ScreenShot
| Created | 2021.08.09 09:28 | Machine | s1_win7_x6402 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 32 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, ZexaF, Lq0@a87sMNw, Kryptik, HLZW, FileRepMalware, SoftPulse, Static AI, Malicious PE, Azorult, SL2CMN, score, Artemis, CLASSIC, UrSnif, susgen, Genetic, confidence, QVM10) | ||
| md5 | 8472ae9fabd1a6ed08801c724d1f7370 | ||
| sha256 | b82f56d700f46d03d91ab996e3affd374c44312213dfa4440e0a8926f5433b0e | ||
| ssdeep | 12288:Yue8smsP0aIyb0SrfHZvTStzmMbP+jzh9C5:U8stMbyb0SrfZrStnmjl9 | ||
| imphash | e4703f951d731209d4eda0f101cdb509 | ||
| impfuzzy | 48:XRZqqZPwKuFhzg/nrPYTtRVGAxcgYvc2vdMf:X7xPAhU8TtXGAxc7vc2vM | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x475008 lstrlenA
0x47500c FindResourceExW
0x475010 LocalCompact
0x475014 UpdateResourceA
0x475018 MoveFileExW
0x47501c InterlockedDecrement
0x475020 GetCurrentProcess
0x475024 GetUserDefaultLCID
0x475028 SetConsoleScreenBufferSize
0x47502c WriteConsoleInputA
0x475030 GetComputerNameW
0x475034 SetEvent
0x475038 GetSystemDefaultLCID
0x47503c GetProcessHeap
0x475040 IsBadReadPtr
0x475044 GetConsoleAliasesLengthA
0x475048 GetConsoleTitleA
0x47504c ReadConsoleW
0x475050 ReadConsoleOutputA
0x475054 WriteFile
0x475058 CreateActCtxW
0x47505c GetVolumePathNameW
0x475060 ActivateActCtx
0x475064 GetConsoleCP
0x475068 GlobalAlloc
0x47506c TerminateThread
0x475070 ReadConsoleInputA
0x475074 GetSystemWindowsDirectoryA
0x475078 SetConsoleCP
0x47507c InterlockedPopEntrySList
0x475080 GetFileAttributesA
0x475084 DnsHostnameToComputerNameW
0x475088 lstrcpynW
0x47508c GetConsoleAliasW
0x475090 SetTimeZoneInformation
0x475094 WriteConsoleOutputCharacterW
0x475098 WriteConsoleW
0x47509c GetMailslotInfo
0x4750a0 CreateActCtxA
0x4750a4 GetCPInfoExW
0x4750a8 GetLastError
0x4750ac GetLongPathNameW
0x4750b0 SetLastError
0x4750b4 GetProcAddress
0x4750b8 EnumDateFormatsExA
0x4750bc EnterCriticalSection
0x4750c0 GlobalGetAtomNameA
0x4750c4 BuildCommDCBW
0x4750c8 LoadLibraryA
0x4750cc GetProfileStringA
0x4750d0 GlobalGetAtomNameW
0x4750d4 WaitForMultipleObjects
0x4750d8 SetSystemTime
0x4750dc SetEnvironmentVariableA
0x4750e0 SetConsoleTitleW
0x4750e4 GetModuleHandleA
0x4750e8 lstrcatW
0x4750ec EraseTape
0x4750f0 CancelTimerQueueTimer
0x4750f4 GetPrivateProfileSectionA
0x4750f8 VirtualProtect
0x4750fc PeekConsoleInputA
0x475100 SetCalendarInfoA
0x475104 EndUpdateResourceA
0x475108 FindFirstVolumeW
0x47510c AreFileApisANSI
0x475110 VerifyVersionInfoA
0x475114 UnhandledExceptionFilter
0x475118 SetUnhandledExceptionFilter
0x47511c HeapReAlloc
0x475120 HeapAlloc
0x475124 GetCommandLineA
0x475128 GetStartupInfoA
0x47512c RaiseException
0x475130 RtlUnwind
0x475134 GetModuleHandleW
0x475138 Sleep
0x47513c ExitProcess
0x475140 GetStdHandle
0x475144 GetModuleFileNameA
0x475148 TerminateProcess
0x47514c IsDebuggerPresent
0x475150 HeapFree
0x475154 DeleteCriticalSection
0x475158 LeaveCriticalSection
0x47515c HeapCreate
0x475160 VirtualFree
0x475164 VirtualAlloc
0x475168 FreeEnvironmentStringsA
0x47516c GetEnvironmentStrings
0x475170 FreeEnvironmentStringsW
0x475174 WideCharToMultiByte
0x475178 GetEnvironmentStringsW
0x47517c SetHandleCount
0x475180 GetFileType
0x475184 TlsGetValue
0x475188 TlsAlloc
0x47518c TlsSetValue
0x475190 TlsFree
0x475194 InterlockedIncrement
0x475198 GetCurrentThreadId
0x47519c QueryPerformanceCounter
0x4751a0 GetTickCount
0x4751a4 GetCurrentProcessId
0x4751a8 GetSystemTimeAsFileTime
0x4751ac InitializeCriticalSectionAndSpinCount
0x4751b0 HeapSize
