ScreenShot
| Created | 2021.07.29 09:53 | Machine | s1_win7_x6402 |
| Filename | taroch.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 25 detected (AIDetect, malware2, malicious, high confidence, score, Artemis, Save, Attribute, HighConfidence, Androm, FileRepMalware, Fareit, Auto, Wacapew, ZexaF, zuZ@aepX59em, BScope, Generic@ML, RDML, iGudsQBp6IPh, Hu80gw, Static AI, Suspicious PE, susgen, confidence) | ||
| md5 | 4bd029fab2e1855b65f19af615d5af49 | ||
| sha256 | 19bb2b0774e1638edbdcccc7e2fb936773727966acd3977137a8acfe0823266d | ||
| ssdeep | 6144:cIlhYdWi2kzeShnkmmx87BQwmeOA1PWLC/W4iGrWMwDfv:p0dWrCeSVkmmx8Ntm8oCPrCHDfv | ||
| imphash | 941705bb9de69d9f126b6b02b46cea7a | ||
| impfuzzy | 24:YG3bTdBhsJo55XJwE2zLECw3ESx/hhRxtES5ACw0WSLkmaBqQFdAJQ4hkES/EUnG:YGrT/OJo/SEoLECuXlvRXES5ACw0WSYg | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Terminates another process |
| info | The executable uses a known packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
MSVCRT.dll
0x40702c __setusermatherr
0x407030 _adjust_fdiv
0x407034 __p__commode
0x407038 __p__fmode
0x40703c _initterm
0x407040 _except_handler3
0x407044 __wgetmainargs
0x407048 _controlfp
0x40704c __dllonexit
0x407050 _onexit
0x407054 _wcmdln
0x407058 exit
0x40705c _XcptFilter
0x407060 _exit
0x407064 strncpy
0x407068 atoi
0x40706c isdigit
0x407070 strncmp
0x407074 __set_app_type
0x407078 memset
0x40707c _itoa
KERNEL32.dll
0x407010 VirtualProtect
0x407014 CreateThread
0x407018 Sleep
0x40701c TerminateThread
0x407020 GetModuleHandleW
0x407024 GetStartupInfoW
USER32.dll
0x407084 EnableWindow
0x407088 SetForegroundWindow
0x40708c GetWindowRect
0x407090 GetWindowTextA
0x407094 MessageBoxA
0x407098 CreateWindowExW
0x40709c SendMessageW
0x4070a0 SetActiveWindow
0x4070a4 GetWindow
0x4070a8 SendMessageA
0x4070ac BeginPaint
0x4070b0 EndPaint
0x4070b4 SetWindowTextA
0x4070b8 FillRect
0x4070bc RegisterClassW
0x4070c0 LoadIconW
0x4070c4 SetMenu
0x4070c8 CreateMenu
0x4070cc AppendMenuW
0x4070d0 GetMessageW
0x4070d4 TranslateMessage
0x4070d8 DispatchMessageW
0x4070dc GrayStringA
0x4070e0 GetDC
0x4070e4 UpdateWindow
0x4070e8 GetWindowTextLengthA
0x4070ec DestroyWindow
0x4070f0 CreateWindowExA
0x4070f4 PostQuitMessage
0x4070f8 DefWindowProcW
0x4070fc MessageBoxW
GDI32.dll
0x407000 GetStockObject
0x407004 SetBkMode
0x407008 SetDCPenColor
WS2_32.dll
0x407104 closesocket
0x407108 connect
0x40710c htons
0x407110 recv
0x407114 send
0x407118 socket
0x40711c gethostbyname
0x407120 WSAStartup
0x407124 WSACleanup
0x407128 select
EAT(Export Address Table) is none
MSVCRT.dll
0x40702c __setusermatherr
0x407030 _adjust_fdiv
0x407034 __p__commode
0x407038 __p__fmode
0x40703c _initterm
0x407040 _except_handler3
0x407044 __wgetmainargs
0x407048 _controlfp
0x40704c __dllonexit
0x407050 _onexit
0x407054 _wcmdln
0x407058 exit
0x40705c _XcptFilter
0x407060 _exit
0x407064 strncpy
0x407068 atoi
0x40706c isdigit
0x407070 strncmp
0x407074 __set_app_type
0x407078 memset
0x40707c _itoa
KERNEL32.dll
0x407010 VirtualProtect
0x407014 CreateThread
0x407018 Sleep
0x40701c TerminateThread
0x407020 GetModuleHandleW
0x407024 GetStartupInfoW
USER32.dll
0x407084 EnableWindow
0x407088 SetForegroundWindow
0x40708c GetWindowRect
0x407090 GetWindowTextA
0x407094 MessageBoxA
0x407098 CreateWindowExW
0x40709c SendMessageW
0x4070a0 SetActiveWindow
0x4070a4 GetWindow
0x4070a8 SendMessageA
0x4070ac BeginPaint
0x4070b0 EndPaint
0x4070b4 SetWindowTextA
0x4070b8 FillRect
0x4070bc RegisterClassW
0x4070c0 LoadIconW
0x4070c4 SetMenu
0x4070c8 CreateMenu
0x4070cc AppendMenuW
0x4070d0 GetMessageW
0x4070d4 TranslateMessage
0x4070d8 DispatchMessageW
0x4070dc GrayStringA
0x4070e0 GetDC
0x4070e4 UpdateWindow
0x4070e8 GetWindowTextLengthA
0x4070ec DestroyWindow
0x4070f0 CreateWindowExA
0x4070f4 PostQuitMessage
0x4070f8 DefWindowProcW
0x4070fc MessageBoxW
GDI32.dll
0x407000 GetStockObject
0x407004 SetBkMode
0x407008 SetDCPenColor
WS2_32.dll
0x407104 closesocket
0x407108 connect
0x40710c htons
0x407110 recv
0x407114 send
0x407118 socket
0x40711c gethostbyname
0x407120 WSAStartup
0x407124 WSACleanup
0x407128 select
EAT(Export Address Table) is none