ScreenShot
| Created | 2021.08.09 09:45 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (AIDetect, malware1, malicious, high confidence, Artemis, Unsafe, Save, confidence, 100%, Kryptik, HLZM, MalwareX, Emotet, UrSnif, CryptBot, QZAZ86, Caynamer, score, CLASSIC, Static AI, Malicious PE, susgen, ZexaF, Iq0@amPg5FfG, Genetic, HwoCFhsA) | ||
| md5 | b9d0201d96bf236e37d58605857b6879 | ||
| sha256 | a916a084fce6071fb264808dccdf11e97ab1eb67b804634e2d98411aef86dcad | ||
| ssdeep | 12288:3DWzZctGgmU79XFj/Zr1oF9UhkSYOpxHB7ZkyfRmQKys1RIY:aWUgmIRBx7xHB7ZRf2ysIY | ||
| imphash | c27ba2db4defa26c8fc20960b3e14f80 | ||
| impfuzzy | 48:mzRKpTZqFZd/UNdMJwEKY+t9VGAF+gYMc2Gyqf:m1qFwluMJw2+tTGAF+7Mc2GL | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x473000 SetProcessAffinityMask
0x473004 GlobalDeleteAtom
0x473008 WriteConsoleInputW
0x47300c lstrlenA
0x473010 GetConsoleAliasesLengthW
0x473014 EnumDateFormatsExW
0x473018 WriteConsoleOutputCharacterA
0x47301c BuildCommDCBAndTimeoutsA
0x473020 UpdateResourceA
0x473024 EndUpdateResourceW
0x473028 GetCurrentProcess
0x47302c GetUserDefaultLCID
0x473030 SetConsoleScreenBufferSize
0x473034 GetComputerNameW
0x473038 SetEvent
0x47303c GetSystemDefaultLCID
0x473040 ReadConsoleW
0x473044 SetFileTime
0x473048 WriteFile
0x47304c CreateActCtxW
0x473050 InitializeCriticalSection
0x473054 ActivateActCtx
0x473058 GetConsoleCP
0x47305c GlobalFindAtomA
0x473060 LoadLibraryW
0x473064 TerminateThread
0x473068 ReadConsoleInputA
0x47306c CopyFileW
0x473070 GetSystemWindowsDirectoryA
0x473074 ReadConsoleOutputW
0x473078 GetVersionExW
0x47307c InterlockedPopEntrySList
0x473080 DnsHostnameToComputerNameW
0x473084 GetConsoleAliasW
0x473088 VerifyVersionInfoA
0x47308c CreateFileW
0x473090 CreateActCtxA
0x473094 SetConsoleTitleA
0x473098 GetConsoleOutputCP
0x47309c InterlockedExchange
0x4730a0 GetLongPathNameW
0x4730a4 SetLastError
0x4730a8 GetProcAddress
0x4730ac GetConsoleDisplayMode
0x4730b0 EnterCriticalSection
0x4730b4 LoadLibraryA
0x4730b8 WriteConsoleA
0x4730bc DeleteTimerQueue
0x4730c0 CreateTapePartition
0x4730c4 GetProfileStringA
0x4730c8 WaitForMultipleObjects
0x4730cc GetModuleHandleA
0x4730d0 BuildCommDCBA
0x4730d4 VirtualProtect
0x4730d8 GetFileAttributesExW
0x4730dc GetCPInfoExA
0x4730e0 FindFirstVolumeA
0x4730e4 GetPrivateProfileSectionW
0x4730e8 GetSystemTime
0x4730ec AreFileApisANSI
0x4730f0 CreateThread
0x4730f4 CreateFileA
0x4730f8 UnhandledExceptionFilter
0x4730fc SetUnhandledExceptionFilter
0x473100 GetLastError
0x473104 HeapReAlloc
0x473108 HeapAlloc
0x47310c GetCommandLineA
0x473110 GetStartupInfoA
0x473114 RaiseException
0x473118 RtlUnwind
0x47311c GetModuleHandleW
0x473120 Sleep
0x473124 ExitProcess
0x473128 GetStdHandle
0x47312c GetModuleFileNameA
0x473130 TerminateProcess
0x473134 IsDebuggerPresent
0x473138 HeapFree
0x47313c LeaveCriticalSection
0x473140 DeleteCriticalSection
0x473144 HeapCreate
0x473148 VirtualFree
0x47314c VirtualAlloc
0x473150 FreeEnvironmentStringsA
0x473154 GetEnvironmentStrings
0x473158 FreeEnvironmentStringsW
0x47315c WideCharToMultiByte
0x473160 GetEnvironmentStringsW
0x473164 SetHandleCount
0x473168 GetFileType
0x47316c TlsGetValue
0x473170 TlsAlloc
0x473174 TlsSetValue
0x473178 TlsFree
0x47317c InterlockedIncrement
0x473180 GetCurrentThreadId
0x473184 InterlockedDecrement
0x473188 QueryPerformanceCounter
0x47318c GetTickCount
0x473190 GetCurrentProcessId
0x473194 GetSystemTimeAsFileTime
0x473198 InitializeCriticalSectionAndSpinCount
0x47319c GetCPInfo
0x4731a0 GetACP
0x4731a4 GetOEMCP
0x4731a8 IsValidCodePage
0x4731ac HeapSize
0x4731b0 GetLocaleInfoA
