ScreenShot
| Created | 2021.07.15 10:39 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 31 detected (AIDetect, malware2, Convagent, malicious, high confidence, Unsafe, Save, GandCrab, R002H07GE21, score, RansomX, Generic@ML, RDML, AxYisjh7qfPFX14eWjXHeA, Virut, Azorult, Static AI, Suspicious PE, GenericM, susgen, GenKryptik, ERHN, confidence, HwoClpsA) | ||
| md5 | 58fa567894c7dc28d2b7f0d7f3886512 | ||
| sha256 | 7e19416205cfb8e056d4628bdeb635e29cefba04fcb21ee55e7b0077427e4c99 | ||
| ssdeep | 12288:36jzKI7sKCdLR3yjC0IpZ342UmtBuu5ARNToFfNb2gUIieCIE3hRBI6EMjkd:36vlYB3RvI2hT5IU1CgUsCIA5I6EMj | ||
| imphash | 40b1f970cd866a04c66be8c7bed9fe15 | ||
| impfuzzy | 24:unkrVJH7lO8TjublTn1DHpKqDZYbVvEZMZGPZyXkrkRrOovbcJtHhJKbKRv9GTFD:u4n70p6yMZGPZt/0cJtB59Ggcg4+lU | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | RedLine_Stealer_Zero | RedLine stealer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401010 GetCPInfoExA
0x401014 WriteConsoleInputA
0x401018 ReadConsoleInputA
0x40101c GetTapeParameters
0x401020 SetTapePosition
0x401024 WriteTapemark
0x401028 GetConsoleAliasesW
0x40102c WriteConsoleW
0x401030 SetLastError
0x401034 BuildCommDCBW
0x401038 InitializeCriticalSectionAndSpinCount
0x40103c RequestDeviceWakeup
0x401040 LoadLibraryA
0x401044 FlushFileBuffers
0x401048 GetLongPathNameA
0x40104c PulseEvent
0x401050 SleepEx
0x401054 WaitForSingleObject
0x401058 WaitForMultipleObjects
0x40105c FreeConsole
0x401060 SetConsoleCtrlHandler
0x401064 SetConsoleTitleA
0x401068 ReleaseActCtx
0x40106c SetConsoleWindowInfo
0x401070 AttachConsole
0x401074 ReadConsoleW
0x401078 GetProcessHeap
0x40107c AllocConsole
0x401080 BuildCommDCBAndTimeoutsW
0x401084 GetGeoInfoW
0x401088 GetCurrentProcess
0x40108c GetProcAddress
0x401090 GetModuleHandleW
0x401094 CreateThread
0x401098 GetProcessHeaps
0x40109c GetOEMCP
0x4010a0 WaitForMultipleObjectsEx
0x4010a4 SetSystemPowerState
0x4010a8 FindAtomW
0x4010ac SetFileApisToOEM
0x4010b0 OpenWaitableTimerW
0x4010b4 HeapValidate
0x4010b8 WideCharToMultiByte
0x4010bc ProcessIdToSessionId
0x4010c0 GetUserDefaultLCID
0x4010c4 GenerateConsoleCtrlEvent
0x4010c8 GetConsoleAliasesLengthA
0x4010cc GetCommandLineA
0x4010d0 GetStartupInfoA
0x4010d4 GetModuleHandleA
0x4010d8 HeapAlloc
0x4010dc EnterCriticalSection
0x4010e0 LeaveCriticalSection
0x4010e4 TerminateProcess
0x4010e8 UnhandledExceptionFilter
0x4010ec SetUnhandledExceptionFilter
0x4010f0 IsDebuggerPresent
0x4010f4 TlsGetValue
0x4010f8 TlsAlloc
0x4010fc TlsSetValue
0x401100 TlsFree
0x401104 InterlockedIncrement
0x401108 GetCurrentThreadId
0x40110c GetLastError
0x401110 InterlockedDecrement
0x401114 ReadFile
0x401118 SetHandleCount
0x40111c GetStdHandle
0x401120 GetFileType
0x401124 DeleteCriticalSection
0x401128 SetFilePointer
0x40112c Sleep
0x401130 ExitProcess
0x401134 WriteFile
0x401138 GetModuleFileNameA
0x40113c FreeEnvironmentStringsA
0x401140 GetEnvironmentStrings
0x401144 FreeEnvironmentStringsW
0x401148 GetEnvironmentStringsW
0x40114c HeapCreate
0x401150 VirtualFree
0x401154 HeapFree
0x401158 QueryPerformanceCounter
0x40115c GetTickCount
0x401160 GetCurrentProcessId
0x401164 GetSystemTimeAsFileTime
0x401168 GetCPInfo
0x40116c GetACP
0x401170 IsValidCodePage
0x401174 VirtualAlloc
0x401178 HeapReAlloc
0x40117c RtlUnwind
0x401180 MultiByteToWideChar
0x401184 SetStdHandle
0x401188 RaiseException
