ScreenShot
| Created | 2021.08.09 09:38 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (malicious, high confidence, Artemis, Unsafe, Save, confidence, 100%, Kryptik, HLZV, FileRepMalware, CLASSIC, SoftPulse, Static AI, Malicious PE, Aicat, SL2CMN, score, UrSnif, ZexaF, Lq0@aqpP1QC, susgen) | ||
| md5 | 5c9bc69219f434c0d872aa764bd8e624 | ||
| sha256 | 3c3ec4c1e29ddd7df20882f14db717567717772eba3c25063564c7b8a665ac06 | ||
| ssdeep | 12288:/nZ8kWc1HDIX6EjUPS8vG2p6oTxu7hYAuczF39Pl9C52y:B8kWc5iixlJOYgR9N9 | ||
| imphash | 3d213b98c14cd3c3750955e4d1b081cd | ||
| impfuzzy | 48:XCZqqZPwKu4d87zgPnrgYKtRVGAxcgYMc2vdMf:XqxPB87UXKtXGAxc7Mc2vM | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x475008 lstrlenA
0x47500c FindResourceExW
0x475010 LocalCompact
0x475014 UpdateResourceA
0x475018 MoveFileExW
0x47501c GetCurrentProcess
0x475020 GetUserDefaultLCID
0x475024 SetConsoleScreenBufferSize
0x475028 WriteConsoleInputA
0x47502c GetComputerNameW
0x475030 SetEvent
0x475034 GetSystemDefaultLCID
0x475038 GetProcessHeap
0x47503c IsBadReadPtr
0x475040 GetConsoleAliasesLengthA
0x475044 GetConsoleTitleA
0x475048 ReadConsoleW
0x47504c ReadConsoleOutputA
0x475050 WriteFile
0x475054 CreateActCtxW
0x475058 GetVolumePathNameW
0x47505c ActivateActCtx
0x475060 GetConsoleCP
0x475064 TerminateThread
0x475068 ReadConsoleInputA
0x47506c GetSystemWindowsDirectoryA
0x475070 SetConsoleCP
0x475074 InterlockedPopEntrySList
0x475078 GetFileAttributesA
0x47507c DnsHostnameToComputerNameW
0x475080 lstrcpynW
0x475084 GetConsoleAliasW
0x475088 SetTimeZoneInformation
0x47508c VerifyVersionInfoA
0x475090 WriteConsoleW
0x475094 WriteConsoleOutputCharacterW
0x475098 CreateActCtxA
0x47509c SetConsoleTitleA
0x4750a0 InterlockedExchange
0x4750a4 GetCPInfoExW
0x4750a8 GetLastError
0x4750ac GetLongPathNameW
0x4750b0 SetLastError
0x4750b4 GetProcAddress
0x4750b8 EnumDateFormatsExA
0x4750bc GetConsoleDisplayMode
0x4750c0 EnterCriticalSection
0x4750c4 GlobalGetAtomNameA
0x4750c8 BuildCommDCBW
0x4750cc LoadLibraryA
0x4750d0 GetProfileStringA
0x4750d4 GlobalGetAtomNameW
0x4750d8 WaitForMultipleObjects
0x4750dc SetEnvironmentVariableA
0x4750e0 GetModuleHandleA
0x4750e4 lstrcatW
0x4750e8 EraseTape
0x4750ec CancelTimerQueueTimer
0x4750f0 GetPrivateProfileSectionA
0x4750f4 VirtualProtect
0x4750f8 PeekConsoleInputA
0x4750fc SetCalendarInfoA
0x475100 EndUpdateResourceA
0x475104 FindFirstVolumeW
0x475108 GlobalReAlloc
0x47510c GetSystemTime
0x475110 AreFileApisANSI
0x475114 GetMailslotInfo
0x475118 UnhandledExceptionFilter
0x47511c SetUnhandledExceptionFilter
0x475120 HeapReAlloc
0x475124 HeapAlloc
0x475128 GetCommandLineA
0x47512c GetStartupInfoA
0x475130 RaiseException
0x475134 RtlUnwind
0x475138 GetModuleHandleW
0x47513c Sleep
0x475140 ExitProcess
0x475144 GetStdHandle
0x475148 GetModuleFileNameA
0x47514c TerminateProcess
0x475150 IsDebuggerPresent
0x475154 HeapFree
0x475158 DeleteCriticalSection
0x47515c LeaveCriticalSection
0x475160 HeapCreate
0x475164 VirtualFree
0x475168 VirtualAlloc
0x47516c FreeEnvironmentStringsA
0x475170 GetEnvironmentStrings
0x475174 FreeEnvironmentStringsW
0x475178 WideCharToMultiByte
0x47517c GetEnvironmentStringsW
0x475180 SetHandleCount
0x475184 GetFileType
0x475188 TlsGetValue
0x47518c TlsAlloc
0x475190 TlsSetValue
0x475194 TlsFree
0x475198 InterlockedIncrement
0x47519c GetCurrentThreadId
0x4751a0 InterlockedDecrement
0x4751a4 QueryPerformanceCounter
0x4751a8 GetTickCount
0x4751ac GetCurrentProcessId
0x4751b0 GetSystemTimeAsFileTime
0x4751b4 InitializeCriticalSectionAndSpinCount
0x4751b8 HeapSize
0x4751bc GetCPInfo
