ScreenShot
Created | 2021.07.13 09:54 | Machine | s1_win7_x6402 |
Filename | 9663.exe | ||
Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 30 detected (GenericKD, CobaltStrike, CozyDuke, malicious, DangerousSig, MalCert, Malware@#15uuwl0nkqgmh, Siggen14, VSNTG721, Artemis, S + Troj, BHJT, kcloud, Sabsik, Cobalt, PossibleThreat, confidence, 100%, HgEASX8A) | ||
md5 | de57b50ddeb32383574874af224b2a98 | ||
sha256 | 25e3873adf19d7e8ba42b472322dbafdfc21d55a2119b81ad9728d6e8e2b0e7b | ||
ssdeep | 24576:56SPF9sLegqTaCM1i/7umo6o3pRk11CvLs4pKyJUa1:5AeaCMySM1a | ||
imphash | 9d4e8e7b3c2ceb0885480bd38fe7b721 | ||
impfuzzy | 24:R6hDW1mc02tMS1scpVWjBgGmlJBlub9roeHFZMv1GMcOpOovbOPZHu9J:R6EtMS1scpVwBgGMsbZLFZGq3I |
Network IP location
Signature (4cnts)
Level | Description |
---|---|
danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
info | One or more processes crashed |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsPE64 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
ole32.dll
0x1400882d0 CoInitializeEx
USER32.dll
0x1400882b8 GetMenu
0x1400882c0 ShowWindow
KERNEL32.dll
0x140088000 TlsAlloc
0x140088008 WriteConsoleW
0x140088010 CreateFileW
0x140088018 HeapSize
0x140088020 GetModuleHandleA
0x140088028 GetProcAddress
0x140088030 LoadResource
0x140088038 LockResource
0x140088040 SizeofResource
0x140088048 LoadLibraryA
0x140088050 FindResourceA
0x140088058 RtlCaptureContext
0x140088060 RtlLookupFunctionEntry
0x140088068 RtlVirtualUnwind
0x140088070 UnhandledExceptionFilter
0x140088078 SetUnhandledExceptionFilter
0x140088080 GetCurrentProcess
0x140088088 TerminateProcess
0x140088090 IsProcessorFeaturePresent
0x140088098 QueryPerformanceCounter
0x1400880a0 GetCurrentProcessId
0x1400880a8 GetCurrentThreadId
0x1400880b0 GetSystemTimeAsFileTime
0x1400880b8 InitializeSListHead
0x1400880c0 IsDebuggerPresent
0x1400880c8 GetStartupInfoW
0x1400880d0 GetModuleHandleW
0x1400880d8 EnterCriticalSection
0x1400880e0 LeaveCriticalSection
0x1400880e8 InitializeCriticalSectionEx
0x1400880f0 DeleteCriticalSection
0x1400880f8 EncodePointer
0x140088100 DecodePointer
0x140088108 MultiByteToWideChar
0x140088110 WideCharToMultiByte
0x140088118 LCMapStringEx
0x140088120 GetStringTypeW
0x140088128 GetCPInfo
0x140088130 HeapReAlloc
0x140088138 RtlPcToFileHeader
0x140088140 RaiseException
0x140088148 RtlUnwindEx
0x140088150 GetLastError
0x140088158 SetLastError
0x140088160 InitializeCriticalSectionAndSpinCount
0x140088168 RtlUnwind
0x140088170 TlsGetValue
0x140088178 TlsSetValue
0x140088180 TlsFree
0x140088188 FreeLibrary
0x140088190 LoadLibraryExW
0x140088198 ExitProcess
0x1400881a0 GetModuleHandleExW
0x1400881a8 GetStdHandle
0x1400881b0 WriteFile
0x1400881b8 GetModuleFileNameW
0x1400881c0 HeapFree
0x1400881c8 HeapAlloc
0x1400881d0 CompareStringW
0x1400881d8 LCMapStringW
0x1400881e0 GetLocaleInfoW
0x1400881e8 IsValidLocale
0x1400881f0 GetUserDefaultLCID
0x1400881f8 EnumSystemLocalesW
0x140088200 GetFileType
0x140088208 FlushFileBuffers
0x140088210 GetConsoleOutputCP
0x140088218 GetConsoleMode
0x140088220 GetFileSizeEx
