ScreenShot
| Created | 2021.07.14 09:25 | Machine | s1_win7_x6402 |
| Filename | 339.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 25 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Ransomware, Farfli, QBot, susgen, Azorult, score, BScope, Androm, Obscure, CLASSIC, Static AI, Malicious PE, GenKryptik, ERHN, confidence, 100%, QVM10) | ||
| md5 | a72bfb946650a4dc5f051f9aa4706a9f | ||
| sha256 | c5315ad9f0f7467c15868d0400d8f8bd2100a130814aedd922af271d8687eda3 | ||
| ssdeep | 6144:YMJelBbABn1pmqWUvrju4ZB8fXYmCOD/fcv9o44SQO3UCVyHSdK:ol+1lWUTiorOTcv9JQO3UCOS | ||
| imphash | f6f5597c6f744a1192b9bce74a542278 | ||
| impfuzzy | 48:T4GOf5xxsJp2cfZPA/tcftAOb9gcopOrE6/:TLc82qPCcftAOZgcopOrB | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401014 WriteConsoleInputA
0x401018 ReadConsoleInputA
0x40101c SetTapeParameters
0x401020 SetTapePosition
0x401024 WriteTapemark
0x401028 GetConsoleAliasesA
0x40102c WriteConsoleW
0x401030 SetLastError
0x401034 CreateFileA
0x401038 DeleteFileA
0x40103c WritePrivateProfileSectionA
0x401040 GetPrivateProfileSectionW
0x401044 WriteProfileSectionW
0x401048 RequestDeviceWakeup
0x40104c LoadLibraryA
0x401050 FlushFileBuffers
0x401054 GetLongPathNameA
0x401058 ReadFile
0x40105c WriteFile
0x401060 GetProfileSectionA
0x401064 BuildCommDCBA
0x401068 FindActCtxSectionGuid
0x40106c SetEndOfFile
0x401070 SetFileShortNameA
0x401074 WriteProcessMemory
0x401078 GetCPInfoExA
0x40107c SetEvent
0x401080 PulseEvent
0x401084 ResetEvent
0x401088 ReleaseSemaphore
0x40108c SleepEx
0x401090 WaitForSingleObject
0x401094 WaitForMultipleObjects
0x401098 AllocConsole
0x40109c ReadConsoleW
0x4010a0 ReleaseActCtx
0x4010a4 GetProcessHeap
0x4010a8 BuildCommDCBAndTimeoutsW
0x4010ac GetGeoInfoA
0x4010b0 VirtualProtect
0x4010b4 GetProcAddress
0x4010b8 GetModuleHandleW
0x4010bc HeapUnlock
0x4010c0 GetOEMCP
0x4010c4 WaitForMultipleObjectsEx
0x4010c8 SetSystemPowerState
0x4010cc FindAtomW
0x4010d0 CreateJobObjectW
0x4010d4 HeapValidate
0x4010d8 WideCharToMultiByte
0x4010dc ZombifyActCtx
0x4010e0 GetUserDefaultLCID
0x4010e4 ProcessIdToSessionId
0x4010e8 GetFileAttributesA
0x4010ec GetConsoleAliasesLengthA
0x4010f0 GetCommandLineA
0x4010f4 GetStartupInfoA
0x4010f8 GetLastError
0x4010fc SetFilePointer
0x401100 EnterCriticalSection
0x401104 LeaveCriticalSection
0x401108 TerminateProcess
0x40110c GetCurrentProcess
0x401110 UnhandledExceptionFilter
0x401114 SetUnhandledExceptionFilter
0x401118 IsDebuggerPresent
0x40111c HeapFree
0x401120 CloseHandle
0x401124 HeapAlloc
0x401128 TlsGetValue
0x40112c TlsAlloc
0x401130 TlsSetValue
0x401134 TlsFree
0x401138 InterlockedIncrement
0x40113c GetCurrentThreadId
0x401140 InterlockedDecrement
0x401144 Sleep
0x401148 ExitProcess
0x40114c GetStdHandle
0x401150 GetModuleFileNameA
0x401154 FreeEnvironmentStringsA
0x401158 GetEnvironmentStrings
0x40115c FreeEnvironmentStringsW
0x401160 GetEnvironmentStringsW
0x401164 SetHandleCount
0x401168 GetFileType
0x40116c DeleteCriticalSection
0x401170 HeapCreate
0x401174 VirtualFree
0x401178 QueryPerformanceCounter
0x40117c GetTickCount
0x401180 GetCurrentProcessId
0x401184 GetSystemTimeAsFileTime
0x401188 SetStdHandle
0x40118c GetConsoleCP
0x401190 GetConsoleMode
0x401194 RtlUnwind
0x401198 VirtualAlloc
0x40119c HeapReAlloc
0x4011a0 GetCPInfo
0x4011a4 GetACP
0x4011a8 IsValidCodePage
0x4011ac MultiByteToWideChar
0x4011b0 InitializeCriticalSectionAndSpinCount
0x4011b4 WriteConsoleA
