ScreenShot
| Created | 2021.07.15 10:06 | Machine | s1_win7_x6401 |
| Filename | file8.bin | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 20 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Zenpak, A + Mal, EncPk, score, MachineLearning, Anomalous, 100%, Generic@ML, RDML, Z7tM+gk92yNl2A5ScW1QmQ, Static AI, Malicious PE, ZexaF, ku0@aG7Am8n, confidence, QVM20) | ||
| md5 | 622f4aa2d5e82438f3a40a35ab4902d5 | ||
| sha256 | 277089cb78a9c493cecd8f5fbe70df0577d4f9557fb8b55ff5f7c2505308ca3a | ||
| ssdeep | 3072:4WiJzQu5JD9ko9WY1wzxWrPAYNF7L5cWlvsRwmhnxONgkf:4LquAkPAYnX5WncNgk | ||
| imphash | e9cbee8358b331a128409a4d26e3e347 | ||
| impfuzzy | 24:YrVPU9V4Wl6vDNyvg8JyA6LCVdW9gPlgjNjVGQtnAW1e/lF4lb8:YJw4vFCVdWgs5GunAWE/lF4lb8 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x100150f0 feof
0x100150f4 ungetwc
ADVAPI32.dll
0x10015000 LookupPrivilegeValueA
0x10015004 LogonUserA
0x10015008 GetServiceDisplayNameW
pdh.dll
0x10015104 PdhEnumObjectsW
KERNEL32.dll
0x10015034 GetLargestConsoleWindowSize
0x10015038 WritePrivateProfileStructW
0x1001503c CloseHandle
0x10015040 GetCurrentThread
0x10015044 LocalSize
0x10015048 FindFirstVolumeW
0x1001504c GetCommTimeouts
0x10015050 IsValidLanguageGroup
0x10015054 lstrcatA
0x10015058 GetTempFileNameA
0x1001505c IsDebuggerPresent
0x10015060 GetModuleHandleA
0x10015064 GetProcAddress
0x10015068 OutputDebugStringA
0x1001506c CreateProcessA
0x10015070 LoadLibraryA
0x10015074 GetTimeFormatW
MPRAPI.dll
0x1001507c MprInfoBlockRemove
GDI32.dll
0x10015018 Rectangle
0x1001501c GetDeviceGammaRamp
0x10015020 GetRgnBox
0x10015024 GetTextExtentPointA
SHLWAPI.dll
0x100150a0 StrCSpnIW
WINSPOOL.DRV
0x100150e0 FindClosePrinterChangeNotification
mscms.dll
0x100150e8 GetColorProfileElement
WININET.dll
0x100150d0 InternetCrackUrlA
ole32.dll
0x100150fc HPALETTE_UserFree
SETUPAPI.dll
0x10015090 SetupDiGetClassDevsExW
0x10015094 SetupDiGetDeviceInterfaceDetailA
0x10015098 SetupDiInstallClassExA
WINMM.dll
0x100150d8 mixerSetControlDetails
OLEAUT32.dll
0x10015084 VarI4FromDate
0x10015088 SysStringByteLen
ESENT.dll
0x10015010 JetSeek
IPHLPAPI.DLL
0x1001502c FlushIpNetTable
USER32.dll
0x100150a8 DefDlgProcW
0x100150ac GrayStringW
0x100150b0 MsgWaitForMultipleObjects
0x100150b4 GetMenuState
0x100150b8 GetScrollRange
0x100150bc GetRawInputDeviceInfoW
0x100150c0 GetShellWindow
0x100150c4 GetClassInfoExW
0x100150c8 GetMenu
EAT(Export Address Table) Library
0x1001525e DoorrledFgppr
msvcrt.dll
0x100150f0 feof
0x100150f4 ungetwc
ADVAPI32.dll
0x10015000 LookupPrivilegeValueA
0x10015004 LogonUserA
0x10015008 GetServiceDisplayNameW
pdh.dll
0x10015104 PdhEnumObjectsW
KERNEL32.dll
0x10015034 GetLargestConsoleWindowSize
0x10015038 WritePrivateProfileStructW
0x1001503c CloseHandle
0x10015040 GetCurrentThread
0x10015044 LocalSize
0x10015048 FindFirstVolumeW
0x1001504c GetCommTimeouts
0x10015050 IsValidLanguageGroup
0x10015054 lstrcatA
0x10015058 GetTempFileNameA
0x1001505c IsDebuggerPresent
0x10015060 GetModuleHandleA
0x10015064 GetProcAddress
0x10015068 OutputDebugStringA
0x1001506c CreateProcessA
0x10015070 LoadLibraryA
0x10015074 GetTimeFormatW
MPRAPI.dll
0x1001507c MprInfoBlockRemove
GDI32.dll
0x10015018 Rectangle
0x1001501c GetDeviceGammaRamp
0x10015020 GetRgnBox
0x10015024 GetTextExtentPointA
SHLWAPI.dll
0x100150a0 StrCSpnIW
WINSPOOL.DRV
0x100150e0 FindClosePrinterChangeNotification
mscms.dll
0x100150e8 GetColorProfileElement
WININET.dll
0x100150d0 InternetCrackUrlA
ole32.dll
0x100150fc HPALETTE_UserFree
SETUPAPI.dll
0x10015090 SetupDiGetClassDevsExW
0x10015094 SetupDiGetDeviceInterfaceDetailA
0x10015098 SetupDiInstallClassExA
WINMM.dll
0x100150d8 mixerSetControlDetails
OLEAUT32.dll
0x10015084 VarI4FromDate
0x10015088 SysStringByteLen
ESENT.dll
0x10015010 JetSeek
IPHLPAPI.DLL
0x1001502c FlushIpNetTable
USER32.dll
0x100150a8 DefDlgProcW
0x100150ac GrayStringW
0x100150b0 MsgWaitForMultipleObjects
0x100150b4 GetMenuState
0x100150b8 GetScrollRange
0x100150bc GetRawInputDeviceInfoW
0x100150c0 GetShellWindow
0x100150c4 GetClassInfoExW
0x100150c8 GetMenu
EAT(Export Address Table) Library
0x1001525e DoorrledFgppr