ScreenShot
| Created | 2021.08.04 09:57 | Machine | s1_win7_x6401 |
| Filename | 32576e926d5ca198c9979adda70c821e.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (Zusy, DropperX, Artemis, sougy, ai score=87, Wacatac, Malicious, score, BScope, R002H09H321, Outbreak, HgIASZkA) | ||
| md5 | 4003498f5c38cf05a71125d4e8745791 | ||
| sha256 | ad5711a5bdcd7c6334389a2ed722e16e774d8f55737e85f57c71ec3e1767c63b | ||
| ssdeep | 768:zQR+JJlY3yGJxNojkTnJI6TWzzejkZy/xbD9BxufhqXKCl3G9:nAoITdT0Zy5bZXYml3G9 | ||
| imphash | 2cdeda7a0aa27475a825e9c41d4d95f0 | ||
| impfuzzy | 24:mDozy4vLXHOovuXg7JHniv8ERRv6uk3zfcVAJXK6wxGTuEnk1EQDX:q4TXuhw9WKzfcVAJXKtQnFC | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable uses a known packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x408000 GetProcAddress
0x408004 LoadLibraryA
0x408008 lstrlenW
0x40800c InterlockedDecrement
0x408010 CloseHandle
0x408014 WriteFile
0x408018 CreateFileW
0x40801c lstrcatW
0x408020 GetModuleFileNameW
0x408024 RaiseException
0x408028 LocalFree
0x40802c lstrlenA
0x408030 InterlockedIncrement
0x408034 GetStringTypeW
0x408038 GetStringTypeA
0x40803c LCMapStringW
0x408040 LCMapStringA
0x408044 MultiByteToWideChar
0x408048 RtlUnwind
0x40804c GetCommandLineA
0x408050 GetVersion
0x408054 ExitProcess
0x408058 HeapFree
0x40805c HeapAlloc
0x408060 GetCurrentThreadId
0x408064 TlsSetValue
0x408068 TlsAlloc
0x40806c SetLastError
0x408070 TlsGetValue
0x408074 GetLastError
0x408078 TerminateProcess
0x40807c GetCurrentProcess
0x408080 UnhandledExceptionFilter
0x408084 GetModuleFileNameA
0x408088 FreeEnvironmentStringsA
0x40808c FreeEnvironmentStringsW
0x408090 WideCharToMultiByte
0x408094 GetEnvironmentStrings
0x408098 GetEnvironmentStringsW
0x40809c SetHandleCount
0x4080a0 GetStdHandle
0x4080a4 GetFileType
0x4080a8 GetStartupInfoA
0x4080ac GetModuleHandleA
0x4080b0 GetEnvironmentVariableA
0x4080b4 GetVersionExA
0x4080b8 HeapDestroy
0x4080bc HeapCreate
0x4080c0 VirtualFree
0x4080c4 VirtualAlloc
0x4080c8 HeapReAlloc
0x4080cc IsBadWritePtr
0x4080d0 InitializeCriticalSection
0x4080d4 EnterCriticalSection
0x4080d8 LeaveCriticalSection
0x4080dc SetUnhandledExceptionFilter
0x4080e0 IsBadReadPtr
0x4080e4 IsBadCodePtr
0x4080e8 GetCPInfo
0x4080ec GetACP
0x4080f0 GetOEMCP
0x4080f4 HeapSize
USER32.dll
0x408130 wsprintfW
ole32.dll
0x408138 CoInitializeSecurity
0x40813c CoUninitialize
0x408140 CoInitialize
0x408144 CoCreateInstance
0x408148 CoSetProxyBlanket
OLEAUT32.dll
0x4080fc VariantInit
0x408100 SafeArrayGetDim
0x408104 SafeArrayGetLBound
0x408108 SafeArrayGetUBound
0x40810c SafeArrayAccessData
0x408110 SafeArrayUnaccessData
0x408114 SysStringLen
0x408118 SysAllocStringLen
0x40811c SysAllocString
0x408120 VariantClear
0x408124 SysFreeString
0x408128 GetErrorInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x408000 GetProcAddress
0x408004 LoadLibraryA
0x408008 lstrlenW
0x40800c InterlockedDecrement
0x408010 CloseHandle
0x408014 WriteFile
0x408018 CreateFileW
0x40801c lstrcatW
0x408020 GetModuleFileNameW
0x408024 RaiseException
0x408028 LocalFree
0x40802c lstrlenA
0x408030 InterlockedIncrement
0x408034 GetStringTypeW
0x408038 GetStringTypeA
0x40803c LCMapStringW
0x408040 LCMapStringA
0x408044 MultiByteToWideChar
0x408048 RtlUnwind
0x40804c GetCommandLineA
0x408050 GetVersion
0x408054 ExitProcess
0x408058 HeapFree
0x40805c HeapAlloc
0x408060 GetCurrentThreadId
0x408064 TlsSetValue
0x408068 TlsAlloc
0x40806c SetLastError
0x408070 TlsGetValue
0x408074 GetLastError
0x408078 TerminateProcess
0x40807c GetCurrentProcess
0x408080 UnhandledExceptionFilter
0x408084 GetModuleFileNameA
0x408088 FreeEnvironmentStringsA
0x40808c FreeEnvironmentStringsW
0x408090 WideCharToMultiByte
0x408094 GetEnvironmentStrings
0x408098 GetEnvironmentStringsW
0x40809c SetHandleCount
0x4080a0 GetStdHandle
0x4080a4 GetFileType
0x4080a8 GetStartupInfoA
0x4080ac GetModuleHandleA
0x4080b0 GetEnvironmentVariableA
0x4080b4 GetVersionExA
0x4080b8 HeapDestroy
0x4080bc HeapCreate
0x4080c0 VirtualFree
0x4080c4 VirtualAlloc
0x4080c8 HeapReAlloc
0x4080cc IsBadWritePtr
0x4080d0 InitializeCriticalSection
0x4080d4 EnterCriticalSection
0x4080d8 LeaveCriticalSection
0x4080dc SetUnhandledExceptionFilter
0x4080e0 IsBadReadPtr
0x4080e4 IsBadCodePtr
0x4080e8 GetCPInfo
0x4080ec GetACP
0x4080f0 GetOEMCP
0x4080f4 HeapSize
USER32.dll
0x408130 wsprintfW
ole32.dll
0x408138 CoInitializeSecurity
0x40813c CoUninitialize
0x408140 CoInitialize
0x408144 CoCreateInstance
0x408148 CoSetProxyBlanket
OLEAUT32.dll
0x4080fc VariantInit
0x408100 SafeArrayGetDim
0x408104 SafeArrayGetLBound
0x408108 SafeArrayGetUBound
0x40810c SafeArrayAccessData
0x408110 SafeArrayUnaccessData
0x408114 SysStringLen
0x408118 SysAllocStringLen
0x40811c SysAllocString
0x408120 VariantClear
0x408124 SysFreeString
0x408128 GetErrorInfo
EAT(Export Address Table) is none