ScreenShot
| Created | 2021.08.09 09:54 | Machine | s1_win7_x6401 |
| Filename | 32c96ec2c8d3bf05761aef2c8fd76b2c.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 35 detected (Midie, HgIASZwA, Unsafe, DropperX, Eldorado, Malicious, score, Artemis, lkprf, Sabsik, Phonzy, R436113, ai score=86, R002H09H521, tzgtQDqv1ZQ, PossibleThreat) | ||
| md5 | 2e0536d1276836fac3ed7eb664148319 | ||
| sha256 | 613baba21b6553b4d7f93867ff51f9d9b0ae6247b6ee20b6a717798b221cf112 | ||
| ssdeep | 768:x2eCAiEfQXNua61pTUPIA7KfF3k92z27GEieel2:6Ai/ua61pTaKewq6Ecl2 | ||
| imphash | de794eaa348bcab90828044bdaf70bdd | ||
| impfuzzy | 24:mDozu4vXHOovux7JHlkiv8ERRv6ukdA/Jzfci8KmE1EnXEQ05X:m4PuhxYWEA/Jzfci8KzOnU/ | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | The executable uses a known packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x409000 GetProcAddress
0x409004 LoadLibraryA
0x409008 lstrlenW
0x40900c InterlockedDecrement
0x409010 CloseHandle
0x409014 WriteFile
0x409018 CreateFileW
0x40901c lstrcatW
0x409020 RaiseException
0x409024 LocalFree
0x409028 lstrlenA
0x40902c InterlockedIncrement
0x409030 GetStringTypeW
0x409034 GetStringTypeA
0x409038 LCMapStringW
0x40903c RtlUnwind
0x409040 GetCommandLineA
0x409044 GetVersion
0x409048 ExitProcess
0x40904c GetCurrentThreadId
0x409050 TlsSetValue
0x409054 TlsAlloc
0x409058 SetLastError
0x40905c TlsGetValue
0x409060 GetLastError
0x409064 HeapFree
0x409068 HeapAlloc
0x40906c TerminateProcess
0x409070 GetCurrentProcess
0x409074 UnhandledExceptionFilter
0x409078 GetModuleFileNameA
0x40907c FreeEnvironmentStringsA
0x409080 FreeEnvironmentStringsW
0x409084 WideCharToMultiByte
0x409088 GetEnvironmentStrings
0x40908c GetEnvironmentStringsW
0x409090 SetHandleCount
0x409094 GetStdHandle
0x409098 GetFileType
0x40909c GetStartupInfoA
0x4090a0 GetModuleHandleA
0x4090a4 GetEnvironmentVariableA
0x4090a8 GetVersionExA
0x4090ac HeapDestroy
0x4090b0 HeapCreate
0x4090b4 VirtualFree
0x4090b8 SetUnhandledExceptionFilter
0x4090bc IsBadReadPtr
0x4090c0 IsBadWritePtr
0x4090c4 IsBadCodePtr
0x4090c8 InitializeCriticalSection
0x4090cc EnterCriticalSection
0x4090d0 LeaveCriticalSection
0x4090d4 VirtualAlloc
0x4090d8 HeapReAlloc
0x4090dc GetCPInfo
0x4090e0 GetACP
0x4090e4 GetOEMCP
0x4090e8 MultiByteToWideChar
0x4090ec LCMapStringA
0x4090f0 HeapSize
USER32.dll
0x409130 wsprintfW
ole32.dll
0x409138 CoInitialize
0x40913c CoUninitialize
OLEAUT32.dll
0x4090f8 VariantCopy
0x4090fc VariantInit
0x409100 SafeArrayGetDim
0x409104 SafeArrayGetLBound
0x409108 SafeArrayGetUBound
0x40910c SafeArrayAccessData
0x409110 SafeArrayUnaccessData
0x409114 VariantClear
0x409118 SysStringLen
0x40911c SysAllocStringLen
0x409120 SysFreeString
0x409124 SysAllocString
0x409128 GetErrorInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x409000 GetProcAddress
0x409004 LoadLibraryA
0x409008 lstrlenW
0x40900c InterlockedDecrement
0x409010 CloseHandle
0x409014 WriteFile
0x409018 CreateFileW
0x40901c lstrcatW
0x409020 RaiseException
0x409024 LocalFree
0x409028 lstrlenA
0x40902c InterlockedIncrement
0x409030 GetStringTypeW
0x409034 GetStringTypeA
0x409038 LCMapStringW
0x40903c RtlUnwind
0x409040 GetCommandLineA
0x409044 GetVersion
0x409048 ExitProcess
0x40904c GetCurrentThreadId
0x409050 TlsSetValue
0x409054 TlsAlloc
0x409058 SetLastError
0x40905c TlsGetValue
0x409060 GetLastError
0x409064 HeapFree
0x409068 HeapAlloc
0x40906c TerminateProcess
0x409070 GetCurrentProcess
0x409074 UnhandledExceptionFilter
0x409078 GetModuleFileNameA
0x40907c FreeEnvironmentStringsA
0x409080 FreeEnvironmentStringsW
0x409084 WideCharToMultiByte
0x409088 GetEnvironmentStrings
0x40908c GetEnvironmentStringsW
0x409090 SetHandleCount
0x409094 GetStdHandle
0x409098 GetFileType
0x40909c GetStartupInfoA
0x4090a0 GetModuleHandleA
0x4090a4 GetEnvironmentVariableA
0x4090a8 GetVersionExA
0x4090ac HeapDestroy
0x4090b0 HeapCreate
0x4090b4 VirtualFree
0x4090b8 SetUnhandledExceptionFilter
0x4090bc IsBadReadPtr
0x4090c0 IsBadWritePtr
0x4090c4 IsBadCodePtr
0x4090c8 InitializeCriticalSection
0x4090cc EnterCriticalSection
0x4090d0 LeaveCriticalSection
0x4090d4 VirtualAlloc
0x4090d8 HeapReAlloc
0x4090dc GetCPInfo
0x4090e0 GetACP
0x4090e4 GetOEMCP
0x4090e8 MultiByteToWideChar
0x4090ec LCMapStringA
0x4090f0 HeapSize
USER32.dll
0x409130 wsprintfW
ole32.dll
0x409138 CoInitialize
0x40913c CoUninitialize
OLEAUT32.dll
0x4090f8 VariantCopy
0x4090fc VariantInit
0x409100 SafeArrayGetDim
0x409104 SafeArrayGetLBound
0x409108 SafeArrayGetUBound
0x40910c SafeArrayAccessData
0x409110 SafeArrayUnaccessData
0x409114 VariantClear
0x409118 SysStringLen
0x40911c SysAllocStringLen
0x409120 SysFreeString
0x409124 SysAllocString
0x409128 GetErrorInfo
EAT(Export Address Table) is none