ScreenShot
| Created | 2021.08.03 09:24 | Machine | s1_win7_x6402 |
| Filename | download | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetect, malware1, Stop, malicious, high confidence, GenericKDZ, Unsafe, Save, StopCrypt, Kryptik, Eldorado, Attribute, HighConfidence, HLVQ, PWSX, Siggen3, R002C0WGS21, Emotet, opchk, Score, MigratedCloud, R434638, ai score=82, BScope, CLASSIC, jXerHyybjPA, Static AI, Malicious PE, susgen, HLWQ, ZexaF, uuW@aON4OXoI, GdSda, confidence, HwoC5KcA) | ||
| md5 | cd8f5f89a0d7a618a1c6b877bcb6424d | ||
| sha256 | eee4674c468df543473abb0c44c05535dae405d045c9dee93b7fd2baa7cb1b6c | ||
| ssdeep | 6144:cdhyMNRTPNgbUO1yaIIGTiNkP1Wthbm65HL7rnb28HGbLzqInrkH:c/NR72bUO1yaEWXJpL/43z | ||
| imphash | 2f3a2cbde47abc5415a01609e3c61f2d | ||
| impfuzzy | 48:4zkR/dCOYh1CkmJ3GEpjO2SY3KaEZtd6c+x0S+vr/MVBY:4krkkkUNjFRnEZtd6c+yS+vr/ME | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42b000 GetVolumeNameForVolumeMountPointA
0x42b004 GetComputerNameA
0x42b008 GetFileSize
0x42b00c SetFilePointer
0x42b010 lstrlenA
0x42b014 GetConsoleAliasesLengthW
0x42b018 GetConsoleAliasExesA
0x42b01c CommConfigDialogA
0x42b020 GetConsoleAliasExesLengthA
0x42b024 FreeLibrary
0x42b028 InterlockedIncrement
0x42b02c InterlockedDecrement
0x42b030 ZombifyActCtx
0x42b034 GlobalLock
0x42b038 GetProfileSectionA
0x42b03c GetFileAttributesExA
0x42b040 FreeEnvironmentStringsA
0x42b044 GetTickCount
0x42b048 GetCommConfig
0x42b04c LocalFlags
0x42b050 GetConsoleAliasesLengthA
0x42b054 GetWindowsDirectoryA
0x42b058 SetCommState
0x42b05c SetProcessPriorityBoost
0x42b060 TlsSetValue
0x42b064 GetEnvironmentStrings
0x42b068 FindResourceExA
0x42b06c GlobalAlloc
0x42b070 LoadLibraryW
0x42b074 _hread
0x42b078 GetCalendarInfoA
0x42b07c GetSystemWow64DirectoryW
0x42b080 SetSystemTimeAdjustment
0x42b084 GetSystemWindowsDirectoryA
0x42b088 InitAtomTable
0x42b08c GetBinaryTypeA
0x42b090 ReadFile
0x42b094 GetBinaryTypeW
0x42b098 SetConsoleTitleA
0x42b09c VirtualUnlock
0x42b0a0 SetCurrentDirectoryA
0x42b0a4 GetStartupInfoA
0x42b0a8 GetStdHandle
0x42b0ac GetCPInfoExW
0x42b0b0 GetCurrentDirectoryW
0x42b0b4 GetComputerNameExW
0x42b0b8 VerLanguageNameA
0x42b0bc SetFirmwareEnvironmentVariableW
0x42b0c0 CreateNamedPipeA
0x42b0c4 WriteProfileSectionA
0x42b0c8 FreeUserPhysicalPages
0x42b0cc SetComputerNameA
0x42b0d0 GetLocalTime
0x42b0d4 LoadLibraryA
0x42b0d8 CreateSemaphoreW
0x42b0dc SetConsoleCtrlHandler
0x42b0e0 Process32NextW
0x42b0e4 CreateIoCompletionPort
0x42b0e8 EnumResourceNamesA
0x42b0ec WriteProfileStringW
0x42b0f0 BuildCommDCBA
0x42b0f4 VirtualProtect
0x42b0f8 CompareStringA
0x42b0fc _lopen
0x42b100 FindAtomW
0x42b104 GetVersion
0x42b108 DeleteFileW
0x42b10c UnregisterWaitEx
