ScreenShot
| Created | 2021.08.01 09:18 | Machine | s1_win7_x6401 |
| Filename | tabhost.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 22 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, ZexaF, mzW@ayeZwAbG, Attribute, HighConfidence, Chapak, Score, Sabsik, Glupteba, Kryptik, CLASSIC, Static AI, Malicious PE, susgen, confidence, QVM10) | ||
| md5 | 2b2019bf18467e9150aeda07acbdd1e8 | ||
| sha256 | aaaab76abff4dc4dec34b967a7f3f03cf937d1d47f806bf193f9cb80d35e77e6 | ||
| ssdeep | 24576:VJw2kSyqsNiGVnH0QQpzwUFyJoD2fxb3WD2jc:QS5sIGJ0QPnfxbG4c | ||
| imphash | 3a882b0a906e4a3ae01bd3c1a3fc4b60 | ||
| impfuzzy | 48:BGP0x86xN7OU1O2nYttLaE0jcGIJcFu2XWwxU:rN7OU1FYttOE0jcGIJcbXW3 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424008 GetFileSize
0x42400c SetPriorityClass
0x424010 GetNativeSystemInfo
0x424014 SetFilePointer
0x424018 CopyFileExW
0x42401c InterlockedIncrement
0x424020 InterlockedDecrement
0x424024 WaitNamedPipeA
0x424028 WriteConsoleInputA
0x42402c SetComputerNameW
0x424030 GetComputerNameW
0x424034 SetEvent
0x424038 FreeEnvironmentStringsA
0x42403c CreateNamedPipeW
0x424040 VirtualFree
0x424044 GetConsoleAliasesLengthA
0x424048 GetPrivateProfileStringW
0x42404c FindResourceExA
0x424050 GlobalAlloc
0x424054 LoadLibraryW
0x424058 GetConsoleAliasExesLengthW
0x42405c InitAtomTable
0x424060 GetFileAttributesA
0x424064 CreateSemaphoreA
0x424068 SetConsoleCursorPosition
0x42406c GetBinaryTypeA
0x424070 GetSystemDirectoryA
0x424074 GetOverlappedResult
0x424078 CompareStringW
0x42407c lstrlenW
0x424080 GlobalUnlock
0x424084 EnumResourceNamesW
0x424088 ReleaseActCtx
0x42408c GetStartupInfoA
0x424090 OpenMutexW
0x424094 GetHandleInformation
0x424098 GetProcAddress
0x42409c GetProcessHeaps
0x4240a0 ReadFileEx
0x4240a4 LoadLibraryA
0x4240a8 GetConsoleScreenBufferInfo
0x4240ac GetExitCodeThread
0x4240b0 SetCurrentDirectoryW
0x4240b4 PostQueuedCompletionStatus
0x4240b8 WriteProfileSectionW
0x4240bc SetEnvironmentVariableA
0x4240c0 WriteProfileStringA
0x4240c4 CreateIoCompletionPort
0x4240c8 GetCurrentDirectoryA
0x4240cc FatalAppExitA
0x4240d0 GetCurrentThreadId
0x4240d4 GetCPInfoExA
0x4240d8 GetVersionExA
0x4240dc TlsAlloc
0x4240e0 FindAtomW
0x4240e4 DeleteFileW
0x4240e8 UnregisterWaitEx
0x4240ec GetSystemTime
0x4240f0 LCMapStringW
0x4240f4 AreFileApisANSI
0x4240f8 CreateDirectoryA
0x4240fc FileTimeToDosDateTime
0x424100 CreateFileA
0x424104 UnhandledExceptionFilter
0x424108 SetUnhandledExceptionFilter
0x42410c GetLastError
0x424110 MoveFileA
0x424114 GetStartupInfoW
0x424118 HeapValidate
0x42411c IsBadReadPtr
0x424120 RaiseException
0x424124 GetModuleHandleW
0x424128 Sleep
0x42412c ExitProcess
0x424130 GetModuleFileNameA
0x424134 WriteFile
0x424138 GetStdHandle
0x42413c EnterCriticalSection
0x424140 LeaveCriticalSection
0x424144 TerminateProcess
0x424148 GetCurrentProcess
0x42414c IsDebuggerPresent
0x424150 GetModuleFileNameW
0x424154 RtlUnwind
0x424158 GetACP
0x42415c GetOEMCP
0x424160 GetCPInfo
0x424164 IsValidCodePage
0x424168 TlsGetValue
0x42416c TlsSetValue
0x424170 TlsFree
0x424174 SetLastError
0x424178 DeleteCriticalSection
0x42417c QueryPerformanceCounter
0x424180 GetTickCount
0x424184 GetCurrentProcessId
0x424188 GetSystemTimeAsFileTime
0x42418c FreeEnvironmentStringsW
0x424190 GetEnvironmentStringsW
0x424194 GetCommandLineW
0x424198 SetHandleCount
0x42419c GetFileType
0x4241a0 HeapDestroy
0x4241a4 HeapCreate
0x4241a8 HeapFree
0x4241ac HeapAlloc
0x4241b0 HeapSize
0x4241b4 HeapReAlloc
0x4241b8 VirtualAlloc
0x4241bc InitializeCriticalSectionAndSpinCount
0x4241c0 DebugBreak
0x4241c4 OutputDebugStringA
0x4241c8 WriteConsoleW
0x4241cc OutputDebugStringW
0x4241d0 MultiByteToWideChar
0x4241d4 GetStringTypeA
0x4241d8 GetStringTypeW
0x4241dc GetLocaleInfoA
0x4241e0 WideCharToMultiByte