0x4731b4 GetConsoleMode
0x4731b8 FlushFileBuffers
0x4731bc LCMapStringA
0x4731c0 MultiByteToWideChar
0x4731c4 LCMapStringW
0x4731c8 GetStringTypeA
0x4731cc GetStringTypeW
0x4731d0 SetFilePointer
0x4731d4 CloseHandle
0x4731d8 WriteConsoleW
0x4731dc SetStdHandle
USER32.dll
0x4731e4 GetAltTabInfoA
0x4731e8 RealChildWindowFromPoint
EAT(Export Address Table) is none
KERNEL32.dll
0x473000 SetProcessAffinityMask
0x473004 GlobalDeleteAtom
0x473008 WriteConsoleInputW
0x47300c lstrlenA
0x473010 GetConsoleAliasesLengthW
0x473014 EnumDateFormatsExW
0x473018 WriteConsoleOutputCharacterA
0x47301c BuildCommDCBAndTimeoutsA
0x473020 UpdateResourceA
0x473024 EndUpdateResourceW
0x473028 GetCurrentProcess
0x47302c GetUserDefaultLCID
0x473030 SetConsoleScreenBufferSize
0x473034 GetComputerNameW
0x473038 SetEvent
0x47303c GetSystemDefaultLCID
0x473040 ReadConsoleW
0x473044 SetFileTime
0x473048 WriteFile
0x47304c CreateActCtxW
0x473050 InitializeCriticalSection
0x473054 ActivateActCtx
0x473058 GetConsoleCP
0x47305c GlobalFindAtomA
0x473060 LoadLibraryW
0x473064 TerminateThread
0x473068 ReadConsoleInputA
0x47306c CopyFileW
0x473070 GetSystemWindowsDirectoryA
0x473074 ReadConsoleOutputW
0x473078 GetVersionExW
0x47307c InterlockedPopEntrySList
0x473080 DnsHostnameToComputerNameW
0x473084 GetConsoleAliasW
0x473088 VerifyVersionInfoA
0x47308c CreateFileW
0x473090 CreateActCtxA
0x473094 SetConsoleTitleA
0x473098 GetConsoleOutputCP
0x47309c InterlockedExchange
0x4730a0 GetLongPathNameW
0x4730a4 SetLastError
0x4730a8 GetProcAddress
0x4730ac GetConsoleDisplayMode
0x4730b0 EnterCriticalSection
0x4730b4 LoadLibraryA
0x4730b8 WriteConsoleA
0x4730bc DeleteTimerQueue
0x4730c0 CreateTapePartition
0x4730c4 GetProfileStringA
0x4730c8 WaitForMultipleObjects
0x4730cc GetModuleHandleA
0x4730d0 BuildCommDCBA
0x4730d4 VirtualProtect
0x4730d8 GetFileAttributesExW
0x4730dc GetCPInfoExA
0x4730e0 FindFirstVolumeA
0x4730e4 GetPrivateProfileSectionW
0x4730e8 GetSystemTime
0x4730ec AreFileApisANSI
0x4730f0 CreateThread
0x4730f4 CreateFileA
0x4730f8 UnhandledExceptionFilter
0x4730fc SetUnhandledExceptionFilter
0x473100 GetLastError
0x473104 HeapReAlloc
0x473108 HeapAlloc
0x47310c GetCommandLineA
0x473110 GetStartupInfoA
0x473114 RaiseException
0x473118 RtlUnwind
0x47311c GetModuleHandleW
0x473120 Sleep
0x473124 ExitProcess
0x473128 GetStdHandle
0x47312c GetModuleFileNameA
0x473130 TerminateProcess
0x473134 IsDebuggerPresent
0x473138 HeapFree
0x47313c LeaveCriticalSection
0x473140 DeleteCriticalSection
0x473144 HeapCreate
0x473148 VirtualFree
0x47314c VirtualAlloc
0x473150 FreeEnvironmentStringsA
0x473154 GetEnvironmentStrings
0x473158 FreeEnvironmentStringsW
0x47315c WideCharToMultiByte
0x473160 GetEnvironmentStringsW
0x473164 SetHandleCount
0x473168 GetFileType
0x47316c TlsGetValue
0x473170 TlsAlloc
0x473174 TlsSetValue
0x473178 TlsFree
0x47317c InterlockedIncrement
0x473180 GetCurrentThreadId
0x473184 InterlockedDecrement
0x473188 QueryPerformanceCounter
0x47318c GetTickCount
0x473190 GetCurrentProcessId
0x473194 GetSystemTimeAsFileTime
0x473198 InitializeCriticalSectionAndSpinCount
0x47319c GetCPInfo
0x4731a0 GetACP
0x4731a4 GetOEMCP
0x4731a8 IsValidCodePage
0x4731ac HeapSize
0x4731b0 GetLocaleInfoA
0x4731b4 GetConsoleMode
0x4731b8 FlushFileBuffers
0x4731bc LCMapStringA
0x4731c0 MultiByteToWideChar
0x4731c4 LCMapStringW
0x4731c8 GetStringTypeA
0x4731cc GetStringTypeW
0x4731d0 SetFilePointer
0x4731d4 CloseHandle
0x4731d8 WriteConsoleW
0x4731dc SetStdHandle
USER32.dll
0x4731e4 GetAltTabInfoA
0x4731e8 RealChildWindowFromPoint
EAT(Export Address Table) is none