ScreenShot
| Created | 2021.08.05 10:51 | Machine | s1_win7_x6401 |
| Filename | both123.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (Noon, malicious, high confidence, Unsafe, Save, confidence, ZexaF, puZ@aOpGyBoi, Eldorado, Attribute, HighConfidence, Kryptik, HLYM, Siggen14, Emotet, kcloud, Wacapew, score, Artemis, BScope, CLASSIC, GenKryptik, FIIH, FileRepMalware, QVM07) | ||
| md5 | 58a63044fe092b8c6e525cc920c04bc1 | ||
| sha256 | 5e870c6ebc9666619f80ecb157b67de938fe42a7d17533d3705b5464923ff7f1 | ||
| ssdeep | 3072:E3brnqR7nyUnkYHuzFrBXnja7mZUZAQ2KoWy8brnyeyMKFRlfrwO+afhLEKBAXU5:E3bTqR7yUkAuz3h/KtdwRl8OxfhNCyN | ||
| imphash | d8dda11e9d039cb0a1c2e717bdda6d64 | ||
| impfuzzy | 24:KTyB+5T0v+GGWXNjC+9VmXg+fSLkdAzQx/fJK9Js09wzAkSvx/ESwkg4//KAFkR3:4q+x02GtXNjC+VmQ+SYGzQpfJKjs09aF | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| info | The executable uses a known packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
MSVCRT.dll
0x405048 _controlfp
0x40504c memcpy
0x405050 _CxxThrowException
0x405054 _except_handler3
0x405058 __set_app_type
0x40505c __p__fmode
0x405060 __p__commode
0x405064 _adjust_fdiv
0x405068 __setusermatherr
0x40506c _initterm
0x405070 __wgetmainargs
0x405074 _wcmdln
0x405078 exit
0x40507c _XcptFilter
0x405080 _exit
0x405084 ??1type_info@@UAE@XZ
0x405088 ??3@YAXPAX@Z
0x40508c memset
0x405090 wcstol
0x405094 ??2@YAPAXI@Z
0x405098 memmove
dbghelp.dll
0x405118 MiniDumpWriteDump
KERNEL32.dll
0x405008 GetFileSize
0x40500c VirtualProtect
0x405010 GetCurrentProcess
0x405014 GetStartupInfoW
0x405018 GetModuleHandleW
0x40501c GetCurrentProcessId
0x405020 ReadFile
0x405024 CloseHandle
0x405028 CreateFileW
0x40502c SetFilePointer
0x405030 WriteFile
USER32.dll
0x4050a0 LoadCursorW
0x4050a4 LoadIconW
0x4050a8 TranslateMessage
0x4050ac TranslateAcceleratorW
0x4050b0 GrayStringA
0x4050b4 SendDlgItemMessageW
0x4050b8 DispatchMessageW
0x4050bc ShowWindow
0x4050c0 LoadStringW
0x4050c4 LoadAcceleratorsW
0x4050c8 RegisterClassExW
0x4050cc MessageBeep
0x4050d0 SetWindowTextW
0x4050d4 EndDialog
0x4050d8 SendMessageW
0x4050dc CreateWindowExW
0x4050e0 MessageBoxW
0x4050e4 GetDC
0x4050e8 DestroyWindow
0x4050ec DefWindowProcW
0x4050f0 GetMessageW
0x4050f4 GetWindowLongW
0x4050f8 GetDlgItem
0x4050fc PostQuitMessage
0x405100 DialogBoxParamW
0x405104 UpdateWindow
0x405108 EndPaint
0x40510c GetWindowTextW
0x405110 BeginPaint
COMDLG32.dll
0x405000 GetOpenFileNameW
MSVCP140.dll
0x405038 ?_Xlength_error@std@@YAXPBD@Z
0x40503c ?_Xbad_alloc@std@@YAXXZ
0x405040 ?_Xout_of_range@std@@YAXPBD@Z
EAT(Export Address Table) is none
MSVCRT.dll
0x405048 _controlfp
0x40504c memcpy
0x405050 _CxxThrowException
0x405054 _except_handler3
0x405058 __set_app_type
0x40505c __p__fmode
0x405060 __p__commode
0x405064 _adjust_fdiv
0x405068 __setusermatherr
0x40506c _initterm
0x405070 __wgetmainargs
0x405074 _wcmdln
0x405078 exit
0x40507c _XcptFilter
0x405080 _exit
0x405084 ??1type_info@@UAE@XZ
0x405088 ??3@YAXPAX@Z
0x40508c memset
0x405090 wcstol
0x405094 ??2@YAPAXI@Z
0x405098 memmove
dbghelp.dll
0x405118 MiniDumpWriteDump
KERNEL32.dll
0x405008 GetFileSize
0x40500c VirtualProtect
0x405010 GetCurrentProcess
0x405014 GetStartupInfoW
0x405018 GetModuleHandleW
0x40501c GetCurrentProcessId
0x405020 ReadFile
0x405024 CloseHandle
0x405028 CreateFileW
0x40502c SetFilePointer
0x405030 WriteFile
USER32.dll
0x4050a0 LoadCursorW
0x4050a4 LoadIconW
0x4050a8 TranslateMessage
0x4050ac TranslateAcceleratorW
0x4050b0 GrayStringA
0x4050b4 SendDlgItemMessageW
0x4050b8 DispatchMessageW
0x4050bc ShowWindow
0x4050c0 LoadStringW
0x4050c4 LoadAcceleratorsW
0x4050c8 RegisterClassExW
0x4050cc MessageBeep
0x4050d0 SetWindowTextW
0x4050d4 EndDialog
0x4050d8 SendMessageW
0x4050dc CreateWindowExW
0x4050e0 MessageBoxW
0x4050e4 GetDC
0x4050e8 DestroyWindow
0x4050ec DefWindowProcW
0x4050f0 GetMessageW
0x4050f4 GetWindowLongW
0x4050f8 GetDlgItem
0x4050fc PostQuitMessage
0x405100 DialogBoxParamW
0x405104 UpdateWindow
0x405108 EndPaint
0x40510c GetWindowTextW
0x405110 BeginPaint
COMDLG32.dll
0x405000 GetOpenFileNameW
MSVCP140.dll
0x405038 ?_Xlength_error@std@@YAXPBD@Z
0x40503c ?_Xbad_alloc@std@@YAXXZ
0x405040 ?_Xout_of_range@std@@YAXPBD@Z
EAT(Export Address Table) is none