0x42b110 ReadConsoleOutputCharacterW
0x42b114 LCMapStringW
0x42b118 CopyFileExA
0x42b11c AreFileApisANSI
0x42b120 GetLastError
0x42b124 WideCharToMultiByte
0x42b128 GetCommandLineA
0x42b12c HeapValidate
0x42b130 IsBadReadPtr
0x42b134 RaiseException
0x42b138 TerminateProcess
0x42b13c GetCurrentProcess
0x42b140 UnhandledExceptionFilter
0x42b144 SetUnhandledExceptionFilter
0x42b148 IsDebuggerPresent
0x42b14c GetModuleFileNameW
0x42b150 GetACP
0x42b154 GetOEMCP
0x42b158 GetCPInfo
0x42b15c IsValidCodePage
0x42b160 GetProcAddress
0x42b164 TlsGetValue
0x42b168 GetModuleHandleW
0x42b16c TlsAlloc
0x42b170 GetCurrentThreadId
0x42b174 TlsFree
0x42b178 SetLastError
0x42b17c EnterCriticalSection
0x42b180 LeaveCriticalSection
0x42b184 DeleteCriticalSection
0x42b188 SetHandleCount
0x42b18c GetFileType
0x42b190 QueryPerformanceCounter
0x42b194 GetCurrentProcessId
0x42b198 GetSystemTimeAsFileTime
0x42b19c Sleep
0x42b1a0 ExitProcess
0x42b1a4 GetModuleFileNameA
0x42b1a8 FreeEnvironmentStringsW
0x42b1ac GetEnvironmentStringsW
0x42b1b0 HeapDestroy
0x42b1b4 HeapCreate
0x42b1b8 HeapFree
0x42b1bc VirtualFree
0x42b1c0 WriteFile
0x42b1c4 HeapAlloc
0x42b1c8 HeapSize
0x42b1cc HeapReAlloc
0x42b1d0 VirtualAlloc
0x42b1d4 DebugBreak
0x42b1d8 OutputDebugStringA
0x42b1dc WriteConsoleW
0x42b1e0 OutputDebugStringW
0x42b1e4 RtlUnwind
0x42b1e8 MultiByteToWideChar
0x42b1ec LCMapStringA
0x42b1f0 GetStringTypeA
0x42b1f4 GetStringTypeW
0x42b1f8 GetLocaleInfoA
0x42b1fc GetConsoleCP
0x42b200 GetConsoleMode
0x42b204 InitializeCriticalSectionAndSpinCount
0x42b208 FlushFileBuffers
0x42b20c SetStdHandle
0x42b210 WriteConsoleA
0x42b214 GetConsoleOutputCP
0x42b218 CloseHandle
0x42b21c CreateFileA
0x42b220 GetModuleHandleA
USER32.dll
0x42b228 GetMessageTime
0x42b22c GetMenuInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x42b000 GetVolumeNameForVolumeMountPointA
0x42b004 GetComputerNameA
0x42b008 GetFileSize
0x42b00c SetFilePointer
0x42b010 lstrlenA
0x42b014 GetConsoleAliasesLengthW
0x42b018 GetConsoleAliasExesA
0x42b01c CommConfigDialogA
0x42b020 GetConsoleAliasExesLengthA
0x42b024 FreeLibrary
0x42b028 InterlockedIncrement
0x42b02c InterlockedDecrement
0x42b030 ZombifyActCtx
0x42b034 GlobalLock
0x42b038 GetProfileSectionA
0x42b03c GetFileAttributesExA
0x42b040 FreeEnvironmentStringsA
0x42b044 GetTickCount
0x42b048 GetCommConfig
0x42b04c LocalFlags
0x42b050 GetConsoleAliasesLengthA
0x42b054 GetWindowsDirectoryA
0x42b058 SetCommState
0x42b05c SetProcessPriorityBoost
0x42b060 TlsSetValue
0x42b064 GetEnvironmentStrings
0x42b068 FindResourceExA
0x42b06c GlobalAlloc
0x42b070 LoadLibraryW
0x42b074 _hread
0x42b078 GetCalendarInfoA
0x42b07c GetSystemWow64DirectoryW
0x42b080 SetSystemTimeAdjustment