0x4751b4 GetCPInfo
0x4751b8 GetACP
0x4751bc GetOEMCP
0x4751c0 IsValidCodePage
0x4751c4 GetLocaleInfoA
0x4751c8 LCMapStringA
0x4751cc MultiByteToWideChar
0x4751d0 LCMapStringW
0x4751d4 GetStringTypeA
0x4751d8 GetStringTypeW
USER32.dll
0x4751e0 GetAltTabInfoW
0x4751e4 RealGetWindowClassA
ADVAPI32.dll
0x475000 BackupEventLogW
EAT(Export Address Table) is none
KERNEL32.dll
0x475008 lstrlenA
0x47500c FindResourceExW
0x475010 LocalCompact
0x475014 UpdateResourceA
0x475018 MoveFileExW
0x47501c InterlockedDecrement
0x475020 GetCurrentProcess
0x475024 GetUserDefaultLCID
0x475028 SetConsoleScreenBufferSize
0x47502c WriteConsoleInputA
0x475030 GetComputerNameW
0x475034 SetEvent
0x475038 GetSystemDefaultLCID
0x47503c GetProcessHeap
0x475040 IsBadReadPtr
0x475044 GetConsoleAliasesLengthA
0x475048 GetConsoleTitleA
0x47504c ReadConsoleW
0x475050 ReadConsoleOutputA
0x475054 WriteFile
0x475058 CreateActCtxW
0x47505c GetVolumePathNameW
0x475060 ActivateActCtx
0x475064 GetConsoleCP
0x475068 GlobalAlloc
0x47506c TerminateThread
0x475070 ReadConsoleInputA
0x475074 GetSystemWindowsDirectoryA
0x475078 SetConsoleCP
0x47507c InterlockedPopEntrySList
0x475080 GetFileAttributesA
0x475084 DnsHostnameToComputerNameW
0x475088 lstrcpynW
0x47508c GetConsoleAliasW
0x475090 SetTimeZoneInformation
0x475094 WriteConsoleOutputCharacterW
0x475098 WriteConsoleW
0x47509c GetMailslotInfo
0x4750a0 CreateActCtxA
0x4750a4 GetCPInfoExW
0x4750a8 GetLastError
0x4750ac GetLongPathNameW
0x4750b0 SetLastError
0x4750b4 GetProcAddress
0x4750b8 EnumDateFormatsExA
0x4750bc EnterCriticalSection
0x4750c0 GlobalGetAtomNameA
0x4750c4 BuildCommDCBW
0x4750c8 LoadLibraryA
0x4750cc GetProfileStringA
0x4750d0 GlobalGetAtomNameW
0x4750d4 WaitForMultipleObjects
0x4750d8 SetSystemTime
0x4750dc SetEnvironmentVariableA
0x4750e0 SetConsoleTitleW
0x4750e4 GetModuleHandleA
0x4750e8 lstrcatW
0x4750ec EraseTape
0x4750f0 CancelTimerQueueTimer
0x4750f4 GetPrivateProfileSectionA
0x4750f8 VirtualProtect
0x4750fc PeekConsoleInputA
0x475100 SetCalendarInfoA
0x475104 EndUpdateResourceA
0x475108 FindFirstVolumeW
0x47510c AreFileApisANSI
0x475110 VerifyVersionInfoA
0x475114 UnhandledExceptionFilter
0x475118 SetUnhandledExceptionFilter
0x47511c HeapReAlloc
0x475120 HeapAlloc
0x475124 GetCommandLineA
0x475128 GetStartupInfoA
0x47512c RaiseException
0x475130 RtlUnwind
0x475134 GetModuleHandleW
0x475138 Sleep
0x47513c ExitProcess
0x475140 GetStdHandle
0x475144 GetModuleFileNameA
0x475148 TerminateProcess
0x47514c IsDebuggerPresent
0x475150 HeapFree
0x475154 DeleteCriticalSection
0x475158 LeaveCriticalSection
0x47515c HeapCreate
0x475160 VirtualFree
0x475164 VirtualAlloc
0x475168 FreeEnvironmentStringsA
0x47516c GetEnvironmentStrings
0x475170 FreeEnvironmentStringsW
0x475174 WideCharToMultiByte
0x475178 GetEnvironmentStringsW
0x47517c SetHandleCount
0x475180 GetFileType
0x475184 TlsGetValue
0x475188 TlsAlloc
0x47518c TlsSetValue
0x475190 TlsFree
0x475194 InterlockedIncrement
0x475198 GetCurrentThreadId
0x47519c QueryPerformanceCounter
0x4751a0 GetTickCount
0x4751a4 GetCurrentProcessId
0x4751a8 GetSystemTimeAsFileTime
0x4751ac InitializeCriticalSectionAndSpinCount
0x4751b0 HeapSize
0x4751b4 GetCPInfo
0x4751b8 GetACP
0x4751bc GetOEMCP
0x4751c0 IsValidCodePage
0x4751c4 GetLocaleInfoA
0x4751c8 LCMapStringA
0x4751cc MultiByteToWideChar
0x4751d0 LCMapStringW
0x4751d4 GetStringTypeA
0x4751d8 GetStringTypeW
USER32.dll
0x4751e0 GetAltTabInfoW
0x4751e4 RealGetWindowClassA
ADVAPI32.dll
0x475000 BackupEventLogW
EAT(Export Address Table) is none