x4f61d0 HeapCreate
0x4f61d4 HeapFree
0x4f61d8 VirtualFree
0x4f61dc GetModuleFileNameA
0x4f61e0 HeapAlloc
0x4f61e4 HeapSize
0x4f61e8 HeapReAlloc
0x4f61ec VirtualAlloc
0x4f61f0 GetACP
0x4f61f4 GetOEMCP
0x4f61f8 GetCPInfo
0x4f61fc IsValidCodePage
0x4f6200 RtlUnwind
0x4f6204 WideCharToMultiByte
0x4f6208 DebugBreak
0x4f620c OutputDebugStringA
0x4f6210 WriteConsoleW
0x4f6214 OutputDebugStringW
0x4f6218 InitializeCriticalSectionAndSpinCount
0x4f621c MultiByteToWideChar
0x4f6220 LCMapStringA
0x4f6224 GetStringTypeA
0x4f6228 GetStringTypeW
0x4f622c GetLocaleInfoA
0x4f6230 FlushFileBuffers
0x4f6234 GetConsoleCP
0x4f6238 CloseHandle
0x4f623c WriteConsoleA
0x4f6240 GetConsoleOutputCP
USER32.dll
0x4f6248 GetCursorInfo
EAT(Export Address Table) is none