0x4751c0 GetACP
0x4751c4 GetOEMCP
0x4751c8 IsValidCodePage
0x4751cc GetLocaleInfoA
0x4751d0 LCMapStringA
0x4751d4 MultiByteToWideChar
0x4751d8 LCMapStringW
0x4751dc GetStringTypeA
0x4751e0 GetStringTypeW
USER32.dll
0x4751e8 GetAltTabInfoW
0x4751ec RealGetWindowClassA
ADVAPI32.dll
0x475000 BackupEventLogW
EAT(Export Address Table) is none
KERNEL32.dll
0x475008 lstrlenA
0x47500c FindResourceExW
0x475010 LocalCompact
0x475014 UpdateResourceA
0x475018 MoveFileExW
0x47501c GetCurrentProcess
0x475020 GetUserDefaultLCID
0x475024 SetConsoleScreenBufferSize
0x475028 WriteConsoleInputA
0x47502c GetComputerNameW
0x475030 SetEvent
0x475034 GetSystemDefaultLCID
0x475038 GetProcessHeap
0x47503c IsBadReadPtr
0x475040 GetConsoleAliasesLengthA
0x475044 GetConsoleTitleA
0x475048 ReadConsoleW
0x47504c ReadConsoleOutputA
0x475050 WriteFile
0x475054 CreateActCtxW
0x475058 GetVolumePathNameW
0x47505c ActivateActCtx
0x475060 GetConsoleCP
0x475064 TerminateThread
0x475068 ReadConsoleInputA
0x47506c GetSystemWindowsDirectoryA
0x475070 SetConsoleCP
0x475074 InterlockedPopEntrySList
0x475078 GetFileAttributesA
0x47507c DnsHostnameToComputerNameW
0x475080 lstrcpynW
0x475084 GetConsoleAliasW
0x475088 SetTimeZoneInformation
0x47508c VerifyVersionInfoA
0x475090 WriteConsoleW
0x475094 WriteConsoleOutputCharacterW
0x475098 CreateActCtxA
0x47509c SetConsoleTitleA
0x4750a0 InterlockedExchange
0x4750a4 GetCPInfoExW
0x4750a8 GetLastError
0x4750ac GetLongPathNameW
0x4750b0 SetLastError
0x4750b4 GetProcAddress
0x4750b8 EnumDateFormatsExA
0x4750bc GetConsoleDisplayMode
0x4750c0 EnterCriticalSection
0x4750c4 GlobalGetAtomNameA
0x4750c8 BuildCommDCBW
0x4750cc LoadLibraryA
0x4750d0 GetProfileStringA
0x4750d4 GlobalGetAtomNameW
0x4750d8 WaitForMultipleObjects
0x4750dc SetEnvironmentVariableA
0x4750e0 GetModuleHandleA
0x4750e4 lstrcatW
0x4750e8 EraseTape
0x4750ec CancelTimerQueueTimer
0x4750f0 GetPrivateProfileSectionA
0x4750f4 VirtualProtect
0x4750f8 PeekConsoleInputA
0x4750fc SetCalendarInfoA
0x475100 EndUpdateResourceA
0x475104 FindFirstVolumeW
0x475108 GlobalReAlloc
0x47510c GetSystemTime
0x475110 AreFileApisANSI
0x475114 GetMailslotInfo
0x475118 UnhandledExceptionFilter
0x47511c SetUnhandledExceptionFilter
0x475120 HeapReAlloc
0x475124 HeapAlloc
0x475128 GetCommandLineA
0x47512c GetStartupInfoA
0x475130 RaiseException
0x475134 RtlUnwind
0x475138 GetModuleHandleW
0x47513c Sleep
0x475140 ExitProcess
0x475144 GetStdHandle
0x475148 GetModuleFileNameA
0x47514c TerminateProcess
0x475150 IsDebuggerPresent
0x475154 HeapFree
0x475158 DeleteCriticalSection
0x47515c LeaveCriticalSection
0x475160 HeapCreate
0x475164 VirtualFree
0x475168 VirtualAlloc
0x47516c FreeEnvironmentStringsA
0x475170 GetEnvironmentStrings
0x475174 FreeEnvironmentStringsW
0x475178 WideCharToMultiByte
0x47517c GetEnvironmentStringsW
0x475180 SetHandleCount
0x475184 GetFileType
0x475188 TlsGetValue
0x47518c TlsAlloc
0x475190 TlsSetValue
0x475194 TlsFree
0x475198 InterlockedIncrement
0x47519c GetCurrentThreadId
0x4751a0 InterlockedDecrement
0x4751a4 QueryPerformanceCounter
0x4751a8 GetTickCount
0x4751ac GetCurrentProcessId
0x4751b0 GetSystemTimeAsFileTime
0x4751b4 InitializeCriticalSectionAndSpinCount
0x4751b8 HeapSize
0x4751bc GetCPInfo
0x4751c0 GetACP
0x4751c4 GetOEMCP
0x4751c8 IsValidCodePage
0x4751cc GetLocaleInfoA
0x4751d0 LCMapStringA
0x4751d4 MultiByteToWideChar
0x4751d8 LCMapStringW
0x4751dc GetStringTypeA
0x4751e0 GetStringTypeW
USER32.dll
0x4751e8 GetAltTabInfoW
0x4751ec RealGetWindowClassA
ADVAPI32.dll
0x475000 BackupEventLogW
EAT(Export Address Table) is none