ScreenShot
| Created | 2021.07.30 10:37 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetect, malware1, Racealer, malicious, high confidence, Artemis, Unsafe, Save, Attribute, HighConfidence, Azorult, score, ZexaF, RuW@aOCPAwkG, Kryptik, CLASSIC, Static AI, Malicious PE, susgen, confidence, 100%, QVM10) | ||
| md5 | 042edfa930d712dd70b6adee1218d3d9 | ||
| sha256 | 2b077c09e3e5b9035d53cf73f0afc4455463dcb2289816f15f50f68f6b5f5df7 | ||
| ssdeep | 12288:dnIjvmmWAk6xHgupN9e5pOELFfan1wpbbCdkpzoOlLXwKaBt+8pvRUZem3c:SvDW4zA3VJKKfzrlLkBzpJ4X | ||
| imphash | c27a98a29b21693846ec47ce91a249f1 | ||
| impfuzzy | 48:BzsONBHi/dPYEQIINpYOSYExKaE8fcw2tfV85ZLXWh:BzKVP/pI3YmYE8fc3tfV85ZLXWh | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x422008 GetFileSize
0x42200c GetNativeSystemInfo
0x422010 SetFilePointer
0x422014 lstrlenA
0x422018 GetConsoleAliasesLengthW
0x42201c CopyFileExW
0x422020 SetLocalTime
0x422024 GetConsoleAliasExesLengthA
0x422028 InterlockedIncrement
0x42202c VerSetConditionMask
0x422030 GetCommState
0x422034 InterlockedDecrement
0x422038 ZombifyActCtx
0x42203c CompareFileTime
0x422040 GetSystemWindowsDirectoryW
0x422044 SetEnvironmentVariableW
0x422048 GlobalLock
0x42204c SetConsoleScreenBufferSize
0x422050 WriteConsoleInputA
0x422054 SetComputerNameW
0x422058 FreeEnvironmentStringsA
0x42205c VirtualFree
0x422060 SetProcessPriorityBoost
0x422064 FindResourceExA
0x422068 GetComputerNameExA
0x42206c GetFileAttributesW
0x422070 GetBinaryTypeA
0x422074 ReadFile
0x422078 UnregisterWait
0x42207c InterlockedExchange
0x422080 SetCurrentDirectoryA
0x422084 GetStartupInfoA
0x422088 GetCPInfoExW
0x42208c OpenMutexW
0x422090 GetCurrentDirectoryW
0x422094 GetProcAddress
0x422098 CreateNamedPipeA
0x42209c WriteProfileSectionA
0x4220a0 ReadFileEx
0x4220a4 SetStdHandle
0x4220a8 DisableThreadLibraryCalls
0x4220ac GetPrivateProfileStringA
0x4220b0 LoadLibraryA
0x4220b4 CreateSemaphoreW
0x4220b8 GetConsoleScreenBufferInfo
0x4220bc LocalAlloc
0x4220c0 FindAtomA
0x4220c4 EnumResourceNamesA
0x4220c8 WriteProfileStringW
0x4220cc CompareStringA
0x4220d0 FatalAppExitA
0x4220d4 GetVersionExA
0x4220d8 TlsAlloc
0x4220dc FindAtomW
0x4220e0 DeleteFileW
0x4220e4 LCMapStringW
0x4220e8 AreFileApisANSI
0x4220ec GetOverlappedResult
0x4220f0 GetComputerNameA
0x4220f4 GetLastError
0x4220f8 MoveFileA
0x4220fc GetCommandLineA
0x422100 HeapValidate
0x422104 IsBadReadPtr
0x422108 RaiseException
0x42210c DeleteCriticalSection
0x422110 EnterCriticalSection
0x422114 LeaveCriticalSection
0x422118 GetModuleFileNameW
0x42211c SetHandleCount
0x422120 GetStdHandle
0x422124 GetFileType
0x422128 TerminateProcess
0x42212c GetCurrentProcess
0x422130 UnhandledExceptionFilter
0x422134 SetUnhandledExceptionFilter
0x422138 IsDebuggerPresent
0x42213c QueryPerformanceCounter
0x422140 GetTickCount
0x422144 GetCurrentThreadId
0x422148 GetCurrentProcessId
0x42214c GetSystemTimeAsFileTime
0x422150 GetModuleHandleW
0x422154 Sleep
0x422158 ExitProcess
0x42215c GetModuleFileNameA
0x422160 GetEnvironmentStrings
0x422164 FreeEnvironmentStringsW
0x422168 WideCharToMultiByte
0x42216c GetEnvironmentStringsW
0x422170 TlsGetValue
0x422174 TlsSetValue
0x422178 TlsFree
0x42217c SetLastError
0x422180 HeapDestroy
0x422184 HeapCreate
0x422188 HeapFree
0x42218c WriteFile
0x422190 HeapAlloc
0x422194 HeapSize
0x422198 HeapReAlloc
0x42219c VirtualAlloc
0x4221a0 GetACP
0x4221a4 GetOEMCP
0x4221a8 GetCPInfo
0x4221ac IsValidCodePage
0x4221b0 RtlUnwind
0x4221b4 InitializeCriticalSectionAndSpinCount
0x4221b8 DebugBreak
0x4221bc OutputDebugStringA
0x4221c0 WriteConsoleW
0x4221c4 OutputDebugStringW
0x4221c8 LoadLibraryW
0x4221cc GetConsoleCP