0x140088228 SetFilePointerEx
0x140088230 ReadFile
0x140088238 ReadConsoleW
0x140088240 FindClose
0x140088248 FindFirstFileExW
0x140088250 FindNextFileW
0x140088258 IsValidCodePage
0x140088260 GetACP
0x140088268 GetOEMCP
0x140088270 GetCommandLineA
0x140088278 GetCommandLineW
0x140088280 GetEnvironmentStringsW
0x140088288 FreeEnvironmentStringsW
0x140088290 SetEnvironmentVariableW
0x140088298 SetStdHandle
0x1400882a0 GetProcessHeap
0x1400882a8 CloseHandle
EAT(Export Address Table) is none
ole32.dll
0x1400882d0 CoInitializeEx
USER32.dll
0x1400882b8 GetMenu
0x1400882c0 ShowWindow
KERNEL32.dll
0x140088000 TlsAlloc
0x140088008 WriteConsoleW
0x140088010 CreateFileW
0x140088018 HeapSize
0x140088020 GetModuleHandleA
0x140088028 GetProcAddress
0x140088030 LoadResource
0x140088038 LockResource
0x140088040 SizeofResource
0x140088048 LoadLibraryA
0x140088050 FindResourceA
0x140088058 RtlCaptureContext
0x140088060 RtlLookupFunctionEntry
0x140088068 RtlVirtualUnwind
0x140088070 UnhandledExceptionFilter
0x140088078 SetUnhandledExceptionFilter
0x140088080 GetCurrentProcess
0x140088088 TerminateProcess
0x140088090 IsProcessorFeaturePresent
0x140088098 QueryPerformanceCounter
0x1400880a0 GetCurrentProcessId
0x1400880a8 GetCurrentThreadId
0x1400880b0 GetSystemTimeAsFileTime
0x1400880b8 InitializeSListHead
0x1400880c0 IsDebuggerPresent
0x1400880c8 GetStartupInfoW
0x1400880d0 GetModuleHandleW
0x1400880d8 EnterCriticalSection
0x1400880e0 LeaveCriticalSection
0x1400880e8 InitializeCriticalSectionEx
0x1400880f0 DeleteCriticalSection
0x1400880f8 EncodePointer
0x140088100 DecodePointer
0x140088108 MultiByteToWideChar
0x140088110 WideCharToMultiByte
0x140088118 LCMapStringEx
0x140088120 GetStringTypeW
0x140088128 GetCPInfo
0x140088130 HeapReAlloc
0x140088138 RtlPcToFileHeader
0x140088140 RaiseException
0x140088148 RtlUnwindEx
0x140088150 GetLastError
0x140088158 SetLastError
0x140088160 InitializeCriticalSectionAndSpinCount
0x140088168 RtlUnwind
0x140088170 TlsGetValue
0x140088178 TlsSetValue
0x140088180 TlsFree
0x140088188 FreeLibrary
0x140088190 LoadLibraryExW
0x140088198 ExitProcess
0x1400881a0 GetModuleHandleExW
0x1400881a8 GetStdHandle
0x1400881b0 WriteFile
0x1400881b8 GetModuleFileNameW
0x1400881c0 HeapFree
0x1400881c8 HeapAlloc
0x1400881d0 CompareStringW
0x1400881d8 LCMapStringW
0x1400881e0 GetLocaleInfoW
0x1400881e8 IsValidLocale
0x1400881f0 GetUserDefaultLCID
0x1400881f8 EnumSystemLocalesW
0x140088200 GetFileType
0x140088208 FlushFileBuffers
0x140088210 GetConsoleOutputCP
0x140088218 GetConsoleMode
0x140088220 GetFileSizeEx
0x140088228 SetFilePointerEx
0x140088230 ReadFile
0x140088238 ReadConsoleW
0x140088240 FindClose
0x140088248 FindFirstFileExW
0x140088250 FindNextFileW
0x140088258 IsValidCodePage
0x140088260 GetACP
0x140088268 GetOEMCP
0x140088270 GetCommandLineA
0x140088278 GetCommandLineW
0x140088280 GetEnvironmentStringsW
0x140088288 FreeEnvironmentStringsW
0x140088290 SetEnvironmentVariableW
0x140088298 SetStdHandle
0x1400882a0 GetProcessHeap
0x1400882a8 CloseHandle
EAT(Export Address Table) is none