0x42b084 GetSystemWindowsDirectoryA
0x42b088 InitAtomTable
0x42b08c GetBinaryTypeA
0x42b090 ReadFile
0x42b094 GetBinaryTypeW
0x42b098 SetConsoleTitleA
0x42b09c VirtualUnlock
0x42b0a0 SetCurrentDirectoryA
0x42b0a4 GetStartupInfoA
0x42b0a8 GetStdHandle
0x42b0ac GetCPInfoExW
0x42b0b0 GetCurrentDirectoryW
0x42b0b4 GetComputerNameExW
0x42b0b8 VerLanguageNameA
0x42b0bc SetFirmwareEnvironmentVariableW
0x42b0c0 CreateNamedPipeA
0x42b0c4 WriteProfileSectionA
0x42b0c8 FreeUserPhysicalPages
0x42b0cc SetComputerNameA
0x42b0d0 GetLocalTime
0x42b0d4 LoadLibraryA
0x42b0d8 CreateSemaphoreW
0x42b0dc SetConsoleCtrlHandler
0x42b0e0 Process32NextW
0x42b0e4 CreateIoCompletionPort
0x42b0e8 EnumResourceNamesA
0x42b0ec WriteProfileStringW
0x42b0f0 BuildCommDCBA
0x42b0f4 VirtualProtect
0x42b0f8 CompareStringA
0x42b0fc _lopen
0x42b100 FindAtomW
0x42b104 GetVersion
0x42b108 DeleteFileW
0x42b10c UnregisterWaitEx
0x42b110 ReadConsoleOutputCharacterW
0x42b114 LCMapStringW
0x42b118 CopyFileExA
0x42b11c AreFileApisANSI
0x42b120 GetLastError
0x42b124 WideCharToMultiByte
0x42b128 GetCommandLineA
0x42b12c HeapValidate
0x42b130 IsBadReadPtr
0x42b134 RaiseException
0x42b138 TerminateProcess
0x42b13c GetCurrentProcess
0x42b140 UnhandledExceptionFilter
0x42b144 SetUnhandledExceptionFilter
0x42b148 IsDebuggerPresent
0x42b14c GetModuleFileNameW
0x42b150 GetACP
0x42b154 GetOEMCP
0x42b158 GetCPInfo
0x42b15c IsValidCodePage
0x42b160 GetProcAddress
0x42b164 TlsGetValue
0x42b168 GetModuleHandleW
0x42b16c TlsAlloc
0x42b170 GetCurrentThreadId
0x42b174 TlsFree
0x42b178 SetLastError
0x42b17c EnterCriticalSection
0x42b180 LeaveCriticalSection
0x42b184 DeleteCriticalSection
0x42b188 SetHandleCount
0x42b18c GetFileType
0x42b190 QueryPerformanceCounter
0x42b194 GetCurrentProcessId
0x42b198 GetSystemTimeAsFileTime
0x42b19c Sleep
0x42b1a0 ExitProcess
0x42b1a4 GetModuleFileNameA
0x42b1a8 FreeEnvironmentStringsW
0x42b1ac GetEnvironmentStringsW
0x42b1b0 HeapDestroy
0x42b1b4 HeapCreate
0x42b1b8 HeapFree
0x42b1bc VirtualFree
0x42b1c0 WriteFile
0x42b1c4 HeapAlloc
0x42b1c8 HeapSize
0x42b1cc HeapReAlloc
0x42b1d0 VirtualAlloc
0x42b1d4 DebugBreak
0x42b1d8 OutputDebugStringA
0x42b1dc WriteConsoleW
0x42b1e0 OutputDebugStringW
0x42b1e4 RtlUnwind
0x42b1e8 MultiByteToWideChar
0x42b1ec LCMapStringA
0x42b1f0 GetStringTypeA
0x42b1f4 GetStringTypeW
0x42b1f8 GetLocaleInfoA
0x42b1fc GetConsoleCP
0x42b200 GetConsoleMode
0x42b204 InitializeCriticalSectionAndSpinCount
0x42b208 FlushFileBuffers
0x42b20c SetStdHandle
0x42b210 WriteConsoleA
0x42b214 GetConsoleOutputCP
0x42b218 CloseHandle
0x42b21c CreateFileA
0x42b220 GetModuleHandleA
USER32.dll
0x42b228 GetMessageTime
0x42b22c GetMenuInfo
EAT(Export Address Table) is none