0x4221d0 GetConsoleMode
0x4221d4 MultiByteToWideChar
0x4221d8 LCMapStringA
0x4221dc GetStringTypeA
0x4221e0 GetStringTypeW
0x4221e4 GetLocaleInfoA
0x4221e8 FlushFileBuffers
0x4221ec WriteConsoleA
0x4221f0 GetConsoleOutputCP
0x4221f4 CloseHandle
0x4221f8 CreateFileA
0x4221fc GetModuleHandleA
GDI32.dll
0x422000 GetBoundsRect
EAT(Export Address Table) is none
KERNEL32.dll
0x422008 GetFileSize
0x42200c GetNativeSystemInfo
0x422010 SetFilePointer
0x422014 lstrlenA
0x422018 GetConsoleAliasesLengthW
0x42201c CopyFileExW
0x422020 SetLocalTime
0x422024 GetConsoleAliasExesLengthA
0x422028 InterlockedIncrement
0x42202c VerSetConditionMask
0x422030 GetCommState
0x422034 InterlockedDecrement
0x422038 ZombifyActCtx
0x42203c CompareFileTime
0x422040 GetSystemWindowsDirectoryW
0x422044 SetEnvironmentVariableW
0x422048 GlobalLock
0x42204c SetConsoleScreenBufferSize
0x422050 WriteConsoleInputA
0x422054 SetComputerNameW
0x422058 FreeEnvironmentStringsA
0x42205c VirtualFree
0x422060 SetProcessPriorityBoost
0x422064 FindResourceExA
0x422068 GetComputerNameExA
0x42206c GetFileAttributesW
0x422070 GetBinaryTypeA
0x422074 ReadFile
0x422078 UnregisterWait
0x42207c InterlockedExchange
0x422080 SetCurrentDirectoryA
0x422084 GetStartupInfoA
0x422088 GetCPInfoExW
0x42208c OpenMutexW
0x422090 GetCurrentDirectoryW
0x422094 GetProcAddress
0x422098 CreateNamedPipeA
0x42209c WriteProfileSectionA
0x4220a0 ReadFileEx
0x4220a4 SetStdHandle
0x4220a8 DisableThreadLibraryCalls
0x4220ac GetPrivateProfileStringA
0x4220b0 LoadLibraryA
0x4220b4 CreateSemaphoreW
0x4220b8 GetConsoleScreenBufferInfo
0x4220bc LocalAlloc
0x4220c0 FindAtomA
0x4220c4 EnumResourceNamesA
0x4220c8 WriteProfileStringW
0x4220cc CompareStringA
0x4220d0 FatalAppExitA
0x4220d4 GetVersionExA
0x4220d8 TlsAlloc
0x4220dc FindAtomW
0x4220e0 DeleteFileW
0x4220e4 LCMapStringW
0x4220e8 AreFileApisANSI
0x4220ec GetOverlappedResult
0x4220f0 GetComputerNameA
0x4220f4 GetLastError
0x4220f8 MoveFileA
0x4220fc GetCommandLineA
0x422100 HeapValidate
0x422104 IsBadReadPtr
0x422108 RaiseException
0x42210c DeleteCriticalSection
0x422110 EnterCriticalSection
0x422114 LeaveCriticalSection
0x422118 GetModuleFileNameW
0x42211c SetHandleCount
0x422120 GetStdHandle
0x422124 GetFileType
0x422128 TerminateProcess
0x42212c GetCurrentProcess
0x422130 UnhandledExceptionFilter
0x422134 SetUnhandledExceptionFilter
0x422138 IsDebuggerPresent
0x42213c QueryPerformanceCounter
0x422140 GetTickCount
0x422144 GetCurrentThreadId
0x422148 GetCurrentProcessId
0x42214c GetSystemTimeAsFileTime
0x422150 GetModuleHandleW
0x422154 Sleep
0x422158 ExitProcess
0x42215c GetModuleFileNameA
0x422160 GetEnvironmentStrings
0x422164 FreeEnvironmentStringsW
0x422168 WideCharToMultiByte
0x42216c GetEnvironmentStringsW
0x422170 TlsGetValue
0x422174 TlsSetValue
0x422178 TlsFree
0x42217c SetLastError
0x422180 HeapDestroy
0x422184 HeapCreate
0x422188 HeapFree
0x42218c WriteFile
0x422190 HeapAlloc
0x422194 HeapSize
0x422198 HeapReAlloc
0x42219c VirtualAlloc
0x4221a0 GetACP
0x4221a4 GetOEMCP
0x4221a8 GetCPInfo
0x4221ac IsValidCodePage
0x4221b0 RtlUnwind
0x4221b4 InitializeCriticalSectionAndSpinCount
0x4221b8 DebugBreak
0x4221bc OutputDebugStringA
0x4221c0 WriteConsoleW
0x4221c4 OutputDebugStringW
0x4221c8 LoadLibraryW
0x4221cc GetConsoleCP
0x4221d0 GetConsoleMode
0x4221d4 MultiByteToWideChar
0x4221d8 LCMapStringA
0x4221dc GetStringTypeA
0x4221e0 GetStringTypeW
0x4221e4 GetLocaleInfoA
0x4221e8 FlushFileBuffers
0x4221ec WriteConsoleA
0x4221f0 GetConsoleOutputCP
0x4221f4 CloseHandle
0x4221f8 CreateFileA
0x4221fc GetModuleHandleA
GDI32.dll
0x422000 GetBoundsRect
EAT(Export Address Table) is none