0x4241e4 LCMapStringA
0x4241e8 GetModuleHandleA
0x4241ec FlushFileBuffers
0x4241f0 GetConsoleCP
0x4241f4 GetConsoleMode
0x4241f8 ReadFile
0x4241fc CloseHandle
0x424200 SetStdHandle
0x424204 WriteConsoleA
0x424208 GetConsoleOutputCP
USER32.dll
0x424218 GetMonitorInfoA
GDI32.dll
0x424000 GetCharWidthW
MSIMG32.dll
0x424210 TransparentBlt
EAT(Export Address Table) is none
KERNEL32.dll
0x424008 GetFileSize
0x42400c SetPriorityClass
0x424010 GetNativeSystemInfo
0x424014 SetFilePointer
0x424018 CopyFileExW
0x42401c InterlockedIncrement
0x424020 InterlockedDecrement
0x424024 WaitNamedPipeA
0x424028 WriteConsoleInputA
0x42402c SetComputerNameW
0x424030 GetComputerNameW
0x424034 SetEvent
0x424038 FreeEnvironmentStringsA
0x42403c CreateNamedPipeW
0x424040 VirtualFree
0x424044 GetConsoleAliasesLengthA
0x424048 GetPrivateProfileStringW
0x42404c FindResourceExA
0x424050 GlobalAlloc
0x424054 LoadLibraryW
0x424058 GetConsoleAliasExesLengthW
0x42405c InitAtomTable
0x424060 GetFileAttributesA
0x424064 CreateSemaphoreA
0x424068 SetConsoleCursorPosition
0x42406c GetBinaryTypeA
0x424070 GetSystemDirectoryA
0x424074 GetOverlappedResult
0x424078 CompareStringW
0x42407c lstrlenW
0x424080 GlobalUnlock
0x424084 EnumResourceNamesW
0x424088 ReleaseActCtx
0x42408c GetStartupInfoA
0x424090 OpenMutexW
0x424094 GetHandleInformation
0x424098 GetProcAddress
0x42409c GetProcessHeaps
0x4240a0 ReadFileEx
0x4240a4 LoadLibraryA
0x4240a8 GetConsoleScreenBufferInfo
0x4240ac GetExitCodeThread
0x4240b0 SetCurrentDirectoryW
0x4240b4 PostQueuedCompletionStatus
0x4240b8 WriteProfileSectionW
0x4240bc SetEnvironmentVariableA
0x4240c0 WriteProfileStringA
0x4240c4 CreateIoCompletionPort
0x4240c8 GetCurrentDirectoryA
0x4240cc FatalAppExitA
0x4240d0 GetCurrentThreadId
0x4240d4 GetCPInfoExA
0x4240d8 GetVersionExA
0x4240dc TlsAlloc
0x4240e0 FindAtomW
0x4240e4 DeleteFileW
0x4240e8 UnregisterWaitEx
0x4240ec GetSystemTime
0x4240f0 LCMapStringW
0x4240f4 AreFileApisANSI
0x4240f8 CreateDirectoryA
0x4240fc FileTimeToDosDateTime
0x424100 CreateFileA
0x424104 UnhandledExceptionFilter
0x424108 SetUnhandledExceptionFilter
0x42410c GetLastError
0x424110 MoveFileA
0x424114 GetStartupInfoW
0x424118 HeapValidate
0x42411c IsBadReadPtr
0x424120 RaiseException
0x424124 GetModuleHandleW
0x424128 Sleep
0x42412c ExitProcess
0x424130 GetModuleFileNameA
0x424134 WriteFile
0x424138 GetStdHandle
0x42413c EnterCriticalSection
0x424140 LeaveCriticalSection
0x424144 TerminateProcess
0x424148 GetCurrentProcess
0x42414c IsDebuggerPresent
0x424150 GetModuleFileNameW
0x424154 RtlUnwind
0x424158 GetACP
0x42415c GetOEMCP
0x424160 GetCPInfo
0x424164 IsValidCodePage
0x424168 TlsGetValue
0x42416c TlsSetValue
0x424170 TlsFree
0x424174 SetLastError
0x424178 DeleteCriticalSection
0x42417c QueryPerformanceCounter
0x424180 GetTickCount
0x424184 GetCurrentProcessId
0x424188 GetSystemTimeAsFileTime
0x42418c FreeEnvironmentStringsW
0x424190 GetEnvironmentStringsW
0x424194 GetCommandLineW
0x424198 SetHandleCount
0x42419c GetFileType
0x4241a0 HeapDestroy
0x4241a4 HeapCreate
0x4241a8 HeapFree
0x4241ac HeapAlloc
0x4241b0 HeapSize
0x4241b4 HeapReAlloc
0x4241b8 VirtualAlloc
0x4241bc InitializeCriticalSectionAndSpinCount
0x4241c0 DebugBreak
0x4241c4 OutputDebugStringA
0x4241c8 WriteConsoleW
0x4241cc OutputDebugStringW
0x4241d0 MultiByteToWideChar
0x4241d4 GetStringTypeA
0x4241d8 GetStringTypeW
0x4241dc GetLocaleInfoA
0x4241e0 WideCharToMultiByte
0x4241e4 LCMapStringA
0x4241e8 GetModuleHandleA
0x4241ec FlushFileBuffers
0x4241f0 GetConsoleCP
0x4241f4 GetConsoleMode
0x4241f8 ReadFile
0x4241fc CloseHandle
0x424200 SetStdHandle
0x424204 WriteConsoleA
0x424208 GetConsoleOutputCP
USER32.dll
0x424218 GetMonitorInfoA
GDI32.dll
0x424000 GetCharWidthW
MSIMG32.dll
0x424210 TransparentBlt
EAT(Export Address Table) is none