0x40118c LCMapStringA
0x401190 LCMapStringW
0x401194 GetStringTypeA
0x401198 GetStringTypeW
0x40119c GetLocaleInfoA
0x4011a0 GetConsoleCP
0x4011a4 GetConsoleMode
0x4011a8 HeapSize
0x4011ac CloseHandle
0x4011b0 WriteConsoleA
0x4011b4 GetConsoleOutputCP
0x4011b8 CreateFileA
USER32.dll
0x4011c0 GetAltTabInfoW
GDI32.dll
0x401008 GetCharWidth32A
ADVAPI32.dll
0x401000 AreAnyAccessesGranted
EAT(Export Address Table) Library
0x48c625 @GetVice@0
KERNEL32.dll
0x401010 GetCPInfoExA
0x401014 WriteConsoleInputA
0x401018 ReadConsoleInputA
0x40101c GetTapeParameters
0x401020 SetTapePosition
0x401024 WriteTapemark
0x401028 GetConsoleAliasesW
0x40102c WriteConsoleW
0x401030 SetLastError
0x401034 BuildCommDCBW
0x401038 InitializeCriticalSectionAndSpinCount
0x40103c RequestDeviceWakeup
0x401040 LoadLibraryA
0x401044 FlushFileBuffers
0x401048 GetLongPathNameA
0x40104c PulseEvent
0x401050 SleepEx
0x401054 WaitForSingleObject
0x401058 WaitForMultipleObjects
0x40105c FreeConsole
0x401060 SetConsoleCtrlHandler
0x401064 SetConsoleTitleA
0x401068 ReleaseActCtx
0x40106c SetConsoleWindowInfo
0x401070 AttachConsole
0x401074 ReadConsoleW
0x401078 GetProcessHeap
0x40107c AllocConsole
0x401080 BuildCommDCBAndTimeoutsW
0x401084 GetGeoInfoW
0x401088 GetCurrentProcess
0x40108c GetProcAddress
0x401090 GetModuleHandleW
0x401094 CreateThread
0x401098 GetProcessHeaps
0x40109c GetOEMCP
0x4010a0 WaitForMultipleObjectsEx
0x4010a4 SetSystemPowerState
0x4010a8 FindAtomW
0x4010ac SetFileApisToOEM
0x4010b0 OpenWaitableTimerW
0x4010b4 HeapValidate
0x4010b8 WideCharToMultiByte
0x4010bc ProcessIdToSessionId
0x4010c0 GetUserDefaultLCID
0x4010c4 GenerateConsoleCtrlEvent
0x4010c8 GetConsoleAliasesLengthA
0x4010cc GetCommandLineA
0x4010d0 GetStartupInfoA
0x4010d4 GetModuleHandleA
0x4010d8 HeapAlloc
0x4010dc EnterCriticalSection
0x4010e0 LeaveCriticalSection
0x4010e4 TerminateProcess
0x4010e8 UnhandledExceptionFilter
0x4010ec SetUnhandledExceptionFilter
0x4010f0 IsDebuggerPresent
0x4010f4 TlsGetValue
0x4010f8 TlsAlloc
0x4010fc TlsSetValue
0x401100 TlsFree
0x401104 InterlockedIncrement
0x401108 GetCurrentThreadId
0x40110c GetLastError
0x401110 InterlockedDecrement
0x401114 ReadFile
0x401118 SetHandleCount
0x40111c GetStdHandle
0x401120 GetFileType
0x401124 DeleteCriticalSection
0x401128 SetFilePointer
0x40112c Sleep
0x401130 ExitProcess
0x401134 WriteFile
0x401138 GetModuleFileNameA
0x40113c FreeEnvironmentStringsA
0x401140 GetEnvironmentStrings
0x401144 FreeEnvironmentStringsW
0x401148 GetEnvironmentStringsW
0x40114c HeapCreate
0x401150 VirtualFree
0x401154 HeapFree
0x401158 QueryPerformanceCounter
0x40115c GetTickCount
0x401160 GetCurrentProcessId
0x401164 GetSystemTimeAsFileTime
0x401168 GetCPInfo
0x40116c GetACP
0x401170 IsValidCodePage
0x401174 VirtualAlloc
0x401178 HeapReAlloc
0x40117c RtlUnwind
0x401180 MultiByteToWideChar
0x401184 SetStdHandle
0x401188 RaiseException
0x40118c LCMapStringA
0x401190 LCMapStringW
0x401194 GetStringTypeA
0x401198 GetStringTypeW
0x40119c GetLocaleInfoA
0x4011a0 GetConsoleCP
0x4011a4 GetConsoleMode
0x4011a8 HeapSize
0x4011ac CloseHandle
0x4011b0 WriteConsoleA
0x4011b4 GetConsoleOutputCP
0x4011b8 CreateFileA
USER32.dll
0x4011c0 GetAltTabInfoW
GDI32.dll
0x401008 GetCharWidth32A
ADVAPI32.dll
0x401000 AreAnyAccessesGranted
EAT(Export Address Table) Library
0x48c625 @GetVice@0