0x4011b8 GetConsoleOutputCP
0x4011bc LCMapStringA
0x4011c0 LCMapStringW
0x4011c4 GetStringTypeA
0x4011c8 GetStringTypeW
0x4011cc GetLocaleInfoA
0x4011d0 HeapSize
ADVAPI32.dll
0x401000 AdjustTokenPrivileges
0x401004 MapGenericMask
0x401008 AreAnyAccessesGranted
0x40100c AdjustTokenGroups
WINHTTP.dll
0x4011d8 WinHttpSetOption
EAT(Export Address Table) is none
KERNEL32.dll
0x401014 WriteConsoleInputA
0x401018 ReadConsoleInputA
0x40101c SetTapeParameters
0x401020 SetTapePosition
0x401024 WriteTapemark
0x401028 GetConsoleAliasesA
0x40102c WriteConsoleW
0x401030 SetLastError
0x401034 CreateFileA
0x401038 DeleteFileA
0x40103c WritePrivateProfileSectionA
0x401040 GetPrivateProfileSectionW
0x401044 WriteProfileSectionW
0x401048 RequestDeviceWakeup
0x40104c LoadLibraryA
0x401050 FlushFileBuffers
0x401054 GetLongPathNameA
0x401058 ReadFile
0x40105c WriteFile
0x401060 GetProfileSectionA
0x401064 BuildCommDCBA
0x401068 FindActCtxSectionGuid
0x40106c SetEndOfFile
0x401070 SetFileShortNameA
0x401074 WriteProcessMemory
0x401078 GetCPInfoExA
0x40107c SetEvent
0x401080 PulseEvent
0x401084 ResetEvent
0x401088 ReleaseSemaphore
0x40108c SleepEx
0x401090 WaitForSingleObject
0x401094 WaitForMultipleObjects
0x401098 AllocConsole
0x40109c ReadConsoleW
0x4010a0 ReleaseActCtx
0x4010a4 GetProcessHeap
0x4010a8 BuildCommDCBAndTimeoutsW
0x4010ac GetGeoInfoA
0x4010b0 VirtualProtect
0x4010b4 GetProcAddress
0x4010b8 GetModuleHandleW
0x4010bc HeapUnlock
0x4010c0 GetOEMCP
0x4010c4 WaitForMultipleObjectsEx
0x4010c8 SetSystemPowerState
0x4010cc FindAtomW
0x4010d0 CreateJobObjectW
0x4010d4 HeapValidate
0x4010d8 WideCharToMultiByte
0x4010dc ZombifyActCtx
0x4010e0 GetUserDefaultLCID
0x4010e4 ProcessIdToSessionId
0x4010e8 GetFileAttributesA
0x4010ec GetConsoleAliasesLengthA
0x4010f0 GetCommandLineA
0x4010f4 GetStartupInfoA
0x4010f8 GetLastError
0x4010fc SetFilePointer
0x401100 EnterCriticalSection
0x401104 LeaveCriticalSection
0x401108 TerminateProcess
0x40110c GetCurrentProcess
0x401110 UnhandledExceptionFilter
0x401114 SetUnhandledExceptionFilter
0x401118 IsDebuggerPresent
0x40111c HeapFree
0x401120 CloseHandle
0x401124 HeapAlloc
0x401128 TlsGetValue
0x40112c TlsAlloc
0x401130 TlsSetValue
0x401134 TlsFree
0x401138 InterlockedIncrement
0x40113c GetCurrentThreadId
0x401140 InterlockedDecrement
0x401144 Sleep
0x401148 ExitProcess
0x40114c GetStdHandle
0x401150 GetModuleFileNameA
0x401154 FreeEnvironmentStringsA
0x401158 GetEnvironmentStrings
0x40115c FreeEnvironmentStringsW
0x401160 GetEnvironmentStringsW
0x401164 SetHandleCount
0x401168 GetFileType
0x40116c DeleteCriticalSection
0x401170 HeapCreate
0x401174 VirtualFree
0x401178 QueryPerformanceCounter
0x40117c GetTickCount
0x401180 GetCurrentProcessId
0x401184 GetSystemTimeAsFileTime
0x401188 SetStdHandle
0x40118c GetConsoleCP
0x401190 GetConsoleMode
0x401194 RtlUnwind
0x401198 VirtualAlloc
0x40119c HeapReAlloc
0x4011a0 GetCPInfo
0x4011a4 GetACP
0x4011a8 IsValidCodePage
0x4011ac MultiByteToWideChar
0x4011b0 InitializeCriticalSectionAndSpinCount
0x4011b4 WriteConsoleA
0x4011b8 GetConsoleOutputCP
0x4011bc LCMapStringA
0x4011c0 LCMapStringW
0x4011c4 GetStringTypeA
0x4011c8 GetStringTypeW
0x4011cc GetLocaleInfoA
0x4011d0 HeapSize
ADVAPI32.dll
0x401000 AdjustTokenPrivileges
0x401004 MapGenericMask
0x401008 AreAnyAccessesGranted
0x40100c AdjustTokenGroups
WINHTTP.dll
0x4011d8 WinHttpSetOption
EAT(Export Address Table) is none