ScreenShot
| Created | 2021.07.15 10:20 | Machine | s1_win7_x6402 |
| Filename | file7.bin | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 32 detected (AIDetect, malware1, malicious, high confidence, Dridex, Unsafe, Save, EmotetedCryptc, ZexaF, ku0@a07tS@b, GenericML, xnet, TrojanX, Generic@ML, RDML, CYgHAdR, Dm+FoNLx, 9rmrA, R + Mal, EncPk, Static AI, Malicious PE, kcloud, Emotet, 4QO2LB, score, MachineLearning, Anomalous, 100%, R002H07GE21, PossibleThreat, confidence, HxQBlecA) | ||
| md5 | 76590750b6933c89a6fd7007812a5897 | ||
| sha256 | d93210076662115315a8713a18a86f22051c45ab7216129daa9b5638a76dac43 | ||
| ssdeep | 3072:a7p3dQo86PI7e2seiJPWZ6Ox1uTQjY48+STfLbh9w47sIF:g3dyj7NseoPOx1KQU5TTbbT | ||
| imphash | e92132005097daafddd51d9c4d138d88 | ||
| impfuzzy | 24:oaDrdWrywVV4WiC6LDzUFzVG7lR6QLC1bl1e6nAF4W/zr9Lt:Zdnx4JGX64C1blE6nAF4W/zZLt | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ESENT.dll
0x10015010 JetSeek
MPRAPI.dll
0x1001507c MprInfoBlockRemove
GDI32.dll
0x10015018 GetRgnBox
0x1001501c Rectangle
0x10015020 GetTextExtentPointA
0x10015024 GetDeviceGammaRamp
WINSPOOL.DRV
0x100150e0 FindClosePrinterChangeNotification
ole32.dll
0x100150fc HPALETTE_UserFree
KERNEL32.dll
0x10015034 CloseHandle
0x10015038 OutputDebugStringA
0x1001503c FindFirstVolumeW
0x10015040 CreateProcessA
0x10015044 IsValidLanguageGroup
0x10015048 WritePrivateProfileStructW
0x1001504c LoadLibraryA
0x10015050 GetCurrentThread
0x10015054 LocalSize
0x10015058 GetTempFileNameA
0x1001505c GetCommTimeouts
0x10015060 GetTimeFormatW
0x10015064 lstrcatA
0x10015068 IsDebuggerPresent
0x1001506c GetModuleHandleA
0x10015070 GetProcAddress
0x10015074 GetLargestConsoleWindowSize
msvcrt.dll
0x100150f0 ungetwc
0x100150f4 feof
IPHLPAPI.DLL
0x1001502c FlushIpNetTable
OLEAUT32.dll
0x10015084 SysStringByteLen
0x10015088 VarI4FromDate
SHLWAPI.dll
0x100150a0 StrCSpnIW
pdh.dll
0x10015104 PdhEnumObjectsW
mscms.dll
0x100150e8 GetColorProfileElement
WININET.dll
0x100150d0 InternetCrackUrlA
USER32.dll
0x100150a8 GetClassInfoExW
0x100150ac GetScrollRange
0x100150b0 MsgWaitForMultipleObjects
0x100150b4 GetMenu
0x100150b8 DefDlgProcW
0x100150bc GetRawInputDeviceInfoW
0x100150c0 GrayStringW
0x100150c4 GetMenuState
0x100150c8 GetShellWindow
ADVAPI32.dll
0x10015000 LookupPrivilegeValueA
0x10015004 LogonUserA
0x10015008 GetServiceDisplayNameW
WINMM.dll
0x100150d8 mixerSetControlDetails
SETUPAPI.dll
0x10015090 SetupDiGetDeviceInterfaceDetailA
0x10015094 SetupDiInstallClassExA
0x10015098 SetupDiGetClassDevsExW
EAT(Export Address Table) Library
0x1001525e DoorrledFgppr
ESENT.dll
0x10015010 JetSeek
MPRAPI.dll
0x1001507c MprInfoBlockRemove
GDI32.dll
0x10015018 GetRgnBox
0x1001501c Rectangle
0x10015020 GetTextExtentPointA
0x10015024 GetDeviceGammaRamp
WINSPOOL.DRV
0x100150e0 FindClosePrinterChangeNotification
ole32.dll
0x100150fc HPALETTE_UserFree
KERNEL32.dll
0x10015034 CloseHandle
0x10015038 OutputDebugStringA
0x1001503c FindFirstVolumeW
0x10015040 CreateProcessA
0x10015044 IsValidLanguageGroup
0x10015048 WritePrivateProfileStructW
0x1001504c LoadLibraryA
0x10015050 GetCurrentThread
0x10015054 LocalSize
0x10015058 GetTempFileNameA
0x1001505c GetCommTimeouts
0x10015060 GetTimeFormatW
0x10015064 lstrcatA
0x10015068 IsDebuggerPresent
0x1001506c GetModuleHandleA
0x10015070 GetProcAddress
0x10015074 GetLargestConsoleWindowSize
msvcrt.dll
0x100150f0 ungetwc
0x100150f4 feof
IPHLPAPI.DLL
0x1001502c FlushIpNetTable
OLEAUT32.dll
0x10015084 SysStringByteLen
0x10015088 VarI4FromDate
SHLWAPI.dll
0x100150a0 StrCSpnIW
pdh.dll
0x10015104 PdhEnumObjectsW
mscms.dll
0x100150e8 GetColorProfileElement
WININET.dll
0x100150d0 InternetCrackUrlA
USER32.dll
0x100150a8 GetClassInfoExW
0x100150ac GetScrollRange
0x100150b0 MsgWaitForMultipleObjects
0x100150b4 GetMenu
0x100150b8 DefDlgProcW
0x100150bc GetRawInputDeviceInfoW
0x100150c0 GrayStringW
0x100150c4 GetMenuState
0x100150c8 GetShellWindow
ADVAPI32.dll
0x10015000 LookupPrivilegeValueA
0x10015004 LogonUserA
0x10015008 GetServiceDisplayNameW
WINMM.dll
0x100150d8 mixerSetControlDetails
SETUPAPI.dll
0x10015090 SetupDiGetDeviceInterfaceDetailA
0x10015094 SetupDiInstallClassExA
0x10015098 SetupDiGetClassDevsExW
EAT(Export Address Table) Library
0x1001525e DoorrledFgppr